add more jUnit test

author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-02-06 18:04:31 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-02-06 18:04:31 +0100
commit: f2c665c55e115d919cf1a752ef2f7c9f01f51ce3 (patch)
tree: e880f7b0275bd97ec4fd70a8de2dca096b8f9719 /eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
parent: 98a83cbb3f5eca50388f3d5f64fe1d760bc199d7 (diff)
download: EAAF-Components-f2c665c55e115d919cf1a752ef2f7c9f01f51ce3.tar.gz
EAAF-Components-f2c665c55e115d919cf1a752ef2f7c9f01f51ce3.tar.bz2
EAAF-Components-f2c665c55e115d919cf1a752ef2f7c9f01f51ce3.zip
1 files changed, 136 insertions, 21 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
index 76dba510..8833202a 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
@@ -9,27 +9,6 @@ import java.util.Map;
 
 import javax.xml.parsers.ParserConfigurationException;
 
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
-import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
-
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.joda.time.DateTime;
@@ -38,14 +17,19 @@ import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
 import org.junit.runner.RunWith;
+import org.opensaml.core.xml.XMLObject;
 import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.MarshallingException;
 import org.opensaml.core.xml.io.Unmarshaller;
 import org.opensaml.core.xml.io.UnmarshallerFactory;
 import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.schema.XSString;
 import org.opensaml.core.xml.util.XMLObjectSupport;
 import org.opensaml.messaging.decoder.MessageDecodingException;
 import org.opensaml.messaging.encoder.MessageEncodingException;
 import org.opensaml.saml.common.SignableSAMLObject;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.Issuer;
 import org.opensaml.saml.saml2.core.RequestAbstractType;
 import org.opensaml.saml.saml2.core.StatusResponseType;
 import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
@@ -58,7 +42,34 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
 import org.w3c.dom.Element;
 import org.xml.sax.SAXException;
 
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest;
 import net.shibboleth.utilities.java.support.net.URIComparator;
+import net.shibboleth.utilities.java.support.xml.SerializeSupport;
 import net.shibboleth.utilities.java.support.xml.XMLParserException;
 import okhttp3.HttpUrl;
 import okhttp3.mockwebserver.MockResponse;
@@ -125,6 +136,34 @@ public class PostBindingTest {
   }
 
   @Test
+  public void wrongPostBindingEncoding() throws MessageDecodingException, SecurityException,
+      IOException, Pvp2MetadataException {
+    final String serviceUrl = "https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp2/post";
+
+    final IPvp2MetadataProvider metadataProvider =
+        metadataResolverFactory.createMetadataProvider(
+            "classpath:/data/pvp_metadata_wrong_sig.xml", null, "jUnit metadata resolver", null);
+
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+    final String b64AuthnReq = Base64.getEncoder().encodeToString(IOUtils.toByteArray(
+        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+    httpReq.setParameter("SAMLEncoding", RandomStringUtils.randomAlphabetic(5));
+
+    try {
+      bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator);
+      Assert.fail("Missing signature not detected");
+
+    } catch (final Pvp2Exception e) {
+      Assert.assertEquals("Wrong errorCode", "internal.pvp.02", e.getErrorId());
+
+    }
+
+  }
+  
+  @Test
   public void decodeRequestWrongEndpoint() throws MessageDecodingException, SecurityException,
       IOException, Pvp2MetadataException {
     final String serviceUrl = "https://wrongEndpoint/pvp2/post";
@@ -315,6 +354,73 @@ public class PostBindingTest {
   }
 
   @Test
+  public void decodeRequestSuccessWithRequestAttributes() throws MessageDecodingException, SecurityException,
+      IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException {
+    final String serviceUrl = "https://eidas-test.bmi.gv.at/ms_connector/pvp/post";
+    final String relayState = RandomStringUtils.randomAlphanumeric(10);
+
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        PostBindingTest.class.getResourceAsStream("/data/eIDAS_connector_authn.xml"));
+    authnReq.setIssueInstant(DateTime.now());
+    Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+    issuer.setValue("https://demo.egiz.gv.at/demoportal_demologin/");
+    authnReq.setIssuer(issuer);
+    
+    RequestAbstractType signedAuthn = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true);
+    Element signedElement = XMLObjectSupport.getMarshaller(signedAuthn).marshall(signedAuthn);
+    final String b64AuthnReq = 
+        Base64.getEncoder().encodeToString(SerializeSupport.nodeToString(signedElement).getBytes("UTF-8"));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+    httpReq.addParameter("RelayState", relayState);
+
+    final IPvp2MetadataProvider metadataProvider =
+        metadataResolverFactory.createMetadataProvider(
+            "classpath:/data/pvp_metadata_junit_keystore.xml", null, "jUnit metadata resolver", null);
+
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+    final InboundMessageInterface msg =
+        bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator);
+
+    Assert.assertNotNull("PVP msg is null", msg);
+    Assert.assertNotNull("RelayState is not null", msg.getRelayState());
+    Assert.assertEquals("RelayState not match", relayState, msg.getRelayState());
+    Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
+    Assert.assertNotNull("EntityId is null", msg.getEntityID());
+    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
+    Assert.assertTrue("Wrong isVerified flag", msg.isVerified());
+    
+    org.springframework.util.Assert.isInstanceOf(PvpSProfileRequest.class, msg, "Inbound message is of wrong type");
+    org.springframework.util.Assert.isInstanceOf(AuthnRequest.class, ((PvpSProfileRequest)msg).getSamlRequest(), 
+        "Inbound message is of wrong type");
+    
+    AuthnRequest parsedAuthnReq = (AuthnRequest)((PvpSProfileRequest)msg).getSamlRequest();
+    Assert.assertNotNull("No extension", parsedAuthnReq.getExtensions());
+    Assert.assertNotNull("No extension child", parsedAuthnReq.getExtensions().getUnknownXMLObjects());
+    Assert.assertEquals("extension child size", 1, parsedAuthnReq.getExtensions().getUnknownXMLObjects().size());
+    
+    XMLObject reqAttrs = parsedAuthnReq.getExtensions().getUnknownXMLObjects().get(0);
+    org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type");
+    EaafRequestedAttributes eaafReqAttrs = (EaafRequestedAttributes) reqAttrs;
+    Assert.assertNotNull("Req attr is null", eaafReqAttrs.getAttributes());
+    Assert.assertFalse("Req attr is empty", eaafReqAttrs.getAttributes().isEmpty());
+    Assert.assertEquals("Req attr size", 1, eaafReqAttrs.getAttributes().size());
+    
+    EaafRequestedAttribute eaafReqAttr = eaafReqAttrs.getAttributes().get(0);
+    Assert.assertNotNull("Req Attibute is null", eaafReqAttr);
+    Assert.assertEquals("Req. Attr. Friendlyname", "EID-SECTOR-FOR-IDENTIFIER", eaafReqAttr.getFriendlyName());
+    Assert.assertEquals("Req. Attr. Name", "urn:oid:1.2.40.0.10.2.1.1.261.34", eaafReqAttr.getName());
+    
+    Assert.assertEquals("Req. Attr. Value size", 1,  eaafReqAttr.getAttributeValues().size());
+    org.springframework.util.Assert.isInstanceOf(XSString.class, eaafReqAttr.getAttributeValues().get(0), 
+        "Wrong requested Attributes Value type");
+    Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF",  ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue());
+    
+  }
+  
+  @Test
   public void decodeRequestSuccessWithoutRelayStateEcdsaSig() throws MessageDecodingException, SecurityException,
       IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException {
     final String serviceUrl = "http://testservice.org";
@@ -340,6 +446,13 @@ public class PostBindingTest {
     Assert.assertNotNull("EntityId is null", msg.getEntityID());
     Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
     Assert.assertTrue("Wrong isVerified flag", msg.isVerified());
+    
+    //check if reconstraction from serialized form work well
+    ((InboundMessage)msg).setSamlMessage(null);
+    try {
+      Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
+      
+    } catch (RuntimeException e) { }
 
   }
 
@@ -367,6 +480,8 @@ public class PostBindingTest {
     Assert.assertNotNull("EntityId is null", msg.getEntityID());
     Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
     Assert.assertTrue("Wrong isVerified flag", msg.isVerified());
+    
+    org.springframework.util.Assert.isInstanceOf(PvpSProfileResponse.class, msg, "Inbound message is of wrong type");
 
   }
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-02-06 18:04:31 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-02-06 18:04:31 +0100
commit	f2c665c55e115d919cf1a752ef2f7c9f01f51ce3 (patch)
tree	e880f7b0275bd97ec4fd70a8de2dca096b8f9719 /eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
parent	98a83cbb3f5eca50388f3d5f64fe1d760bc199d7 (diff)
download	EAAF-Components-f2c665c55e115d919cf1a752ef2f7c9f01f51ce3.tar.gz EAAF-Components-f2c665c55e115d919cf1a752ef2f7c9f01f51ce3.tar.bz2 EAAF-Components-f2c665c55e115d919cf1a752ef2f7c9f01f51ce3.zip