From 98a83cbb3f5eca50388f3d5f64fe1d760bc199d7 Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Thu, 6 Feb 2020 13:40:54 +0100
Subject: Refactor SamlVerificationEngine add some more jUnit tests

---
 .../pvp2/idp/test/AuthnResponseBuilderTest.java    | 54 ++++++++++++++++++++++
 1 file changed, 54 insertions(+)

(limited to 'eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at')

diff --git a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java
index 98cf5f40..b2e528c4 100644
--- a/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java
+++ b/eaaf_modules/eaaf_module_pvp2_idp/src/test/java/at/gv/egiz/eaaf/modules/pvp2/idp/test/AuthnResponseBuilderTest.java
@@ -7,12 +7,16 @@ import javax.xml.transform.TransformerException;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyAuthConfig;
 import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
 import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
 import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlAssertionValidationExeption;
 import at.gv.egiz.eaaf.modules.pvp2.idp.exception.InvalidAssertionEncryptionException;
 import at.gv.egiz.eaaf.modules.pvp2.idp.impl.builder.AuthResponseBuilder;
 import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
 import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
 import at.gv.egiz.eaaf.modules.pvp2.test.binding.PostBindingTest;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
 
 import org.apache.commons.lang3.RandomStringUtils;
 import org.joda.time.DateTime;
@@ -43,6 +47,8 @@ public class AuthnResponseBuilderTest {
 
   @Autowired private DummyAuthConfig authConfig;
   @Autowired private PvpMetadataResolverFactory metadataResolverFactory;
+  @Autowired private SamlVerificationEngine verifyEngine;
+  @Autowired private DummyCredentialProvider credentialProvider;
 
   /**
    * JUnit class initializer.
@@ -99,4 +105,52 @@ public class AuthnResponseBuilderTest {
 
   }
 
+  @Test
+  public void encryptedAssertionWithDecryption() throws InvalidAssertionEncryptionException, Pvp2MetadataException,
+      XMLParserException, UnmarshallingException, MarshallingException, TransformerException, IOException,
+      SamlAssertionValidationExeption, CredentialsNotAvailableException {
+    final String issuerEntityID = RandomStringUtils.randomAlphabetic(15);
+
+    final IPvp2MetadataProvider metadataProvider =
+        metadataResolverFactory.createMetadataProvider(
+            "classpath:/data/pvp_metadata_junit_keystore.xml", null, "jUnit metadata resolver", null);
+
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
+    authnReq.setID("_" + RandomStringUtils.randomAlphanumeric(10));
+
+    final Assertion assertion = (Assertion) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        PostBindingTest.class.getResourceAsStream("/data/Assertion_1.xml"));
+
+    //build response
+    final DateTime now = DateTime.now();
+    final Response response = AuthResponseBuilder.buildResponse(
+        metadataProvider, issuerEntityID, authnReq,
+        now, assertion, authConfig);
+
+
+    //validate
+    Assert.assertNotNull("SAML2 response is null", response);
+    Assert.assertTrue("Assertion not null", response.getAssertions().isEmpty());
+    Assert.assertNotNull("Enc. assertion is null", response.getEncryptedAssertions());
+    Assert.assertFalse("Enc. assertion is empty", response.getEncryptedAssertions().isEmpty());
+    Assert.assertEquals("# enc. assertions wrong", 1, response.getEncryptedAssertions().size());
+
+    Assert.assertEquals("InResponseTo", authnReq.getID(), response.getInResponseTo());
+    Assert.assertEquals("Issuer EntityId", issuerEntityID, response.getIssuer().getValue());
+    Assert.assertNotNull("ResponseId is null", response.getID());
+    Assert.assertFalse("ResponseId is emptry", response.getID().isEmpty());
+
+    final Element responseElement = XMLObjectSupport.getMarshaller(response).marshall(response);
+    final String xmlResp = DomUtils.serializeNode(responseElement);
+    Assert.assertNotNull("XML response is null", xmlResp);
+    Assert.assertFalse("XML response is empty", xmlResp.isEmpty());
+
+    verifyEngine.validateAssertion(response, credentialProvider.getMetaDataSigningCredential(),
+        "https://demo.egiz.gv.at/demoportal_demologin/", "jUnitTest", false);
+
+  }
+
 }
-- 
cgit v1.2.3