From d42ef2bccc0acd4e1ee830f42956a5cafb863299 Mon Sep 17 00:00:00 2001
From: lalber <lukas.alber@iaik.tugraz.at>
Date: Tue, 20 Oct 2020 16:57:45 +0200
Subject: cyclic depend

---
 eidas_modules/authmodule-eIDAS-v2/pom.xml          |  6 ++
 .../specific/modules/auth/eidas/v2/Constants.java  |  5 ++
 .../eidas/v2/tasks/CreateIdentityLinkTask.java     | 98 ++++++++++++----------
 .../tasks/CreateIdentityLinkTaskEidNewTest.java    | 21 +++--
 .../resources/SpringTest-context_tasks_test_2.xml  | 77 +++++++++++++++++
 5 files changed, 160 insertions(+), 47 deletions(-)
 create mode 100644 eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test_2.xml

(limited to 'eidas_modules')

diff --git a/eidas_modules/authmodule-eIDAS-v2/pom.xml b/eidas_modules/authmodule-eIDAS-v2/pom.xml
index 4fe2bb36..9eeb0994 100644
--- a/eidas_modules/authmodule-eIDAS-v2/pom.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/pom.xml
@@ -183,6 +183,12 @@
       <artifactId>jose4j</artifactId>
       <version>0.7.2</version>
     </dependency>
+      <dependency>
+          <groupId>at.asitplus.eidas.ms_specific</groupId>
+          <artifactId>ms_specific_connector</artifactId>
+          <version>1.1.1-SNAPSHOT</version>
+          <scope>test</scope>
+      </dependency>
   </dependencies>
 
   <build>
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
index 3eec12bd..eac62aae 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/Constants.java
@@ -156,6 +156,11 @@ public class Constants {
   // Default values for SZR communication
   public static final String SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE = "ELEKTR_DOKUMENT";
 
+  // AuthBlock
+  public static final String SZR_AUTHBLOCK = "AUTHBLOCK";
+  public static final String EIDAS_BIND = "EIDAS_BIND";
+
+
   // TODO remove!!!
   public static final String SZR_CONSTANTS_DEFAULT_ISSUING_DATE = "2014-01-01";
   public static final String SZR_CONSTANTS_DEFAULT_ISSUING_AUTHORITY = "ms-specific eIDAS-Node for AT";
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
index 93813ff5..b141402a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/CreateIdentityLinkTask.java
@@ -32,6 +32,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicati
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
 import at.gv.e_government.reference.namespace.persondata._20020228.AlternativeNameType;
 import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType;
 import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType;
@@ -61,6 +62,7 @@ import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress;
 import lombok.extern.slf4j.Slf4j;
 import lombok.val;
 import org.apache.commons.lang3.StringUtils;
+import org.bouncycastle.jce.PKCS10CertificationRequest;
 import org.joda.time.DateTime;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
@@ -72,8 +74,10 @@ import szrservices.TravelDocumentType;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import java.io.InputStream;
+import java.io.*;
+import java.security.KeyStore;
 import java.security.KeyStoreException;
+import java.security.Provider;
 import java.util.Base64;
 import java.util.HashMap;
 import java.util.List;
@@ -98,6 +102,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
   @Autowired
   EaafKeyStoreFactory keyStoreFactory;
 
+  Pair<KeyStore, Provider> ks;
+  private final String KSPASSWORD = "f/+saJBc3a}*/T^s";
+  private final String KSALIAS = "connectorkeypair";
+
   /*
    * (non-Javadoc)
    *
@@ -114,6 +122,9 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
       final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
       final ILightResponse eidasResponse = authProcessData.getGenericDataFromSession(
           Constants.DATA_FULL_EIDAS_RESPONSE, ILightResponse.class);
+      String eidMode = pendingReq.getServiceProviderConfiguration()
+          .getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
+
 
       final Map<String, Object> simpleAttrMap = convertEidasAttrToSimpleMap(eidasResponse.getAttributes()
           .getAttributeMap());
@@ -222,7 +233,6 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
           }
         }
 
-        String eidMode = pendingReq.getServiceProviderConfiguration().getConfigurationValue(MsEidasNodeConstants.PROP_CONFIG_SP_EID_MODE, "old");
         if (eidMode.equals("new")) {
 
           String vsz = szrClient.getEncryptedStammzahl(personInfo);
@@ -239,8 +249,10 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
           ObjectMapper mapper = new ObjectMapper();
           String jwsPayload = mapper.writeValueAsString(pendingReq.getUniqueTransactionIdentifier());
 
-//          JoseUtils.createSignature(new Pair<>(ks, ks.getProvider()), "connectorkeypair", passord.chararray(), jwsPayload, false, ); //TODO joseutils kopiern
+          String jwsSignature = JoseUtils.createSignature(ks, KSALIAS, KSPASSWORD.toCharArray(), jwsPayload, false, KSALIAS);//TODO joseutils kopiern
 
+          authProcessData.setGenericDataToSession(Constants.SZR_AUTHBLOCK, jwsSignature);
+          authProcessData.setGenericDataToSession(Constants.EIDAS_BIND, jwsSignature);
         } else {
 
           final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(personInfo);
@@ -282,44 +294,46 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
         }
       }
 
-      if (identityLink == null) {
-        log.error("ERnB did not return an identity link.");
-        throw new SzrCommunicationException("ernb.00", null);
+      if (eidMode.equals("new")) {}
+      else {
+        if (identityLink == null) {
+          log.error("ERnB did not return an identity link.");
+          throw new SzrCommunicationException("ernb.00", null);
 
-      }
-      revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED,
-          identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
+        }
+        revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_IDL_RECEIVED,
+            identityLink.getSamlAssertion().getAttribute(SimpleIdentityLinkAssertionParser.ASSERTIONID));
 
-      if (bpk == null) {
-        log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration()
-            .getAreaSpecificTargetIdentifier());
-        throw new SzrCommunicationException("ernb.01", null);
+        if (bpk == null) {
+          log.error("ERnB did not return a bPK for target: " + pendingReq.getServiceProviderConfiguration()
+              .getAreaSpecificTargetIdentifier());
+          throw new SzrCommunicationException("ernb.01", null);
 
-      }
-      revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED);
-
-      log.debug("ERnB communication was successfull");
-
-      authProcessData.setForeigner(true);
-      authProcessData.setIdentityLink(identityLink);
-      authProcessData.setGenericDataToSession(
-          PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
-          EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(
-              Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst());
-
-      // set bPK and bPKType into auth session
-      authProcessData.setGenericDataToSession(
-          PvpAttributeDefinitions.BPK_NAME,
-          extendBpkByPrefix(
-              bpk,
-              pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
-      authProcessData.setGenericDataToSession(
-          PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
-          pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
-
-      // store pending-request
-      requestStoreage.storePendingRequest(pendingReq);
+        }
+        revisionsLogger.logEvent(pendingReq, MsConnectorEventCodes.SZR_BPK_RECEIVED);
+
+        log.debug("ERnB communication was successfull");
+
+        authProcessData.setForeigner(true);
+        authProcessData.setIdentityLink(identityLink);
+        authProcessData.setGenericDataToSession(
+            PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
+            EidasResponseUtils.parseEidasPersonalIdentifier((String) simpleAttrMap.get(
+                Constants.eIDAS_ATTR_PERSONALIDENTIFIER)).getFirst());
+
+        // set bPK and bPKType into auth session
+        authProcessData.setGenericDataToSession(
+            PvpAttributeDefinitions.BPK_NAME,
+            extendBpkByPrefix(
+                bpk,
+                pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()));
+        authProcessData.setGenericDataToSession(
+            PvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME,
+            pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
 
+        // store pending-request
+        requestStoreage.storePendingRequest(pendingReq);
+      }
     } catch (final EidasAttributeException e) {
       throw new TaskExecutionException(pendingReq, "Minimum required eIDAS attributeset not found.", e);
 
@@ -338,12 +352,12 @@ public class CreateIdentityLinkTask extends AbstractAuthServletTask {
 
     final String current = new java.io.File(".").toURI().toString();
     configuration.setSoftKeyStoreFilePath(current + "src/test/resources/keystore/teststore.jks");
-    configuration.setSoftKeyStorePassword("f/+saJBc3a}*/T^s");
+    configuration.setSoftKeyStorePassword(KSPASSWORD); //TODO from config
     configuration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.JKS);
-    configuration.setFriendlyName("connectorkeypair");
-    configuration.setKeyStoreName("connectorkeypair");
-    val ks = keyStoreFactory.buildNewKeyStore(configuration);
-    val publicKey = ks.getFirst().getCertificate("connectorkeypair").getPublicKey();
+    configuration.setFriendlyName(KSALIAS);
+    configuration.setKeyStoreName(KSALIAS);
+    ks = keyStoreFactory.buildNewKeyStore(configuration);
+    val publicKey = ks.getFirst().getCertificate(KSALIAS).getPublicKey();
     return Base64.getEncoder().encodeToString(publicKey.getEncoded());
   }
 
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index f674b6b1..028210cb 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -9,6 +9,7 @@ import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnReque
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService;
 import at.gv.e_government.reference.namespace.persondata._20020228.PostalAddressType;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
 import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
 import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
 import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
@@ -16,6 +17,7 @@ import at.gv.egiz.eaaf.core.exceptions.EaafException;
 import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
 import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.controller.tasks.FinalizeAuthenticationTask;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
 import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
@@ -63,9 +65,7 @@ import org.springframework.test.context.ContextConfiguration;
 import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
-import szrservices.PersonInfoType;
-import szrservices.SZR;
-import szrservices.SZRException_Exception;
+import szrservices.*;
 
 import javax.xml.namespace.QName;
 import java.io.IOException;
@@ -83,13 +83,15 @@ import static org.powermock.api.mockito.PowerMockito.*;
 //@PowerMockRunnerDelegate(SpringJUnit4ClassRunner.class)
 @PrepareForTest(CreateIdentityLinkTask.class)
 @DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS)
-@ContextConfiguration("/SpringTest-context_tasks_test.xml")
+@ContextConfiguration("/SpringTest-context_tasks_test_2.xml")
 public class CreateIdentityLinkTaskEidNewTest {
 
 
   @Autowired(required = true)
   private CreateIdentityLinkTask task;
   @Autowired(required = true)
+  private FinalizeAuthenticationTask authTask;
+  @Autowired(required = true)
   private DummySpecificCommunicationService commService;
   @Autowired(required = true)
   private IConfiguration basicConfig;
@@ -142,8 +144,10 @@ public class CreateIdentityLinkTaskEidNewTest {
     pendingReq.setSpConfig(oaParam);
     pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue());
     pendingReq.setAuthUrl("http://test.com/");
+    pendingReq.setTransactionId("avaasbav");
 
     executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "XX");
+    executionContext.put(EaafConstants.PROCESS_ENGINE_REQUIRES_NO_POSTAUTH_REDIRECT, true);
 
     szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr");
   }
@@ -179,7 +183,7 @@ public class CreateIdentityLinkTaskEidNewTest {
         .subjectNameIdFormat("afaf").attributes(attributeMap).build();
   }
 
-  @Test(expected = RuntimeException.class)
+  @Test
   public void firstTest() {
     // keystore password f/+saJBc3a}*/T^s
     try {
@@ -188,10 +192,17 @@ public class CreateIdentityLinkTaskEidNewTest {
 
 //      SZR szrMock2 = Mockito.mock(SZR.class, Mockito.CALLS_REAL_METHODS);
       when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
+      val signContentResp = new SignContentResponseType();
+      SignContentEntry signContentEntry = new SignContentEntry();
+      signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
+      signContentResp.getOut().add(signContentEntry);
+      when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
 //      when(szrMock2, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
       // Wie kann ich das vom Bean rein gehängte SZR mit dem Mock überschreiben?
 
       task.execute(pendingReq, executionContext);
+
+      authTask.execute(pendingReq, executionContext);
     } catch (Exception e) {
       e.printStackTrace();
       Assert.fail();
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test_2.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test_2.xml
new file mode 100644
index 00000000..93b12a7c
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test_2.xml
@@ -0,0 +1,77 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xmlns:context="http://www.springframework.org/schema/context"
+  xmlns:tx="http://www.springframework.org/schema/tx"
+  xmlns:aop="http://www.springframework.org/schema/aop"
+  xmlns:mvc="http://www.springframework.org/schema/mvc"
+  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd 
+    http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc.xsd">
+
+  <context:annotation-config />
+  <mvc:annotation-driven />
+  <mvc:default-servlet-handler />
+
+
+  <import resource="SpringTest-context_authManager.xml" />
+  <import resource="SpringTest-context_basic_test.xml" />
+
+  <bean id="mvcGUIBuilderImpl"
+    class="at.asitplus.eidas.specific.connector.gui.SpringMvcGuiFormBuilderImpl" />
+
+  <bean id="springManagedSpecificConnectorCommunicationService"
+    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService" />
+
+  <bean id="specificConnectorAttributesFileWithPath"
+    class="java.lang.String">
+    <constructor-arg
+      value="src/test/resources/config/eidas-attributes.xml" />
+  </bean>
+
+  <bean id="specificConnectorAdditionalAttributesFileWithPath"
+    class="java.lang.String">
+    <constructor-arg
+      value="src/test/resources/config/additional-attributes.xml" />
+  </bean>
+
+  <bean id="attributeRegistry"
+    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry">
+    <property name="eidasAttributesFile"
+      ref="specificConnectorAttributesFileWithPath" />
+    <property name="additionalAttributesFile"
+      ref="specificConnectorAdditionalAttributesFileWithPath" />
+  </bean>
+
+  <!-- Authentication Process Tasks -->
+  <bean id="ConnecteIDASNodeTask"
+    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask"
+    scope="prototype" />
+
+  <bean id="ReceiveResponseFromeIDASNodeTask"
+    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask"
+    scope="prototype" />
+
+  <bean id="CreateIdentityLinkTask"
+    class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask"
+    scope="prototype" />
+
+  <bean id="FinalizeAuthenticationTask"
+    class="at.gv.egiz.eaaf.core.impl.idp.controller.tasks.FinalizeAuthenticationTask"
+    scope="prototype" />
+
+  <bean id="DummyProtocolAuthService"
+        class="at.gv.egiz.eaaf.core.impl.idp.auth.services.ProtocolAuthenticationService" />
+
+  <bean id="DummyGuiBuilderConfigurationFactory"
+        class="at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory" />
+
+  <bean id="StatisticLogger"
+        class="at.gv.egiz.eaaf.core.impl.logging.DummyStatisticLogger" />
+
+  <bean id="TestAuthenticationDataBuilder"
+        class="at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder" />
+
+</beans>
\ No newline at end of file
-- 
cgit v1.2.3