summaryrefslogtreecommitdiff
path: root/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf
diff options
context:
space:
mode:
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf')
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java60
-rw-r--r--eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java66
2 files changed, 114 insertions, 12 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
index abbfb1ea..0eb80cc9 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java
@@ -32,6 +32,7 @@ import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException;
import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
import at.gv.egiz.eaaf.modules.pvp2.PvpConstants;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
@@ -48,15 +49,16 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
+import lombok.SneakyThrows;
import net.shibboleth.utilities.java.support.xml.XMLParserException;
public abstract class AbstractSamlVerificationEngine {
@Autowired
- private PvpMetadataResolverFactory metadataResolverFactory;
+ protected PvpMetadataResolverFactory metadataResolverFactory;
@Autowired
- private SamlVerificationEngine verifyEngine;
+ protected SamlVerificationEngine verifyEngine;
@Autowired
protected DummyCredentialProvider credentialProvider;
@@ -255,22 +257,29 @@ public abstract class AbstractSamlVerificationEngine {
}
}
+ @SneakyThrows
+ protected Response initializeResponseSimple(String spEntityId, String authnReqPath, EaafX509Credential credential) {
+ final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ AbstractSamlVerificationEngine.class.getResourceAsStream(authnReqPath));
+ response.setIssueInstant(Instant.now());
+ final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+ issuer.setValue(spEntityId);
+ response.setIssuer(issuer);
+
+ return Saml2Utils.signSamlObject(response, credential, true);
+
+ }
+
+
protected Pair<Response, IPvp2MetadataProvider> initializeResponse(String spEntityId, String metadataPath,
String authnReqPath, EaafX509Credential credential)
throws SamlSigningException, XMLParserException, UnmarshallingException, Pvp2MetadataException {
final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider(
metadataPath, null, "jUnit metadata resolver", null);
- final Response authnReq = (Response) XMLObjectSupport.unmarshallFromInputStream(
- XMLObjectProviderRegistrySupport.getParserPool(),
- AbstractSamlVerificationEngine.class.getResourceAsStream(authnReqPath));
- authnReq.setIssueInstant(Instant.now());
- final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
- issuer.setValue(spEntityId);
- authnReq.setIssuer(issuer);
-
return Pair.newInstance(
- Saml2Utils.signSamlObject(authnReq, credential, true),
+ initializeResponseSimple(spEntityId, authnReqPath, credential),
mdResolver);
}
@@ -336,5 +345,34 @@ public abstract class AbstractSamlVerificationEngine {
}
+ @SneakyThrows
+ protected void performEncryptionDecrytion(EaafX509Credential encdecCredential) {
+ final String responsePath = "/data/response_encrypt_decryption_test.xml";
+ final String spEntityId = "https://demo.egiz.gv.at/demoportal_demologin/";
+
+ final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ AbstractSamlVerificationEngine.class.getResourceAsStream(responsePath));
+
+ // encrypt assertion with key
+ response.getEncryptedAssertions().add(doEncryption(response.getAssertions().get(0),
+ encdecCredential, authConfig));
+ response.getAssertions().clear();
+
+ // re-sign response
+ response.setIssueInstant(Instant.now());
+ final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+ issuer.setValue(spEntityId);
+ response.setIssuer(issuer);
+ Saml2Utils.signSamlObject(response, credentialProvider.getMetaDataSigningCredential(), true);
+
+ DomUtils.serializeNode(XMLObjectSupport.marshall(response));
+
+
+ // decrypt and verify assertion by using EAAF implementation
+ verifyEngine.validateAssertion(response, encdecCredential,
+ spEntityId, "jUnit Test", false);
+
+ }
}
diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
index 926f25b2..1511eb73 100644
--- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java
@@ -1,7 +1,13 @@
package at.gv.egiz.eaaf.modules.pvp2.test;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThrows;
+
+import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.saml.saml2.core.Response;
import org.opensaml.xmlsec.signature.support.SignatureConstants;
import org.springframework.test.annotation.DirtiesContext;
import org.springframework.test.annotation.DirtiesContext.ClassMode;
@@ -10,7 +16,12 @@ import org.springframework.test.context.TestPropertySource;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import lombok.SneakyThrows;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
//@IfProfileValue(name = "spring.profiles.active", value = "devEnvironment")
@RunWith(SpringJUnit4ClassRunner.class)
@@ -35,7 +46,6 @@ public class SamlVerificationEngineWithHsmFacadeTest extends AbstractSamlVerific
@Override
protected String getAuthnRequestWithoutSigPath() {
return "/data/AuthRequest_without_sig_1.xml";
-
}
@Override
@@ -69,6 +79,60 @@ public class SamlVerificationEngineWithHsmFacadeTest extends AbstractSamlVerific
}
}
+
+ @Test
+ public void assertionDecryptionWithWrongEcKey() throws SamlSigningException, Pvp2MetadataException,
+ CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
+ final String responsePath = "/data/response_decrypt_test.xml";
+ final String spEntityId = "https://vidp.gv.at/EidasNode/ColleagueResponse";
+
+ final Response inputMsg =
+ initializeResponseSimple(spEntityId, responsePath,
+ credentialProvider.getMetaDataSigningCredential());
+
+ SamlAssertionValidationExeption error = assertThrows("wrong exception", SamlAssertionValidationExeption.class,
+ () -> verifyEngine.validateAssertion(inputMsg, credentialProvider.getMessageSigningCredential(),
+ spEntityId, "jUnit Test", false));
+ assertEquals("wrong errorCode", "internal.pvp.16", error.getErrorId());
+
+ }
+
+ @Test
+ public void assertionDecryptionWithWrongRsaKey() throws SamlSigningException, Pvp2MetadataException,
+ CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
+ final String responsePath = "/data/response_decrypt_test.xml";
+ final String spEntityId = "https://vidp.gv.at/EidasNode/ColleagueResponse";
+
+ final Response inputMsg =
+ initializeResponseSimple(spEntityId, responsePath,
+ credentialProvider.getMetaDataSigningCredential());
+ SamlAssertionValidationExeption error = assertThrows("wrong exception", SamlAssertionValidationExeption.class,
+ () -> verifyEngine.validateAssertion(inputMsg, credentialProvider.getMetaDataSigningCredential(),
+ spEntityId, "jUnit Test", false));
+ assertEquals("wrong errorCode", "internal.pvp.16", error.getErrorId());
+ }
+
+ @Test
+ @SneakyThrows
+ public void assertionEncryptionDecryptionRsa() throws SamlSigningException, Pvp2MetadataException,
+ CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
+ performEncryptionDecrytion(credentialProvider.getMessageEncryptionCredential());
+
+ }
+
+
+ /*
+ * ECC keys currently not support for encryption.
+ */
+ @Test
+ @Ignore
+ @SneakyThrows
+ public void assertionEncryptionDecryptionEcc() throws SamlSigningException, Pvp2MetadataException,
+ CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
+ performEncryptionDecrytion(credentialProvider.getMessageSigningCredential());
+
+ }
+
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-02 02:30:45 +0000