fixed port forwarding for new RP

- Changed default port on i-mig-t proxy

README.md

@@ -105,7 +105,7 @@ Our project welcomes contributions from various types of users, each with unique
 <details>
 <summary>Instructions</summary>
 
-- Guidelines for testing your own implementation will be present in release v2.1.
+A guide on how to add your RP to the testing environment can be found [here](testplans/spid-cie-oidc/README.md#adding-support-for-your-relying-party)
 
 </details>
 

testplans/spid-cie-oidc/README.md

@@ -18,7 +18,7 @@ To add support for an RP you have to adhere to the folder structure of the repo
 
 If you have a Docker image hosted on a Docker registry, just use it inside the [docker-compose.yml](./implementations/template/docker-compose.yml) file. Otherwise, if you need to build an image locally, please provide the steps to do that in the [build_and_run.sh](./implementations/template/build_and_run.sh) script, and use the builded container inside the [docker-compose.yml](./implementations/template/docker-compose.yml) file.  
 
-Either way you choose, you now need to redirect all the traffic of your container to the proxy hosted on port 8080 on the container burpsuite. To do this, there are already two environment variables set on the template compose settings, this sometimes work, but depends on if your implementation is taking system-wide proxy variables in consideration.
+Either way you choose, you now need to redirect all the traffic of your container to the proxy hosted on port 8080 on the container burpsuite. To do this, there are commands available on the template's compose that install redsocks and forward the packets to/from the default OP and TA to the proxy.
 
 > Note: A debian base image is suggested in order for the default proxy forwarding to work. You can use other base images, but you will need to redirect all the outgoing traffic to localhost:8002 and localhost:8000 (OP and TA) to burpsuite:8080, which is the proxy we are using. If the proxy fordwarding doesn't work, some tests will not be executed.
 
@@ -50,7 +50,7 @@ You should write a Session Track for your RP, the session track is a list of act
 
 You can start from an existing session, such as [s_CIE](implementations/spid-cie-oidc-django/input/mig-t/sessions/s_CIE) of spid-cie-oidc-django, and change the part of your RP.
 
-> if you need more details on how to write a session track, check [this section](https://github.com/stfbk/mig-t/blob/main/doc/language.md#session-track-user-actions) of the mig-t documentation
+> if you need more details on how to write a session track, check [this section](https://github.com/stfbk/mig-t/blob/main/doc/language.md#session-track-user-actions) of the mig-t documentation.
 
 > if you plan to push your RP on the mig repo, please put the session inside `input/mig-t/sessions/` folder.
 

testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/docker-compose.yml

@@ -2,15 +2,15 @@ version: "3"
 
 services:
   burpsuite:
-    #image: i-mig-t # Use this if you build locally
-    image: ghcr.io/stfbk/mig-i-mig-t:latest
+    image: i-mig-t # Use this if you build locally
+    #image: ghcr.io/stfbk/mig-i-mig-t:latest
     volumes:
       - /tmp/.X11-unix/:/tmp/.X11-unix/
       - /etc/localtime:/etc/localtime:ro
       - "$HOME/.Xauthority:/root/.Xauthority:rw"
       - ../config/mig-t/msg_def.json:/opt/BurpSuiteCommunity/msg_def.json
     ports:
-      - 8080:8080
+      - 9095:9095
       #- 5005:5005 # To enable java debugger
     networks:
       - oidcfed
@@ -36,7 +36,7 @@ services:
       bash -c "dpkg --configure -a
       apt-get update
       apt-get install iptables redsocks curl lynx -qy
-      echo 'base {log_debug = off;log_info = on;log = stderr;redirector = iptables;} redsocks {local_ip = localhost;local_port = 12345;ip = burpsuite;port = 8080;type = http-connect; }' > /etc/redsocks.conf &&
+      echo 'base {log_debug = off;log_info = on;log = stderr;redirector = iptables;} redsocks {local_ip = localhost;local_port = 12345;ip = burpsuite;port = 9095;type = http-connect; }' > /etc/redsocks.conf &&
       /usr/sbin/redsocks -c /etc/redsocks.conf &
       iptables -t nat -A OUTPUT -p tcp --dport 8002 -j REDIRECT --to-port 12345 &&
       iptables -t nat -A OUTPUT -p tcp --dport 8001 -j REDIRECT --to-port 12345 &&
@@ -47,7 +47,7 @@ services:
     privileged: true
     environment:
       - PROXY_SERVER=burpsuite
-      - PROXY_PORT=8080
+      - PROXY_PORT=9095
 
   cie-provider.org:
     image: ghcr.io/italia/spid-cie-oidc-django:latest
@@ -68,7 +68,7 @@ services:
       bash -c "dpkg --configure -a
       apt-get update
       apt-get install iptables redsocks curl lynx -qy
-      echo 'base {log_debug = off;log_info = on;log = stderr;redirector = iptables;} redsocks {local_ip = localhost;local_port = 12345;ip = burpsuite;port = 8080;type = http-connect; }' > /etc/redsocks.conf &&
+      echo 'base {log_debug = off;log_info = on;log = stderr;redirector = iptables;} redsocks {local_ip = localhost;local_port = 12345;ip = burpsuite;port = 9095;type = http-connect; }' > /etc/redsocks.conf &&
       /usr/sbin/redsocks -c /etc/redsocks.conf &
       iptables -t nat -A OUTPUT -p tcp --dport 8001 -j REDIRECT --to-port 12345 &&
       iptables -t nat -A OUTPUT -p tcp --dport 8000 -j REDIRECT --to-port 12345 &&
@@ -79,7 +79,7 @@ services:
     privileged: true
     environment:
       - PROXY_SERVER=burpsuite
-      - PROXY_PORT=8080
+      - PROXY_PORT=9095
 
   relying-party.org:
     image: ghcr.io/italia/spid-cie-oidc-django:latest
@@ -100,7 +100,7 @@ services:
       bash -c "dpkg --configure -a
       apt-get update
       apt-get install iptables redsocks curl lynx -qy
-      echo 'base {log_debug = off;log_info = on;log = stderr;redirector = iptables;} redsocks {local_ip = localhost;local_port = 12345;ip = burpsuite;port = 8080;type = http-connect; }' > /etc/redsocks.conf &&
+      echo 'base {log_debug = off;log_info = on;log = stderr;redirector = iptables;} redsocks {local_ip = localhost;local_port = 12345;ip = burpsuite;port = 9095;type = http-connect; }' > /etc/redsocks.conf &&
       /usr/sbin/redsocks -c /etc/redsocks.conf &
       iptables -t nat -A OUTPUT -p tcp --dport 8002 -j REDIRECT --to-port 12345 &&
       iptables -t nat -A OUTPUT -p tcp --dport 8000 -j REDIRECT --to-port 12345 &&
@@ -111,7 +111,7 @@ services:
     privileged: true
     environment:
       - PROXY_SERVER=burpsuite
-      - PROXY_PORT=8080
+      - PROXY_PORT=9095
 
 networks:
   oidcfed:

testplans/spid-cie-oidc/implementations/spid-cie-oidc-java/Dockerfile.java-rp

@@ -1,6 +1,6 @@
-FROM adoptopenjdk/openjdk11:x86_64-alpine-jdk-11.0.14.1_1
+FROM ubuntu:22.04
 
-RUN apk update && apk add git
+RUN apt-get update && apt-get install git maven openjdk-11-jdk -y
 
 RUN git clone --depth=1 https://github.com/italia/spid-cie-oidc-java && \
         cd spid-cie-oidc-java && \

testplans/spid-cie-oidc/implementations/spid-cie-oidc-java/build_and_run.sh

@@ -2,8 +2,13 @@
 
 # clone and build spid-cie-oidc-django ---
 git clone https://github.com/italia/spid-cie-oidc-django.git
+cd spid-cie-oidc-django/
+git checkout 7e15d4b2b96c805208395ce66ab98465fe0d1463
+cd ..
 rm ./spid-cie-oidc-django/docker-compose.yml
 cp docker-compose.yml ./spid-cie-oidc-django/
+rm ./spid-cie-oidc-django/examples/federation_authority/dumps/examples.json
+cp example.json ./spid-cie-oidc-django/examples/federation_authority/dumps/
 cd spid-cie-oidc-django
 bash docker-prepare.sh
 cd ..
@@ -12,18 +17,17 @@ cd ..
 # (Optional) Build your RP image here ---
 git clone git@github.com:italia/spid-cie-oidc-java.git
 rm spid-cie-oidc-java/examples/relying-party-spring-boot/docker/Dockerfile.java-rp
-cp Dockerfile.java-rp spid-cie-oidc-java/examples/relying-party-spring-boot/docker/ 
+cp Dockerfile.java-rp spid-cie-oidc-java/examples/relying-party-spring-boot/docker/
+cp application.yml spid-cie-oidc-java/examples/relying-party-spring-boot/src/main/resources/
 cd spid-cie-oidc-java/examples/relying-party-spring-boot/docker
 sudo docker build -t your-rp --file Dockerfile.java-rp .
 cd ../../../../spid-cie-oidc-django
 # (Optional) Build your RP image here ---
 
 # local build i-mig-t --------
 #cd ../../../../../tools/i-mig-t
-#rm mig-t-beta-jar-with-dependencies.jar
-#cp /home/bit/FBK/mig-t/tool/target/mig-t-beta-jar-with-dependencies.jar .
 #sudo docker build -t i-mig-t .
-#cd ../../testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/spid-cie-oidc-django/
+#cd ../../testplans/spid-cie-oidc/implementations/spid-cie-oidc-java/spid-cie-oidc-django/
 # local build i-mig-t --------
 
 xhost +local:

testplans/spid-cie-oidc/implementations/spid-cie-oidc-java/data/oidc-rp-trust-marks.json

@@ -1,7 +1,7 @@
 [{
   "iss": "http://trust-anchor.org:8000",
-  "sub": "http://127.0.0.1:8080/oidc/rp/",
-  "iat": 1698394698,
+  "sub": "http://relying-party.org:8080/oidc/rp/",
+  "iat": 1700561545,
   "id": "https://www.spid.gov.it/certification/rp",
   "mark": "https://www.agid.gov.it/themes/custom/agid/logo.svg",
   "ref": "https://docs.italia.it/italia/spid/spid-regole-tecniche-oidc/it/stabile/index.html"

testplans/spid-cie-oidc/implementations/spid-cie-oidc-java/docker-compose.yml

@@ -2,16 +2,16 @@ version: "3"
 
 services:
   burpsuite:
-    #image: i-mig-t # Use this if you build locally
-    image: ghcr.io/stfbk/mig-i-mig-t:latest
+    image: i-mig-t # Use this if you build locally
+    #image: ghcr.io/stfbk/mig-i-mig-t:latest
     volumes:
       - /tmp/.X11-unix/:/tmp/.X11-unix/
       - /etc/localtime:/etc/localtime:ro
       - "$HOME/.Xauthority:/root/.Xauthority:rw"
-      - ../config/mig-t/msg_def.json:/opt/BurpSuiteCommunity/msg_def.json
+      #- ../config/mig-t/msg_def.json:/opt/BurpSuiteCommunity/msg_def.json
     ports:
-      - 8080:8080
-      #- 5005:5005 # To enable java debugger
+      - "9095:9095"
+      #- "5005:5005" # To enable java debugger
     networks:
       - oidcfed
     environment:
@@ -22,12 +22,12 @@ services:
     tty: true
 
   trust-anchor.org:
-    image: ghcr.io/italia/spid-cie-oidc-django:latest
+    image: ghcr.io/italia/spid-cie-oidc-django:v1.2.0
     # build:
     # context: .
     # dockerfile: ./Dockerfile
     ports:
-      - "8000:8000"
+      - 8000:8000
     volumes:
       - ./examples-docker/federation_authority:/django-project
     networks:
@@ -36,28 +36,26 @@ services:
       bash -c "dpkg --configure -a
       apt-get update
       apt-get install iptables redsocks curl lynx -qy
-      echo 'base {log_debug = off;log_info = on;log = stderr;redirector = iptables;} redsocks {local_ip = localhost;local_port = 12345;ip = burpsuite;port = 8080;type = http-connect; }' > /etc/redsocks.conf &&
+      echo 'base {log_debug = off;log_info = on;log = stderr;redirector = iptables;} redsocks {local_ip = localhost;local_port = 12345;ip = burpsuite;port = 9095;type = http-connect; }' > /etc/redsocks.conf &&
       /usr/sbin/redsocks -c /etc/redsocks.conf &
       iptables -t nat -A OUTPUT -p tcp --dport 8002 -j REDIRECT --to-port 12345 &&
-      iptables -t nat -A OUTPUT -p tcp --dport 8001 -j REDIRECT --to-port 12345 &&
+      iptables -t nat -A OUTPUT -p tcp --dport 8080 -j REDIRECT --to-port 12345 &&
       cd /django-project/ &&
       python3 manage.py migrate &&
       python3 manage.py loaddata dumps/example.json &&
       python3 manage.py runserver 0.0.0.0:8000"
     privileged: true
     environment:
       - PROXY_SERVER=burpsuite
-      - PROXY_PORT=8080
+      - PROXY_PORT=9095
 
   cie-provider.org:
-    image: ghcr.io/italia/spid-cie-oidc-django:latest
+    image: ghcr.io/italia/spid-cie-oidc-django:v1.2.0
     # build:
     # context: .
     # dockerfile: ./Dockerfile
-    expose:
-      - 8002
     ports:
-      - "8002:8002"
+      - 8002:8002
     volumes:
       - ./examples-docker/provider:/django-project
     networks:
@@ -68,9 +66,9 @@ services:
       bash -c "dpkg --configure -a
       apt-get update
       apt-get install iptables redsocks curl lynx -qy
-      echo 'base {log_debug = off;log_info = on;log = stderr;redirector = iptables;} redsocks {local_ip = localhost;local_port = 12345;ip = burpsuite;port = 8080;type = http-connect; }' > /etc/redsocks.conf &&
+      echo 'base {log_debug = off;log_info = on;log = stderr;redirector = iptables;} redsocks {local_ip = localhost;local_port = 12345;ip = burpsuite;port = 9095;type = http-connect; }' > /etc/redsocks.conf &&
       /usr/sbin/redsocks -c /etc/redsocks.conf &
-      iptables -t nat -A OUTPUT -p tcp --dport 8001 -j REDIRECT --to-port 12345 &&
+      iptables -t nat -A OUTPUT -p tcp --dport 8080 -j REDIRECT --to-port 12345 &&
       iptables -t nat -A OUTPUT -p tcp --dport 8000 -j REDIRECT --to-port 12345 &&
       cd /django-project/ &&
       python3 manage.py migrate &&
@@ -79,37 +77,27 @@ services:
     privileged: true
     environment:
       - PROXY_SERVER=burpsuite
-      - PROXY_PORT=8080
+      - PROXY_PORT=9095
 
   relying-party.org:
-    image: your-rp # The name of the container you are using
-    # build:
-    # context: .
-    # dockerfile: ./Dockerfile
-    expose:
-      - 8005
+    image: your-rp
     ports:
-      - "8005:8005"
-    # if you need volumes
+      - 8080:8080
     volumes:
       - ../data:/data
     networks:
       - oidcfed
     depends_on:
       - trust-anchor.org
-    # Commands needed to redirect the ourgoing traffic (to the OP and TA) to the proxy
     command: |
-      sh -c "apk update
-      apk add iptables redsocks curl lynx
-      echo 'base {log_debug = off;log_info = on;log = stderr;redirector = iptables;} redsocks {local_ip = localhost;local_port = 12345;ip = burpsuite;port = 8080;type = http-connect; }' > /etc/redsocks.conf &&
+      sh -c "apt-get update
+      apt-get install iptables redsocks curl lynx -qy
+      echo 'base {log_debug = on;log_info = on;log = stderr;redirector = iptables;} redsocks {local_ip = 0.0.0.0;local_port = 12345;ip = burpsuite;port = 9095;type = http-connect; }' > /etc/redsocks.conf &&
       redsocks -c /etc/redsocks.conf &
       iptables -t nat -A OUTPUT -p tcp --dport 8002 -j REDIRECT --to-port 12345 &&
       iptables -t nat -A OUTPUT -p tcp --dport 8000 -j REDIRECT --to-port 12345 &&
       ../../mvnw spring-boot:run"
     privileged: true
-    environment:
-      - PROXY_SERVER=burpsuite
-      - PROXY_PORT=8080
-
+
 networks:
   oidcfed: