diff options
Diffstat (limited to 'eaaf_modules/eaaf_module_pvp2_core')
18 files changed, 304 insertions, 204 deletions
diff --git a/eaaf_modules/eaaf_module_pvp2_core/pom.xml b/eaaf_modules/eaaf_module_pvp2_core/pom.xml index 31110bfd..253d0afb 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/pom.xml +++ b/eaaf_modules/eaaf_module_pvp2_core/pom.xml @@ -7,7 +7,7 @@ <parent> <groupId>at.gv.egiz.eaaf</groupId> <artifactId>eaaf_modules</artifactId> - <version>1.1.0</version> + <version>1.1.1</version> </parent> <artifactId>eaaf_module_pvp2_core</artifactId> <name>eaaf_module_pvp2_core</name> @@ -48,6 +48,12 @@ </dependency> <dependency> + <groupId>org.springframework</groupId> + <artifactId>spring-webmvc</artifactId> + <scope>provided</scope> + </dependency> + + <dependency> <groupId>javax.servlet</groupId> <artifactId>javax.servlet-api</artifactId> <scope>provided</scope> diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java index a564efb2..acd565a1 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/api/utils/IPvp2CredentialProvider.java @@ -1,11 +1,14 @@ package at.gv.egiz.eaaf.modules.pvp2.api.utils; +import java.security.KeyStore; +import java.security.Provider; import java.security.cert.X509Certificate; import java.util.List; import javax.annotation.Nonnull; import javax.annotation.Nullable; +import at.gv.egiz.eaaf.core.impl.data.Pair; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; @@ -51,5 +54,15 @@ public interface IPvp2CredentialProvider { @Nonnull List<X509Certificate> getTrustedCertificates() throws CredentialsNotAvailableException; + + + /** + * Get the {@link KeyStore} that is used in this {@link IPvp2CredentialProvider}. + * + * @return KeyStore {@link Pair} of {@link KeyStore} and JCE {@link Provider} + * if a special provider is in use + */ + @Nonnull + Pair<KeyStore, Provider> getKeyStore(); }
\ No newline at end of file diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java index bf201803..1d6e3738 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/builder/CitizenTokenBuilder.java @@ -19,8 +19,6 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.builder; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; - import org.opensaml.core.xml.XMLObject; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.schema.XSInteger; @@ -30,6 +28,8 @@ import org.opensaml.core.xml.schema.impl.XSStringBuilder; import org.opensaml.saml.saml2.core.Attribute; import org.opensaml.saml.saml2.core.AttributeValue; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; + /** * Build all attributes from PVP2 citizen-token. * @@ -73,6 +73,7 @@ public class CitizenTokenBuilder { * Build simple attribute. * * @param friendlyName attribute friendly-name + * @param name attribute name * @param value Attributevalue * @return XML attribute */ @@ -89,6 +90,7 @@ public class CitizenTokenBuilder { * Build simple attribute. * * @param friendlyName attribute friendly-name + * @param name attribute name * @param value Attributevalue * @return XML attribute */ diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java index 0b505e56..d29f1a0e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/metadata/PvpMetadataResolverFactory.java @@ -8,15 +8,6 @@ import javax.annotation.Nullable; import javax.annotation.PostConstruct; import javax.net.ssl.SSLHandshakeException; -import at.gv.egiz.components.spring.api.IDestroyableObject; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter; - import org.apache.http.client.HttpClient; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.saml.metadata.resolver.ExtendedRefreshableMetadataResolver; @@ -30,6 +21,15 @@ import org.springframework.core.io.ResourceLoader; import com.google.common.base.Predicates; import com.google.common.base.Throwables; import com.google.common.collect.FluentIterable; + +import at.gv.egiz.components.spring.api.IDestroyableObject; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.FileUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SchemaValidationException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SignatureValidationException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter; import lombok.extern.slf4j.Slf4j; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; import net.shibboleth.utilities.java.support.resolver.ResolverException; @@ -90,6 +90,7 @@ public class PvpMetadataResolverFactory implements IDestroyableObject { * @param filter Filters, which should be used to validate the * metadata * @param idForLogging Id, which is used for Logging + * @param pool XML parser-pool to parse SAML2 Metadaten * @param httpClient Apache commons 4.x http client * * @return SAML2 Metadata Provider, or null if the metadata provider can not diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java index 26a5c5f6..e17e625e 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/utils/AbstractCredentialProvider.java @@ -32,6 +32,12 @@ import java.util.List; import javax.annotation.Nonnull; import javax.annotation.PostConstruct; +import org.apache.commons.lang3.StringUtils; +import org.apache.xml.security.algorithms.JCEMapper; +import org.opensaml.security.credential.UsageType; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.ResourceLoader; + import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -44,13 +50,6 @@ import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.EaafKeyStoreX509CredentialAdapter; - -import org.apache.commons.lang3.StringUtils; -import org.apache.xml.security.algorithms.JCEMapper; -import org.opensaml.security.credential.UsageType; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.ResourceLoader; - import lombok.extern.slf4j.Slf4j; @Slf4j @@ -256,6 +255,11 @@ public abstract class AbstractCredentialProvider implements IPvp2CredentialProvi } + public Pair<KeyStore, Provider> getKeyStore() { + return keyStore; + + } + @PostConstruct private void initialize() throws Exception { try { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java index ef09e5c4..5a97924f 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/main/java/at/gv/egiz/eaaf/modules/pvp2/impl/validation/metadata/SimpleMetadataSignatureVerificationFilter.java @@ -23,15 +23,14 @@ package at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import javax.annotation.Nonnull; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMetadataSignatureException; - import org.opensaml.saml.common.SignableSAMLObject; import org.opensaml.saml.saml2.metadata.EntitiesDescriptor; import org.opensaml.saml.saml2.metadata.EntityDescriptor; @@ -40,13 +39,18 @@ import org.opensaml.security.x509.BasicX509Credential; import org.opensaml.xmlsec.signature.support.SignatureException; import org.opensaml.xmlsec.signature.support.SignatureValidator; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMetadataSignatureException; import lombok.extern.slf4j.Slf4j; @Slf4j public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataSignatureFilter { private final String metadataUrl; - private final List<BasicX509Credential> trustedCredential = new ArrayList<>(); + private final KeyStore trustedCredential; private static final String ERROR_07 = "internal.pvp.07"; private static final String ERROR_12 = "internal.pvp.12"; @@ -61,13 +65,13 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS * SAML2 metadata with {@link EntitiesDescriptor} <b>are not supported.</b> * </p> * - * @param credentials Trust X509 certificates + * @param keyStore TrustStore that contains trusted X509 certificates * @param metadataUrl Metadata URL for logging purposes */ - public SimpleMetadataSignatureVerificationFilter(@Nonnull List<BasicX509Credential> credentials, + public SimpleMetadataSignatureVerificationFilter(@Nonnull KeyStore keyStore, @Nonnull String metadataUrl) { this.metadataUrl = metadataUrl; - this.trustedCredential.addAll(credentials); + this.trustedCredential = keyStore; } @@ -121,7 +125,7 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS // perform cryptographic signature verification boolean isTrusted = false; - for (final BasicX509Credential cred : trustedCredential) { + for (final BasicX509Credential cred : getTrustedCertificates()) { log.trace("Validating signature with credential: {} ... ", cred.getEntityCertificate().getSubjectDN()); try { @@ -140,7 +144,31 @@ public class SimpleMetadataSignatureVerificationFilter extends AbstractMetadataS throw new SamlMetadataSignatureException(metadataUrl, ERROR_MSG_SIGNOTVALID); } + } + + private List<BasicX509Credential> getTrustedCertificates() throws EaafConfigurationException { + try { + final List<X509Certificate> certs = + EaafKeyStoreUtils.readCertsFromKeyStore(trustedCredential); + if (certs.isEmpty()) { + log.warn("No trusted metadata-signing certificates in configuration"); + throw new EaafConfigurationException("module.eidasauth.02", + new Object[] { "No trusted metadata-signing certificates" }); + + } + + final List<BasicX509Credential> result = new ArrayList<>(); + for (final X509Certificate cert : certs) { + result.add(new BasicX509Credential(cert)); + } + return result; + + } catch (final KeyStoreException e) { + throw new EaafConfigurationException("module.eidasauth.01", + new Object[] { "Trusted metadata-signing certificates", e.getMessage() }, e); + + } } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java index d5186857..e593c1d4 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/AbstractSamlVerificationEngine.java @@ -3,28 +3,9 @@ package at.gv.egiz.eaaf.modules.pvp2.test; import java.util.ArrayList; import java.util.List; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; - +import org.apache.xml.security.algorithms.JCEMapper; import org.joda.time.DateTime; +import org.junit.AfterClass; import org.junit.BeforeClass; import org.junit.Test; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; @@ -47,6 +28,26 @@ import org.opensaml.xmlsec.keyinfo.KeyInfoGeneratorFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.util.Assert; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; import net.shibboleth.utilities.java.support.xml.XMLParserException; @@ -72,6 +73,17 @@ public abstract class AbstractSamlVerificationEngine { EaafOpenSaml3xInitializer.eaafInitialize(); } + + /** + * Reset OpenSAML3.x JCEMapper to default. + * + */ + @AfterClass + public static void classCloser() { + JCEMapper.setProviderId(null); + + } + protected abstract String getMetadataJunitJKeystore(); protected abstract String getMetadataClassPathEntityPath(); diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java index b94ed8cc..88106e5b 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/PvpCoreMessageSourceTest.java @@ -2,8 +2,6 @@ package at.gv.egiz.eaaf.modules.pvp2.test; import java.util.List; -import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; - import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; @@ -14,10 +12,12 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml", -"/spring/test_eaaf_core_spring_config.beans.xml", -"/spring/eaaf_utils.beans.xml" }) + "/spring/test_eaaf_core_spring_config.beans.xml", + "/spring/eaaf_utils.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) public class PvpCoreMessageSourceTest { diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java index 44cdf111..c2530004 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/QaaLevelVerifierTest.java @@ -27,7 +27,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } try { @@ -35,7 +35,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } @@ -54,7 +54,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } @@ -69,7 +69,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_SUBSTANTIAL, requiredLoAs, matchingMode); @@ -80,7 +80,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } @@ -95,7 +95,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } try { @@ -103,7 +103,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_HIGH, requiredLoAs, matchingMode); @@ -113,7 +113,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } @@ -128,7 +128,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } QaaLevelVerifier.verifyQaaLevel(EaafConstants.EIDAS_LOA_LOW, requiredLoAs, matchingMode); @@ -139,7 +139,7 @@ public class QaaLevelVerifierTest { Assert.fail("LoA should not be allowed"); } catch (QaaNotAllowedException e) { - + Assert.assertNotNull("No errorMsg", e.getMessage()); } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java index 64bfb8f6..57c4b93a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineTest.java @@ -1,22 +1,5 @@ package at.gv.egiz.eaaf.modules.pvp2.test; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException; -import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; -import at.gv.egiz.eaaf.core.impl.data.Pair; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; - import org.joda.time.DateTime; import org.junit.Test; import org.junit.runner.RunWith; @@ -30,12 +13,30 @@ import org.opensaml.saml.saml2.core.Response; import org.opensaml.saml.saml2.core.StatusCode; import org.opensaml.xmlsec.signature.support.SignatureConstants; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.util.Assert; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafProtocolException; +import at.gv.egiz.eaaf.core.exceptions.InvalidProtocolRequestException; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider; import net.shibboleth.utilities.java.support.xml.XMLParserException; @RunWith(SpringJUnit4ClassRunner.class) @@ -43,6 +44,7 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException; "/spring/test_eaaf_core_spring_config.beans.xml", "/spring/eaaf_utils.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class SamlVerificationEngineTest extends AbstractSamlVerificationEngine { @Autowired diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java index 5b06a73f..926f25b2 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineWithHsmFacadeTest.java @@ -1,20 +1,24 @@ package at.gv.egiz.eaaf.modules.pvp2.test; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; - import org.junit.Test; import org.junit.runner.RunWith; import org.opensaml.xmlsec.signature.support.SignatureConstants; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; + +//@IfProfileValue(name = "spring.profiles.active", value = "devEnvironment") @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml", "/spring/test_eaaf_core_spring_config.beans.xml", "/spring/eaaf_utils.beans.xml" }) @TestPropertySource(locations = { "/config/config_3.props" }) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class SamlVerificationEngineWithHsmFacadeTest extends AbstractSamlVerificationEngine { @Override diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java index 147199a5..f14a9093 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java @@ -9,33 +9,6 @@ import java.util.Map; import javax.xml.parsers.ParserConfigurationException; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; -import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory; -import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; -import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; -import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest; - import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.joda.time.DateTime; @@ -69,6 +42,32 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.w3c.dom.Element; import org.xml.sax.SAXException; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.InboundMessage; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileResponse; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest; import net.shibboleth.utilities.java.support.net.URIComparator; import net.shibboleth.utilities.java.support.xml.SerializeSupport; import net.shibboleth.utilities.java.support.xml.XMLParserException; @@ -357,7 +356,8 @@ public class PostBindingTest { @Test public void decodeRequestSuccessWithRequestAttributes() throws MessageDecodingException, SecurityException, - IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, MarshallingException { + IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, + UnmarshallingException, MarshallingException { final String serviceUrl = "https://eidas-test.bmi.gv.at/ms_connector/pvp/post"; final String relayState = RandomStringUtils.randomAlphanumeric(10); @@ -369,7 +369,8 @@ public class PostBindingTest { issuer.setValue("https://demo.egiz.gv.at/demoportal_demologin/"); authnReq.setIssuer(issuer); - final RequestAbstractType signedAuthn = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true); + final RequestAbstractType signedAuthn = Saml2Utils.signSamlObject( + authnReq, credentialProvider.getMessageSigningCredential(), true); final Element signedElement = XMLObjectSupport.getMarshaller(signedAuthn).marshall(signedAuthn); final String b64AuthnReq = Base64.getEncoder().encodeToString(SerializeSupport.nodeToString(signedElement).getBytes("UTF-8")); @@ -404,7 +405,8 @@ public class PostBindingTest { Assert.assertEquals("extension child size", 1, parsedAuthnReq.getExtensions().getUnknownXMLObjects().size()); final XMLObject reqAttrs = parsedAuthnReq.getExtensions().getUnknownXMLObjects().get(0); - org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type"); + org.springframework.util.Assert.isInstanceOf( + EaafRequestedAttributes.class, reqAttrs, "Wrong requested Attributes type"); final EaafRequestedAttributes eaafReqAttrs = (EaafRequestedAttributes) reqAttrs; Assert.assertNotNull("Req attr is null", eaafReqAttrs.getAttributes()); Assert.assertFalse("Req attr is empty", eaafReqAttrs.getAttributes().isEmpty()); @@ -418,7 +420,8 @@ public class PostBindingTest { Assert.assertEquals("Req. Attr. Value size", 1, eaafReqAttr.getAttributeValues().size()); org.springframework.util.Assert.isInstanceOf(XSString.class, eaafReqAttr.getAttributeValues().get(0), "Wrong requested Attributes Value type"); - Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF", ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue()); + Assert.assertEquals("Req. Attr. Value", "urn:publicid:gv.at:cdid+BF", + ((XSString)eaafReqAttr.getAttributeValues().get(0)).getValue()); } @@ -454,7 +457,9 @@ public class PostBindingTest { try { Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage()); - } catch (final RuntimeException e) { } + } catch (final RuntimeException e) { + Assert.assertNotNull("No errorMsg", e.getMessage()); + } } diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java index 37e4acd1..cbeca4c3 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/RedirectBindingTest.java @@ -6,8 +6,8 @@ import java.net.URLDecoder; import javax.xml.parsers.ParserConfigurationException; import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java index 7418e1b3..1fe9afcf 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyCredentialProvider.java @@ -1,13 +1,13 @@ package at.gv.egiz.eaaf.modules.pvp2.test.dummy; +import org.springframework.beans.factory.annotation.Autowired; + import at.gv.egiz.eaaf.core.api.idp.IConfiguration; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.AbstractCredentialProvider; -import org.springframework.beans.factory.annotation.Autowired; - public class DummyCredentialProvider extends AbstractCredentialProvider { @Autowired IConfiguration basicConfig; @@ -49,6 +49,11 @@ public class DummyCredentialProvider extends AbstractCredentialProvider { } + /** + * Get Path to keystore. + * + * @return + */ public String getKeyStoreFilePath() { final String path = basicConfig.getBasicConfiguration(KEYSTORE_PATH); return path; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java index 64ebe00c..3673859a 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/dummy/DummyMetadataProvider.java @@ -6,7 +6,7 @@ import java.util.ArrayList; import java.util.List; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.AbstractChainingMetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java index 6abe52dc..27c42c57 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/ChainingMetadataTest.java @@ -5,8 +5,8 @@ import java.io.UnsupportedEncodingException; import java.util.Arrays; import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.core.impl.utils.FileUtils; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java index 0f8817a0..3cc0a908 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataBuilderTest.java @@ -14,15 +14,6 @@ import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import javax.xml.transform.TransformerFactoryConfigurationError; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; -import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; - import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.BeforeClass; @@ -46,10 +37,20 @@ import org.opensaml.security.x509.BasicX509Credential; import org.opensaml.xmlsec.signature.support.SignatureException; import org.opensaml.xmlsec.signature.support.SignatureValidator; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvpMetadataBuilderConfiguration; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.builder.PvpMetadataBuilder; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; import net.shibboleth.utilities.java.support.xml.XMLParserException; @@ -61,6 +62,7 @@ import net.shibboleth.utilities.java.support.xml.XMLParserException; "/spring/test_eaaf_core_spring_config.beans.xml", "/spring/eaaf_utils.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class MetadataBuilderTest { @Autowired private PvpMetadataBuilder metadataBuilder; @@ -157,7 +159,16 @@ public class MetadataBuilderTest { return entity; } - public static IPvpMetadataBuilderConfiguration idpMetadataConfig(IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) { + /** + * Dummy Metadata builder configuration. + * + * @param credentialProvider Credentialprovider + * @param buildSpInfos Sp metadata flag + * @param buildIdpInfos IDP metadata flag + * @return + */ + public static IPvpMetadataBuilderConfiguration idpMetadataConfig( + IPvp2CredentialProvider credentialProvider, boolean buildSpInfos, boolean buildIdpInfos) { return new IPvpMetadataBuilderConfiguration() { @Override diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java index accdd8b0..1cbc2f14 100644 --- a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java +++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/metadata/MetadataResolverTest.java @@ -2,6 +2,9 @@ package at.gv.egiz.eaaf.modules.pvp2.test.metadata; import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; @@ -10,21 +13,6 @@ import java.util.List; import javax.xml.transform.TransformerException; -import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; -import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; -import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; -import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; - import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.joda.time.DateTime; @@ -68,6 +56,20 @@ import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.w3c.dom.Element; +import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; +import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; import net.shibboleth.utilities.java.support.resolver.CriteriaSet; import net.shibboleth.utilities.java.support.resolver.ResolverException; @@ -91,7 +93,8 @@ public class MetadataResolverTest { private PvpMetadataResolverFactory metadataResolverFactory; @Autowired private IHttpClientFactory httpClientFactory; - @Autowired private DummyCredentialProvider credentialProvider; + @Autowired + private DummyCredentialProvider credentialProvider; /** * JUnit class initializer. @@ -183,16 +186,15 @@ public class MetadataResolverTest { } @Test - public void noCredentials() { + public void noCredentials() throws KeyStoreException { final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; - final List<BasicX509Credential> credentials = new ArrayList<>(); - + final KeyStore keystore = KeyStore.getInstance("JKS"); final List<MetadataFilter> filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, metadataUrl)); final MetadataFilterChain filterChain = new MetadataFilterChain(); @@ -212,20 +214,21 @@ public class MetadataResolverTest { } @Test - public void wrongCredentials() throws CertificateException { + public void wrongCredentials() throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException { final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; - final List<BasicX509Credential> credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); final BasicX509Credential credential = new BasicX509Credential((X509Certificate) fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); - credentials.add(credential); + keystore.setCertificateEntry("1", credential.getEntityCertificate()); final List<MetadataFilter> filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, metadataUrl)); final MetadataFilterChain filterChain = new MetadataFilterChain(); @@ -246,21 +249,22 @@ public class MetadataResolverTest { @Test public void validCredentialsInvalidSig() throws CertificateException, Pvp2MetadataException, - ResolverException { + ResolverException, KeyStoreException, NoSuchAlgorithmException, IOException { final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; - final List<BasicX509Credential> credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); final List<MetadataFilter> filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, metadataUrl)); final MetadataFilterChain filterChain = new MetadataFilterChain(); @@ -281,7 +285,8 @@ public class MetadataResolverTest { @Test public void metadataSignatureValidCredentials() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, - CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, + KeyStoreException, NoSuchAlgorithmException { mockWebServer.shutdown(); mockWebServer = new MockWebServer(); @@ -300,19 +305,20 @@ public class MetadataResolverTest { .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); - final List<BasicX509Credential> credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("3", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List<MetadataFilter> filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, mockServerUrl.url().toString())); filterList.add(new PvpEntityCategoryFilter(true)); @@ -332,7 +338,8 @@ public class MetadataResolverTest { @Test public void metadataSignatureValidCredentialsSecond() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, - CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, + KeyStoreException, NoSuchAlgorithmException { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), @@ -347,19 +354,20 @@ public class MetadataResolverTest { .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); - final List<BasicX509Credential> credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("3", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List<MetadataFilter> filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, mockServerUrl.url().toString())); filterList.add(new PvpEntityCategoryFilter(true)); @@ -370,8 +378,6 @@ public class MetadataResolverTest { mockServerUrl.url().toString(), filterChain, "jUnit test", httpClientFactory.getHttpClient()); - - final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID()); Assert.assertNotNull("No EntityDescripter", descr); @@ -385,11 +391,13 @@ public class MetadataResolverTest { @Test public void metadataSignatureValidCredentialsThird() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, - CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, + KeyStoreException, NoSuchAlgorithmException { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), - MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory_egov.xml")); + MetadataResolverTest.class.getResourceAsStream( + "/data/pvp_metadata_valid_with_entityCategory_egov.xml")); metadata.setValidUntil(DateTime.now().plusDays(1)); metadata.setSignature(null); metadata.setEntityID(RandomStringUtils.randomAlphabetic(10)); @@ -400,19 +408,20 @@ public class MetadataResolverTest { .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); - final List<BasicX509Credential> credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("3", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List<MetadataFilter> filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, mockServerUrl.url().toString())); filterList.add(new PvpEntityCategoryFilter(true)); @@ -423,8 +432,6 @@ public class MetadataResolverTest { mockServerUrl.url().toString(), filterChain, "jUnit test", httpClientFactory.getHttpClient()); - - final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID()); Assert.assertNotNull("No EntityDescripter", descr); @@ -438,7 +445,8 @@ public class MetadataResolverTest { @Test public void metadataExpired() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, - CredentialsNotAvailableException, MarshallingException, TransformerException, IOException { + CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, + KeyStoreException, NoSuchAlgorithmException { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), @@ -452,24 +460,24 @@ public class MetadataResolverTest { .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); - final List<BasicX509Credential> credentials = new ArrayList<>(); + final KeyStore keystore = KeyStore.getInstance("JKS"); + keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt")))); - credentials.add(new BasicX509Credential((X509Certificate) fact.generateCertificate( - MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt")))); + keystore.setCertificateEntry("1", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); + keystore.setCertificateEntry("2", fact.generateCertificate( + MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List<MetadataFilter> filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( - credentials, + keystore, mockServerUrl.url().toString())); filterList.add(new RequiredValidUntilFilter()); filterList.add(new PvpEntityCategoryFilter(false)); - final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); @@ -484,7 +492,6 @@ public class MetadataResolverTest { } - } @Test |