From ba6ba0af88d8c9472a63356ddf3d19f84847c2d7 Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 28 Jul 2021 11:33:11 +0200 Subject: add new authentication module for EHVD communication --- .../auth/modules/ehvd/ConfigurationProperties.java | 48 +++++++ .../auth/modules/ehvd/EhvdServiceAuthModule.java | 147 ++++++++++++++++++++ .../EhvdServiceAuthSpringResourceProvider.java | 62 +++++++++ .../ehvd/attributes/PvpRoleAttributeBuilder.java | 58 ++++++++ .../ehvd/service/EhvdCommunicationService.java | 69 ++++++++++ .../modules/ehvd/service/IEhvdCommunication.java | 23 ++++ .../ehvd/task/InjectEhvdInformationTask.java | 103 ++++++++++++++ .../DefaultAuth_with_ehvd_interaction.process.xml | 32 +++++ ...iz.components.spring.api.SpringResourceProvider | 1 + .../at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder | 1 + .../resources/moaid_ehvd_service_auth.beans.xml | 23 ++++ .../resources/properties/id_messages.properties | 2 + .../protocol_response_statuscodes.properties | 2 + .../auth/modules/ehvd/test/BeanCreationTest.java | 39 ++++++ .../ehvd/test/EhvdServiceAuthModuleTest.java | 101 ++++++++++++++ .../EhvdServiceAuthSpringResourceProviderTest.java | 56 ++++++++ .../InjectEhvdIdentityInformationTaskTest.java | 131 ++++++++++++++++++ .../attributes/PvpRoleAttributeBuilderTest.java | 124 +++++++++++++++++ .../ehvd/test/dummy/DummyAuthConfigMap.java | 136 +++++++++++++++++++ .../id/auth/modules/ehvd/test/dummy/TestUtils.java | 150 +++++++++++++++++++++ .../utils/AttributeBuilderRegistrationTest.java | 41 ++++++ .../test/utils/AuthenticationRoleFactoryTest.java | 65 +++++++++ .../ehvd/test/utils/MoaStatusMessagerTest.java | 55 ++++++++ .../src/test/resources/config/config1.properties | 5 + .../src/test/resources/config/config2.properties | 4 + .../resources/test_ehvd_service_auth.beans.xml | 19 +++ .../test_ehvd_service_auth_lazy.beans.xml | 24 ++++ .../test_ehvd_service_messager_auth.beans.xml | 15 +++ 28 files changed, 1536 insertions(+) create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml create mode 100644 id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml (limited to 'id/server/modules/moa-id-module-ehvd_integration/src') diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java new file mode 100644 index 000000000..fd7d1b013 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/ConfigurationProperties.java @@ -0,0 +1,48 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ehvd; + +import java.util.Collection; + +import com.google.common.collect.Sets; + +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; + +public class ConfigurationProperties { + + // configuration properties + private static final String MODULE_PREFIX = "modules.ehvd."; + + public static final String PROP_MODULE_ENABLED = MODULE_PREFIX + "enabled"; + public static final String PROP_MODULE_SP_PREFIX = MODULE_PREFIX + "sp"; + + public static final String PROP_MODULE_SERVICE_TARGET = MODULE_PREFIX + "service.bpk.target"; + + + public static final String DEFAULT_EHVD_SERVICE_TARGET = EAAFConstants.URN_PREFIX_CDID + "GH"; + + private ConfigurationProperties() { + // hide constructor or static class + } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java new file mode 100644 index 000000000..917c226a2 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthModule.java @@ -0,0 +1,147 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ehvd; + +import java.util.Collection; +import java.util.Collections; +import java.util.stream.Collectors; + +import javax.annotation.PostConstruct; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egovernment.moa.id.auth.modules.internal.DefaultCitizenCardAuthModuleImpl; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +public class EhvdServiceAuthModule extends DefaultCitizenCardAuthModuleImpl { + + private int priority = 2; + + @Autowired(required = true) + protected IConfigurationWithSP authConfig; + + private Collection uniqueIDsEnabled; + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getPriority() + */ + @Override + public int getPriority() { + return priority; + + } + + /** + * Sets the priority of this module. Default value is {@code 0}. + * + * @param priority The priority. + */ + public void setPriority(int priority) { + this.priority = priority; + + } + + @PostConstruct + private void initialDummyAuthWhiteList() { + if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { + Logger.info("AuthModule for 'EHVD injection' is enabled"); + + // load allowed service-provider Id's + uniqueIDsEnabled = authConfig.getBasicConfigurationWithPrefix( + ConfigurationProperties.PROP_MODULE_SP_PREFIX).values().stream() + .filter(el -> StringUtils.isNotEmpty(el)) + .collect(Collectors.toSet()); + + if (!uniqueIDsEnabled.isEmpty()) { + Logger.info("EHVD communication is enabled for ...."); + uniqueIDsEnabled.forEach(el -> Logger.info(" EntityID: " + el)); + + } + + } else { + uniqueIDsEnabled = Collections.emptySet(); + Logger.info("AuthModule for 'EHVD injection' is disabled"); + + } + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#selectProcess(at.gv. + * egovernment.moa.id.process.api.ExecutionContext) + */ + @Override + public String selectProcess(ExecutionContext context, IRequest pendingReq) { + + if (authConfig.getBasicConfigurationBoolean(ConfigurationProperties.PROP_MODULE_ENABLED, false)) { + final String spEntityID = pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(); + Logger.trace("Checking EHVD communication for SP: " + spEntityID + " ...."); + boolean ccAuthRequested = StringUtils.isNotEmpty(super.selectProcess(context, pendingReq)); + if (uniqueIDsEnabled.contains(spEntityID) && ccAuthRequested) { + Logger.debug("EHVD communication is allowed for SP: " + spEntityID); + return "DefaultAuthenticationWithEHVDInteraction"; + + } else { + if (Logger.isDebugEnabled()) { + if (ccAuthRequested) { + Logger.debug("Unique SP-Id: " + spEntityID + " is not in whitelist for EHVD communication."); + + } else { + Logger.trace("No CititzenCard authentication requested. EHVD communication skipped too"); + + } + } + } + + } else { + Logger.trace("'EHVD injection' authentication is disabled"); + + } + + return null; + + } + + /* + * (non-Javadoc) + * + * @see at.gv.egovernment.moa.id.auth.modules.AuthModule#getProcessDefinitions() + */ + @Override + public String[] getProcessDefinitions() { + return new String[] { "classpath:/DefaultAuth_with_ehvd_interaction.process.xml" }; + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java new file mode 100644 index 000000000..ea0695a1a --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/EhvdServiceAuthSpringResourceProvider.java @@ -0,0 +1,62 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ehvd; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +/** + * @author tlenz + * + */ +public class EhvdServiceAuthSpringResourceProvider implements SpringResourceProvider { + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getResourcesToLoad() + */ + @Override + public Resource[] getResourcesToLoad() { + ClassPathResource authConfig = new ClassPathResource("/moaid_ehvd_service_auth.beans.xml", EhvdServiceAuthSpringResourceProvider.class); + return new Resource[] {authConfig}; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getPackagesToScan() + */ + @Override + public String[] getPackagesToScan() { + // TODO Auto-generated method stub + return null; + } + + /* (non-Javadoc) + * @see at.gv.egiz.components.spring.api.SpringResourceProvider#getName() + */ + @Override + public String getName() { + return "Module for 'Dummy Authentication'"; + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java new file mode 100644 index 000000000..0f1c96aa8 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/attributes/PvpRoleAttributeBuilder.java @@ -0,0 +1,58 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.attributes; + +import java.util.stream.Collectors; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IPVPAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.builder.attributes.PVPMETADATA; +import at.gv.egovernment.moa.id.data.IMOAAuthData; +import at.gv.egovernment.moa.logging.Logger; + +@PVPMETADATA +public class PvpRoleAttributeBuilder implements IPVPAttributeBuilder { + + private static final String ROLE_NAME_DELIMITER = ";"; + + @Override + public ATT build(ISPConfiguration oaParam, IAuthData authData, + IAttributeGenerator g) throws AttributeBuilderException { + if (authData instanceof IMOAAuthData) { + IMOAAuthData moaAuthData = (IMOAAuthData)authData; + if (moaAuthData.getAuthenticationRoles() != null + && !moaAuthData.getAuthenticationRoles().isEmpty()) { + return g.buildStringAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME, + moaAuthData.getAuthenticationRoles().stream() + .map(el -> el.getRawRoleString()) + .collect(Collectors.joining(ROLE_NAME_DELIMITER))); + + + } else { + Logger.trace("No PVP roles available. Skipping attribute: " + ROLES_FRIENDLY_NAME); + + } + + } else { + Logger.info("Attribute: " + ROLES_FRIENDLY_NAME + " is only available in MOA-ID context"); + + } + + return null; + + } + + @Override + public ATT buildEmpty(IAttributeGenerator g) { + return g.buildEmptyAttribute(ROLES_FRIENDLY_NAME, ROLES_NAME); + + } + + @Override + public String getName() { + return ROLES_NAME; + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java new file mode 100644 index 000000000..f0e2069a1 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/EhvdCommunicationService.java @@ -0,0 +1,69 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.service; + +import java.util.Collections; +import java.util.List; + +import javax.annotation.Nonnull; +import javax.annotation.PostConstruct; + +import org.springframework.beans.factory.annotation.Autowired; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.ConfigurationProperties; +import at.gv.egovernment.moa.logging.Logger; + +/** + * Implement interaction with EHVD service to get GDA information. + * + * @author tlenz + * + */ +public class EhvdCommunicationService implements IEhvdCommunication { + + @Autowired IConfiguration config; + + private String ehvdBpkTarget; + + /** + * Get user's GDA roles from EHVD Service. + * + * @param identityLink IdentityLink of the user + * @return {@link List} of Roles that are received from EHVD + * @throws AuthenticationException In case of an EHVD communication error + * @throws EAAFBuilderException In case of a bPK generation error + */ + @Override + @Nonnull + public List getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException { + + // get bPK for EHVD request + Pair ehvdBpk = BPKBuilder.generateAreaSpecificPersonIdentifier( + identityLink.getIdentificationValue(), + identityLink.getIdentificationType(), + ehvdBpkTarget); + + + //TODO: request EHVD and handle errors + + //TODO: parse roles from response + + + return Collections.emptyList(); + + } + + @PostConstruct + private void initialize() { + ehvdBpkTarget = config.getBasicConfiguration( + ConfigurationProperties.PROP_MODULE_SERVICE_TARGET, + ConfigurationProperties.DEFAULT_EHVD_SERVICE_TARGET); + Logger.info("Initialize EHVD Client with bPK target: " + ehvdBpkTarget); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java new file mode 100644 index 000000000..8a9c7db5c --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/service/IEhvdCommunication.java @@ -0,0 +1,23 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.service; + +import java.util.List; + +import javax.annotation.Nonnull; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EAAFBuilderException; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; + +public interface IEhvdCommunication { + + /** + * Get user's GDA roles from EHVD Service. + * + * @param identityLink IdentityLink of the user + * @return {@link List} of Roles that are received from EHVD + * @throws AuthenticationException In case of an EHVD communication error + * @throws EAAFBuilderException In case of a bPK generation error + */ + List getRoles(IIdentityLink identityLink) throws AuthenticationException, EAAFBuilderException; + +} \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java new file mode 100644 index 000000000..b44863b80 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/java/at/gv/egovernment/moa/id/auth/modules/ehvd/task/InjectEhvdInformationTask.java @@ -0,0 +1,103 @@ +/* + * Copyright 2021 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ +package at.gv.egovernment.moa.id.auth.modules.ehvd.task; + +import java.util.List; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.apache.commons.lang3.StringUtils; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BPKBuilder; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.AbstractAuthServletTask; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.service.IEhvdCommunication; +import at.gv.egovernment.moa.id.commons.api.exceptions.MOAIDException; +import at.gv.egovernment.moa.id.protocols.pvp2x.PVPConstants; +import at.gv.egovernment.moa.logging.Logger; + +/** + * @author tlenz + * + */ +@Component("InjectEhvdInformationTask") +public class InjectEhvdInformationTask extends AbstractAuthServletTask { + + @Autowired IEhvdCommunication ehvdService; + + /* + * (non-Javadoc) + * + * @see + * at.gv.egovernment.moa.id.auth.modules.AbstractAuthServletTask#execute(at.gv. + * egovernment.moa.id.process.api.ExecutionContext, + * javax.servlet.http.HttpServletRequest, + * javax.servlet.http.HttpServletResponse) + */ + @Override + public void execute(ExecutionContext executionContext, HttpServletRequest request, + HttpServletResponse response) + throws TaskExecutionException { + try { + final AuthenticationSessionWrapper session = pendingReq.getSessionData(AuthenticationSessionWrapper.class); + + // validate internal state + validateInternalState(session); + + // requesting roles from EHVD + List ehvdRoles = ehvdService.getRoles(session.getIdentityLink()); + + // inject EHVD roles + session.setGenericDataToSession(PVPConstants.ROLES_NAME, StringUtils.join(ehvdRoles, ";")); + + // store MOASession into database + requestStoreage.storePendingRequest(pendingReq); + + } catch (final MOAIDException e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } catch (final Exception e) { + throw new TaskExecutionException(pendingReq, e.getMessage(), e); + + } + } + + private void validateInternalState(AuthenticationSessionWrapper session) throws AuthenticationException { + //check if identityLink is available + if (session.getIdentityLink() == null ) { + Logger.error("No IdentityLink in session. There is an internal error in process definition"); + throw new AuthenticationException("process.04", null); + + } + + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml new file mode 100644 index 000000000..2ff0d552f --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/DefaultAuth_with_ehvd_interaction.process.xml @@ -0,0 +1,32 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 000000000..6985f2b7d --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthSpringResourceProvider \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder new file mode 100644 index 000000000..4dd043048 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/META-INF/services/at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder @@ -0,0 +1 @@ +at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml new file mode 100644 index 000000000..4ef523ec8 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/moaid_ehvd_service_auth.beans.xml @@ -0,0 +1,23 @@ + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties new file mode 100644 index 000000000..89fd19362 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/id_messages.properties @@ -0,0 +1,2 @@ +ehvd.00=GDA Status inaktiv +ehvd.99=Allgemeiner Fehler bei der Abfrage des EHVD Service diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties new file mode 100644 index 000000000..fca8fa8cd --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/main/resources/resources/properties/protocol_response_statuscodes.properties @@ -0,0 +1,2 @@ +test.01=aabbccdd +test.02=zzzyyyxxx \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java new file mode 100644 index 000000000..91bf67b2d --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/BeanCreationTest.java @@ -0,0 +1,39 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test; + +import static org.junit.Assert.assertNotNull; + +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth_lazy.beans.xml" }) +public class BeanCreationTest { + + @Autowired + DummyAuthConfigMap config; + @Autowired + ApplicationContext context; + + @Before + public void initialize() { + // re-set config + config.putConfigValue("modules.ehvd.enabled", String.valueOf(false)); + + } + + @Test + public void authModuleDeactivated() { + assertNotNull("AuthModule", context.getBean(EhvdServiceAuthModule.class)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java new file mode 100644 index 000000000..4a7c98803 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthModuleTest.java @@ -0,0 +1,101 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +import java.util.Arrays; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthModule; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap; +import at.gv.egovernment.moa.id.commons.MOAIDAuthConstants; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class EhvdServiceAuthModuleTest { + + @Autowired DummyAuthConfigMap config; + @Autowired EhvdServiceAuthModule module; + + private ExecutionContext context; + private TestRequestImpl pendingReq; + private Map spConfigMap; + + @Before + public void initialize() { + context = new ExecutionContextImpl(); + + spConfigMap = new HashMap<>(); + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10)); + + ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config); + pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(spConfig); + + // re-set config + config.putConfigValue("modules.ehvd.enabled", String.valueOf(true)); + + context.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, String.valueOf(false)); + context.put(MOAIDAuthConstants.PARAM_BKU, RandomStringUtils.randomAlphabetic(5)); + + } + + @Test + public void checkProcessDefinition() { + String[] def = module.getProcessDefinitions(); + + assertNotNull("no process definition", def); + Arrays.asList(def).stream().forEach( + el -> EhvdServiceAuthModuleTest.class.getResourceAsStream(el)); + + } + + @Test + public void bkuSelectionActiv() { + context.put(MOAIDAuthConstants.PROCESSCONTEXT_PERFORM_BKUSELECTION, String.valueOf(true)); + + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void deactivated() { + config.putConfigValue("modules.ehvd.enabled", String.valueOf(false)); + + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void unknownServiceProvider() { + assertNull("wrong authModule selected", module.selectProcess(context, pendingReq)); + + } + + @Test + public void allowedServiceProviderAndRequested() { + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, "yyasdfasfsa2323"); + + assertEquals("wrong authmethod identifier", "DefaultAuthenticationWithEHVDInteraction", + module.selectProcess(context, pendingReq)); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java new file mode 100644 index 000000000..b584e8753 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/EhvdServiceAuthSpringResourceProviderTest.java @@ -0,0 +1,56 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test; + +import java.io.IOException; +import java.io.InputStream; + +import org.apache.commons.io.IOUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.core.io.Resource; + +import at.gv.egovernment.moa.id.auth.modules.ehvd.EhvdServiceAuthSpringResourceProvider; + + + +@RunWith(BlockJUnit4ClassRunner.class) +public class EhvdServiceAuthSpringResourceProviderTest { + + @Test + public void testSpringConfig() { + final EhvdServiceAuthSpringResourceProvider test = + new EhvdServiceAuthSpringResourceProvider(); + for (final Resource el : test.getResourcesToLoad()) { + try { + IOUtils.toByteArray(el.getInputStream()); + + } catch (final IOException e) { + Assert.fail("Ressouce: " + el.getFilename() + " not found"); + } + + } + + Assert.assertNotNull("no Name", test.getName()); + Assert.assertNull("Find package definitions", test.getPackagesToScan()); + + } + + @Test + public void testSpILoaderConfig() { + final InputStream el = this.getClass().getResourceAsStream( + "/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider"); + try { + final String spiFile = IOUtils.toString(el, "UTF-8"); + + Assert.assertEquals("Wrong classpath in SPI file", + EhvdServiceAuthSpringResourceProvider.class.getName(), spiFile); + + + } catch (final IOException e) { + Assert.fail("Ressouce: '/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider' not found"); + + } + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java new file mode 100644 index 000000000..45f7a8fc4 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/InjectEhvdIdentityInformationTaskTest.java @@ -0,0 +1,131 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.fail; + +import java.io.IOException; +import java.security.PublicKey; +import java.util.HashMap; +import java.util.Map; + +import javax.xml.transform.TransformerException; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.Assert; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EAAFConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EAAFConstants; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.exceptions.EAAFParserException; +import at.gv.egiz.eaaf.core.exceptions.PendingReqIdValidationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egovernment.moa.id.auth.data.AuthenticationSessionWrapper; +import at.gv.egovernment.moa.id.auth.exception.AuthenticationException; +import at.gv.egovernment.moa.id.auth.modules.ehvd.task.InjectEhvdInformationTask; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.DummyAuthConfigMap; +import at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy.TestUtils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class InjectEhvdIdentityInformationTaskTest { + + @Autowired InjectEhvdInformationTask task; + @Autowired DummyAuthConfigMap config; + @Autowired IRequestStorage storage; + + protected MockHttpServletRequest httpReq; + protected MockHttpServletResponse httpResp; + private ExecutionContext context; + private TestRequestImpl pendingReq; + private Map spConfigMap; + + @Before + public void initialize() throws EAAFParserException { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + context = new ExecutionContextImpl(); + + spConfigMap = new HashMap<>(); + spConfigMap.put(EAAFConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphanumeric(10)); + + ISPConfiguration spConfig = new DummySPConfiguration(spConfigMap, config); + pendingReq = new TestRequestImpl(); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(spConfig); + + // re-set config + config.putConfigValue("modules.dummyauth.enabled", String.valueOf(true)); + + //inject identityLink + final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + moaSession.setIdentityLink(TestUtils.generateDummyIdl( + RandomStringUtils.randomAlphanumeric(10), + EAAFConstants.URN_PREFIX_BASEID)); + + } + + @Test + public void noIdentityLinkInSession() { + final AuthenticationSessionWrapper moaSession = pendingReq.getSessionData( + AuthenticationSessionWrapper.class); + moaSession.setIdentityLink(null); + + try { + task.execute(pendingReq, context); + fail("wrong state not detected"); + + } catch (TaskExecutionException e) { + Assert.isInstanceOf(AuthenticationException.class, e.getOriginalException(), "wrong execpetion"); + assertEquals("wrong errorCode", "process.04", ((EAAFException) e.getOriginalException()).getErrorId()); + + } + } + + + @Test + public void validateState() throws TaskExecutionException, PendingReqIdValidationException { + + task.execute(pendingReq, context); + + // validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + assertNotNull("pendingReq not stored", storedReq); + + final AuthenticationSessionWrapper moaSession = storedReq.getSessionData( + AuthenticationSessionWrapper.class); + + assertFalse("foreign", moaSession.isForeigner()); + assertFalse("mandate", moaSession.isMandateUsed()); + assertEquals("missing attributes", 1, moaSession.getGenericSessionDataStorage().size()); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java new file mode 100644 index 000000000..df02c6f4e --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/attributes/PvpRoleAttributeBuilderTest.java @@ -0,0 +1,124 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.attributes; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.idp.IAttributeGenerator; +import at.gv.egiz.eaaf.core.api.idp.IAuthData; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData; +import at.gv.egiz.eaaf.core.impl.idp.builder.SimpleStringAttributeGenerator; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySPConfiguration; +import at.gv.egovernment.moa.id.auth.modules.ehvd.attributes.PvpRoleAttributeBuilder; +import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.id.data.MOAAuthenticationData; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/test_ehvd_service_auth.beans.xml" }) +public class PvpRoleAttributeBuilderTest { + + @Autowired + private IConfiguration basicConfig; + + private PvpRoleAttributeBuilder toTest = new PvpRoleAttributeBuilder(); + private IAttributeGenerator g = new SimpleStringAttributeGenerator(); + private ISPConfiguration oaParam; + + + @Before + public void initialize() { + oaParam = new DummySPConfiguration(Collections.emptyMap(), basicConfig); + + } + + @Test + public void checkName() { + assertEquals("wrong attr. name", "urn:oid:1.2.40.0.10.2.1.1.261.30", toTest.getName()); + + } + + @Test + public void checkEmptyAttribute() { + assertNull("wrong empty attr.", toTest.buildEmpty(g)); + + } + + @Test + public void wrongAuthData() throws AttributeBuilderException { + IAuthData authData = new AuthenticationData(); + assertNull("wrong attr. value", toTest.build(oaParam, authData, g)); + + } + + public void noRoles() throws AttributeBuilderException { + IAuthData authData = generateAuthData(null); + assertNull("wrong attr. value", toTest.build(oaParam, authData, g)); + + } + + @Test + public void emptyRoles() throws AttributeBuilderException { + IAuthData authData = generateAuthData(Collections.emptyList()); + assertNull("wrong attr. value", toTest.build(oaParam, authData, g)); + + } + + @Test + public void randomRoles() throws AttributeBuilderException { + String role1 = RandomStringUtils.randomAlphabetic(5); + String role2 = RandomStringUtils.randomAlphabetic(5); + String role3 = RandomStringUtils.randomAlphabetic(5); + String role4 = RandomStringUtils.randomAlphabetic(5); + + IAuthData authData = generateAuthData(Arrays.asList( + new AuthenticationRole(role1, role1), + new AuthenticationRole(role2, role2), + new AuthenticationRole(role3, role3 + "()"), + new AuthenticationRole(role4, role4 + "(\"aaa\"=\"bbb\")") + )); + + // perform test + String attrValue = toTest.build(oaParam, authData, g); + + // validate state + assertNotNull("wrong attr. value", attrValue); + + String[] el = attrValue.split(";"); + assertEquals("wrong role count", 4, el.length); + assertEquals("wrong 1. role", role1, el[0]); + assertEquals("wrong 2. role", role2, el[1]); + assertEquals("wrong 3. role", role3 + "()", el[2]); + assertEquals("wrong 4. role", role4 + "(\"aaa\"=\"bbb\")", el[3]); + + + } + + private IAuthData generateAuthData(List roles) { + MOAAuthenticationData authData = new MOAAuthenticationData(null); + if (roles != null) { + roles.forEach(el -> authData.addAuthenticationRole(el)); + + } + + return authData; + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java new file mode 100644 index 000000000..865cf7157 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/DummyAuthConfigMap.java @@ -0,0 +1,136 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URL; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISPConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EAAFConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EAAFException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +/** + * Dummy Application-configuration implementation for jUnit tests. + * + * @author tlenz + * + */ +public class DummyAuthConfigMap implements IConfigurationWithSP { + + private Map config = new HashMap<>(); + + public DummyAuthConfigMap() { + + } + + /** + * Dummy Application-configuration. + * + * @param configIs Property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final InputStream configIs) throws IOException { + + final Properties props = new Properties(); + props.load(configIs); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + /** + * Dummy Application-configuration. + * + * @param path Path to property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final String path) throws IOException { + + final Properties props = new Properties(); + props.load(this.getClass().getResourceAsStream(path)); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + + @Override + public String getBasicConfiguration(final String key) { + return config.get(key); + + } + + @Override + public String getBasicConfiguration(final String key, final String defaultValue) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return defaultValue; + } else { + return value; + } + + } + + @Override + public Boolean getBasicConfigurationBoolean(final String key) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return false; + } else { + return Boolean.valueOf(value); + } + } + + @Override + public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) { + return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue))); + + } + + @Override + public Map getBasicConfigurationWithPrefix(final String prefix) { + return KeyValueUtils.getSubSetWithPrefix(config, prefix); + + } + + @Override + public ISPConfiguration getServiceProviderConfiguration(final String uniqueID) + throws EAAFConfigurationException { + return null; + } + + @Override + public T getServiceProviderConfiguration(final String spIdentifier, final Class decorator) + throws EAAFConfigurationException { + return null; + } + + @Override + public URI getConfigurationRootDirectory() { + return new java.io.File(".").toURI(); + + } + + @Override + public String validateIDPURL(final URL authReqUrl) throws EAAFException { + return null; + } + + public void putConfigValue(final String key, final String value) { + config.put(key, value); + } + + public void removeConfigValue(final String key) { + config.remove(key); + + } + + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java new file mode 100644 index 000000000..9ab52a27e --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/dummy/TestUtils.java @@ -0,0 +1,150 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.dummy; + +import java.io.IOException; +import java.security.PublicKey; + +import javax.xml.transform.TransformerException; + +import org.w3c.dom.Element; + +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; + +public class TestUtils { + + public static IIdentityLink generateDummyIdl(String baseId, String baseIdType) { + return new IIdentityLink() { + + @Override + public void setSamlAssertion(Element samlAssertion) throws TransformerException, IOException { + // TODO Auto-generated method stub + + } + + @Override + public void setPublicKey(PublicKey[] publicKey) { + // TODO Auto-generated method stub + + } + + @Override + public void setPrPerson(Element prPerson) { + // TODO Auto-generated method stub + + } + + @Override + public void setIssueInstant(String issueInstant) { + // TODO Auto-generated method stub + + } + + @Override + public void setIdentificationValue(String identificationValue) { + // TODO Auto-generated method stub + + } + + @Override + public void setIdentificationType(String identificationType) { + // TODO Auto-generated method stub + + } + + @Override + public void setGivenName(String givenName) { + // TODO Auto-generated method stub + + } + + @Override + public void setFamilyName(String familyName) { + // TODO Auto-generated method stub + + } + + @Override + public void setDsigReferenceTransforms(Element[] dsigReferenceTransforms) { + // TODO Auto-generated method stub + + } + + @Override + public void setDateOfBirth(String dateOfBirth) { + // TODO Auto-generated method stub + + } + + @Override + public String getSerializedSamlAssertion() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Element getSamlAssertion() { + // TODO Auto-generated method stub + return null; + } + + @Override + public PublicKey[] getPublicKey() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Element getPrPerson() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getIssueInstant() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getIdentificationValue() { + return baseId; + + } + + @Override + public String getIdentificationType() { + return baseIdType; + + } + + @Override + public String getGivenName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getFamilyName() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Element[] getDsigReferenceTransforms() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getDateOfBirth() { + // TODO Auto-generated method stub + return null; + } + }; + } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java new file mode 100644 index 000000000..5ff8ffba7 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AttributeBuilderRegistrationTest.java @@ -0,0 +1,41 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import java.util.List; + +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.opensaml.saml2.core.Attribute; +import org.opensaml.xml.ConfigurationException; + +import at.gv.egiz.eaaf.core.api.data.PVPAttributeDefinitions; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PVPAttributeBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EAAFDefaultSAML2Bootstrap; + +@RunWith(BlockJUnit4ClassRunner.class) +public class AttributeBuilderRegistrationTest { + + @BeforeClass + public static void classInitializer() throws ConfigurationException { + EAAFDefaultSAML2Bootstrap.bootstrap(); + + } + + @Test + public void checkRegistratedAttributeBuilder() { + + List supportedAttributes = PVPAttributeBuilder.buildSupportedEmptyAttributes(); + + assertFalse("Registered Attribute-Builder is empty", supportedAttributes.isEmpty()); + assertTrue("No role attribute registrated", supportedAttributes.stream() + .filter(el -> PVPAttributeDefinitions.ROLES_NAME.equals(el.getName())) + .findFirst() + .isPresent()); + + } +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java new file mode 100644 index 000000000..6d39b926e --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/AuthenticationRoleFactoryTest.java @@ -0,0 +1,65 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.gv.egovernment.moa.id.data.AuthenticationRole; +import at.gv.egovernment.moa.id.data.AuthenticationRoleFactory; + +@RunWith(BlockJUnit4ClassRunner.class) +public class AuthenticationRoleFactoryTest { + + @Test + public void simpleRole() { + String role = RandomStringUtils.randomAlphabetic(5); + + AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(role); + + assertEquals("wrong role name", role, toCheck.getRoleName()); + assertEquals("wrong raw role", role, toCheck.getRawRoleString()); + assertNull("wrong role attr", toCheck.getParams()); + + } + + @Test + public void complexeRoleEmptyParams() { + String role = RandomStringUtils.randomAlphabetic(5); + String fullRole = role + "()"; + + AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(fullRole); + + assertEquals("wrong role name", role, toCheck.getRoleName()); + assertEquals("wrong raw role", fullRole, toCheck.getRawRoleString()); + assertNull("wrong role attr", toCheck.getParams()); + + } + + @Test + public void complexeRoleWithParams() { + String p1 = RandomStringUtils.randomAlphabetic(5); + String v1 = RandomStringUtils.randomAlphabetic(5); + String p2 = RandomStringUtils.randomAlphabetic(5); + String v2 = RandomStringUtils.randomAlphabetic(5); + + String role = RandomStringUtils.randomAlphabetic(5); + String fullRole = role + "(\"" + + p1 + "\"=\"" + v1 + "\"," + + p2 + "\"=\"" + v2 + "\"" + +")"; + + AuthenticationRole toCheck = AuthenticationRoleFactory.buildFormPVPole(fullRole); + + assertEquals("wrong role name", role, toCheck.getRoleName()); + assertEquals("wrong raw role", fullRole, toCheck.getRawRoleString()); + assertNotNull("wrong role attr", toCheck.getParams()); + assertEquals("wrong param size", 2, toCheck.getParams().size()); + + } + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java new file mode 100644 index 000000000..399980dbf --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/java/at/gv/egovernment/moa/id/auth/modules/ehvd/test/utils/MoaStatusMessagerTest.java @@ -0,0 +1,55 @@ +package at.gv.egovernment.moa.id.auth.modules.ehvd.test.utils; + +import static org.junit.Assert.assertEquals; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.IStatusMessenger; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({"/test_ehvd_service_messager_auth.beans.xml"}) +public class MoaStatusMessagerTest { + + @Autowired IStatusMessenger messager; + + + @Test + public void checkErrorCodeMapper() { + assertEquals("default errorcode", "9199", + messager.getResponseErrorCode(new NullPointerException())); + + + assertEquals("new errorCode file", "aabbccdd", + messager.mapInternalErrorToExternalError("test.01")); + assertEquals("new errorCode file", "zzzyyyxxx", + messager.mapInternalErrorToExternalError("test.02")); + + assertEquals("existing errorCode file", "4401", + messager.mapInternalErrorToExternalError("auth.34")); + assertEquals("existing errorCode file", "1101", + messager.mapInternalErrorToExternalError("parser.07")); + + } + + @Test + public void checkErrorMessages() { + assertEquals("new error msg", + "GDA Status inaktiv", messager.getMessage("ehvd.00", null)); + assertEquals("new error msg", + "Allgemeiner Fehler bei der Abfrage des EHVD Service", messager.getMessage("ehvd.99", null)); + + + assertEquals("existing error msg", + "Zertifikat konnte nicht ausgelesen werden.", messager.getMessage("auth.14", null)); + assertEquals("existing error msg", + "\"Issuer\" im AUTH-Block nicht vorhanden.", messager.getMessage("validator.32", null)); + + } + + +} diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties new file mode 100644 index 000000000..bc71dc6ab --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config1.properties @@ -0,0 +1,5 @@ +modules.ehvd.enabled=true +modules.ehvd.sp.1=aaabbccddeeffgg +modules.ehvd.sp.2=yyasdfasfsa2323 +modules.ehvd.sp.3= +modules.ehvd.sp.4=435344534egewgegf diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties new file mode 100644 index 000000000..4e666c204 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/config/config2.properties @@ -0,0 +1,4 @@ +modules.ehvd.enabled=false +modules.ehvd.sp.1=aaabbccddeeffgg +modules.ehvd.sp.2=yyasdfasfsa2323 +modules.ehvd.sp.3=435344534egewgegf diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml new file mode 100644 index 000000000..b499ad395 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth.beans.xml @@ -0,0 +1,19 @@ + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml new file mode 100644 index 000000000..7116034b7 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_auth_lazy.beans.xml @@ -0,0 +1,24 @@ + + + + + + + + + + + + + + + + \ No newline at end of file diff --git a/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml new file mode 100644 index 000000000..5d8e03fb5 --- /dev/null +++ b/id/server/modules/moa-id-module-ehvd_integration/src/test/resources/test_ehvd_service_messager_auth.beans.xml @@ -0,0 +1,15 @@ + + + + + + \ No newline at end of file -- cgit v1.2.3