From e8e75813ab549d03b0ac482fe0e1e86ee660b8b0 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Fri, 11 Mar 2022 11:49:05 +0100
Subject: chore(proxy): add module for stand-alone ms-specific proxy-service
 application

---
 ...MsSpecificEidasProxySpringResourceProvider.java |  55 +++++++++++
 ...ficSpringBootApplicationContextInitializer.java |  83 ++++++++++++++++
 .../proxy/SpringBootApplicationInitializer.java    | 106 +++++++++++++++++++++
 3 files changed, 244 insertions(+)
 create mode 100644 ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificEidasProxySpringResourceProvider.java
 create mode 100644 ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificSpringBootApplicationContextInitializer.java
 create mode 100644 ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/SpringBootApplicationInitializer.java

(limited to 'ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy')

diff --git a/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificEidasProxySpringResourceProvider.java b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificEidasProxySpringResourceProvider.java
new file mode 100644
index 00000000..5f845108
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificEidasProxySpringResourceProvider.java
@@ -0,0 +1,55 @@
+package at.asitplus.eidas.specific.proxy;
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+public class MsSpecificEidasProxySpringResourceProvider implements SpringResourceProvider {
+
+  @Override
+  public Resource[] getResourcesToLoad() {
+    final ClassPathResource generic =
+        new ClassPathResource("/applicationContext.xml", MsSpecificEidasProxySpringResourceProvider.class);   
+    final ClassPathResource msEidasNode = new ClassPathResource(
+        "/specific_eIDAS_proxy.beans.xml", MsSpecificEidasProxySpringResourceProvider.class);
+        
+    return new Resource[] { generic, msEidasNode};
+    
+  }
+
+  @Override
+  public String[] getPackagesToScan() {
+    return null;
+  }
+
+  @Override
+  public String getName() {
+    return "MS-specific eIDAS-Proxy-Service SpringResourceProvider";
+  }
+
+}
diff --git a/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificSpringBootApplicationContextInitializer.java b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificSpringBootApplicationContextInitializer.java
new file mode 100644
index 00000000..2ec08b17
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/MsSpecificSpringBootApplicationContextInitializer.java
@@ -0,0 +1,83 @@
+package at.asitplus.eidas.specific.proxy;
+
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.util.Properties;
+
+import org.apache.commons.lang3.StringUtils;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.core.env.MutablePropertySources;
+import org.springframework.core.env.PropertiesPropertySource;
+
+import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class MsSpecificSpringBootApplicationContextInitializer extends
+    SpringBootApplicationContextInitializer {
+
+  private static final String SYSTEMD_PROP_NAME = "eidas.ms.configuration";
+  private static final String PATH_FILE_PREFIX = "file:";
+  
+  @Override
+  public void initialize(ConfigurableApplicationContext applicationContext) {    
+    String configPath = System.getProperty(SYSTEMD_PROP_NAME);
+    if (StringUtils.isNotEmpty(configPath)) {
+      log.debug("Find configuration-source from SystemD Property: '{}' ...", SYSTEMD_PROP_NAME);      
+      if (configPath.startsWith(PATH_FILE_PREFIX)) {
+        configPath = configPath.substring(PATH_FILE_PREFIX.length());
+        
+      }      
+      injectConfiguration(configPath, applicationContext);            
+
+    } else {
+      log.info("Find NO SystemD Property: '{}' Maybe no configuration available", SYSTEMD_PROP_NAME);
+      
+    }
+    
+    super.initialize(applicationContext);
+        
+  }
+  
+  private void injectConfiguration(String configPath, ConfigurableApplicationContext applicationContext) {
+    InputStream is = null;
+    try {
+      Path path = Paths.get(configPath);
+      if (Files.exists(path)) {
+        File file = new File(configPath);             
+        Properties props = new Properties();
+        is = new FileInputStream(file);
+        props.load(is);      
+        MutablePropertySources sources = applicationContext.getEnvironment().getPropertySources();       
+        sources.addFirst(new PropertiesPropertySource(SYSTEMD_PROP_NAME, props));
+        log.info("Set configuration-source from SystemD-Property: {}", SYSTEMD_PROP_NAME);
+      
+      } else {
+        log.error("Configuration from SystemD Property: '{}' at Location: {} DOES NOT exist", 
+            SYSTEMD_PROP_NAME, configPath);
+        
+      }
+      
+    } catch (IOException e) {
+      log.error("Configuration from SystemD Property: '{}' at Location: {} CAN NOT be loaded", 
+          SYSTEMD_PROP_NAME, configPath, e);
+      
+    } finally {
+      try {
+        if (is != null) {
+          is.close();
+          
+        }        
+      } catch (IOException e) {
+        log.error("Can not close InputStream of configLoader: {}", configPath, e);
+        
+      }
+    }        
+  }
+}
diff --git a/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/SpringBootApplicationInitializer.java b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/SpringBootApplicationInitializer.java
new file mode 100644
index 00000000..7dcc9abf
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/SpringBootApplicationInitializer.java
@@ -0,0 +1,106 @@
+package at.asitplus.eidas.specific.proxy;
+
+
+import org.opensaml.core.config.InitializationException;
+import org.springframework.boot.SpringApplication;
+import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.boot.builder.SpringApplicationBuilder;
+import org.springframework.boot.web.servlet.support.SpringBootServletInitializer;
+import org.springframework.context.ConfigurableApplicationContext;
+import org.springframework.web.context.WebApplicationContext;
+
+import at.gv.egiz.eaaf.core.api.IStatusMessenger;
+import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory;
+import at.gv.egiz.eaaf.core.impl.logging.SimpleStatusMessager;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import lombok.extern.slf4j.Slf4j;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+
+@Slf4j
+@SpringBootApplication(scanBasePackages = {
+    "at.asitplus.eidas.specific.connector", 
+    "at.gv.egiz.eaaf.utils.springboot.ajp"
+    })
+public class SpringBootApplicationInitializer extends SpringBootServletInitializer {
+
+  private static ConfigurableApplicationContext ctx;
+
+  /**
+   * Starts MS-specific eIDAS-Implementation SpringBoot application.
+   *
+   * @param args Starting parameters
+   * @throws Throwable In case of a start-up error
+   */
+  public static void main(final String[] args) throws Throwable {
+    try {
+      log.info("=============== Initializing Spring-Boot context! ===============");
+      LogMessageProviderFactory.setStatusMessager(new SimpleStatusMessager());
+      final SpringApplication springApp =
+          new SpringApplication(SpringBootApplicationInitializer.class);
+      springApp.addInitializers(new MsSpecificSpringBootApplicationContextInitializer());
+
+      log.info("Bootstrap openSAML .... ");
+      EaafOpenSaml3xInitializer.eaafInitialize();
+      
+      log.debug("Run SpringBoot initialization process ... ");
+      ctx = springApp.run(args);
+
+      // initialize status messenger
+      LogMessageProviderFactory.setStatusMessager(ctx.getBean(IStatusMessenger.class));
+      
+      log.info("Initialization of MS-specific eIDAS-Proxy-Service finished.");
+
+    } catch (final Throwable e) {
+      log.error("MS-specific eIDAS-Proxy-Service initialization FAILED!", e);
+      throw e;
+
+    }
+
+  }
+
+  
+  protected SpringApplicationBuilder createSpringApplicationBuilder() {    
+    try {
+      log.info("Bootstrap openSAML .... ");
+      EaafOpenSaml3xInitializer.eaafInitialize();
+           
+    } catch (InitializationException | ComponentInitializationException e) {
+      throw new RuntimeException(e);
+      
+    }
+    
+    SpringApplicationBuilder builder = new SpringApplicationBuilder();
+    builder.initializers(new MsSpecificSpringBootApplicationContextInitializer());    
+    return builder;
+    
+  }
+  
+  protected WebApplicationContext run(SpringApplication application) {
+    WebApplicationContext internalContext = (WebApplicationContext) application.run();
+   
+    // initialize status messenger
+    LogMessageProviderFactory.setStatusMessager(internalContext.getBean(IStatusMessenger.class));
+   
+    log.info("Initialization of MS-specific eIDAS-Proxy-Service finished.");
+    
+    return internalContext;
+  }
+  
+  /**
+   * Stops SpringBoot application of MS-specific eIDAS-Implementation.
+   * 
+   */
+  public static void exit() {
+    if (ctx != null) {
+      log.info("Stopping SpringBoot application ... ");
+      SpringApplication.exit(ctx, () -> 0);
+      ctx = null;
+      
+    } else {
+      log.info("No SpringBoot context. Nothing todo");
+      
+    }
+
+  }
+
+}
-- 
cgit v1.2.3


From 7f0a925a72dc9841280e66fcba1515af62b9efdf Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Fri, 3 Jun 2022 15:24:01 +0200
Subject: test(core): add smoke test with full eIDAS OutGoing login and
 error-handling

---
 .../proxy/pvp/PvpEndPointConfiguration.java        | 154 +++++++++++++++++++++
 1 file changed, 154 insertions(+)
 create mode 100644 ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java

(limited to 'ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy')

diff --git a/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java
new file mode 100644
index 00000000..20caf7e5
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/pvp/PvpEndPointConfiguration.java
@@ -0,0 +1,154 @@
+/*
+ * Copyright 2018 A-SIT Plus GmbH
+ * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ,
+ * A-SIT Plus GmbH, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "License");
+ * You may not use this work except in compliance with the License.
+ * You may obtain a copy of the License at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.asitplus.eidas.specific.proxy.pvp;
+
+import java.util.Arrays;
+import java.util.List;
+
+import org.apache.commons.lang3.StringUtils;
+import org.opensaml.saml.saml2.metadata.ContactPerson;
+import org.opensaml.saml.saml2.metadata.ContactPersonTypeEnumeration;
+import org.opensaml.saml.saml2.metadata.EmailAddress;
+import org.opensaml.saml.saml2.metadata.GivenName;
+import org.opensaml.saml.saml2.metadata.Organization;
+import org.opensaml.saml.saml2.metadata.OrganizationDisplayName;
+import org.opensaml.saml.saml2.metadata.OrganizationName;
+import org.opensaml.saml.saml2.metadata.OrganizationURL;
+import org.opensaml.saml.saml2.metadata.SurName;
+import org.springframework.beans.factory.annotation.Autowired;
+
+import at.asitplus.eidas.specific.core.MsEidasNodeConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.modules.pvp2.api.IPvp2BasicConfiguration;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import lombok.extern.slf4j.Slf4j;
+
+@Slf4j
+public class PvpEndPointConfiguration implements IPvp2BasicConfiguration {
+  private static final String DEFAULT_XML_LANG = "en";
+  
+  @Autowired(required = true)
+  IConfiguration basicConfiguration;
+
+  @Override
+  public String getIdpEntityId(String authUrl) throws EaafException {
+    return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_METADATA;
+
+  }
+
+  @Override
+  public String getIdpSsoPostService(String authUrl) throws EaafException {
+    return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_POST;
+
+  }
+
+  @Override
+  public String getIdpSsoRedirectService(String authUrl) throws EaafException {
+    return removePostFix(authUrl) + MsEidasNodeConstants.ENDPOINT_PVP_REDIRECT;
+
+  }
+
+  @Override
+  public String getIdpSsoSoapService(String extractAuthUrlFromRequest) throws EaafException {
+    log.warn("PVP S-Profile End-Point does NOT support SOAP Binding");
+    return null;
+
+  }
+
+  @Override
+  public List<ContactPerson> getIdpContacts() throws EaafException {
+    final ContactPerson contactPerson = Saml2Utils.createSamlObject(ContactPerson.class);
+    final GivenName givenName = Saml2Utils.createSamlObject(GivenName.class);
+    final SurName surname = Saml2Utils.createSamlObject(SurName.class);
+    final EmailAddress emailAddress = Saml2Utils.createSamlObject(EmailAddress.class);
+
+    givenName.setValue(getAndVerifyFromConfiguration(
+        MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_GIVENNAME));
+    surname.setValue(getAndVerifyFromConfiguration(
+        MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_SURNAME));
+    emailAddress.setURI(getAndVerifyFromConfiguration(
+        MsEidasNodeConstants.CONFIG_PROPS_METADATA_CONTACT_EMAIL));
+
+    contactPerson.setType(ContactPersonTypeEnumeration.TECHNICAL);
+    contactPerson.setGivenName(givenName);
+    contactPerson.setSurName(surname);
+    contactPerson.getEmailAddresses().add(emailAddress);
+
+    return Arrays.asList(contactPerson);
+
+  }
+
+  @Override
+  public Organization getIdpOrganisation() throws EaafException {
+    final Organization organisation = Saml2Utils.createSamlObject(Organization.class);
+    final OrganizationName orgName = Saml2Utils.createSamlObject(OrganizationName.class);
+    final OrganizationDisplayName orgDisplayName = Saml2Utils.createSamlObject(OrganizationDisplayName.class);
+    final OrganizationURL orgUrl = Saml2Utils.createSamlObject(OrganizationURL.class);
+
+    orgName.setXMLLang(DEFAULT_XML_LANG);
+    orgName.setValue(getAndVerifyFromConfiguration(
+        MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_NAME));
+
+    orgDisplayName.setXMLLang(DEFAULT_XML_LANG);
+    orgDisplayName.setValue(getAndVerifyFromConfiguration(
+        MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_FRIENDLYNAME));
+
+    orgUrl.setXMLLang(DEFAULT_XML_LANG);
+    orgUrl.setURI(getAndVerifyFromConfiguration(
+        MsEidasNodeConstants.CONFIG_PROPS_METADATA_ORGANISATION_URL));
+
+
+    organisation.getOrganizationNames().add(orgName);
+    organisation.getDisplayNames().add(orgDisplayName);
+    organisation.getURLs().add(orgUrl);
+
+    return organisation;
+  }
+
+  @Override
+  public IConfiguration getBasicConfiguration() {
+    return basicConfiguration;
+  }
+  
+  private String removePostFix(String url) {
+    if (url != null && url.endsWith("/")) {
+      return url.substring(0, url.length() - 1);
+    } else {
+      return url;
+    }
+  }
+  
+  private String getAndVerifyFromConfiguration(String configKey) throws EaafConfigurationException {
+    final String value = basicConfiguration.getBasicConfiguration(configKey);
+    if (StringUtils.isEmpty(value)) {
+      throw new EaafConfigurationException("config.08",
+          new Object[] {configKey});
+
+    }
+
+    return value;
+  }
+}
-- 
cgit v1.2.3


From 3d9d419a40b17de1f94d46cbc2f5b345a93bff00 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Wed, 8 Jun 2022 12:32:16 +0200
Subject: feat(eidas): perform mapping between IDA and eIDAS attributes based
 on external configuration

---
 .../builder/ProxyAuthenticationDataBuilder.java    | 38 ++++++++++++++++++++++
 1 file changed, 38 insertions(+)
 create mode 100644 ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java

(limited to 'ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy')

diff --git a/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java
new file mode 100644
index 00000000..bc7f88d4
--- /dev/null
+++ b/ms_specific_proxyservice/src/main/java/at/asitplus/eidas/specific/proxy/builder/ProxyAuthenticationDataBuilder.java
@@ -0,0 +1,38 @@
+package at.asitplus.eidas.specific.proxy.builder;
+
+import at.asitplus.eidas.specific.core.builder.AuthenticationDataBuilder;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import lombok.extern.slf4j.Slf4j;
+
+/**
+ * eIDAS Proxy-Service specific authentication-data builder.
+ * 
+ * @author tlenz
+ *
+ */
+@Slf4j
+public class ProxyAuthenticationDataBuilder extends AuthenticationDataBuilder {
+
+  private static final String PLUS = "+";
+  
+  @Override
+  protected String customizeLegalPersonSourcePin(String sourcePin, String sourcePinType) {   
+    String sectorType = sourcePinType.substring((EaafConstants.URN_PREFIX_BASEID + PLUS).length());       
+    return sectorType + PLUS + sourcePin;
+    
+  }
+
+  @Override
+  protected String customizeBpkAttribute(String pvpBpkAttrValue) {
+    final String[] split = pvpBpkAttrValue.split(":", 2);
+    if (split.length == 2) {
+      log.debug("Remove prefix from bPK attribute to transform it into eIDAS-Node format");
+      return split[1];
+
+    } else {
+      log.warn("PVP bPK attribute: {} has wrong format. Use it as it is.", pvpBpkAttrValue);
+      return pvpBpkAttrValue;
+
+    }
+  }
+}
-- 
cgit v1.2.3