nevis
/
adn-agov-iam-inventory
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

new configuration version

This commit is contained in:
haburger 2025-03-25 10:21:02 +00:00
parent 1c1010d832
commit b938bd429b
16 changed files with 113 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/etc/nevis/k8s-nevisauth-7022472ae407577ae604bbb8.yaml
View File

@ -45,7 +45,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-a42d028a31e525195a4836e6364a21cb0ad6f04e"
tag: "r-68680b2182672bd8a81d786c163e95b91fb89a64"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth"
credentials: "git-credentials"
keystores:

118
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/auth/var/opt/nevisauth/default/conf/eid_verification_auth.groovy
View File

@ -1,4 +1,5 @@
import groovy.json.JsonSlurper
import ch.nevis.esauth.auth.engine.AuthResponse
import ch.nevis.esauth.util.httpclient.api.HttpClient
@ -127,6 +128,22 @@ def verification_request_template = '''
}
'''
def ERROR_CODE_TO_STATUS_MAPPER = [
'CREDENTIAL_INVALID': 'FAILED',
'JWT_EXPIRED': 'ERROR',
'INVALID_FORMAT': 'ERROR',
'CREDENTIAL_EXPIRED': 'FAILED',
'MISSING_NONCE': 'ERROR',
'UNSUPPORTED_FORMAT': 'ERROR',
'CREDENTIAL_REVOKED': 'FAILED',
'CREDENTIAL_SUSPENDED': 'FAILED',
'HOLDER_BINDING_MISMATCH': 'ERROR',
'CREDENTIAL_MISSING_DATA': 'FAILED',
'UNRESOLVABLE_STATUS_LIST': 'ERROR',
'PUBLIC_KEY_OF_ISSUER_UNRESOLVABLE': 'ERROR',
'CLIENT_REJECTED': 'CANCELED',
'ISSUER_NOT_ACCEPTED' : 'ERROR'
]
// ---------------
// check, whether we are still processing the correct AuthnRequest
@ -163,6 +180,7 @@ def spanCtxt = Span.current().getSpanContext()
def traceparent = "00-${spanCtxt.getTraceId()}-${spanCtxt.getSpanId()}-${spanCtxt.getTraceFlags().asHex()}"
if (!session['agov.eid.verification']) {
// Initialize the verification session on the verifier
def endPoint = "${parameters.get('eidVerifierBaseUrl')}/api/v1/verifications"
try {
@ -203,9 +221,15 @@ if (!session['agov.eid.verification']) {
}
if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.v')) {
try {
// request for a status update from the verifier
def result
def endPoint = "${parameters.get('eidVerifierBaseUrl')}/api/v1/verifications/${inargs['o.id.v']}"
// TODO/haburger/2025-03-24: we should make sure, that we have an actual session on the verifier with id.v
// and that authRequestId is correct
def idvalue = ( !inargs['o.id.v'] || inargs['o.id.v'] == 'NEW' ) ? session['agov.eid.verification.id'] : inargs['o.id.v']
try {
def endPoint = "${parameters.get('eidVerifierBaseUrl')}/api/v1/verifications/${idvalue}"
def httpResponse = Http.get()
.url(endPoint)
@ -214,37 +238,91 @@ if (getHeader('Content-Type') == 'application/json' && inargs.containsKey('o.id.
.build()
.send(httpClient)
if (httpResponse.code() != 200) {
// TODO/haburger/2025-03-25: 404 we should create a new verification request
LOG.debug("Result: ${httpResponse}")
response.setResult('error')
return
result = """{
"oid4vp": {
"status": "ERROR",
"verification_url": "${session['agov.eid.verification.link']}",
"id": "${idvalue}",
"error_code": "HTTP-ERROR",
"error_message": "failed to verify status of verification ${idvalue}, http status: ${httpResponse.code()}"
}}"""
LOG.warn("<== Response: ${responseCode}")
}
def json = new JsonSlurper().parseText(httpResponse.bodyAsString())
if (json.state == 'SUCCESS') {
sesss.setAttribute('ch.nevis.idm.User.firstName', json.wallet_response.given_name)
sesss.setAttribute('ch.nevis.idm.User.lastName', json.wallet_response.family_name)
sesss.setAttribute('ch.nevis.idm.User.birthDate', json.wallet_response.birth_date)
sesss.setAttribute('ch.nevis.idm.User.gender', json.wallet_response.sex)
sesss.setAttribute('ch.nevis.idm.User.prop.svnr', json.wallet_response.personal_administrative_number)
sesss.setAttribute('ch.nevis.idm.User.prop.placeOfBirth', json.wallet_response.birth_place)
sesss.setAttribute('ch.nevis.idm.User.prop.eIdNumber', json.wallet_response.personal_administrative_number)
sesss.setAttribute('ch.nevis.idm.User.prop.nationality', json.wallet_response.nationality)
sesss.setAttribute('ValidFrom', json.wallet_response.issuance_date)
sesss.setAttribute('ValidTo', json.wallet_response.expiry_date)
sesss.setAttribute('authenticatedWith', "EID")
def claims = json.wallet_response.credential_subject_data
}
// TODO/haburger/2025-03-25: format changes to align with IDM read data
sess.setAttribute('ch.nevis.idm.User.firstName', claims.given_name)
sess.setAttribute('ch.nevis.idm.User.lastName', claims.family_name)
sess.setAttribute('ch.nevis.idm.User.birthDate', claims.birth_date)
sess.setAttribute('ch.nevis.idm.User.gender', claims.sex)
sess.setAttribute('ch.nevis.idm.User.prop.svnr', claims.personal_administrative_number)
sess.setAttribute('ch.nevis.idm.User.prop.placeOfBirth', claims.birth_place)
sess.setAttribute('ch.nevis.idm.User.prop.eIdNumber', claims.personal_administrative_number)
sess.setAttribute('ch.nevis.idm.User.prop.nationality', claims.nationality.toString())
sess.setAttribute('ValidFrom', claims.issuance_date)
sess.setAttribute('ValidTo', claims.expiry_date)
sess.setAttribute('authenticatedWith', "urn:qa.agov.ch:names:tc:authfactor:eid")
sess.setAttribute('idVerification', "Eid")
sess.setAttribute('contextClassRefToSet', "urn:qa.agov.ch:names:tc:ac:classes:600")
response.setUserId(claims.personal_administrative_number)
response.setLoginId(claims.document_number)
response.setAuthLevel("EID")
result = """{
"oid4vp": {
"status": "SUCCEEDED",
"verification_url": "${session['agov.eid.verification.link']}",
"id": "${idvalue}",
"error_code": "NONE"
}}"""
} else if (json.state == 'FAILED') {
// TODO/haburger/2025-03-25: ERROR_CODE_TO_STATUS_MAPPER[json.wallet_response.error_code] == 'FAILED' we should
// initiate a new verification and return the new id, url together with the message
LOG.error("Eid verification failed: ${json.wallet_response.error_code} (${json.wallet_response.error_description})")
result = """{
"oid4vp": {
"status": "${ERROR_CODE_TO_STATUS_MAPPER[json.wallet_response.error_code] ?: 'ERROR'}",
"verification_url": "${session['agov.eid.verification.link']}",
"id": "${idvalue}",
"error_code": "${json.wallet_response.error_code}",
"error_message": "${json.wallet_response.error_description}"
}}"""
} else {
result = """{
"oid4vp": {
"status": "${inargs['o.id.v'] == 'NEW' ? 'INITIATED' : 'PENDING'}",
"verification_url": "${session['agov.eid.verification.link']}",
"id": "${idvalue}",
"error_code": "NONE"
}}"""
}
} catch(Exception e) {
LOG.error("Eid verification failed: $e")
response.setResult('error')
return
LOG.error("Eid verification failed: ${e}")
result = """{
"oid4vp": {
"status": "ERROR",
"verification_url": "${session['agov.eid.verification.link']}",
"id": "${idvalue}",
"error_code": "HTTP-ERROR",
"error_message": "failed to verify status of verification ${idvalue}, http exception"
}}"""
}
response.setContent(result.toString())
response.setContentType('application/json')
response.setHttpStatusCode(200)
response.setIsDirectResponse(true)
response.setStatus(AuthResponse.AUTH_CONTINUE)
return
}
// if we reach this place, display GUI

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/etc/nevis/k8s-nevislogrend-097929211988398a87bcbb0c.yaml
View File

@ -44,7 +44,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-a42d028a31e525195a4836e6364a21cb0ad6f04e"
tag: "r-68680b2182672bd8a81d786c163e95b91fb89a64"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend"
credentials: "git-credentials"
podSecurity:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/static/bundle.js
View File

File diff suppressed because one or more lines are too long

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Main_IDP/webdata/template/footer.vm
View File

@ -3,7 +3,7 @@
$text.get("footer.text")
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
</div>
<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
</footer>
<script src="${login.appDataPath}/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/static/bundle.js
View File

File diff suppressed because one or more lines are too long

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/logrend/var/opt/nevislogrend/default/data/applications/Auth_Realm_Recovery/webdata/template/footer.vm
View File

@ -3,7 +3,7 @@
$text.get("footer.text")
<a target="_blank" class='text-hyperlink dark:text-dark-hyperlink underline' href='$text.get("footer.link")'>$text.get("footer.link.label")</a>
</div>
<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
</footer>
<script src="${login.appDataPath}/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/etc/nevis/k8s-nevisproxy-idp-0ceb05c56644a59d648c13b9.yaml
View File

@ -46,7 +46,7 @@ spec:
podDisruptionBudget:
maxUnavailable: "50%"
git:
tag: "r-a42d028a31e525195a4836e6364a21cb0ad6f04e"
tag: "r-68680b2182672bd8a81d786c163e95b91fb89a64"
dir: "DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp"
credentials: "git-credentials"
keystores:

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/403.html
View File

@ -63,7 +63,7 @@
</div>
</div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
</footer>
<script src="/resources/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/404.html
View File

@ -60,7 +60,7 @@
</div>
</div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
</footer>
<script src="/resources/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/500.html
View File

@ -61,7 +61,7 @@
</div>
</div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
</footer>
<script src="/resources/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/502.html
View File

@ -62,7 +62,7 @@
</div>
</div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
</footer>
<script src="/resources/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/Loggedout.html
View File

@ -64,7 +64,7 @@
</div>
</div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
</footer>
</body>
<script src="/resources/static/bundle.js"></script>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/errorPages/timeout.html
View File

@ -66,7 +66,7 @@
</div>
</div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
</footer>
<script src="/resources/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/index.html
View File

@ -63,7 +63,7 @@
</div>
</div>
<footer class="hidden sm:flex mt-auto font-body text-body-s text-disabled-grey dark:text-silver w-full p-2 justify-end">
<p>1.10.0.local-20250320T124958Z-haburger: Fri Mar 21 15:29:13 CET 2025</p>
<p>1.10.0.local-20250321T164316Z-haburger: Tue Mar 25 11:16:24 CET 2025</p>
</footer>
<script src="/resources/static/bundle.js"></script>
</body>

2
DEFAULT-ADN-AGOV-PROJECT/DEFAULT-ADN-AGOV-INV/proxy-idp/var/opt/nevisproxy/default/host-auth.agov-w.azure.adnovum.net/resources/static/bundle.js
View File

File diff suppressed because one or more lines are too long