summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java34
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java328
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java96
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java331
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java69
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props7
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_3.props18
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml32
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/pom.xml12
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/Pvp2SProfileSpSpringResourceProvider.java48
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java25
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/logging/PvpSpModuleMessageSource.java16
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider1
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/eaaf_pvp_sp.beans.xml19
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/messages/pvp_sp_messages.properties17
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/sp/test/Pvp2SProfileSpSpringResourceProviderTest.java57
-rw-r--r--eaaf_modules/eaaf_module_pvp2_sp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/sp/test/PvpSpMessageSourceTest.java36
17 files changed, 839 insertions, 307 deletions
diff --git a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
index b5727015..01c3d6f1 100644
--- a/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
+++ b/eaaf_core_utils/src/test/java/at/gv/egiz/eaaf/core/test/credentials/EaafKeyStoreFactoryTest.java
@@ -42,7 +42,7 @@ import io.grpc.StatusRuntimeException;
public class EaafKeyStoreFactoryTest {
private static final String HSM_FACASE_HOST = "eid.a-sit.at";
- private static final String HSM_FACASE_PORT = "9000";
+ private static final String HSM_FACASE_PORT = "9050";
private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt";
private static final String HSM_FACASE_USERNAME = "authhandler-junit";
private static final String HSM_FACASE_PASSWORD = "supersecret123";
@@ -57,6 +57,8 @@ public class EaafKeyStoreFactoryTest {
private static final String PATH_TO_HSM_FACADE_TRUST_CERT = "src/test/resources/data/hsm_facade_trust_root.crt";
private static final String SOFTWARE_KEYSTORE_PASSWORD = "password";
+ private static final String HSM_FACADE_KEY_ALIAS = "authhandler-sign";
+
@Autowired
private DummyAuthConfigMap mapConfig;
@Autowired
@@ -604,7 +606,7 @@ public class EaafKeyStoreFactoryTest {
@Test
@DirtiesContext
- public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException {
+ public void hsmFacadeKeyStoreSuccessASitTestFacade() throws EaafException, KeyStoreException {
configureHsmFacade();
final EaafKeyStoreFactory keyStoreFactory = context.getBean(EaafKeyStoreFactory.class);
@@ -619,6 +621,34 @@ public class EaafKeyStoreFactoryTest {
final KeyStore keyStore = keyStoreFactory.buildNewKeyStore(keyStoreConfig);
Assert.assertNotNull("KeyStore is null", keyStore);
+ //read trusted certs
+ final List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore);
+ Assert.assertNotNull("Trusted certs", trustedCerts);
+ Assert.assertEquals("Trusted certs size", 0, trustedCerts.size());
+
+ //read priv. key
+ final Pair<Key, X509Certificate[]> privCred1 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ keyStore, HSM_FACADE_KEY_ALIAS, null, true, "jUnit test");
+ Assert.assertNotNull("Credential 1", privCred1);
+ Assert.assertNotNull("Credential 1 priv. key", privCred1.getFirst());
+ Assert.assertNotNull("Credential 1 certificate", privCred1.getSecond());
+
+ //read priv. key
+ final Pair<Key, X509Certificate[]> privCred2 = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ keyStore, HSM_FACADE_KEY_ALIAS, "shouldBeIgnord".toCharArray(), true, "jUnit test");
+ Assert.assertNotNull("Credential 2", privCred2);
+ Assert.assertNotNull("Credential 2 priv. key", privCred2.getFirst());
+ Assert.assertNotNull("Credential 2 certificate", privCred2.getSecond());
+
+ try {
+ EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ keyStore, "notExist", "wrong".toCharArray(), true, "jUnit test");
+ Assert.fail("Wrong password not detected");
+
+ } catch (final EaafKeyAccessException e) {
+ Assert.assertEquals("wrong errorcode", "internal.keystore.09", e.getErrorId());
+ }
+
}
private void configureHsmFacade() {
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
new file mode 100644
index 00000000..d5186857
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
@@ -0,0 +1,328 @@
+package at.gv.egiz.eaaf.modules.pvp2.test;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
+import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
+
+import org.joda.time.DateTime;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.common.xml.SAMLConstants;
+import org.opensaml.saml.saml2.core.Assertion;
+import org.opensaml.saml.saml2.core.AuthnRequest;
+import org.opensaml.saml.saml2.core.EncryptedAssertion;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.Response;
+import org.opensaml.saml.saml2.encryption.Encrypter;
+import org.opensaml.saml.saml2.encryption.Encrypter.KeyPlacement;
+import org.opensaml.security.x509.X509Credential;
+import org.opensaml.xmlsec.SecurityConfigurationSupport;
+import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;
+import org.opensaml.xmlsec.encryption.support.EncryptionException;
+import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters;
+import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.Assert;
+
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+
+public abstract class AbstractSamlVerificationEngine {
+
+ @Autowired
+ private PvpMetadataResolverFactory metadataResolverFactory;
+ @Autowired
+ private SamlVerificationEngine verifyEngine;
+ @Autowired
+ protected DummyCredentialProvider credentialProvider;
+
+ @Autowired DummyMetadataProvider metadataProvider;
+ @Autowired IConfiguration authConfig;
+
+ /**
+ * JUnit class initializer.
+ *
+ * @throws Exception In case of an OpenSAML3 initialization error
+ */
+ @BeforeClass
+ public static void classInitializer() throws Exception {
+ EaafOpenSaml3xInitializer.eaafInitialize();
+
+ }
+ protected abstract String getMetadataJunitJKeystore();
+
+ protected abstract String getMetadataClassPathEntityPath();
+
+ protected abstract String getAuthnRequestWithoutSigPath();
+
+ protected abstract String getResponseWithSigPath();
+
+ protected abstract String getResponseWithoutSigPath();
+
+
+ @Test
+ public void validateSamlRequestSuccess() throws SecurityException, Exception {
+
+ final String authnReqPath = getAuthnRequestWithoutSigPath();
+ final String metadataPath = getMetadataClassPathEntityPath();
+ final String spEntityId = metadataPath;
+
+ final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg =
+ initializeAuthnRequest(spEntityId, metadataPath, authnReqPath,
+ credentialProvider.getMetaDataSigningCredential());
+
+ final PvpSProfileRequest msg = new PvpSProfileRequest(
+ inputMsg.getFirst(),
+ SAMLConstants.SAML2_POST_BINDING_URI);
+ msg.setEntityID(spEntityId);
+
+ verifyEngine.verify(msg,
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+
+ }
+
+ @Test
+ public void validateSamlRequestWrongSignature() throws SecurityException, Exception {
+
+ final String authnReqPath = getAuthnRequestWithoutSigPath();
+ final String metadataPath = getMetadataJunitJKeystore();
+ final String spEntityId = metadataPath;
+
+ final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg =
+ initializeAuthnRequest(spEntityId, metadataPath, authnReqPath,
+ credentialProvider.getMetaDataSigningCredential());
+
+ metadataProvider.addMetadataResolverIntoChain(inputMsg.getSecond());
+
+ final PvpSProfileRequest msg = new PvpSProfileRequest(
+ inputMsg.getFirst(),
+ SAMLConstants.SAML2_POST_BINDING_URI);
+ msg.setEntityID(spEntityId);
+
+ try {
+ verifyEngine.verify(msg,
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+ org.junit.Assert.fail("Wrong signature not detected");
+
+ } catch (final Exception e) {
+ Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType");
+ org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.10", ((EaafException) e).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void verifyResponseSuccessTest() throws Pvp2InternalErrorException, SecurityException, Exception {
+ metadataProvider.runGarbageCollector();
+
+ final String authnReqPath = getResponseWithoutSigPath();
+ final String metadataPath = getMetadataClassPathEntityPath();
+ final String spEntityId = metadataPath;
+
+ final Pair<Response, IPvp2MetadataProvider> inputMsg =
+ initializeResponse(spEntityId, metadataPath, authnReqPath,
+ credentialProvider.getMetaDataSigningCredential());
+
+ final PvpSProfileResponse msg = new PvpSProfileResponse(
+ inputMsg.getFirst());
+ msg.setEntityID(spEntityId);
+
+ verifyEngine.verify(msg,
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+
+ }
+
+ @Test
+ public void verifyResponseSuccessSecondTest()
+ throws Pvp2InternalErrorException, SecurityException, Exception {
+
+ final String authnReqPath = getResponseWithoutSigPath();
+ final String metadataPath = getMetadataClassPathEntityPath();
+ final String spEntityId = metadataPath;
+
+ final Pair<Response, IPvp2MetadataProvider> inputMsg =
+ initializeResponse(spEntityId, metadataPath, authnReqPath,
+ credentialProvider.getMetaDataSigningCredential());
+
+ verifyEngine.verifyIdpResponse(inputMsg.getFirst(),
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+
+ }
+
+ @Test
+ public void verifySpResponse()
+ throws Pvp2InternalErrorException, SecurityException, Exception {
+
+ final String authnReqPath = getResponseWithoutSigPath();
+ final String metadataPath = getMetadataClassPathEntityPath();
+ final String spEntityId = metadataPath;
+
+ final Pair<Response, IPvp2MetadataProvider> inputMsg =
+ initializeResponse(spEntityId, metadataPath, authnReqPath,
+ credentialProvider.getMetaDataSigningCredential());
+
+ verifyEngine.verifySloResponse(inputMsg.getFirst(),
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+
+ }
+
+ @Test
+ public void verifyResponseWithoutId() throws Pvp2InternalErrorException, SecurityException, Exception {
+
+ final String authnReqPath = getResponseWithSigPath();
+ final String metadataPath = getMetadataClassPathEntityPath();
+ final String spEntityId = metadataPath;
+
+ final Pair<Response, IPvp2MetadataProvider> inputMsg =
+ initializeResponse(spEntityId, metadataPath, authnReqPath,
+ credentialProvider.getMetaDataSigningCredential());
+
+ final PvpSProfileResponse msg = new PvpSProfileResponse(
+ inputMsg.getFirst());
+ msg.setEntityID(spEntityId);
+
+ try {
+ verifyEngine.verify(msg,
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+ org.junit.Assert.fail("Wrong XML schema not detected");
+
+ } catch (final Exception e) {
+ Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType");
+ org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.03", ((EaafException) e).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void verifyResponseWrongTrust() throws Pvp2InternalErrorException, SecurityException, Exception {
+
+ final String authnReqPath = getResponseWithoutSigPath();
+ final String metadataPath = getMetadataJunitJKeystore();
+ final String spEntityId = metadataPath;
+
+ final Pair<Response, IPvp2MetadataProvider> inputMsg =
+ initializeResponse(spEntityId, metadataPath, authnReqPath,
+ credentialProvider.getMetaDataSigningCredential());
+
+ final PvpSProfileResponse msg = new PvpSProfileResponse(
+ inputMsg.getFirst());
+ msg.setEntityID(spEntityId);
+
+ try {
+ verifyEngine.verify(msg,
+ TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+ org.junit.Assert.fail("No TrustedCert not detected");
+
+ } catch (final Exception e) {
+ Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType");
+ org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.10", ((EaafException) e).getErrorId());
+
+ }
+ }
+
+ protected Pair<Response, IPvp2MetadataProvider> initializeResponse(String spEntityId, String metadataPath,
+ String authnReqPath, EaafX509Credential credential)
+ throws SamlSigningException, XMLParserException, UnmarshallingException, Pvp2MetadataException {
+ final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider(
+ metadataPath, null, "jUnit metadata resolver", null);
+
+ final Response authnReq = (Response) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ AbstractSamlVerificationEngine.class.getResourceAsStream(authnReqPath));
+ authnReq.setIssueInstant(DateTime.now());
+ final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+ issuer.setValue(spEntityId);
+ authnReq.setIssuer(issuer);
+
+ return Pair.newInstance(
+ Saml2Utils.signSamlObject(authnReq, credential, true),
+ mdResolver);
+ }
+
+ protected Pair<AuthnRequest, IPvp2MetadataProvider> initializeAuthnRequest(String spEntityId,
+ String metadataPath, String authnReqPath, EaafX509Credential credential)
+ throws SamlSigningException, CredentialsNotAvailableException,
+ XMLParserException, UnmarshallingException, Pvp2InternalErrorException, Pvp2MetadataException {
+
+ final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider(
+ metadataPath, null, "jUnit metadata resolver", null);
+
+ final AuthnRequest authnReq = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ AbstractSamlVerificationEngine.class.getResourceAsStream(authnReqPath));
+ authnReq.setIssueInstant(DateTime.now());
+ final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+ issuer.setValue(spEntityId);
+ authnReq.setIssuer(issuer);
+
+ return Pair.newInstance(
+ Saml2Utils.signSamlObject(authnReq, credential, true),
+ mdResolver);
+
+ }
+
+ protected static EncryptedAssertion doEncryption(Assertion assertion,
+ X509Credential encryptionCredentials, IConfiguration authConfig)
+ throws Exception {
+ try {
+ final String keyEncAlg = Saml2Utils.getKeyOperationAlgorithmFromCredential(
+ encryptionCredentials,
+ authConfig.getBasicConfiguration(
+ PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG,
+ PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA),
+ authConfig.getBasicConfiguration(
+ PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG,
+ PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC));
+
+ final DataEncryptionParameters dataEncParams = new DataEncryptionParameters();
+ dataEncParams.setAlgorithm(authConfig.getBasicConfiguration(
+ PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_DATA, PvpConstants.DEFAULT_SYM_ENCRYPTION_METHODE));
+
+ final List<KeyEncryptionParameters> keyEncParamList = new ArrayList<>();
+ final KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters();
+ keyEncParam.setEncryptionCredential(encryptionCredentials);
+ keyEncParam.setAlgorithm(keyEncAlg);
+
+ final KeyInfoGeneratorFactory kigf =
+ SecurityConfigurationSupport.getGlobalEncryptionConfiguration()
+ .getKeyTransportKeyInfoGeneratorManager().getDefaultManager().getFactory(encryptionCredentials);
+ keyEncParam.setKeyInfoGenerator(kigf.newInstance());
+ keyEncParamList.add(keyEncParam);
+
+ final Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList);
+ samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
+
+ return samlEncrypter.encrypt(assertion);
+
+ } catch (final EncryptionException | SamlSigningException e1) {
+ throw new Exception(e1);
+
+ }
+
+ }
+
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
index be3f9a8f..3ba4c962 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/CredentialProviderTest.java
@@ -6,6 +6,7 @@ import java.util.List;
import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException;
import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfigMap;
import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
@@ -34,10 +35,11 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
public class CredentialProviderTest {
private static final String HSM_FACASE_HOST = "eid.a-sit.at";
- private static final String HSM_FACASE_PORT = "9000";
+ private static final String HSM_FACASE_PORT = "9050";
+ private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt";
private static final String HSM_FACASE_USERNAME = "authhandler-junit";
private static final String HSM_FACASE_PASSWORD = "supersecret123";
- private static final String HSM_FACASE_SSL_TRUST = "src/test/resources/data/hsm_facade_trust_root.crt";
+ private static final String HSM_FACASE_HSM_NAME = "software";
private static final String PATH_JKS_WITH_TRUST_CERTS = "src/test/resources/data/junit.jks";
private static final String PATH_JKS_WITHOUT_TRUST_CERTS = "src/test/resources/data/junit_without_trustcerts.jks";
@@ -50,6 +52,8 @@ public class CredentialProviderTest {
private static final String PASSWORD = "password";
+ private static final String HSM_FACADE_KEY_ALIAS = "authhandler-sign";
+
@Autowired private ApplicationContext context;
@Autowired private DummyAuthConfigMap config;
@@ -61,9 +65,10 @@ public class CredentialProviderTest {
public void initialize() {
config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HOST, HSM_FACASE_HOST);
config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_PORT, HSM_FACASE_PORT);
+ config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST);
config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_USERNAME, HSM_FACASE_USERNAME);
config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_CLIENT_PASSWORD, HSM_FACASE_PASSWORD);
- config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_SSLTRUST, HSM_FACASE_SSL_TRUST);
+ config.putConfigValue(EaafKeyStoreFactory.CONFIG_PROP_HSM_FACADE_HSM_NAME, HSM_FACASE_HSM_NAME);
config.putConfigValue(DummyCredentialProvider.KEYSTORE_NAME, HSM_FACASE_KEYSTORE_NAME);
@@ -505,6 +510,91 @@ public class CredentialProviderTest {
}
}
+ @Test
+ @DirtiesContext
+ public void hasFacadeMissingKeyStoreName() {
+ config.putConfigValue(DummyCredentialProvider.KEYSTORE_TYPE,
+ KeyStoreConfiguration.KeyStoreType.HSMFACADE.getKeyStoreType());
+ config.removeConfigValue(DummyCredentialProvider.KEYSTORE_NAME);
+
+ try {
+ context.getBean(DummyCredentialProvider.class);
+ Assert.fail("No KeyStore not detected");
+
+ } catch (final BeansException e) {
+ org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class,
+ e.getCause(), "Wrong exception");
+
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void hasFacadeWrongAlias() {
+ config.putConfigValue(DummyCredentialProvider.KEYSTORE_TYPE,
+ KeyStoreConfiguration.KeyStoreType.HSMFACADE.getKeyStoreType());
+ config.putConfigValue(DummyCredentialProvider.KEYSTORE_NAME, HSM_FACASE_KEYSTORE_NAME);
+
+ final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS,
+ RandomStringUtils.randomAlphabetic(5));
+
+ try {
+ checkCredential(credential.getMetaDataSigningCredential(),
+ PvpConstants.DEFAULT_SIGNING_METHODE_RSA,
+ PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA);
+ Assert.fail("Wrong 'alias' not detected");
+
+ } catch (final CredentialsNotAvailableException e) {
+ Assert.assertEquals("Wrong errorCode", "internal.pvp.01", e.getErrorId());
+
+ }
+
+ }
+
+ @Test
+ @DirtiesContext
+ public void validConfigurationHsmFacade() throws CredentialsNotAvailableException {
+
+ config.putConfigValue(DummyCredentialProvider.KEYSTORE_TYPE,
+ KeyStoreConfiguration.KeyStoreType.HSMFACADE.getKeyStoreType());
+ config.putConfigValue(DummyCredentialProvider.KEYSTORE_NAME, HSM_FACASE_KEYSTORE_NAME);
+
+ final DummyCredentialProvider credential = context.getBean(DummyCredentialProvider.class);
+
+ Assert.assertNotNull("Credetialprovider", credential);
+ Assert.assertNotNull("Friendlyname", credential.getFriendlyName());
+
+ config.putConfigValue(DummyCredentialProvider.KEY_METADATA_ALIAS,
+ HSM_FACADE_KEY_ALIAS);
+ config.putConfigValue(DummyCredentialProvider.KEY_METADATA_PASSWORD,
+ PASSWORD);
+
+
+ checkCredential(credential.getMetaDataSigningCredential(),
+ PvpConstants.DEFAULT_SIGNING_METHODE_RSA,
+ PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA);
+
+ config.putConfigValue(DummyCredentialProvider.KEY_SIGNING_ALIAS,
+ HSM_FACADE_KEY_ALIAS);
+
+ checkCredential(credential.getMessageSigningCredential(),
+ PvpConstants.DEFAULT_SIGNING_METHODE_RSA,
+ PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA);
+
+
+ final List<X509Certificate> trustCerts = credential.getTrustedCertificates();
+ Assert.assertNotNull("TrustCerts are null", trustCerts);
+ Assert.assertTrue("TrustCerts not empty", trustCerts.isEmpty());
+
+ }
+
+
private void checkCredential(EaafX509Credential metaDataSigningCredential, String sigAlg, String keyEncAlg) {
Assert.assertNotNull("No metadata signing credentials", metaDataSigningCredential);
Assert.assertNotNull("SigAlg is null",
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
index 66e87537..bc0084f7 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java
@@ -1,53 +1,33 @@
package at.gv.egiz.eaaf.modules.pvp2.test;
-import java.util.ArrayList;
-import java.util.List;
-
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
-import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
-import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
import org.joda.time.DateTime;
-import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
-import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
import org.opensaml.core.xml.io.UnmarshallingException;
import org.opensaml.core.xml.util.XMLObjectSupport;
import org.opensaml.saml.common.xml.SAMLConstants;
import org.opensaml.saml.saml2.core.Assertion;
import org.opensaml.saml.saml2.core.AuthnRequest;
import org.opensaml.saml.saml2.core.EncryptedAssertion;
-import org.opensaml.saml.saml2.core.Issuer;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.StatusCode;
-import org.opensaml.saml.saml2.encryption.Encrypter;
-import org.opensaml.saml.saml2.encryption.Encrypter.KeyPlacement;
-import org.opensaml.security.x509.X509Credential;
-import org.opensaml.xmlsec.SecurityConfigurationSupport;
-import org.opensaml.xmlsec.encryption.support.DataEncryptionParameters;
-import org.opensaml.xmlsec.encryption.support.EncryptionException;
-import org.opensaml.xmlsec.encryption.support.KeyEncryptionParameters;
-import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorFactory;
import org.opensaml.xmlsec.signature.support.SignatureConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.context.ContextConfiguration;
@@ -62,11 +42,9 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException;
@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
"/spring/test_eaaf_core_spring_config.beans.xml" })
@TestPropertySource(locations = { "/config/config_1.props" })
-public class SamlVerificationEngineTest {
+public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine {
@Autowired
- private PvpMetadataResolverFactory metadataResolverFactory;
- @Autowired
private SamlVerificationEngine verifyEngine;
@Autowired
private DummyCredentialProvider credentialProvider;
@@ -74,103 +52,38 @@ public class SamlVerificationEngineTest {
@Autowired DummyMetadataProvider metadataProvider;
@Autowired IConfiguration authConfig;
- /**
- * JUnit class initializer.
- *
- * @throws Exception In case of an OpenSAML3 initialization error
- */
- @BeforeClass
- public static void classInitializer() throws Exception {
- EaafOpenSaml3xInitializer.eaafInitialize();
+ @Override
+ protected String getMetadataClassPathEntityPath() {
+ return "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml";
}
- @Test
- public void validateSamlRequestSuccess() throws SecurityException, Exception {
-
- final String authnReqPath = "/data/AuthRequest_without_sig_1.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml";
- final String spEntityId = metadataPath;
-
- final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg =
- initializeAuthnRequest(spEntityId, metadataPath, authnReqPath,
- credentialProvider.getMetaDataSigningCredential());
-
- final PvpSProfileRequest msg = new PvpSProfileRequest(
- inputMsg.getFirst(),
- SAMLConstants.SAML2_POST_BINDING_URI);
- msg.setEntityID(spEntityId);
-
- verifyEngine.verify(msg,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-
+ @Override
+ protected String getMetadataJunitJKeystore() {
+ return "classpath:/data/pvp_metadata_junit_keystore.xml";
}
- @Test
- public void validateSamlRequestWrongSignature() throws SecurityException, Exception {
-
- final String authnReqPath = "/data/AuthRequest_without_sig_1.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
- final String spEntityId = metadataPath;
-
- final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg =
- initializeAuthnRequest(spEntityId, metadataPath, authnReqPath,
- credentialProvider.getMetaDataSigningCredential());
-
- metadataProvider.addMetadataResolverIntoChain(inputMsg.getSecond());
-
- final PvpSProfileRequest msg = new PvpSProfileRequest(
- inputMsg.getFirst(),
- SAMLConstants.SAML2_POST_BINDING_URI);
- msg.setEntityID(spEntityId);
-
- try {
- verifyEngine.verify(msg,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
- org.junit.Assert.fail("Wrong signature not detected");
-
- } catch (final Exception e) {
- Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType");
- org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.10", ((EaafException) e).getErrorId());
+ @Override
+ protected String getAuthnRequestWithoutSigPath() {
+ return "/data/AuthRequest_without_sig_1.xml";
- }
}
- @Test
- public void validateSamlInvalidRequest() throws SecurityException, Exception {
-
- final String authnReqPath = "/data/AuthRequest_without_sig_missing_id.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
- final String spEntityId = metadataPath;
-
- final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg =
- initializeAuthnRequest(spEntityId, metadataPath, authnReqPath,
- credentialProvider.getMetaDataSigningCredential());
-
- metadataProvider.addMetadataResolverIntoChain(inputMsg.getSecond());
-
- final PvpSProfileRequest msg = new PvpSProfileRequest(
- inputMsg.getFirst(),
- SAMLConstants.SAML2_POST_BINDING_URI);
- msg.setEntityID(spEntityId);
-
- try {
- verifyEngine.verify(msg,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
- org.junit.Assert.fail("invalid request not detected");
-
- } catch (final Exception e) {
- Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType");
- org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.03", ((EaafException) e).getErrorId());
+ @Override
+ protected String getResponseWithSigPath() {
+ return "/data/Response_with_sig_1.xml";
+ }
- }
+ @Override
+ protected String getResponseWithoutSigPath() {
+ return "/data/Response_without_sig_1.xml";
}
@Test
public void validateSamlRequestWrongSignatureAlg() throws SecurityException, Exception {
- final String authnReqPath = "/data/AuthRequest_without_sig_1.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
+ final String authnReqPath = getAuthnRequestWithoutSigPath();
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = metadataPath;
metadataProvider.runGarbageCollector();
@@ -199,79 +112,27 @@ public class SamlVerificationEngineTest {
}
@Test
- public void verifyResponseSuccessTest() throws Pvp2InternalErrorException, SecurityException, Exception {
- metadataProvider.runGarbageCollector();
-
- final String authnReqPath = "/data/Response_without_sig_1.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml";
- final String spEntityId = metadataPath;
-
- final Pair<Response, IPvp2MetadataProvider> inputMsg =
- initializeResponse(spEntityId, metadataPath, authnReqPath,
- credentialProvider.getMetaDataSigningCredential());
-
- final PvpSProfileResponse msg = new PvpSProfileResponse(
- inputMsg.getFirst());
- msg.setEntityID(spEntityId);
-
- verifyEngine.verify(msg,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-
- }
-
- @Test
- public void verifyResponseSuccessSecondTest()
- throws Pvp2InternalErrorException, SecurityException, Exception {
-
- final String authnReqPath = "/data/Response_without_sig_1.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml";
- final String spEntityId = metadataPath;
-
- final Pair<Response, IPvp2MetadataProvider> inputMsg =
- initializeResponse(spEntityId, metadataPath, authnReqPath,
- credentialProvider.getMetaDataSigningCredential());
-
- verifyEngine.verifyIdpResponse(inputMsg.getFirst(),
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-
- }
-
- @Test
- public void verifySpResponse()
- throws Pvp2InternalErrorException, SecurityException, Exception {
+ public void validateSamlInvalidRequest() throws SecurityException, Exception {
- final String authnReqPath = "/data/Response_without_sig_1.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml";
+ final String authnReqPath = "/data/AuthRequest_without_sig_missing_id.xml";
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = metadataPath;
- final Pair<Response, IPvp2MetadataProvider> inputMsg =
- initializeResponse(spEntityId, metadataPath, authnReqPath,
+ final Pair<AuthnRequest, IPvp2MetadataProvider> inputMsg =
+ initializeAuthnRequest(spEntityId, metadataPath, authnReqPath,
credentialProvider.getMetaDataSigningCredential());
- verifyEngine.verifySloResponse(inputMsg.getFirst(),
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
-
- }
-
- @Test
- public void verifyResponseWithoutId() throws Pvp2InternalErrorException, SecurityException, Exception {
-
- final String authnReqPath = "/data/Response_with_sig_1.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml";
- final String spEntityId = metadataPath;
-
- final Pair<Response, IPvp2MetadataProvider> inputMsg =
- initializeResponse(spEntityId, metadataPath, authnReqPath,
- credentialProvider.getMetaDataSigningCredential());
+ metadataProvider.addMetadataResolverIntoChain(inputMsg.getSecond());
- final PvpSProfileResponse msg = new PvpSProfileResponse(
- inputMsg.getFirst());
+ final PvpSProfileRequest msg = new PvpSProfileRequest(
+ inputMsg.getFirst(),
+ SAMLConstants.SAML2_POST_BINDING_URI);
msg.setEntityID(spEntityId);
try {
verifyEngine.verify(msg,
TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
- org.junit.Assert.fail("Wrong XML schema not detected");
+ org.junit.Assert.fail("invalid request not detected");
} catch (final Exception e) {
Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType");
@@ -281,37 +142,10 @@ public class SamlVerificationEngineTest {
}
@Test
- public void verifyResponseWrongTrust() throws Pvp2InternalErrorException, SecurityException, Exception {
-
- final String authnReqPath = "/data/Response_without_sig_1.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
- final String spEntityId = metadataPath;
-
- final Pair<Response, IPvp2MetadataProvider> inputMsg =
- initializeResponse(spEntityId, metadataPath, authnReqPath,
- credentialProvider.getMetaDataSigningCredential());
-
- final PvpSProfileResponse msg = new PvpSProfileResponse(
- inputMsg.getFirst());
- msg.setEntityID(spEntityId);
-
- try {
- verifyEngine.verify(msg,
- TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
- org.junit.Assert.fail("No TrustedCert not detected");
-
- } catch (final Exception e) {
- Assert.isInstanceOf(InvalidProtocolRequestException.class, e, "Wrong exceptionType");
- org.junit.Assert.assertEquals("Wrong errorcode", "internal.pvp.10", ((EaafException) e).getErrorId());
-
- }
- }
-
- @Test
public void verifyAssertionSucessNotEncrypted() throws SamlSigningException, Pvp2MetadataException,
CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";
final Pair<Response, IPvp2MetadataProvider> inputMsg =
@@ -328,7 +162,7 @@ public class SamlVerificationEngineTest {
public void verifyAssertionWrongAudiency() throws SamlSigningException, Pvp2MetadataException,
CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = "https://demo.egiz.gv.at/";
final Pair<Response, IPvp2MetadataProvider> inputMsg =
@@ -349,7 +183,7 @@ public class SamlVerificationEngineTest {
public void verifyAssertionWrongStatusCode() throws SamlSigningException, Pvp2MetadataException,
CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";
final Pair<Response, IPvp2MetadataProvider> inputMsg =
@@ -374,7 +208,7 @@ public class SamlVerificationEngineTest {
public void verifyAssertionWrongIssueInstant() throws SamlSigningException, Pvp2MetadataException,
CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";
final Pair<Response, IPvp2MetadataProvider> inputMsg =
@@ -399,7 +233,7 @@ public class SamlVerificationEngineTest {
public void verifyAssertionNoContitions() throws SamlSigningException, Pvp2MetadataException,
CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";
final Pair<Response, IPvp2MetadataProvider> inputMsg =
@@ -424,7 +258,7 @@ public class SamlVerificationEngineTest {
public void verifyAssertionWrongContitions() throws SamlSigningException, Pvp2MetadataException,
CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";
final Pair<Response, IPvp2MetadataProvider> inputMsg =
@@ -448,7 +282,7 @@ public class SamlVerificationEngineTest {
public void verifyAssertionWrongContitionsAudienceRestrictions() throws SamlSigningException, Pvp2MetadataException,
CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";
final Pair<Response, IPvp2MetadataProvider> inputMsg =
@@ -475,7 +309,7 @@ public class SamlVerificationEngineTest {
public void verifyAssertionWrongContitionsNotBefore() throws SamlSigningException, Pvp2MetadataException,
CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";
final Pair<Response, IPvp2MetadataProvider> inputMsg =
@@ -501,7 +335,7 @@ public class SamlVerificationEngineTest {
public void verifyAssertionWrongContitionsNotOnOrAfter() throws SamlSigningException, Pvp2MetadataException,
CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";
final Pair<Response, IPvp2MetadataProvider> inputMsg =
@@ -527,7 +361,7 @@ public class SamlVerificationEngineTest {
public void verifyAssertionValidContitions() throws SamlSigningException, Pvp2MetadataException,
CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";
final Pair<Response, IPvp2MetadataProvider> inputMsg =
@@ -548,7 +382,7 @@ public class SamlVerificationEngineTest {
public void verifyEncAssertionWrongKey() throws SamlSigningException, Pvp2MetadataException,
CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
final String authnReqPath = "/data/Asserion_enc_no_key.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = "https://eid.a-sit.at/Shibboleth.sso/";
final Pair<Response, IPvp2MetadataProvider> inputMsg =
@@ -569,7 +403,7 @@ public class SamlVerificationEngineTest {
@Test
public void verifyEncAssertion() throws Exception {
final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";
final Pair<Response, IPvp2MetadataProvider> inputMsg =
@@ -602,7 +436,7 @@ public class SamlVerificationEngineTest {
@Test
public void verifyEncAssertionWrongSchema() throws Exception {
final String authnReqPath = "/data/Response_without_sig_classpath_entityid.xml";
- final String metadataPath = "classpath:/data/pvp_metadata_junit_keystore.xml";
+ final String metadataPath = getMetadataJunitJKeystore();
final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";
final Pair<Response, IPvp2MetadataProvider> inputMsg =
@@ -636,85 +470,4 @@ public class SamlVerificationEngineTest {
}
- private Pair<Response, IPvp2MetadataProvider> initializeResponse(String spEntityId, String metadataPath,
- String authnReqPath, EaafX509Credential credential)
- throws SamlSigningException, XMLParserException, UnmarshallingException, Pvp2MetadataException {
- final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider(
- metadataPath, null, "jUnit metadata resolver", null);
-
- final Response authnReq = (Response) XMLObjectSupport.unmarshallFromInputStream(
- XMLObjectProviderRegistrySupport.getParserPool(),
- SamlVerificationEngineTest.class.getResourceAsStream(authnReqPath));
- authnReq.setIssueInstant(DateTime.now());
- final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
- issuer.setValue(spEntityId);
- authnReq.setIssuer(issuer);
-
- return Pair.newInstance(
- Saml2Utils.signSamlObject(authnReq, credential, true),
- mdResolver);
- }
-
- private Pair<AuthnRequest, IPvp2MetadataProvider> initializeAuthnRequest(String spEntityId,
- String metadataPath, String authnReqPath, EaafX509Credential credential)
- throws SamlSigningException, CredentialsNotAvailableException,
- XMLParserException, UnmarshallingException, Pvp2InternalErrorException, Pvp2MetadataException {
-
- final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider(
- metadataPath, null, "jUnit metadata resolver", null);
-
- final AuthnRequest authnReq = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream(
- XMLObjectProviderRegistrySupport.getParserPool(),
- SamlVerificationEngineTest.class.getResourceAsStream(authnReqPath));
- authnReq.setIssueInstant(DateTime.now());
- final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
- issuer.setValue(spEntityId);
- authnReq.setIssuer(issuer);
-
- return Pair.newInstance(
- Saml2Utils.signSamlObject(authnReq, credential, true),
- mdResolver);
-
- }
-
- private static EncryptedAssertion doEncryption(Assertion assertion,
- X509Credential encryptionCredentials, IConfiguration authConfig)
- throws Exception {
- try {
- final String keyEncAlg = Saml2Utils.getKeyOperationAlgorithmFromCredential(
- encryptionCredentials,
- authConfig.getBasicConfiguration(
- PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_RSA_ALG,
- PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_RSA),
- authConfig.getBasicConfiguration(
- PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_KEY_EC_ALG,
- PvpConstants.DEFAULT_ASYM_ENCRYPTION_METHODE_EC));
-
- final DataEncryptionParameters dataEncParams = new DataEncryptionParameters();
- dataEncParams.setAlgorithm(authConfig.getBasicConfiguration(
- PvpConstants.CONFIG_PROP_SEC_ENCRYPTION_DATA, PvpConstants.DEFAULT_SYM_ENCRYPTION_METHODE));
-
- final List<KeyEncryptionParameters> keyEncParamList = new ArrayList<>();
- final KeyEncryptionParameters keyEncParam = new KeyEncryptionParameters();
- keyEncParam.setEncryptionCredential(encryptionCredentials);
- keyEncParam.setAlgorithm(keyEncAlg);
-
- final KeyInfoGeneratorFactory kigf =
- SecurityConfigurationSupport.getGlobalEncryptionConfiguration()
- .getKeyTransportKeyInfoGeneratorManager().getDefaultManager().getFactory(encryptionCredentials);
- keyEncParam.setKeyInfoGenerator(kigf.newInstance());
- keyEncParamList.add(keyEncParam);
-
- final Encrypter samlEncrypter = new Encrypter(dataEncParams, keyEncParamList);
- samlEncrypter.setKeyPlacement(KeyPlacement.PEER);
-
- return samlEncrypter.encrypt(assertion);
-
- } catch (final EncryptionException | SamlSigningException e1) {
- throw new Exception(e1);
-
- }
-
- }
-
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
new file mode 100644
index 00000000..95f63003
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
@@ -0,0 +1,69 @@
+package at.gv.egiz.eaaf.modules.pvp2.test;
+
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.xmlsec.signature.support.SignatureConstants;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
+ "/spring/test_eaaf_core_spring_config.beans.xml" })
+@TestPropertySource(locations = { "/config/config_3.props" })
+public class SamlVerificationEngineWithHsmFacadeTest extends AbstractSamlVerificationEngine {
+
+ @Override
+ protected String getMetadataClassPathEntityPath() {
+ return "classpath:/data/pvp_metadata_junit_keystore_classpath_entityId.xml";
+
+ }
+
+ @Override
+ protected String getMetadataJunitJKeystore() {
+ return "classpath:/data/pvp_metadata_junit_keystore.xml";
+ }
+
+ @Override
+ protected String getAuthnRequestWithoutSigPath() {
+ return "/data/AuthRequest_without_sig_1.xml";
+
+ }
+
+ @Override
+ protected String getResponseWithSigPath() {
+ return "/data/Response_with_sig_1.xml";
+ }
+
+ @Override
+ protected String getResponseWithoutSigPath() {
+ return "/data/Response_without_sig_1.xml";
+ }
+
+ @Test
+ public void validateSamlRequestWrongSignatureAlg() throws SecurityException, Exception {
+
+ final String authnReqPath = getAuthnRequestWithoutSigPath();
+ final String metadataPath = getMetadataJunitJKeystore();
+ final String spEntityId = metadataPath;
+
+ metadataProvider.runGarbageCollector();
+
+ final EaafX509Credential cred = credentialProvider.getMetaDataSigningCredential();
+ cred.setSignatureAlgorithmForSigning(SignatureConstants.ALGO_ID_SIGNATURE_NOT_RECOMMENDED_RSA_MD5);
+ try {
+ initializeAuthnRequest(spEntityId, metadataPath, authnReqPath,
+ cred);
+ org.junit.Assert.fail("Wrong SigAlg not detected");
+
+ } catch (final SamlSigningException e) {
+ org.junit.Assert.assertEquals("Wrong errorCode", "internal.pvp.96", e.getErrorId());
+
+ }
+ }
+
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props
index 164b8807..6177b738 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_1.props
@@ -1,3 +1,10 @@
+security.hsmfacade.host=eid.a-sit.at
+security.hsmfacade.port=9050
+security.hsmfacade.trustedsslcert=src/test/resources/data/hsm_facade_trust_root.crt
+security.hsmfacade.username=authhandler-junit
+security.hsmfacade.password=supersecret123
+security.hsmfacade.hsmname=software
+
keystore.path=classpath:/data/junit.jks
keystore.pass=password
key.metadata.alias=meta
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_3.props b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_3.props
new file mode 100644
index 00000000..abc8f591
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/config/config_3.props
@@ -0,0 +1,18 @@
+security.hsmfacade.host=eid.a-sit.at
+security.hsmfacade.port=9050
+security.hsmfacade.trustedsslcert=src/test/resources/data/hsm_facade_trust_root.crt
+security.hsmfacade.username=authhandler-junit
+security.hsmfacade.password=supersecret123
+security.hsmfacade.hsmname=software
+
+keystore.type=hsmfacade
+keystore.name=authhandler
+key.metadata.alias=authhandler-sign
+key.sig.alias=authhandler-sign
+key.sig.pass=password
+key.enc.alias=
+key.enc.pass=
+
+client.http.connection.timeout.socket=2
+client.http.connection.timeout.connection=2
+client.http.connection.timeout.request=2 \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml
index cfc334a6..67eed2ac 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/resources/data/pvp_metadata_junit_keystore_classpath_entityId.xml
@@ -66,6 +66,22 @@ SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh
ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L
</ds:X509Certificate>
</ds:X509Data>
+ <ds:X509Data>
+ <ds:X509Certificate>MIIDEzCCArqgAwIBAgIIHL62SBANl8QwCgYIKoZIzj0EAwIwIzEhMB8GA1UEAwwYS2V5c3RvcmVC
+YWNrZWRQa2lTZXJ2aWNlMB4XDTIwMDIxNzEyMzMxNloXDTIwMDUxNzExMzMxNlowMjEdMBsGA1UE
+AwwUaW50LWF1dGhoYW5kbGVyLXNpZ24xETAPBgNVBAoMCHNvZnR3YXJlMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAtVRK3ocL1aqCO+Q0OELikVbEU6tOsXGg1HCWr07YdTsu/qoRCVrB
+THF6xqgtFjBVGWkg5kFS7853Lg3peSO1K63RzXWldcgUUM8o9zTybbBI74eXcK8pug1LLAkytQ1i
+I6w166am8eoG/vTrc+TIFCDm+pyzmGcl5K8c8Gnm0k41vsMViEFgy6Oq9glts8eEUCOF3ZnL8rIv
+w4hjrGsQ+8iZPZEEuMj+rZ2iLI9bjWv6xmNKWTLSO9dm7d2kTNGLQST0XFJkmFDXjQ1jXApXkGlp
+i8igWCX3CU8jSuPLdCQ4VU/Pqr/J4uzBWBsv01vs4aqyLVZTGs23xUjJ+9I9fmn1VIfhuh6zGHq+
+jfjBfD6FhndNoPiMEpJT34h39rtF14GOlhb/I1OGjxIyMQGvT7up7p3AlPC7Lz2ylWrVWojR/cAE
+umzS6zWgRW9zmVIgC7j48EmMjkapyUWVBR7FkfdodedzSPNETRdWXr7WulSBjjj82AWmwuoDrSZd
+330g7FUZHd0D1JFUkLXOgZ1SmyFXds7fTiJGzk4XdYiS8MD07pokNDhZ7FHFGSoTHB8u4fvG2r0u
+6tvLRBRkv/3wzDcTcPbEa9Z1JQ3Qh+/aJQmaQMMnE9m4msW4GqTGBoshss8FW1EvUi7JAh4EvXJJ
+bhNQmfwU5wBD6WbPsURo7i0CAwEAATAKBggqhkjOPQQDAgNHADBEAiAyb9SMaC7U/HY//YcfjcR0
+j0/DL+9ckFNMvdw0IUq3yAIgEtWkYQrh5Oog7DmVJv0z/C1qPzcjfzDwJI4AlF7IfO4=</ds:X509Certificate>
+ </ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" Location="https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp2/post"/>
@@ -145,6 +161,22 @@ SM49BAMCA0kAMEYCIQDFUO0owvqMVRO2FmD+vb8mqJBpWCE6Cl5pEHaygTa5LwIh
ANsmjI2azWiTSFjb7Ou5fnCfbeiJUP0s66m8qS4rYl9L
</ds:X509Certificate>
</ds:X509Data>
+ <ds:X509Data>
+ <ds:X509Certificate>MIIDEzCCArqgAwIBAgIIHL62SBANl8QwCgYIKoZIzj0EAwIwIzEhMB8GA1UEAwwYS2V5c3RvcmVC
+YWNrZWRQa2lTZXJ2aWNlMB4XDTIwMDIxNzEyMzMxNloXDTIwMDUxNzExMzMxNlowMjEdMBsGA1UE
+AwwUaW50LWF1dGhoYW5kbGVyLXNpZ24xETAPBgNVBAoMCHNvZnR3YXJlMIICIjANBgkqhkiG9w0B
+AQEFAAOCAg8AMIICCgKCAgEAtVRK3ocL1aqCO+Q0OELikVbEU6tOsXGg1HCWr07YdTsu/qoRCVrB
+THF6xqgtFjBVGWkg5kFS7853Lg3peSO1K63RzXWldcgUUM8o9zTybbBI74eXcK8pug1LLAkytQ1i
+I6w166am8eoG/vTrc+TIFCDm+pyzmGcl5K8c8Gnm0k41vsMViEFgy6Oq9glts8eEUCOF3ZnL8rIv
+w4hjrGsQ+8iZPZEEuMj+rZ2iLI9bjWv6xmNKWTLSO9dm7d2kTNGLQST0XFJkmFDXjQ1jXApXkGlp
+i8igWCX3CU8jSuPLdCQ4VU/Pqr/J4uzBWBsv01vs4aqyLVZTGs23xUjJ+9I9fmn1VIfhuh6zGHq+
+jfjBfD6FhndNoPiMEpJT34h39rtF14GOlhb/I1OGjxIyMQGvT7up7p3AlPC7Lz2ylWrVWojR/cAE
+umzS6zWgRW9zmVIgC7j48EmMjkapyUWVBR7FkfdodedzSPNETRdWXr7WulSBjjj82AWmwuoDrSZd
+330g7FUZHd0D1JFUkLXOgZ1SmyFXds7fTiJGzk4XdYiS8MD07pokNDhZ7FHFGSoTHB8u4fvG2r0u
+6tvLRBRkv/3wzDcTcPbEa9Z1JQ3Qh+/aJQmaQMMnE9m4msW4GqTGBoshss8FW1EvUi7JAh4EvXJJ
+bhNQmfwU5wBD6WbPsURo7i0CAwEAATAKBggqhkjOPQQDAgNHADBEAiAyb9SMaC7U/HY//YcfjcR0
+j0/DL+9ckFNMvdw0IUq3yAIgEtWkYQrh5Oog7DmVJv0z/C1qPzcjfzDwJI4AlF7IfO4=</ds:X509Certificate>
+ </ds:X509Data>
</ds:KeyInfo>
</md:KeyDescriptor>
<md:KeyDescriptor use="encryption">
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
index 5b16a151..d5faede5 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
+++ b/eaaf_modules/eaaf_module_pvp2_sp/pom.xml
@@ -32,11 +32,23 @@
<scope>provided</scope>
</dependency>
+ <!-- Only for testing -->
<dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
</dependency>
+ <dependency>
+ <groupId>org.springframework</groupId>
+ <artifactId>spring-test</artifactId>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>at.gv.egiz.eaaf</groupId>
+ <artifactId>eaaf_core_utils</artifactId>
+ <scope>test</scope>
+ <type>test-jar</type>
+ </dependency>
</dependencies>
<build>
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/Pvp2SProfileSpSpringResourceProvider.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/Pvp2SProfileSpSpringResourceProvider.java
new file mode 100644
index 00000000..7535e013
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/Pvp2SProfileSpSpringResourceProvider.java
@@ -0,0 +1,48 @@
+/*
+ * Copyright 2017 Graz University of Technology EAAF-Core Components has been developed in a
+ * cooperation between EGIZ, A-SIT Plus, A-SIT, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by the European
+ * Commission - subsequent versions of the EUPL (the "Licence"); You may not use this work except in
+ * compliance with the Licence. You may obtain a copy of the Licence at:
+ * https://joinup.ec.europa.eu/news/understanding-eupl-v12
+ *
+ * Unless required by applicable law or agreed to in writing, software distributed under the Licence
+ * is distributed on an "AS IS" basis, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
+ * or implied. See the Licence for the specific language governing permissions and limitations under
+ * the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text file for details on the
+ * various modules and licenses. The "NOTICE" text file is part of the distribution. Any derivative
+ * works that you distribute must include a readable copy of the "NOTICE" text file.
+*/
+
+package at.gv.egiz.eaaf.modules.pvp2.sp;
+
+import at.gv.egiz.components.spring.api.SpringResourceProvider;
+
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+
+public class Pvp2SProfileSpSpringResourceProvider implements SpringResourceProvider {
+
+ @Override
+ public String getName() {
+ return "EAAF PVP2 S-Profile Service-Provider SpringResourceProvider";
+ }
+
+ @Override
+ public String[] getPackagesToScan() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Resource[] getResourcesToLoad() {
+ final ClassPathResource sl20AuthConfig =
+ new ClassPathResource("/eaaf_pvp_sp.beans.xml", Pvp2SProfileSpSpringResourceProvider.class);
+
+ return new Resource[] { sl20AuthConfig };
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
index c906ca43..752386a0 100644
--- a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/PvpAuthnRequestBuilder.java
@@ -24,6 +24,18 @@ import java.util.List;
import javax.servlet.http.HttpServletResponse;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
+import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
+
import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime;
import org.opensaml.messaging.encoder.MessageEncodingException;
@@ -48,19 +60,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
-import org.springframework.stereotype.Service;
-import at.gv.egiz.eaaf.core.api.IRequest;
-import at.gv.egiz.eaaf.modules.pvp2.api.binding.IEncoder;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute;
-import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding;
-import at.gv.egiz.eaaf.modules.pvp2.impl.builder.reqattr.EaafRequestExtensionBuilder;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.sp.api.IPvpAuthnRequestBuilderConfiguruation;
-import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnRequestBuildException;
import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGenerationStrategy;
/**
@@ -69,7 +69,6 @@ import net.shibboleth.utilities.java.support.security.SecureRandomIdentifierGene
* @author tlenz
*
*/
-@Service("pvpAuthnRequestBuilder")
public class PvpAuthnRequestBuilder {
private static final Logger log = LoggerFactory.getLogger(PvpAuthnRequestBuilder.class);
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/logging/PvpSpModuleMessageSource.java b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/logging/PvpSpModuleMessageSource.java
new file mode 100644
index 00000000..7fbd2daf
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/java/at/gv/egiz/eaaf/modules/pvp2/sp/impl/logging/PvpSpModuleMessageSource.java
@@ -0,0 +1,16 @@
+package at.gv.egiz.eaaf.modules.pvp2.sp.impl.logging;
+
+import java.util.Arrays;
+import java.util.List;
+
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
+public class PvpSpModuleMessageSource implements IMessageSourceLocation {
+
+ @Override
+ public List<String> getMessageSourceLocation() {
+ return Arrays.asList("classpath:messages/pvp_sp_messages");
+
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider b/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
new file mode 100644
index 00000000..9a6cb2d2
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/META-INF/services/at.gv.egiz.components.spring.api.SpringResourceProvider
@@ -0,0 +1 @@
+at.gv.egiz.eaaf.modules.pvp2.sp.Pvp2SProfileSpSpringResourceProvider \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/eaaf_pvp_sp.beans.xml b/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/eaaf_pvp_sp.beans.xml
new file mode 100644
index 00000000..439ad005
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/eaaf_pvp_sp.beans.xml
@@ -0,0 +1,19 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<beans xmlns="http://www.springframework.org/schema/beans"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xmlns:context="http://www.springframework.org/schema/context"
+ xmlns:tx="http://www.springframework.org/schema/tx"
+ xmlns:aop="http://www.springframework.org/schema/aop"
+ xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+ http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+ http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+ http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+ <bean id="pvpSpLogMessageSource"
+ class="at.gv.egiz.eaaf.modules.pvp2.sp.impl.logging.PvpSpModuleMessageSource" />
+
+ <bean id="pvpAuthnRequestBuilder"
+ class="at.gv.egiz.eaaf.modules.pvp2.sp.impl.PvpAuthnRequestBuilder" />
+
+</beans> \ No newline at end of file
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/messages/pvp_sp_messages.properties b/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/messages/pvp_sp_messages.properties
new file mode 100644
index 00000000..682c3f18
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/main/resources/messages/pvp_sp_messages.properties
@@ -0,0 +1,17 @@
+sp.pvp2.00=Can not build PVP AuthnRequest for {0} {1}. No valid SingleSignOnService endpoint found.
+sp.pvp2.01=Can not build PVP AuthnRequest for {0}. IDP is not allowed for federated authentication.
+sp.pvp2.02=Can not build PVP AuthnRequest for {0}. IDP has no (valid) metadata.
+sp.pvp2.03=Receive PVP Response from {0} with unsupported Binding.
+sp.pvp2.04=Receive invalid PVP Response from {0}. No PVP metadata found.
+sp.pvp2.05=Receive invalid PVP Response from {0} {1}. StatusCode:{2} Msg:{3}.
+sp.pvp2.06=Receive invalid PVP Response from {0}. Assertion does not contain all required attributes.
+sp.pvp2.07=Receive invalid PVP Response from {0}. Attribute {1} is not valid.
+sp.pvp2.08=Receive invalid PVP Response from {0}. Response issuer {1} is not valid or allowed.
+sp.pvp2.09=Receive invalid PVP Response from {0} {1}. StatusCodes:{2} {3} Msg:{4}
+sp.pvp2.10=Receive invalid PVP Response from {0}. No valid assertion included.
+sp.pvp2.11=Receive invalid PVP Response from {0}. Assertion decryption FAILED.
+sp.pvp2.12=Receive invalid PVP Response from {0}. Msg:{1}
+sp.pvp2.13=Can not build PVP AuthnRequest for {0}. Internal processing error.
+
+
+
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/sp/test/Pvp2SProfileSpSpringResourceProviderTest.java b/eaaf_modules/eaaf_module_pvp2_sp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/sp/test/Pvp2SProfileSpSpringResourceProviderTest.java
new file mode 100644
index 00000000..4a132c3f
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/sp/test/Pvp2SProfileSpSpringResourceProviderTest.java
@@ -0,0 +1,57 @@
+package at.gv.egiz.eaaf.modules.pvp2.sp.test;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import at.gv.egiz.eaaf.core.test.TestConstants;
+import at.gv.egiz.eaaf.modules.pvp2.Pvp2SProfileCoreSpringResourceProvider;
+import at.gv.egiz.eaaf.modules.pvp2.sp.Pvp2SProfileSpSpringResourceProvider;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.BlockJUnit4ClassRunner;
+import org.springframework.core.io.Resource;
+
+
+
+@RunWith(BlockJUnit4ClassRunner.class)
+public class Pvp2SProfileSpSpringResourceProviderTest {
+
+ @Test
+ public void testSpringConfig() {
+ final Pvp2SProfileCoreSpringResourceProvider test =
+ new Pvp2SProfileCoreSpringResourceProvider();
+ for (final Resource el : test.getResourcesToLoad()) {
+ try {
+ IOUtils.toByteArray(el.getInputStream());
+
+ } catch (final IOException e) {
+ Assert.fail("Ressouce: " + el.getFilename() + " not found");
+ }
+
+ }
+
+ Assert.assertNotNull("no Name", test.getName());
+ Assert.assertNull("Find package definitions", test.getPackagesToScan());
+
+ }
+
+ @Test
+ public void testSpILoaderConfig() {
+ final InputStream el = this.getClass().getResourceAsStream(TestConstants.TEST_SPI_LOADER_PATH);
+ try {
+ final String spiFile = IOUtils.toString(el, "UTF-8");
+
+ Assert.assertEquals("Wrong classpath in SPI file",
+ Pvp2SProfileSpSpringResourceProvider.class.getName(), spiFile);
+
+
+ } catch (final IOException e) {
+ Assert.fail("Ressouce: " + TestConstants.TEST_SPI_LOADER_PATH + " not found");
+
+ }
+ }
+
+}
diff --git a/eaaf_modules/eaaf_module_pvp2_sp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/sp/test/PvpSpMessageSourceTest.java b/eaaf_modules/eaaf_module_pvp2_sp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/sp/test/PvpSpMessageSourceTest.java
new file mode 100644
index 00000000..34ac9b5a
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_sp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/sp/test/PvpSpMessageSourceTest.java
@@ -0,0 +1,36 @@
+package at.gv.egiz.eaaf.modules.pvp2.sp.test;
+
+import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation;
+
+import org.junit.Assert;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.Resource;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({ "/eaaf_pvp_sp.beans.xml"})
+public class PvpSpMessageSourceTest {
+
+ @Autowired
+ private ResourceLoader loader;
+ @Autowired(required = false)
+ private IMessageSourceLocation messageSource;
+
+ @Test
+ public void simpleTests() {
+ Assert.assertNotNull("No messageSource", messageSource);
+
+ Assert.assertNotNull("No sourcePath", messageSource.getMessageSourceLocation());
+
+ for (final String el : messageSource.getMessageSourceLocation()) {
+ final Resource messages = loader.getResource(el + ".properties");
+ Assert.assertTrue("Source not exist", messages.exists());
+
+ }
+
+ }
+}