From b4cbcc2c27c450719fad325ba7d7126d8688d7f2 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 1 Jul 2021 07:38:29 +0200
Subject: add tracelog into SAML2 verification engine

---
 .../pvp2/test/SamlVerificationEngineEidasTest.java | 114 +++++++++++++++++++++
 1 file changed, 114 insertions(+)
 create mode 100644 eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineEidasTest.java

(limited to 'eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv')

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineEidasTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineEidasTest.java
new file mode 100644
index 00000000..4785879e
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/SamlVerificationEngineEidasTest.java
@@ -0,0 +1,114 @@
+package at.gv.egiz.eaaf.modules.pvp2.test;
+
+import org.apache.xml.security.algorithms.JCEMapper;
+import org.joda.time.DateTime;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.junit.Ignore;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.Response;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyMetadataProvider;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+@Ignore
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml",
+    "/spring/test_eaaf_core_spring_config.beans.xml",
+    "/spring/eaaf_utils.beans.xml" })
+@TestPropertySource(locations = { "/config/config_eidas.props" })
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
+public class SamlVerificationEngineEidasTest {
+
+  @Autowired
+  private PvpMetadataResolverFactory metadataResolverFactory;
+  
+  @Autowired
+  private SamlVerificationEngine verifyEngine;
+  @Autowired
+  private DummyCredentialProvider credentialProvider;
+
+  @Autowired DummyMetadataProvider metadataProvider;
+  @Autowired IConfiguration authConfig;
+ 
+  /**
+   * JUnit class initializer.
+   *
+   * @throws Exception In case of an OpenSAML3 initialization error
+   */
+  @BeforeClass
+  public static void classInitializer() throws Exception {
+    EaafOpenSaml3xInitializer.eaafInitialize();
+
+  }
+  
+  /**
+   * Reset OpenSAML3.x JCEMapper to default.
+   * 
+   */
+  @AfterClass
+  public static void classCloser() {
+    JCEMapper.setProviderId(null); 
+   
+  }
+  
+  @Test
+  public void verifyAssertionSucessNotEncrypted() throws SamlSigningException, Pvp2MetadataException,
+      CredentialsNotAvailableException, XMLParserException, UnmarshallingException, SamlAssertionValidationExeption {
+    final String responsePath = "/data/response_eidas.xml";
+    final String metadataPath = "classpath:/data/metadata_eidas.xml";
+    final String spEntityId = "https://vidp.gv.at/EidasNode/ColleagueResponse";
+
+    final Pair<Response, IPvp2MetadataProvider> inputMsg =
+        initializeResponse(spEntityId, metadataPath, responsePath,
+            credentialProvider.getMetaDataSigningCredential());
+
+    verifyEngine.validateAssertion(inputMsg.getFirst(), credentialProvider.getMessageSigningCredential(),
+        spEntityId, "jUnit Test", false);
+
+
+  }
+  
+  protected Pair<Response, IPvp2MetadataProvider> initializeResponse(String spEntityId, String metadataPath,
+      String authnReqPath, EaafX509Credential credential)
+          throws SamlSigningException, XMLParserException, UnmarshallingException, Pvp2MetadataException {
+    final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider(
+        metadataPath, null, "jUnit metadata resolver", null);
+
+    final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        AbstractSamlVerificationEngine.class.getResourceAsStream(authnReqPath));
+    response.setIssueInstant(DateTime.now());
+    final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+    issuer.setValue(spEntityId);
+    response.setIssuer(issuer);
+
+    return Pair.newInstance(
+        Saml2Utils.signSamlObject(response, credential, true),
+        mdResolver);
+  }
+}
-- 
cgit v1.2.3