diff options
| author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-02-17 17:03:28 +0100 | 
|---|---|---|
| committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-02-17 17:03:28 +0100 | 
| commit | 7848c74de2cdafed8bee69d1d5b8e5efa7535bc6 (patch) | |
| tree | 41fb7aeb440982fc3c25f8fa91cd2d7186471a1b /eaaf_modules | |
| parent | 3b7eb43b0df868e492ccd7ad2daca5e4c0053bb2 (diff) | |
| download | EAAF-Components-7848c74de2cdafed8bee69d1d5b8e5efa7535bc6.tar.gz EAAF-Components-7848c74de2cdafed8bee69d1d5b8e5efa7535bc6.tar.bz2 EAAF-Components-7848c74de2cdafed8bee69d1d5b8e5efa7535bc6.zip | |
add jUnit tests for HSM Facade integration.
Diffstat (limited to 'eaaf_modules')
16 files changed, 807 insertions, 305 deletions
| diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java new file mode 100644 index 00000000..d5186857 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java @@ -0,0 +1,328 @@ +package at.gv.egiz.eaaf.modules.pvp2.test; + +import java.util.ArrayList; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; + +import org.joda.time.DateTime; +import org.junit.BeforeClass; +import org.junit.Test; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.core.Assertion; +import org.opensaml.saml.saml2.core.AuthnRequest; +import org.opensaml.saml.saml2.core.EncryptedAssertion; +import org.opensaml.saml.saml2.core.Issuer; +import org.opensaml.saml.saml2.core.Response; +import org.opensaml.saml.saml2.encryption.Encrypter; +import org.opensaml.saml.saml2.encryption.Encrypter.KeyPlacement; +import org.opensaml.security.x509.X509Credential; +import org.opensaml.xmlsec.SecurityConfigurationSupport; +import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters; +import org.opensaml.xmlsec.encryption.support.EncryptionException; +import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters; +import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.util.Assert; + +import net.shibboleth.utilities.java.support.xml.XMLParserException; + + +public abstract class AbstractSamlVerificationEngine { + +  @Autowired +  private PvpMetadataResolverFactory metadataResolverFactory; +  @Autowired +  private SamlVerificationEngine verifyEngine; +  @Autowired +  protected DummyCredentialProvider credentialProvider; + +  @Autowired DummyMetadataProvider metadataProvider; +  @Autowired IConfiguration authConfig; + +  /** +   * JUnit class initializer. +   * +   * @throws Exception In case of an OpenSAML3 initialization error +   */ +  @BeforeClass +  public static void classInitializer() throws Exception { +    EaafOpenSaml3xInitializer.eaafInitialize(); + +  } +  protected abstract String getMetadataJunitJKeystore(); + +  protected abstract String getMetadataClassPathEntityPath(); + +  protected abstract String getAuthnRequestWithoutSigPath(); + +  protected abstract String getResponseWithSigPath(); + +  protected abstract String getResponseWithoutSigPath(); + + +  @Test +  public void validateSamlRequestSuccess() throws SecurityException, Exception { + +    final String authnReqPath = getAuthnRequestWithoutSigPath(); +    final String metadataPath = getMetadataClassPathEntityPath(); +    final String spEntityId = metadataPath; + +    final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg = +        initializeAuthnRequest(spEntityId, metadataPath, authnReqPath, +            credentialProvider.getMetaDataSigningCredential()); + +    final PvpSProfileRequest msg = new PvpSProfileRequest( +        inputMsg.getFirst(), +        SAMLConstants.SAML2_POST_BINDING_URI); +    msg.setEntityID(spEntityId); + +    verifyEngine.verify(msg, +        TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + +  } + +  @Test +  public void validateSamlRequestWrongSignature() throws SecurityException, Exception { + +    final String authnReqPath = getAuthnRequestWithoutSigPath(); +    final String metadataPath = getMetadataJunitJKeystore(); +    final String spEntityId = metadataPath; + +    final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg = +        initializeAuthnRequest(spEntityId, metadataPath, authnReqPath, +            credentialProvider.getMetaDataSigningCredential()); + +    metadataProvider.addMetadataResolverIntoChain(inputMsg.getSecond()); + +    final PvpSProfileRequest msg = new PvpSProfileRequest( +        inputMsg.getFirst(), +        SAMLConstants.SAML2_POST_BINDING_URI); +    msg.setEntityID(spEntityId); + +    try { +      verifyEngine.verify(msg, +          TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); +      org.junit.Assert.fail("Wrong signature not detected"); + +    } catch (final Exception e) { +      Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType"); +      org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.10", ((EaafException) e).getErrorId()); + +    } +  } + +  @Test +  public void verifyResponseSuccessTest() throws Pvp2InternalErrorException, SecurityException, Exception { +    metadataProvider.runGarbageCollector(); + +    final String authnReqPath = getResponseWithoutSigPath(); +    final String metadataPath = getMetadataClassPathEntityPath(); +    final String spEntityId = metadataPath; + +    final Pair<Response, IPvp2MetadataProvider> inputMsg = +        initializeResponse(spEntityId, metadataPath, authnReqPath, +            credentialProvider.getMetaDataSigningCredential()); + +    final PvpSProfileResponse msg = new PvpSProfileResponse( +        inputMsg.getFirst()); +    msg.setEntityID(spEntityId); + +    verifyEngine.verify(msg, +        TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + +  } + +  @Test +  public void verifyResponseSuccessSecondTest() +      throws Pvp2InternalErrorException, SecurityException, Exception { + +    final String authnReqPath = getResponseWithoutSigPath(); +    final String metadataPath = getMetadataClassPathEntityPath(); +    final String spEntityId = metadataPath; + +    final Pair<Response, IPvp2MetadataProvider> inputMsg = +        initializeResponse(spEntityId, metadataPath, authnReqPath, +            credentialProvider.getMetaDataSigningCredential()); + +    verifyEngine.verifyIdpResponse(inputMsg.getFirst(), +        TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + +  } + +  @Test +  public void verifySpResponse() +      throws Pvp2InternalErrorException, SecurityException, Exception { + +    final String authnReqPath = getResponseWithoutSigPath(); +    final String metadataPath = getMetadataClassPathEntityPath(); +    final String spEntityId = metadataPath; + +    final Pair<Response, IPvp2MetadataProvider> inputMsg = +        initializeResponse(spEntityId, metadataPath, authnReqPath, +            credentialProvider.getMetaDataSigningCredential()); + +    verifyEngine.verifySloResponse(inputMsg.getFirst(), +        TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + +  } + +  @Test +  public void verifyResponseWithoutId() throws Pvp2InternalErrorException, SecurityException, Exception { + +    final String authnReqPath = getResponseWithSigPath(); +    final String metadataPath = getMetadataClassPathEntityPath(); +    final String spEntityId = metadataPath; + +    final Pair<Response, IPvp2MetadataProvider> inputMsg = +        initializeResponse(spEntityId, metadataPath, authnReqPath, +            credentialProvider.getMetaDataSigningCredential()); + +    final PvpSProfileResponse msg = new PvpSProfileResponse( +        inputMsg.getFirst()); +    msg.setEntityID(spEntityId); + +    try { +      verifyEngine.verify(msg, +          TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); +      org.junit.Assert.fail("Wrong XML schema not detected"); + +    } catch (final Exception e) { +      Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType"); +      org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.03", ((EaafException) e).getErrorId()); + +    } +  } + +  @Test +  public void verifyResponseWrongTrust() throws Pvp2InternalErrorException, SecurityException, Exception { + +    final String authnReqPath = getResponseWithoutSigPath(); +    final String metadataPath = getMetadataJunitJKeystore(); +    final String spEntityId = metadataPath; + +    final Pair<Response, IPvp2MetadataProvider> inputMsg = +        initializeResponse(spEntityId, metadataPath, authnReqPath, +            credentialProvider.getMetaDataSigningCredential()); + +    final PvpSProfileResponse msg = new PvpSProfileResponse( +        inputMsg.getFirst()); +    msg.setEntityID(spEntityId); + +    try { +      verifyEngine.verify(msg, +          TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); +      org.junit.Assert.fail("No TrustedCert not detected"); + +    } catch (final Exception e) { +      Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType"); +      org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.10", ((EaafException) e).getErrorId()); + +    } +  } + +  protected Pair<Response, IPvp2MetadataProvider> initializeResponse(String spEntityId, String metadataPath, +      String authnReqPath, EaafX509Credential credential) +          throws SamlSigningException, XMLParserException, UnmarshallingException, Pvp2MetadataException { +    final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( +        metadataPath, null, "jUnit metadata resolver", null); + +    final Response authnReq = (Response) XMLObjectSupport.unmarshallFromInputStream( +        XMLObjectProviderRegistrySupport.getParserPool(), +        AbstractSamlVerificationEngine.class.getResourceAsStream(authnReqPath)); +    authnReq.setIssueInstant(DateTime.now()); +    final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); +    issuer.setValue(spEntityId); +    authnReq.setIssuer(issuer); + +    return Pair.newInstance( +        Saml2Utils.signSamlObject(authnReq, credential, true), +        mdResolver); +  } + +  protected Pair<AuthnRequest, IPvp2MetadataProvider> initializeAuthnRequest(String spEntityId, +      String metadataPath, String authnReqPath, EaafX509Credential credential) +      throws SamlSigningException, CredentialsNotAvailableException, +      XMLParserException, UnmarshallingException, Pvp2InternalErrorException, Pvp2MetadataException { + +    final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( +        metadataPath, null, "jUnit metadata resolver", null); + +    final AuthnRequest authnReq = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream( +        XMLObjectProviderRegistrySupport.getParserPool(), +        AbstractSamlVerificationEngine.class.getResourceAsStream(authnReqPath)); +    authnReq.setIssueInstant(DateTime.now()); +    final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); +    issuer.setValue(spEntityId); +    authnReq.setIssuer(issuer); + +    return Pair.newInstance( +        Saml2Utils.signSamlObject(authnReq, credential, true), +        mdResolver); + +  } + +  protected static EncryptedAssertion doEncryption(Assertion assertion, +      X509Credential encryptionCredentials, IConfiguration authConfig) +      throws Exception { +    try { +      final String keyEncAlg = Saml2Utils.getKeyOperationAlgorithmFromCredential( +          encryptionCredentials, +          authConfig.getBasicConfiguration( +              PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, +              PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA), +          authConfig.getBasicConfiguration( +              PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, +              PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC)); + +      final DataEncryptionParameters dataEncParams = new DataEncryptionParameters(); +      dataEncParams.setAlgorithm(authConfig.getBasicConfiguration( +          PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_DATA, PvpConstants.DEFAULT_SYM_ENCRYPTION_METHODE)); + +      final List<KeyEncryptionParameters> keyEncParamList = new ArrayList<>(); +      final KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); +      keyEncParam.setEncryptionCredential(encryptionCredentials); +      keyEncParam.setAlgorithm(keyEncAlg); + +      final KeyInfoGeneratorFactory kigf = +          SecurityConfigurationSupport.getGlobalEncryptionConfiguration() +              .getKeyTransportKeyInfoGeneratorManager().getDefaultManager().getFactory(encryptionCredentials); +      keyEncParam.setKeyInfoGenerator(kigf.newInstance()); +      keyEncParamList.add(keyEncParam); + +      final Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); +      samlEncrypter.setKeyPlacement(KeyPlacement.PEER); + +      return samlEncrypter.encrypt(assertion); + +    } catch (final EncryptionException | SamlSigningException e1) { +      throw new Exception(e1); + +    } + +  } + + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java index be3f9a8f..3ba4c962 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java @@ -6,6 +6,7 @@ import java.util.List;  import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;  import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;  import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;  import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap;  import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;  import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; @@ -34,10 +35,11 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;  public class CredentialProviderTest {    private static final String HSM_FACASE_HOST = "eid.a-sit.at"; -  private static final String HSM_FACASE_PORT = "9000"; +  private static final String HSM_FACASE_PORT = "9050"; +  private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt";    private static final String HSM_FACASE_USERNAME = "authhandler-junit";    private static final String HSM_FACASE_PASSWORD = "supersecret123"; -  private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt"; +  private static final String HSM_FACASE_HSM_NAME = "software";    private static final String PATH_JKS_WITH_TRUST_CERTS = "src/test/resources/data/junit.jks";    private static final String PATH_JKS_WITHOUT_TRUST_CERTS = "src/test/resources/data/junit_without_trustcerts.jks"; @@ -50,6 +52,8 @@ public class CredentialProviderTest {    private static final String PASSWORD = "password"; +  private static final String HSM_FACADE_KEY_ALIAS = "authhandler-sign"; +    @Autowired private ApplicationContext context;    @Autowired private DummyAuthConfigMap config; @@ -61,9 +65,10 @@ public class CredentialProviderTest {    public void initialize() {      config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST);      config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT); +    config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST);      config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME);      config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD); -    config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST); +    config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, HSM_FACASE_HSM_NAME);      config.putConfigValue(DummyCredentialProvider.KEYSTORE_NAME, HSM_FACASE_KEYSTORE_NAME); @@ -505,6 +510,91 @@ public class CredentialProviderTest {      }    } +  @Test +  @DirtiesContext +  public void hasFacadeMissingKeyStoreName() { +    config.putConfigValue(DummyCredentialProvider.KEYSTORE_TYPE, +        KeyStoreConfiguration.KeyStoreType.HSMFACADE.getKeyStoreType()); +    config.removeConfigValue(DummyCredentialProvider.KEYSTORE_NAME); + +    try { +      context.getBean(DummyCredentialProvider.class); +      Assert.fail("No KeyStore not detected"); + +    } catch (final BeansException e) { +      org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, +          e.getCause(), "Wrong exception"); + +    } + +  } + +  @Test +  @DirtiesContext +  public void hasFacadeWrongAlias() { +    config.putConfigValue(DummyCredentialProvider.KEYSTORE_TYPE, +        KeyStoreConfiguration.KeyStoreType.HSMFACADE.getKeyStoreType()); +    config.putConfigValue(DummyCredentialProvider.KEYSTORE_NAME, HSM_FACASE_KEYSTORE_NAME); + +    final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); + +    Assert.assertNotNull("Credetialprovider", credential); +    Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + +    config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS, +        RandomStringUtils.randomAlphabetic(5)); + +    try { +      checkCredential(credential.getMetaDataSigningCredential(), +          PvpConstants.DEFAULT_SIGNING_METHODE_RSA, +          PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA); +      Assert.fail("Wrong 'alias' not detected"); + +    } catch (final CredentialsNotAvailableException e) { +      Assert.assertEquals("Wrong errorCode", "internal.pvp.01", e.getErrorId()); + +    } + +  } + +  @Test +  @DirtiesContext +  public void validConfigurationHsmFacade() throws CredentialsNotAvailableException { + +    config.putConfigValue(DummyCredentialProvider.KEYSTORE_TYPE, +        KeyStoreConfiguration.KeyStoreType.HSMFACADE.getKeyStoreType()); +    config.putConfigValue(DummyCredentialProvider.KEYSTORE_NAME, HSM_FACASE_KEYSTORE_NAME); + +    final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class); + +    Assert.assertNotNull("Credetialprovider", credential); +    Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + +    config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS, +        HSM_FACADE_KEY_ALIAS); +    config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD, +        PASSWORD); + + +    checkCredential(credential.getMetaDataSigningCredential(), +        PvpConstants.DEFAULT_SIGNING_METHODE_RSA, +        PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA); + +    config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS, +        HSM_FACADE_KEY_ALIAS); + +    checkCredential(credential.getMessageSigningCredential(), +        PvpConstants.DEFAULT_SIGNING_METHODE_RSA, +        PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA); + + +    final List<X509Certificate> trustCerts = credential.getTrustedCertificates(); +    Assert.assertNotNull("TrustCerts are null", trustCerts); +    Assert.assertTrue("TrustCerts not empty", trustCerts.isEmpty()); + +  } + +    private void checkCredential(EaafX509Credential metaDataSigningCredential, String sigAlg, String keyEncAlg) {      Assert.assertNotNull("No metadata signing credentials", metaDataSigningCredential);      Assert.assertNotNull("SigAlg is null", diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java index 66e87537..bc0084f7 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java @@ -1,53 +1,33 @@  package at.gv.egiz.eaaf.modules.pvp2.test; -import java.util.ArrayList; -import java.util.List; -  import at.gv.egiz.eaaf.core.api.idp.IConfiguration;  import at.gv.egiz.eaaf.core.exceptions.EaafException;  import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException;  import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;  import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;  import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;  import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;  import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;  import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;  import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;  import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;  import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;  import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;  import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;  import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;  import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;  import org.joda.time.DateTime; -import org.junit.BeforeClass;  import org.junit.Test;  import org.junit.runner.RunWith; -import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;  import org.opensaml.core.xml.io.UnmarshallingException;  import org.opensaml.core.xml.util.XMLObjectSupport;  import org.opensaml.saml.common.xml.SAMLConstants;  import org.opensaml.saml.saml2.core.Assertion;  import org.opensaml.saml.saml2.core.AuthnRequest;  import org.opensaml.saml.saml2.core.EncryptedAssertion; -import org.opensaml.saml.saml2.core.Issuer;  import org.opensaml.saml.saml2.core.Response;  import org.opensaml.saml.saml2.core.StatusCode; -import org.opensaml.saml.saml2.encryption.Encrypter; -import org.opensaml.saml.saml2.encryption.Encrypter.KeyPlacement; -import org.opensaml.security.x509.X509Credential; -import org.opensaml.xmlsec.SecurityConfigurationSupport; -import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters; -import org.opensaml.xmlsec.encryption.support.EncryptionException; -import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters; -import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorFactory;  import org.opensaml.xmlsec.signature.support.SignatureConstants;  import org.springframework.beans.factory.annotation.Autowired;  import org.springframework.test.context.ContextConfiguration; @@ -62,11 +42,9 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException;  @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",      "/spring/test_eaaf_core_spring_config.beans.xml" })  @TestPropertySource(locations = { "/config/config_1.props" }) -public class SamlVerificationEngineTest { +public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine {    @Autowired -  private PvpMetadataResolverFactory metadataResolverFactory; -  @Autowired    private SamlVerificationEngine verifyEngine;    @Autowired    private DummyCredentialProvider credentialProvider; @@ -74,103 +52,38 @@ public class SamlVerificationEngineTest {    @Autowired DummyMetadataProvider metadataProvider;    @Autowired IConfiguration authConfig; -  /** -   * JUnit class initializer. -   * -   * @throws Exception In case of an OpenSAML3 initialization error -   */ -  @BeforeClass -  public static void classInitializer() throws Exception { -    EaafOpenSaml3xInitializer.eaafInitialize(); +  @Override +  protected String getMetadataClassPathEntityPath() { +    return "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml";    } -  @Test -  public void validateSamlRequestSuccess() throws SecurityException, Exception { - -    final String authnReqPath = "/data/AuthRequest_without_sig_1.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml"; -    final String spEntityId = metadataPath; - -    final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg = -        initializeAuthnRequest(spEntityId, metadataPath, authnReqPath, -            credentialProvider.getMetaDataSigningCredential()); - -    final PvpSProfileRequest msg = new PvpSProfileRequest( -        inputMsg.getFirst(), -        SAMLConstants.SAML2_POST_BINDING_URI); -    msg.setEntityID(spEntityId); - -    verifyEngine.verify(msg, -        TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - +  @Override +  protected String getMetadataJunitJKeystore() { +    return "classpath:/data/pvp_metadata_junit_keystore.xml";    } -  @Test -  public void validateSamlRequestWrongSignature() throws SecurityException, Exception { - -    final String authnReqPath = "/data/AuthRequest_without_sig_1.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; -    final String spEntityId = metadataPath; - -    final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg = -        initializeAuthnRequest(spEntityId, metadataPath, authnReqPath, -            credentialProvider.getMetaDataSigningCredential()); - -    metadataProvider.addMetadataResolverIntoChain(inputMsg.getSecond()); - -    final PvpSProfileRequest msg = new PvpSProfileRequest( -        inputMsg.getFirst(), -        SAMLConstants.SAML2_POST_BINDING_URI); -    msg.setEntityID(spEntityId); - -    try { -      verifyEngine.verify(msg, -          TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); -      org.junit.Assert.fail("Wrong signature not detected"); - -    } catch (final Exception e) { -      Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType"); -      org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.10", ((EaafException) e).getErrorId()); +  @Override +  protected String getAuthnRequestWithoutSigPath() { +    return "/data/AuthRequest_without_sig_1.xml"; -    }    } -  @Test -  public void validateSamlInvalidRequest() throws SecurityException, Exception { - -    final String authnReqPath = "/data/AuthRequest_without_sig_missing_id.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; -    final String spEntityId = metadataPath; - -    final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg = -        initializeAuthnRequest(spEntityId, metadataPath, authnReqPath, -            credentialProvider.getMetaDataSigningCredential()); - -    metadataProvider.addMetadataResolverIntoChain(inputMsg.getSecond()); - -    final PvpSProfileRequest msg = new PvpSProfileRequest( -        inputMsg.getFirst(), -        SAMLConstants.SAML2_POST_BINDING_URI); -    msg.setEntityID(spEntityId); - -    try { -      verifyEngine.verify(msg, -          TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); -      org.junit.Assert.fail("invalid request not detected"); - -    } catch (final Exception e) { -      Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType"); -      org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.03", ((EaafException) e).getErrorId()); +  @Override +  protected String getResponseWithSigPath() { +    return "/data/Response_with_sig_1.xml"; +  } -    } +  @Override +  protected String getResponseWithoutSigPath() { +    return "/data/Response_without_sig_1.xml";    }    @Test    public void validateSamlRequestWrongSignatureAlg() throws SecurityException, Exception { -    final String authnReqPath = "/data/AuthRequest_without_sig_1.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; +    final String authnReqPath = getAuthnRequestWithoutSigPath(); +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = metadataPath;      metadataProvider.runGarbageCollector(); @@ -199,79 +112,27 @@ public class SamlVerificationEngineTest {    }    @Test -  public void verifyResponseSuccessTest() throws Pvp2InternalErrorException, SecurityException, Exception { -    metadataProvider.runGarbageCollector(); - -    final String authnReqPath = "/data/Response_without_sig_1.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml"; -    final String spEntityId = metadataPath; - -    final Pair<Response, IPvp2MetadataProvider> inputMsg = -        initializeResponse(spEntityId, metadataPath, authnReqPath, -            credentialProvider.getMetaDataSigningCredential()); - -    final PvpSProfileResponse msg = new PvpSProfileResponse( -        inputMsg.getFirst()); -    msg.setEntityID(spEntityId); - -    verifyEngine.verify(msg, -        TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - -  } - -  @Test -  public void verifyResponseSuccessSecondTest() -      throws Pvp2InternalErrorException, SecurityException, Exception { - -    final String authnReqPath = "/data/Response_without_sig_1.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml"; -    final String spEntityId = metadataPath; - -    final Pair<Response, IPvp2MetadataProvider> inputMsg = -        initializeResponse(spEntityId, metadataPath, authnReqPath, -            credentialProvider.getMetaDataSigningCredential()); - -    verifyEngine.verifyIdpResponse(inputMsg.getFirst(), -        TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - -  } - -  @Test -  public void verifySpResponse() -      throws Pvp2InternalErrorException, SecurityException, Exception { +  public void validateSamlInvalidRequest() throws SecurityException, Exception { -    final String authnReqPath = "/data/Response_without_sig_1.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml"; +    final String authnReqPath = "/data/AuthRequest_without_sig_missing_id.xml"; +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = metadataPath; -    final Pair<Response, IPvp2MetadataProvider> inputMsg = -        initializeResponse(spEntityId, metadataPath, authnReqPath, +    final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg = +        initializeAuthnRequest(spEntityId, metadataPath, authnReqPath,              credentialProvider.getMetaDataSigningCredential()); -    verifyEngine.verifySloResponse(inputMsg.getFirst(), -        TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); - -  } - -  @Test -  public void verifyResponseWithoutId() throws Pvp2InternalErrorException, SecurityException, Exception { - -    final String authnReqPath = "/data/Response_with_sig_1.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml"; -    final String spEntityId = metadataPath; - -    final Pair<Response, IPvp2MetadataProvider> inputMsg = -        initializeResponse(spEntityId, metadataPath, authnReqPath, -            credentialProvider.getMetaDataSigningCredential()); +    metadataProvider.addMetadataResolverIntoChain(inputMsg.getSecond()); -    final PvpSProfileResponse msg = new PvpSProfileResponse( -        inputMsg.getFirst()); +    final PvpSProfileRequest msg = new PvpSProfileRequest( +        inputMsg.getFirst(), +        SAMLConstants.SAML2_POST_BINDING_URI);      msg.setEntityID(spEntityId);      try {        verifyEngine.verify(msg,            TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); -      org.junit.Assert.fail("Wrong XML schema not detected"); +      org.junit.Assert.fail("invalid request not detected");      } catch (final Exception e) {        Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType"); @@ -281,37 +142,10 @@ public class SamlVerificationEngineTest {    }    @Test -  public void verifyResponseWrongTrust() throws Pvp2InternalErrorException, SecurityException, Exception { - -    final String authnReqPath = "/data/Response_without_sig_1.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; -    final String spEntityId = metadataPath; - -    final Pair<Response, IPvp2MetadataProvider> inputMsg = -        initializeResponse(spEntityId, metadataPath, authnReqPath, -            credentialProvider.getMetaDataSigningCredential()); - -    final PvpSProfileResponse msg = new PvpSProfileResponse( -        inputMsg.getFirst()); -    msg.setEntityID(spEntityId); - -    try { -      verifyEngine.verify(msg, -          TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); -      org.junit.Assert.fail("No TrustedCert not detected"); - -    } catch (final Exception e) { -      Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType"); -      org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.10", ((EaafException) e).getErrorId()); - -    } -  } - -  @Test    public void verifyAssertionSucessNotEncrypted() throws SamlSigningException, Pvp2MetadataException,        CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {      final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";      final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -328,7 +162,7 @@ public class SamlVerificationEngineTest {    public void verifyAssertionWrongAudiency() throws SamlSigningException, Pvp2MetadataException,        CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {      final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = "https://demo.egiz.gv.at/";      final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -349,7 +183,7 @@ public class SamlVerificationEngineTest {    public void verifyAssertionWrongStatusCode() throws SamlSigningException, Pvp2MetadataException,        CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {      final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";      final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -374,7 +208,7 @@ public class SamlVerificationEngineTest {    public void verifyAssertionWrongIssueInstant() throws SamlSigningException, Pvp2MetadataException,        CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {      final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";      final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -399,7 +233,7 @@ public class SamlVerificationEngineTest {    public void verifyAssertionNoContitions() throws SamlSigningException, Pvp2MetadataException,        CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {      final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";      final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -424,7 +258,7 @@ public class SamlVerificationEngineTest {    public void verifyAssertionWrongContitions() throws SamlSigningException, Pvp2MetadataException,        CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {      final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";      final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -448,7 +282,7 @@ public class SamlVerificationEngineTest {    public void verifyAssertionWrongContitionsAudienceRestrictions() throws SamlSigningException, Pvp2MetadataException,        CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {      final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";      final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -475,7 +309,7 @@ public class SamlVerificationEngineTest {    public void verifyAssertionWrongContitionsNotBefore() throws SamlSigningException, Pvp2MetadataException,        CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {      final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";      final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -501,7 +335,7 @@ public class SamlVerificationEngineTest {    public void verifyAssertionWrongContitionsNotOnOrAfter() throws SamlSigningException, Pvp2MetadataException,        CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {      final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";      final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -527,7 +361,7 @@ public class SamlVerificationEngineTest {    public void verifyAssertionValidContitions() throws SamlSigningException, Pvp2MetadataException,        CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {      final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";      final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -548,7 +382,7 @@ public class SamlVerificationEngineTest {    public void verifyEncAssertionWrongKey() throws SamlSigningException, Pvp2MetadataException,        CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {      final String authnReqPath = "/data/Asserion_enc_no_key.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = "https://eid.a-sit.at/Shibboleth.sso/";      final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -569,7 +403,7 @@ public class SamlVerificationEngineTest {    @Test    public void verifyEncAssertion() throws Exception {      final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";      final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -602,7 +436,7 @@ public class SamlVerificationEngineTest {    @Test    public void verifyEncAssertionWrongSchema() throws Exception {      final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml"; -    final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml"; +    final String metadataPath = getMetadataJunitJKeystore();      final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";      final Pair<Response, IPvp2MetadataProvider> inputMsg = @@ -636,85 +470,4 @@ public class SamlVerificationEngineTest {    } -  private Pair<Response, IPvp2MetadataProvider> initializeResponse(String spEntityId, String metadataPath, -      String authnReqPath, EaafX509Credential credential) -          throws SamlSigningException, XMLParserException, UnmarshallingException, Pvp2MetadataException { -    final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( -        metadataPath, null, "jUnit metadata resolver", null); - -    final Response authnReq = (Response) XMLObjectSupport.unmarshallFromInputStream( -        XMLObjectProviderRegistrySupport.getParserPool(), -        SamlVerificationEngineTest.class.getResourceAsStream(authnReqPath)); -    authnReq.setIssueInstant(DateTime.now()); -    final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); -    issuer.setValue(spEntityId); -    authnReq.setIssuer(issuer); - -    return Pair.newInstance( -        Saml2Utils.signSamlObject(authnReq, credential, true), -        mdResolver); -  } - -  private Pair<AuthnRequest, IPvp2MetadataProvider> initializeAuthnRequest(String spEntityId, -      String metadataPath, String authnReqPath, EaafX509Credential credential) -      throws SamlSigningException, CredentialsNotAvailableException, -      XMLParserException, UnmarshallingException, Pvp2InternalErrorException, Pvp2MetadataException { - -    final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( -        metadataPath, null, "jUnit metadata resolver", null); - -    final AuthnRequest authnReq = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream( -        XMLObjectProviderRegistrySupport.getParserPool(), -        SamlVerificationEngineTest.class.getResourceAsStream(authnReqPath)); -    authnReq.setIssueInstant(DateTime.now()); -    final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); -    issuer.setValue(spEntityId); -    authnReq.setIssuer(issuer); - -    return Pair.newInstance( -        Saml2Utils.signSamlObject(authnReq, credential, true), -        mdResolver); - -  } - -  private static EncryptedAssertion doEncryption(Assertion assertion, -      X509Credential encryptionCredentials, IConfiguration authConfig) -      throws Exception { -    try { -      final String keyEncAlg = Saml2Utils.getKeyOperationAlgorithmFromCredential( -          encryptionCredentials, -          authConfig.getBasicConfiguration( -              PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG, -              PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA), -          authConfig.getBasicConfiguration( -              PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG, -              PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC)); - -      final DataEncryptionParameters dataEncParams = new DataEncryptionParameters(); -      dataEncParams.setAlgorithm(authConfig.getBasicConfiguration( -          PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_DATA, PvpConstants.DEFAULT_SYM_ENCRYPTION_METHODE)); - -      final List<KeyEncryptionParameters> keyEncParamList = new ArrayList<>(); -      final KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters(); -      keyEncParam.setEncryptionCredential(encryptionCredentials); -      keyEncParam.setAlgorithm(keyEncAlg); - -      final KeyInfoGeneratorFactory kigf = -          SecurityConfigurationSupport.getGlobalEncryptionConfiguration() -              .getKeyTransportKeyInfoGeneratorManager().getDefaultManager().getFactory(encryptionCredentials); -      keyEncParam.setKeyInfoGenerator(kigf.newInstance()); -      keyEncParamList.add(keyEncParam); - -      final Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList); -      samlEncrypter.setKeyPlacement(KeyPlacement.PEER); - -      return samlEncrypter.encrypt(assertion); - -    } catch (final EncryptionException | SamlSigningException e1) { -      throw new Exception(e1); - -    } - -  } -  } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java new file mode 100644 index 00000000..95f63003 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java @@ -0,0 +1,69 @@ +package at.gv.egiz.eaaf.modules.pvp2.test; + +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; + +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.xmlsec.signature.support.SignatureConstants; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml", +    "/spring/test_eaaf_core_spring_config.beans.xml" }) +@TestPropertySource(locations = { "/config/config_3.props" }) +public class SamlVerificationEngineWithHsmFacadeTest extends AbstractSamlVerificationEngine { + +  @Override +  protected String getMetadataClassPathEntityPath() { +    return "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml"; + +  } + +  @Override +  protected String getMetadataJunitJKeystore() { +    return "classpath:/data/pvp_metadata_junit_keystore.xml"; +  } + +  @Override +  protected String getAuthnRequestWithoutSigPath() { +    return "/data/AuthRequest_without_sig_1.xml"; + +  } + +  @Override +  protected String getResponseWithSigPath() { +    return "/data/Response_with_sig_1.xml"; +  } + +  @Override +  protected String getResponseWithoutSigPath() { +    return "/data/Response_without_sig_1.xml"; +  } + +  @Test +  public void validateSamlRequestWrongSignatureAlg() throws SecurityException, Exception { + +    final String authnReqPath = getAuthnRequestWithoutSigPath(); +    final String metadataPath = getMetadataJunitJKeystore(); +    final String spEntityId = metadataPath; + +    metadataProvider.runGarbageCollector(); + +    final EaafX509Credential cred = credentialProvider.getMetaDataSigningCredential(); +    cred.setSignatureAlgorithmForSigning(SignatureConstants.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5); +    try { +      initializeAuthnRequest(spEntityId, metadataPath, authnReqPath, +          cred); +      org.junit.Assert.fail("Wrong SigAlg not detected"); + +    } catch (final SamlSigningException e) { +      org.junit.Assert.assertEquals("Wrong errorCode", "internal.pvp.96", e.getErrorId()); + +    } +  } + + +} diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props index 164b8807..6177b738 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props @@ -1,3 +1,10 @@ +security.hsmfacade.host=eid.a-sit.at +security.hsmfacade.port=9050 +security.hsmfacade.trustedsslcert=src/test/resources/data/hsm_facade_trust_root.crt +security.hsmfacade.username=authhandler-junit +security.hsmfacade.password=supersecret123 +security.hsmfacade.hsmname=software +  keystore.path=classpath:/data/junit.jks  keystore.pass=password  key.metadata.alias=meta diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_3.props b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_3.props new file mode 100644 index 00000000..abc8f591 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_3.props @@ -0,0 +1,18 @@ +security.hsmfacade.host=eid.a-sit.at +security.hsmfacade.port=9050 +security.hsmfacade.trustedsslcert=src/test/resources/data/hsm_facade_trust_root.crt +security.hsmfacade.username=authhandler-junit +security.hsmfacade.password=supersecret123 +security.hsmfacade.hsmname=software + +keystore.type=hsmfacade +keystore.name=authhandler +key.metadata.alias=authhandler-sign +key.sig.alias=authhandler-sign +key.sig.pass=password +key.enc.alias= +key.enc.pass= + +client.http.connection.timeout.socket=2 +client.http.connection.timeout.connection=2 +client.http.connection.timeout.request=2
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml index cfc334a6..67eed2ac 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml @@ -66,6 +66,22 @@ SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh  ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L                  </ds:X509Certificate>  				</ds:X509Data> +                <ds:X509Data> +                  <ds:X509Certificate>MIIDEzCCArqgAwIBAgIIHL62SBANl8QwCgYIKoZIzj0EAwIwIzEhMB8GA1UEAwwYS2V5c3RvcmVC +YWNrZWRQa2lTZXJ2aWNlMB4XDTIwMDIxNzEyMzMxNloXDTIwMDUxNzExMzMxNlowMjEdMBsGA1UE +AwwUaW50LWF1dGhoYW5kbGVyLXNpZ24xETAPBgNVBAoMCHNvZnR3YXJlMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAtVRK3ocL1aqCO+Q0OELikVbEU6tOsXGg1HCWr07YdTsu/qoRCVrB +THF6xqgtFjBVGWkg5kFS7853Lg3peSO1K63RzXWldcgUUM8o9zTybbBI74eXcK8pug1LLAkytQ1i +I6w166am8eoG/vTrc+TIFCDm+pyzmGcl5K8c8Gnm0k41vsMViEFgy6Oq9glts8eEUCOF3ZnL8rIv +w4hjrGsQ+8iZPZEEuMj+rZ2iLI9bjWv6xmNKWTLSO9dm7d2kTNGLQST0XFJkmFDXjQ1jXApXkGlp +i8igWCX3CU8jSuPLdCQ4VU/Pqr/J4uzBWBsv01vs4aqyLVZTGs23xUjJ+9I9fmn1VIfhuh6zGHq+ +jfjBfD6FhndNoPiMEpJT34h39rtF14GOlhb/I1OGjxIyMQGvT7up7p3AlPC7Lz2ylWrVWojR/cAE +umzS6zWgRW9zmVIgC7j48EmMjkapyUWVBR7FkfdodedzSPNETRdWXr7WulSBjjj82AWmwuoDrSZd +330g7FUZHd0D1JFUkLXOgZ1SmyFXds7fTiJGzk4XdYiS8MD07pokNDhZ7FHFGSoTHB8u4fvG2r0u +6tvLRBRkv/3wzDcTcPbEa9Z1JQ3Qh+/aJQmaQMMnE9m4msW4GqTGBoshss8FW1EvUi7JAh4EvXJJ +bhNQmfwU5wBD6WbPsURo7i0CAwEAATAKBggqhkjOPQQDAgNHADBEAiAyb9SMaC7U/HY//YcfjcR0 +j0/DL+9ckFNMvdw0IUq3yAIgEtWkYQrh5Oog7DmVJv0z/C1qPzcjfzDwJI4AlF7IfO4=</ds:X509Certificate> +                </ds:X509Data>  			</ds:KeyInfo>  		</md:KeyDescriptor>  		<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp2/post"/> @@ -145,6 +161,22 @@ SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh  ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L                  </ds:X509Certificate>  				</ds:X509Data> +        <ds:X509Data> +                  <ds:X509Certificate>MIIDEzCCArqgAwIBAgIIHL62SBANl8QwCgYIKoZIzj0EAwIwIzEhMB8GA1UEAwwYS2V5c3RvcmVC +YWNrZWRQa2lTZXJ2aWNlMB4XDTIwMDIxNzEyMzMxNloXDTIwMDUxNzExMzMxNlowMjEdMBsGA1UE +AwwUaW50LWF1dGhoYW5kbGVyLXNpZ24xETAPBgNVBAoMCHNvZnR3YXJlMIICIjANBgkqhkiG9w0B +AQEFAAOCAg8AMIICCgKCAgEAtVRK3ocL1aqCO+Q0OELikVbEU6tOsXGg1HCWr07YdTsu/qoRCVrB +THF6xqgtFjBVGWkg5kFS7853Lg3peSO1K63RzXWldcgUUM8o9zTybbBI74eXcK8pug1LLAkytQ1i +I6w166am8eoG/vTrc+TIFCDm+pyzmGcl5K8c8Gnm0k41vsMViEFgy6Oq9glts8eEUCOF3ZnL8rIv +w4hjrGsQ+8iZPZEEuMj+rZ2iLI9bjWv6xmNKWTLSO9dm7d2kTNGLQST0XFJkmFDXjQ1jXApXkGlp +i8igWCX3CU8jSuPLdCQ4VU/Pqr/J4uzBWBsv01vs4aqyLVZTGs23xUjJ+9I9fmn1VIfhuh6zGHq+ +jfjBfD6FhndNoPiMEpJT34h39rtF14GOlhb/I1OGjxIyMQGvT7up7p3AlPC7Lz2ylWrVWojR/cAE +umzS6zWgRW9zmVIgC7j48EmMjkapyUWVBR7FkfdodedzSPNETRdWXr7WulSBjjj82AWmwuoDrSZd +330g7FUZHd0D1JFUkLXOgZ1SmyFXds7fTiJGzk4XdYiS8MD07pokNDhZ7FHFGSoTHB8u4fvG2r0u +6tvLRBRkv/3wzDcTcPbEa9Z1JQ3Qh+/aJQmaQMMnE9m4msW4GqTGBoshss8FW1EvUi7JAh4EvXJJ +bhNQmfwU5wBD6WbPsURo7i0CAwEAATAKBggqhkjOPQQDAgNHADBEAiAyb9SMaC7U/HY//YcfjcR0 +j0/DL+9ckFNMvdw0IUq3yAIgEtWkYQrh5Oog7DmVJv0z/C1qPzcjfzDwJI4AlF7IfO4=</ds:X509Certificate> +                </ds:X509Data>  			</ds:KeyInfo>  		</md:KeyDescriptor>  		<md:KeyDescriptor use="encryption"> diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml index 5b16a151..d5faede5 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml @@ -32,11 +32,23 @@  		<scope>provided</scope>  	</dependency> +    <!-- Only for testing -->      <dependency>        <groupId>junit</groupId>        <artifactId>junit</artifactId>        <scope>test</scope>      </dependency> +    <dependency> +      <groupId>org.springframework</groupId> +      <artifactId>spring-test</artifactId> +      <scope>test</scope> +    </dependency> +    <dependency> +      <groupId>at.gv.egiz.eaaf</groupId> +      <artifactId>eaaf_core_utils</artifactId> +      <scope>test</scope> +      <type>test-jar</type> +    </dependency>    </dependencies>    <build> diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/Pvp2SProfileSpSpringResourceProvider.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/Pvp2SProfileSpSpringResourceProvider.java new file mode 100644 index 00000000..7535e013 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/Pvp2SProfileSpSpringResourceProvider.java @@ -0,0 +1,48 @@ +/* + * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a + * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European + * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in + * compliance with the Licence. You may obtain a copy of the Licence at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software distributed under the Licence + * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express + * or implied. See the Licence for the specific language governing permissions and limitations under + * the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text file for details on the + * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative + * works that you distribute must include a readable copy of the "NOTICE" text file. +*/ + +package at.gv.egiz.eaaf.modules.pvp2.sp; + +import at.gv.egiz.components.spring.api.SpringResourceProvider; + +import org.springframework.core.io.ClassPathResource; +import org.springframework.core.io.Resource; + +public class Pvp2SProfileSpSpringResourceProvider implements SpringResourceProvider { + +  @Override +  public String getName() { +    return "EAAF PVP2 S-Profile Service-Provider SpringResourceProvider"; +  } + +  @Override +  public String[] getPackagesToScan() { +    // TODO Auto-generated method stub +    return null; +  } + +  @Override +  public Resource[] getResourcesToLoad() { +    final ClassPathResource sl20AuthConfig = +        new ClassPathResource("/eaaf_pvp_sp.beans.xml", Pvp2SProfileSpSpringResourceProvider.class); + +    return new Resource[] { sl20AuthConfig }; +  } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java index c906ca43..752386a0 100644 --- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java @@ -24,6 +24,18 @@ import java.util.List;  import javax.servlet.http.HttpServletResponse; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException; +  import org.apache.commons.lang3.StringUtils;  import org.joda.time.DateTime;  import org.opensaml.messaging.encoder.MessageEncodingException; @@ -48,19 +60,7 @@ import org.slf4j.Logger;  import org.slf4j.LoggerFactory;  import org.springframework.beans.factory.annotation.Autowired;  import org.springframework.context.ApplicationContext; -import org.springframework.stereotype.Service; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; -import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation; -import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;  import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy;  /** @@ -69,7 +69,6 @@ import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGene   * @author tlenz   *   */ -@Service("pvpAuthnRequestBuilder")  public class PvpAuthnRequestBuilder {    private static final Logger log = LoggerFactory.getLogger(PvpAuthnRequestBuilder.class); diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/logging/PvpSpModuleMessageSource.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/logging/PvpSpModuleMessageSource.java new file mode 100644 index 00000000..7fbd2daf --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/logging/PvpSpModuleMessageSource.java @@ -0,0 +1,16 @@ +package at.gv.egiz.eaaf.modules.pvp2.sp.impl.logging; + +import java.util.Arrays; +import java.util.List; + +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + +public class PvpSpModuleMessageSource implements IMessageSourceLocation { + +  @Override +  public List<String> getMessageSourceLocation() { +    return Arrays.asList("classpath:messages/pvp_sp_messages"); + +  } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider new file mode 100644 index 00000000..9a6cb2d2 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider @@ -0,0 +1 @@ +at.gv.egiz.eaaf.modules.pvp2.sp.Pvp2SProfileSpSpringResourceProvider
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/eaaf_pvp_sp.beans.xml b/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/eaaf_pvp_sp.beans.xml new file mode 100644 index 00000000..439ad005 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/eaaf_pvp_sp.beans.xml @@ -0,0 +1,19 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<beans xmlns="http://www.springframework.org/schema/beans" +  xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" +  xmlns:context="http://www.springframework.org/schema/context" +  xmlns:tx="http://www.springframework.org/schema/tx" +  xmlns:aop="http://www.springframework.org/schema/aop" +  xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd +    http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd +    http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd +    http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd"> + +  <bean id="pvpSpLogMessageSource" +        class="at.gv.egiz.eaaf.modules.pvp2.sp.impl.logging.PvpSpModuleMessageSource" /> + +  <bean id="pvpAuthnRequestBuilder" +        class="at.gv.egiz.eaaf.modules.pvp2.sp.impl.PvpAuthnRequestBuilder" /> +         +</beans>
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/messages/pvp_sp_messages.properties b/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/messages/pvp_sp_messages.properties new file mode 100644 index 00000000..682c3f18 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/messages/pvp_sp_messages.properties @@ -0,0 +1,17 @@ +sp.pvp2.00=Can not build PVP AuthnRequest for {0} {1}. No valid SingleSignOnService endpoint found. +sp.pvp2.01=Can not build PVP AuthnRequest for {0}. IDP is not allowed for federated authentication. +sp.pvp2.02=Can not build PVP AuthnRequest for {0}. IDP has no (valid) metadata. +sp.pvp2.03=Receive PVP Response from {0} with unsupported Binding.   +sp.pvp2.04=Receive invalid PVP Response from {0}. No PVP metadata found.   +sp.pvp2.05=Receive invalid PVP Response from {0} {1}. StatusCode:{2} Msg:{3}. +sp.pvp2.06=Receive invalid PVP Response from {0}. Assertion does not contain all required attributes. +sp.pvp2.07=Receive invalid PVP Response from {0}. Attribute {1} is not valid. +sp.pvp2.08=Receive invalid PVP Response from {0}. Response issuer {1} is not valid or allowed. +sp.pvp2.09=Receive invalid PVP Response from {0} {1}. StatusCodes:{2} {3} Msg:{4} +sp.pvp2.10=Receive invalid PVP Response from {0}. No valid assertion included. +sp.pvp2.11=Receive invalid PVP Response from {0}. Assertion decryption FAILED. +sp.pvp2.12=Receive invalid PVP Response from {0}. Msg:{1} +sp.pvp2.13=Can not build PVP AuthnRequest for {0}. Internal processing error. + + + diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/sp/test/Pvp2SProfileSpSpringResourceProviderTest.java b/eaaf_modules/eaaf_module_pvp2_sp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/sp/test/Pvp2SProfileSpSpringResourceProviderTest.java new file mode 100644 index 00000000..4a132c3f --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/sp/test/Pvp2SProfileSpSpringResourceProviderTest.java @@ -0,0 +1,57 @@ +package at.gv.egiz.eaaf.modules.pvp2.sp.test; + +import java.io.IOException; +import java.io.InputStream; + +import at.gv.egiz.eaaf.core.test.TestConstants; +import at.gv.egiz.eaaf.modules.pvp2.Pvp2SProfileCoreSpringResourceProvider; +import at.gv.egiz.eaaf.modules.pvp2.sp.Pvp2SProfileSpSpringResourceProvider; + +import org.apache.commons.io.IOUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.core.io.Resource; + + + +@RunWith(BlockJUnit4ClassRunner.class) +public class Pvp2SProfileSpSpringResourceProviderTest { + +  @Test +  public void testSpringConfig() { +    final Pvp2SProfileCoreSpringResourceProvider test = +        new Pvp2SProfileCoreSpringResourceProvider(); +    for (final Resource el : test.getResourcesToLoad()) { +      try { +        IOUtils.toByteArray(el.getInputStream()); + +      } catch (final IOException e) { +        Assert.fail("Ressouce: " + el.getFilename() + " not found"); +      } + +    } + +    Assert.assertNotNull("no Name", test.getName()); +    Assert.assertNull("Find package definitions", test.getPackagesToScan()); + +  } + +  @Test +  public void testSpILoaderConfig() { +    final InputStream el = this.getClass().getResourceAsStream(TestConstants.TEST_SPI_LOADER_PATH); +    try { +      final String spiFile = IOUtils.toString(el, "UTF-8"); + +      Assert.assertEquals("Wrong classpath in SPI file", +          Pvp2SProfileSpSpringResourceProvider.class.getName(), spiFile); + + +    } catch (final IOException e) { +      Assert.fail("Ressouce: " + TestConstants.TEST_SPI_LOADER_PATH + " not found"); + +    } +  } + +} diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/sp/test/PvpSpMessageSourceTest.java b/eaaf_modules/eaaf_module_pvp2_sp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/sp/test/PvpSpMessageSourceTest.java new file mode 100644 index 00000000..34ac9b5a --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_sp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/sp/test/PvpSpMessageSourceTest.java @@ -0,0 +1,36 @@ +package at.gv.egiz.eaaf.modules.pvp2.sp.test; + +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ "/eaaf_pvp_sp.beans.xml"}) +public class PvpSpMessageSourceTest { + +  @Autowired +  private ResourceLoader loader; +  @Autowired(required = false) +  private IMessageSourceLocation messageSource; + +  @Test +  public void simpleTests() { +    Assert.assertNotNull("No messageSource", messageSource); + +    Assert.assertNotNull("No sourcePath", messageSource.getMessageSourceLocation()); + +    for (final String el : messageSource.getMessageSourceLocation()) { +      final Resource messages = loader.getResource(el + ".properties"); +      Assert.assertTrue("Source not exist", messages.exists()); + +    } + +  } +} | 
