diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java')
-rw-r--r-- | eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java | 725 |
1 files changed, 725 insertions, 0 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java new file mode 100644 index 00000000..f40fbc74 --- /dev/null +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java @@ -0,0 +1,725 @@ +package at.gv.egiz.eaaf.modules.pvp2.test.metadata; + +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.security.cert.CertificateException; +import java.security.cert.CertificateFactory; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; + +import javax.xml.transform.TransformerException; + +import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; + +import org.apache.commons.io.IOUtils; +import org.joda.time.DateTime; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.config.ConfigurationService; +import org.opensaml.core.criterion.EntityIdCriterion; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.criterion.EntityRoleCriterion; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain; +import org.opensaml.saml.metadata.resolver.filter.impl.RequiredValidUntilFilter; +import org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml.saml2.metadata.RequestedAttribute; +import org.opensaml.saml.saml2.metadata.SPSSODescriptor; +import org.opensaml.saml.security.impl.MetadataCredentialResolver; +import org.opensaml.security.credential.Credential; +import org.opensaml.security.credential.UsageType; +import org.opensaml.security.criteria.UsageCriterion; +import org.opensaml.security.x509.BasicX509Credential; +import org.opensaml.xmlsec.SignatureValidationConfiguration; +import org.opensaml.xmlsec.SignatureValidationParameters; +import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver; +import org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver; +import org.opensaml.xmlsec.keyinfo.impl.KeyInfoProvider; +import org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider; +import org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider; +import org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider; +import org.opensaml.xmlsec.signature.support.SignatureValidationParametersCriterion; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.w3c.dom.Element; + +import net.shibboleth.utilities.java.support.component.ComponentInitializationException; +import net.shibboleth.utilities.java.support.resolver.CriteriaSet; +import net.shibboleth.utilities.java.support.resolver.ResolverException; +import net.shibboleth.utilities.java.support.xml.SerializeSupport; +import net.shibboleth.utilities.java.support.xml.XMLParserException; +import okhttp3.HttpUrl; +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml" }) +@TestPropertySource(locations = { "/config/config_1.props" }) +public class MetadataResolverTest { + + private static MockWebServer mockWebServer; + private static HttpUrl mockServerUrl; + + @Autowired + private PvpMetadataResolverFactory metadataResolverFactory; + @Autowired + private IHttpClientFactory httpClientFactory; + @Autowired private DummyCredentialProvider credentialProvider; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void classInitializer() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/metadata"); + + } + + /** + * Single test initializer. + * + */ + @Before + public void testInitializer() { + + } + + @Test + public void wrongSchema() { + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + + try { + metadataResolverFactory.createMetadataProvider( + "classpath:/data/pvp_metadata_wrong_schema.xml", + filterChain, "jUnit test", null); + Assert.fail("Wrong XML Schema not detected"); + + } catch (final Pvp2MetadataException e) { + Assert.assertEquals("Wrong ErrorCode", "internal.pvp.08", e.getErrorId()); + Assert.assertNotNull("params null", e.getParams()); + Assert.assertEquals("Params size", 2, e.getParams().length); + Assert.assertEquals("Param[0] wrong", + "classpath:/data/pvp_metadata_wrong_schema.xml", e.getParams()[0]); + + } + + } + + @Test + public void simpleClasspathMetadataWithoutSigValidation() + throws Pvp2MetadataException, ComponentInitializationException, ResolverException, + Pvp2InternalErrorException { + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + + final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( + "classpath:/data/pvp_metadata_wrong_sig.xml", + filterChain, "jUnit test", null); + + final EntityDescriptor entityIdNotExists = mdResolver.getEntityDescriptor( + "https://demo.egiz.gv.at/notExtist/"); + Assert.assertNull("No EntityDescripter", entityIdNotExists); + + final EntityDescriptor entityId = mdResolver.getEntityDescriptor( + "https://demo.egiz.gv.at/demoportal_demologin/"); + Assert.assertNotNull("No EntityDescripter", entityId); + + Assert.assertNotNull("Metadata provider is null", mdResolver); + final MetadataCredentialResolver resolver = createKeyInfoResolver(mdResolver); + + final CriteriaSet criteriaSet = new CriteriaSet(); + criteriaSet.add(new EntityIdCriterion("https://demo.egiz.gv.at/demoportal_demologin/")); + criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME)); + criteriaSet.add(new UsageCriterion(UsageType.SIGNING)); + final SignatureValidationParameters sigValCrit = new SignatureValidationParameters(); + sigValCrit.setBlacklistedAlgorithms( + ConfigurationService.get(SignatureValidationConfiguration.class) + .getBlacklistedAlgorithms()); + sigValCrit.setSignatureTrustEngine( + TrustEngineFactory.getSignatureKnownKeysTrustEngine(mdResolver)); + criteriaSet.add(new SignatureValidationParametersCriterion(sigValCrit)); + + final Iterable<Credential> keyInfos = resolver.resolve(criteriaSet); + Assert.assertNotNull("KeyInfos null", keyInfos); + + } + + @Test + public void noCredentials() { + final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; + + final List<BasicX509Credential> credentials = new ArrayList<>(); + + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + + filterList.add(new SimpleMetadataSignatureVerificationFilter( + credentials, + metadataUrl)); + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + + try { + metadataResolverFactory.createMetadataProvider( + metadataUrl, + filterChain, "jUnit test", null); + Assert.fail("Untrusted signature not detected"); + + } catch (final Pvp2MetadataException e) { + Assert.assertEquals("Wrong errorCode", "internal.pvp.07", e.getErrorId()); + + } + + } + + @Test + public void wrongCredentials() throws CertificateException { + final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; + + final List<BasicX509Credential> credentials = new ArrayList<>(); + final CertificateFactory fact = CertificateFactory.getInstance("X.509"); + final BasicX509Credential credential = new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + credentials.add(credential); + + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + + filterList.add(new SimpleMetadataSignatureVerificationFilter( + credentials, + metadataUrl)); + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + + try { + metadataResolverFactory.createMetadataProvider( + metadataUrl, + filterChain, "jUnit test", null); + Assert.fail("Untrusted signature not detected"); + + } catch (final Pvp2MetadataException e) { + Assert.assertEquals("Wrong errorCode", "internal.pvp.07", e.getErrorId()); + + } + + } + + @Test + public void validCredentialsInvalidSig() throws CertificateException, Pvp2MetadataException, + ResolverException { + final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; + + final List<BasicX509Credential> credentials = new ArrayList<>(); + final CertificateFactory fact = CertificateFactory.getInstance("X.509"); + credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); + credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); + + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + + filterList.add(new SimpleMetadataSignatureVerificationFilter( + credentials, + metadataUrl)); + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + try { + metadataResolverFactory.createMetadataProvider( + metadataUrl, + filterChain, "jUnit test", null); + Assert.fail("Untrusted signature not detected"); + + } catch (final Pvp2MetadataException e) { + Assert.assertEquals("Wrong errorCode", "internal.pvp.07", e.getErrorId()); + + } + + } + + @Test + public void metadataSignatureValidCredentials() throws CertificateException, Pvp2MetadataException, + ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + + final String metadataUrl = "classpath:/data/pvp_metadata_valid.xml"; + + final List<BasicX509Credential> credentials = new ArrayList<>(); + final CertificateFactory fact = CertificateFactory.getInstance("X.509"); + credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); + credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); + credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + filterList.add(new SimpleMetadataSignatureVerificationFilter( + credentials, + metadataUrl)); + filterList.add(new PvpEntityCategoryFilter(true)); + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + + final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( + metadataUrl, + filterChain, "jUnit test", httpClientFactory.getHttpClient()); + + final EntityDescriptor entityIdNotExists = mdResolver.getEntityDescriptor( + "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eid/metadata"); + Assert.assertNotNull("No EntityDescripter", entityIdNotExists); + + } + + @Test + public void metadataSignatureValidCredentialsSecond() throws CertificateException, Pvp2MetadataException, + ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + + final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory.xml")); + metadata.setValidUntil(DateTime.now().plusDays(1)); + metadata.setSignature(null); + Saml2Utils.signSamlObject(metadata, credentialProvider.getIdpMetaDataSigningCredential(), true); + final Element metadataElement = XMLObjectSupport.marshall(metadata); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(SerializeSupport.nodeToString(metadataElement)) + .setHeader("Content-Type", "text/html;charset=utf-8")); + + final List<BasicX509Credential> credentials = new ArrayList<>(); + final CertificateFactory fact = CertificateFactory.getInstance("X.509"); + credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); + credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); + credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + filterList.add(new SimpleMetadataSignatureVerificationFilter( + credentials, + mockServerUrl.url().toString())); + filterList.add(new PvpEntityCategoryFilter(true)); + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + + final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( + mockServerUrl.url().toString(), + filterChain, "jUnit test", httpClientFactory.getHttpClient()); + + + + final EntityDescriptor descr = mdResolver.getEntityDescriptor( + "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eid/metadata"); + Assert.assertNotNull("No EntityDescripter", descr); + + final List<RequestedAttribute> reqAttr = descr.getSPSSODescriptor(SAMLConstants.SAML20P_NS) + .getAttributeConsumingServices().get(0).getRequestAttributes(); + Assert.assertNotNull("Req. attributes are null", reqAttr); + Assert.assertEquals("# of req. attributes", 20, reqAttr.size()); + + } + + @Test + public void metadataSignatureValidCredentialsThird() throws CertificateException, Pvp2MetadataException, + ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + + final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory_egov.xml")); + metadata.setValidUntil(DateTime.now().plusDays(1)); + metadata.setSignature(null); + Saml2Utils.signSamlObject(metadata, credentialProvider.getIdpMetaDataSigningCredential(), true); + final Element metadataElement = XMLObjectSupport.marshall(metadata); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(SerializeSupport.nodeToString(metadataElement)) + .setHeader("Content-Type", "text/html;charset=utf-8")); + + final List<BasicX509Credential> credentials = new ArrayList<>(); + final CertificateFactory fact = CertificateFactory.getInstance("X.509"); + credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); + credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); + credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + filterList.add(new SimpleMetadataSignatureVerificationFilter( + credentials, + mockServerUrl.url().toString())); + filterList.add(new PvpEntityCategoryFilter(true)); + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + + final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( + mockServerUrl.url().toString(), + filterChain, "jUnit test", httpClientFactory.getHttpClient()); + + + + final EntityDescriptor descr = mdResolver.getEntityDescriptor( + "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eid/metadata"); + Assert.assertNotNull("No EntityDescripter", descr); + + final List<RequestedAttribute> reqAttr = descr.getSPSSODescriptor(SAMLConstants.SAML20P_NS) + .getAttributeConsumingServices().get(0).getRequestAttributes(); + Assert.assertNotNull("Req. attributes are null", reqAttr); + Assert.assertEquals("# of req. attributes", 9, reqAttr.size()); + + } + + @Test + public void metadataExpired() throws CertificateException, Pvp2MetadataException, + ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + + final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid.xml")); + metadata.setValidUntil(DateTime.now().minusDays(2)); + metadata.setSignature(null); + Saml2Utils.signSamlObject(metadata, credentialProvider.getIdpMetaDataSigningCredential(), true); + final Element metadataElement = XMLObjectSupport.marshall(metadata); + + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(SerializeSupport.nodeToString(metadataElement)) + .setHeader("Content-Type", "text/html;charset=utf-8")); + + final List<BasicX509Credential> credentials = new ArrayList<>(); + final CertificateFactory fact = CertificateFactory.getInstance("X.509"); + credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); + credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); + credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + filterList.add(new SimpleMetadataSignatureVerificationFilter( + credentials, + mockServerUrl.url().toString())); + filterList.add(new RequiredValidUntilFilter()); + filterList.add(new PvpEntityCategoryFilter(false)); + + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + + try { + metadataResolverFactory.createMetadataProvider( + mockServerUrl.url().toString(), + filterChain, "jUnit test", httpClientFactory.getHttpClient()); + Assert.fail("Expired metadata not detected"); + + } catch (final Pvp2MetadataException e) { + Assert.assertEquals("Wrong errorCode", "internal.pvp.09", e.getErrorId()); + + } + + + } + + @Test + public void simpleClasspathMetadataWithoutSigValidationMoaidTwoSigKeys() + throws Pvp2MetadataException, ComponentInitializationException, ResolverException, + Pvp2InternalErrorException { + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + + final String entityIdToResolve = "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata"; + + final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( + "classpath:/data/pvp_metadata_moaid_test.xml", + filterChain, "jUnit test", null); + + final EntityDescriptor entityIdNotExists = mdResolver.getEntityDescriptor( + "https://demo.egiz.gv.at/notExtist/"); + Assert.assertNull("No EntityDescripter", entityIdNotExists); + + final EntityDescriptor entityId = mdResolver.getEntityDescriptor(entityIdToResolve); + Assert.assertNotNull("No EntityDescripter", entityId); + + Assert.assertNotNull("Metadata provider is null", mdResolver); + final MetadataCredentialResolver resolver = createKeyInfoResolver(mdResolver); + + final CriteriaSet sigCriteriaSet = new CriteriaSet(); + sigCriteriaSet.add(new EntityIdCriterion(entityIdToResolve)); + sigCriteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME)); + sigCriteriaSet.add(new UsageCriterion(UsageType.SIGNING)); + final SignatureValidationParameters sigValCrit = new SignatureValidationParameters(); + sigValCrit.setBlacklistedAlgorithms( + ConfigurationService.get(SignatureValidationConfiguration.class) + .getBlacklistedAlgorithms()); + sigValCrit.setSignatureTrustEngine( + TrustEngineFactory.getSignatureKnownKeysTrustEngine(mdResolver)); + sigCriteriaSet.add(new SignatureValidationParametersCriterion(sigValCrit)); + + final Iterable<Credential> singingKeyInfos = resolver.resolve(sigCriteriaSet); + Assert.assertNotNull("Signing KeyInfos null", singingKeyInfos); + Assert.assertTrue("First Credential resolved", singingKeyInfos.iterator().hasNext()); + Assert.assertTrue("Second Credential resolved", singingKeyInfos.iterator().hasNext()); + + final CriteriaSet encCriteriaSet = new CriteriaSet(); + encCriteriaSet.add(new EntityIdCriterion(entityIdToResolve)); + encCriteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME)); + encCriteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION)); + final Iterable<Credential> encKeyInfos = resolver.resolve(encCriteriaSet); + Assert.assertNotNull("Encryption KeyInfos null", encKeyInfos); + Assert.assertTrue("No Credential resolved", encKeyInfos.iterator().hasNext()); + + } + + @Test + public void httpMetadataLoading() throws UnsupportedEncodingException, + IOException, ResolverException, Pvp2MetadataException { + + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(new String(IOUtils.toByteArray( + MetadataResolverTest.class.getResourceAsStream( + "/data/pvp_metadata_moaid_test.xml")), "UTF-8")) + .setHeader("Content-Type", "text/xml")); + + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + + final String entityIdToResolve = "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata"; + + final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( + mockServerUrl.url().toString(), + filterChain, "jUnit test", httpClientFactory.getHttpClient()); + + final EntityDescriptor entityIdNotExists = mdResolver.getEntityDescriptor( + "https://demo.egiz.gv.at/notExtist/"); + Assert.assertNull("No EntityDescripter", entityIdNotExists); + + final EntityDescriptor entityId = mdResolver.getEntityDescriptor(entityIdToResolve); + Assert.assertNotNull("No EntityDescripter", entityId); + + } + + @Test + public void httpMetadataLoadingRefeshFailed() throws UnsupportedEncodingException, + IOException, ResolverException, Pvp2MetadataException { + + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(new String(IOUtils.toByteArray( + MetadataResolverTest.class.getResourceAsStream( + "/data/pvp_metadata_moaid_test.xml")), "UTF-8")) + .setHeader("Content-Type", "text/xml")); + + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + + final String entityIdToResolve = "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata"; + + final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( + mockServerUrl.url().toString(), + filterChain, "jUnit test", httpClientFactory.getHttpClient()); + + final EntityDescriptor entityIdNotExists = mdResolver.getEntityDescriptor( + "https://demo.egiz.gv.at/notExtist/"); + Assert.assertNull("No EntityDescripter", entityIdNotExists); + + final EntityDescriptor entityId = mdResolver.getEntityDescriptor(entityIdToResolve); + Assert.assertNotNull("No EntityDescripter", entityId); + + final DateTime lastRefreshSucess = mdResolver.getLastSuccessfulRefresh(); + + try { + mdResolver.refresh(); + Assert.fail("Refesh possible without available metadata"); + + } catch (final ResolverException e) { + Assert.assertFalse("Wrong Refesh success flag", mdResolver.wasLastRefreshSuccess()); + Assert.assertEquals("Wrong refresh success date", lastRefreshSucess, mdResolver + .getLastSuccessfulRefresh()); + + } + + } + + @Test + public void httpMetadataLoadingWithRefeshSuccess() throws UnsupportedEncodingException, + IOException, ResolverException, Pvp2MetadataException { + + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(new String(IOUtils.toByteArray( + MetadataResolverTest.class.getResourceAsStream( + "/data/pvp_metadata_moaid_test.xml")), "UTF-8")) + .setHeader("Content-Type", "text/xml")); + + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(new String(IOUtils.toByteArray( + MetadataResolverTest.class.getResourceAsStream( + "/data/pvp_metadata_moaid_test.xml")), "UTF-8")) + .setHeader("Content-Type", "text/xml")); + + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + + final String entityIdToResolve = "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata"; + + final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( + mockServerUrl.url().toString(), + filterChain, "jUnit test", httpClientFactory.getHttpClient()); + + final EntityDescriptor entityIdNotExists = mdResolver.getEntityDescriptor( + "https://demo.egiz.gv.at/notExtist/"); + Assert.assertNull("No EntityDescripter", entityIdNotExists); + + final EntityDescriptor entityId = mdResolver.getEntityDescriptor(entityIdToResolve); + Assert.assertNotNull("No EntityDescripter", entityId); + + final DateTime lastRefresh = mdResolver.getLastRefresh(); + + // refresh metadata + mdResolver.refresh(); + + Assert.assertTrue("Refresh not sucessful", mdResolver.wasLastRefreshSuccess()); + Assert.assertTrue("Wrong last refresh date", lastRefresh.isBefore(mdResolver.getLastRefresh())); + + } + + @Test + public void httpMetadataLoadingWithoutHttpClient() throws UnsupportedEncodingException, + IOException, ResolverException, Pvp2MetadataException { + + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(new String(IOUtils.toByteArray( + MetadataResolverTest.class.getResourceAsStream( + "/data/pvp_metadata_moaid_test.xml")), "UTF-8")) + .setHeader("Content-Type", "text/xml")); + + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + + try { + metadataResolverFactory.createMetadataProvider( + mockServerUrl.url().toString(), + filterChain, "jUnit test", null); + Assert.fail("No httpclient not detected"); + + } catch (final Pvp2MetadataException e) { + Assert.assertEquals("Wrong errorCode", "internal.pvp.09", e.getErrorId()); + Assert.assertNotNull("No error params", e.getParams()); + Assert.assertEquals("Wrong params size", 2, e.getParams().length); + + } + } + + @Test + public void httpMetadataLoadingWrongUrl() throws UnsupportedEncodingException, + IOException, ResolverException, Pvp2MetadataException { + + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(new String(IOUtils.toByteArray( + MetadataResolverTest.class.getResourceAsStream( + "/data/pvp_metadata_moaid_test.xml")), "UTF-8")) + .setHeader("Content-Type", "text/xml")); + + final List<MetadataFilter> filterList = new ArrayList<>(); + filterList.add(new SchemaValidationFilter(true)); + + final MetadataFilterChain filterChain = new MetadataFilterChain(); + filterChain.setFilters(filterList); + + try { + metadataResolverFactory.createMetadataProvider( + "http://127.0.0.1/notexist", + filterChain, "jUnit test", httpClientFactory.getHttpClient()); + Assert.fail("No httpclient not detected"); + + } catch (final Pvp2MetadataException e) { + Assert.assertEquals("Wrong errorCode", "internal.pvp.09", e.getErrorId()); + Assert.assertNotNull("No error params", e.getParams()); + Assert.assertEquals("Wrong params size", 2, e.getParams().length); + + } + + } + + private MetadataCredentialResolver createKeyInfoResolver(IPvp2MetadataProvider mdResolver) + throws ComponentInitializationException { + final List<KeyInfoProvider> keyInfoProvider = new ArrayList<>(); + keyInfoProvider.add(new DSAKeyValueProvider()); + keyInfoProvider.add(new RSAKeyValueProvider()); + keyInfoProvider.add(new InlineX509DataProvider()); + final KeyInfoCredentialResolver keyInfoCredentialResolver = new BasicProviderKeyInfoCredentialResolver( + keyInfoProvider); + + final PredicateRoleDescriptorResolver roleDescriptorResolver = new PredicateRoleDescriptorResolver( + mdResolver); + roleDescriptorResolver.setRequireValidMetadata(true); + roleDescriptorResolver.initialize(); + + final MetadataCredentialResolver resolver = new MetadataCredentialResolver(); + resolver.setRoleDescriptorResolver(roleDescriptorResolver); + resolver.setKeyInfoCredentialResolver(keyInfoCredentialResolver); + resolver.initialize(); + + return resolver; + } +} |