diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java')
-rw-r--r-- | eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java | 60 |
1 files changed, 49 insertions, 11 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java index abbfb1ea..0eb80cc9 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java @@ -32,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; @@ -48,15 +49,16 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; +import lombok.SneakyThrows; import net.shibboleth.utilities.java.support.xml.XMLParserException; public abstract class AbstractSamlVerificationEngine { @Autowired - private PvpMetadataResolverFactory metadataResolverFactory; + protected PvpMetadataResolverFactory metadataResolverFactory; @Autowired - private SamlVerificationEngine verifyEngine; + protected SamlVerificationEngine verifyEngine; @Autowired protected DummyCredentialProvider credentialProvider; @@ -255,22 +257,29 @@ public abstract class AbstractSamlVerificationEngine { } } + @SneakyThrows + protected Response initializeResponseSimple(String spEntityId, String authnReqPath, EaafX509Credential credential) { + final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + AbstractSamlVerificationEngine.class.getResourceAsStream(authnReqPath)); + response.setIssueInstant(Instant.now()); + final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); + issuer.setValue(spEntityId); + response.setIssuer(issuer); + + return Saml2Utils.signSamlObject(response, credential, true); + + } + + protected Pair<Response, IPvp2MetadataProvider> initializeResponse(String spEntityId, String metadataPath, String authnReqPath, EaafX509Credential credential) throws SamlSigningException, XMLParserException, UnmarshallingException, Pvp2MetadataException { final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( metadataPath, null, "jUnit metadata resolver", null); - final Response authnReq = (Response) XMLObjectSupport.unmarshallFromInputStream( - XMLObjectProviderRegistrySupport.getParserPool(), - AbstractSamlVerificationEngine.class.getResourceAsStream(authnReqPath)); - authnReq.setIssueInstant(Instant.now()); - final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); - issuer.setValue(spEntityId); - authnReq.setIssuer(issuer); - return Pair.newInstance( - Saml2Utils.signSamlObject(authnReq, credential, true), + initializeResponseSimple(spEntityId, authnReqPath, credential), mdResolver); } @@ -336,5 +345,34 @@ public abstract class AbstractSamlVerificationEngine { } + @SneakyThrows + protected void performEncryptionDecrytion(EaafX509Credential encdecCredential) { + final String responsePath = "/data/response_encrypt_decryption_test.xml"; + final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/"; + + final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + AbstractSamlVerificationEngine.class.getResourceAsStream(responsePath)); + + // encrypt assertion with key + response.getEncryptedAssertions().add(doEncryption(response.getAssertions().get(0), + encdecCredential, authConfig)); + response.getAssertions().clear(); + + // re-sign response + response.setIssueInstant(Instant.now()); + final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); + issuer.setValue(spEntityId); + response.setIssuer(issuer); + Saml2Utils.signSamlObject(response, credentialProvider.getMetaDataSigningCredential(), true); + + DomUtils.serializeNode(XMLObjectSupport.marshall(response)); + + + // decrypt and verify assertion by using EAAF implementation + verifyEngine.validateAssertion(response, encdecCredential, + spEntityId, "jUnit Test", false); + + } } |