summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java155
1 files changed, 81 insertions, 74 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
index da417ec7..1cbc2f14 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java
@@ -2,6 +2,9 @@ package at.gv.egiz.eaaf.modules.pvp2.test.metadata;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
@@ -10,21 +13,6 @@ import java.util.List;
import javax.xml.transform.TransformerException;
-import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
-import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
-import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter;
-import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
-
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
import org.joda.time.DateTime;
@@ -68,6 +56,20 @@ import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.w3c.dom.Element;
+import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
import net.shibboleth.utilities.java.support.resolver.ResolverException;
@@ -91,7 +93,8 @@ public class MetadataResolverTest {
private PvpMetadataResolverFactory metadataResolverFactory;
@Autowired
private IHttpClientFactory httpClientFactory;
- @Autowired private DummyCredentialProvider credentialProvider;
+ @Autowired
+ private DummyCredentialProvider credentialProvider;
/**
* JUnit class initializer.
@@ -183,16 +186,15 @@ public class MetadataResolverTest {
}
@Test
- public void noCredentials() {
+ public void noCredentials() throws KeyStoreException {
final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml";
- final List<BasicX509Credential> credentials = new ArrayList<>();
-
+ final KeyStore keystore = KeyStore.getInstance("JKS");
final List<MetadataFilter> filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
metadataUrl));
final MetadataFilterChain filterChain = new MetadataFilterChain();
@@ -212,20 +214,21 @@ public class MetadataResolverTest {
}
@Test
- public void wrongCredentials() throws CertificateException {
+ public void wrongCredentials() throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException {
final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml";
- final List<BasicX509Credential> credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
final BasicX509Credential credential = new BasicX509Credential((X509Certificate) fact.generateCertificate(
MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
- credentials.add(credential);
+ keystore.setCertificateEntry("1", credential.getEntityCertificate());
final List<MetadataFilter> filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
metadataUrl));
final MetadataFilterChain filterChain = new MetadataFilterChain();
@@ -246,21 +249,22 @@ public class MetadataResolverTest {
@Test
public void validCredentialsInvalidSig() throws CertificateException, Pvp2MetadataException,
- ResolverException {
+ ResolverException, KeyStoreException, NoSuchAlgorithmException, IOException {
final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml";
- final List<BasicX509Credential> credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
final List<MetadataFilter> filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
metadataUrl));
final MetadataFilterChain filterChain = new MetadataFilterChain();
@@ -281,7 +285,8 @@ public class MetadataResolverTest {
@Test
public void metadataSignatureValidCredentials() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
mockWebServer.shutdown();
mockWebServer = new MockWebServer();
@@ -300,19 +305,20 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List<BasicX509Credential> credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("3", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List<MetadataFilter> filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new PvpEntityCategoryFilter(true));
@@ -332,7 +338,8 @@ public class MetadataResolverTest {
@Test
public void metadataSignatureValidCredentialsSecond() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
@@ -347,19 +354,20 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List<BasicX509Credential> credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("3", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List<MetadataFilter> filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new PvpEntityCategoryFilter(true));
@@ -370,8 +378,6 @@ public class MetadataResolverTest {
mockServerUrl.url().toString(),
filterChain, "jUnit test", httpClientFactory.getHttpClient());
-
-
final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID());
Assert.assertNotNull("No EntityDescripter", descr);
@@ -385,11 +391,13 @@ public class MetadataResolverTest {
@Test
public void metadataSignatureValidCredentialsThird() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
- MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory_egov.xml"));
+ MetadataResolverTest.class.getResourceAsStream(
+ "/data/pvp_metadata_valid_with_entityCategory_egov.xml"));
metadata.setValidUntil(DateTime.now().plusDays(1));
metadata.setSignature(null);
metadata.setEntityID(RandomStringUtils.randomAlphabetic(10));
@@ -400,19 +408,20 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List<BasicX509Credential> credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("3", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List<MetadataFilter> filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new PvpEntityCategoryFilter(true));
@@ -423,8 +432,6 @@ public class MetadataResolverTest {
mockServerUrl.url().toString(),
filterChain, "jUnit test", httpClientFactory.getHttpClient());
-
-
final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID());
Assert.assertNotNull("No EntityDescripter", descr);
@@ -438,7 +445,8 @@ public class MetadataResolverTest {
@Test
public void metadataExpired() throws CertificateException, Pvp2MetadataException,
ResolverException, XMLParserException, UnmarshallingException, SamlSigningException,
- CredentialsNotAvailableException, MarshallingException, TransformerException, IOException {
+ CredentialsNotAvailableException, MarshallingException, TransformerException, IOException,
+ KeyStoreException, NoSuchAlgorithmException {
final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
XMLObjectProviderRegistrySupport.getParserPool(),
@@ -452,24 +460,24 @@ public class MetadataResolverTest {
.setBody(SerializeSupport.nodeToString(metadataElement))
.setHeader("Content-Type", "text/html;charset=utf-8"));
- final List<BasicX509Credential> credentials = new ArrayList<>();
+ final KeyStore keystore = KeyStore.getInstance("JKS");
+ keystore.load(null, "junit".toCharArray());
final CertificateFactory fact = CertificateFactory.getInstance("X.509");
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))));
- credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate(
- MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))));
+ keystore.setCertificateEntry("1", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")));
+ keystore.setCertificateEntry("2", fact.generateCertificate(
+ MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")));
final List<MetadataFilter> filterList = new ArrayList<>();
filterList.add(new SchemaValidationFilter(true));
filterList.add(new SimpleMetadataSignatureVerificationFilter(
- credentials,
+ keystore,
mockServerUrl.url().toString()));
filterList.add(new RequiredValidUntilFilter());
filterList.add(new PvpEntityCategoryFilter(false));
-
final MetadataFilterChain filterChain = new MetadataFilterChain();
filterChain.setFilters(filterList);
@@ -484,7 +492,6 @@ public class MetadataResolverTest {
}
-
}
@Test
generated by cgit v1.2.3 (git 2.25.1) at 2024-04-27 18:12:36 +0000