package at.gv.egiz.eaaf.modules.pvp2.test.metadata; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; import java.security.cert.CertificateException; import java.security.cert.CertificateFactory; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; import javax.xml.transform.TransformerException; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.joda.time.DateTime; import org.junit.Assert; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; import org.opensaml.core.config.ConfigurationService; import org.opensaml.core.criterion.EntityIdCriterion; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.io.MarshallingException; import org.opensaml.core.xml.io.UnmarshallingException; import org.opensaml.core.xml.util.XMLObjectSupport; import org.opensaml.saml.common.xml.SAMLConstants; import org.opensaml.saml.criterion.EntityRoleCriterion; import org.opensaml.saml.metadata.resolver.filter.MetadataFilter; import org.opensaml.saml.metadata.resolver.filter.MetadataFilterChain; import org.opensaml.saml.metadata.resolver.filter.impl.RequiredValidUntilFilter; import org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver; import org.opensaml.saml.saml2.metadata.EntityDescriptor; import org.opensaml.saml.saml2.metadata.RequestedAttribute; import org.opensaml.saml.saml2.metadata.SPSSODescriptor; import org.opensaml.saml.security.impl.MetadataCredentialResolver; import org.opensaml.security.credential.Credential; import org.opensaml.security.credential.UsageType; import org.opensaml.security.criteria.UsageCriterion; import org.opensaml.security.x509.BasicX509Credential; import org.opensaml.xmlsec.SignatureValidationConfiguration; import org.opensaml.xmlsec.SignatureValidationParameters; import org.opensaml.xmlsec.keyinfo.KeyInfoCredentialResolver; import org.opensaml.xmlsec.keyinfo.impl.BasicProviderKeyInfoCredentialResolver; import org.opensaml.xmlsec.keyinfo.impl.KeyInfoProvider; import org.opensaml.xmlsec.keyinfo.impl.provider.DSAKeyValueProvider; import org.opensaml.xmlsec.keyinfo.impl.provider.InlineX509DataProvider; import org.opensaml.xmlsec.keyinfo.impl.provider.RSAKeyValueProvider; import org.opensaml.xmlsec.signature.support.SignatureValidationParametersCriterion; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.w3c.dom.Element; import at.gv.egiz.eaaf.core.impl.http.IHttpClientFactory; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.PvpEntityCategoryFilter; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; import net.shibboleth.utilities.java.support.resolver.CriteriaSet; import net.shibboleth.utilities.java.support.resolver.ResolverException; import net.shibboleth.utilities.java.support.xml.SerializeSupport; import net.shibboleth.utilities.java.support.xml.XMLParserException; import okhttp3.HttpUrl; import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml", "/spring/test_eaaf_core_spring_config.beans.xml", "/spring/eaaf_utils.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) public class MetadataResolverTest { private static MockWebServer mockWebServer; private static HttpUrl mockServerUrl; @Autowired private PvpMetadataResolverFactory metadataResolverFactory; @Autowired private IHttpClientFactory httpClientFactory; @Autowired private DummyCredentialProvider credentialProvider; /** * JUnit class initializer. * * @throws Exception In case of an OpenSAML3 initialization error */ @BeforeClass public static void classInitializer() throws Exception { EaafOpenSaml3xInitializer.eaafInitialize(); mockWebServer = new MockWebServer(); mockServerUrl = mockWebServer.url("/sp/metadata"); } /** * Single test initializer. * */ @Before public void testInitializer() { } @Test public void wrongSchema() { final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); try { metadataResolverFactory.createMetadataProvider( "classpath:/data/pvp_metadata_wrong_schema.xml", filterChain, "jUnit test", null); Assert.fail("Wrong XML Schema not detected"); } catch (final Pvp2MetadataException e) { Assert.assertEquals("Wrong ErrorCode", "internal.pvp.08", e.getErrorId()); Assert.assertNotNull("params null", e.getParams()); Assert.assertEquals("Params size", 2, e.getParams().length); Assert.assertEquals("Param[0] wrong", "classpath:/data/pvp_metadata_wrong_schema.xml", e.getParams()[0]); } } @Test public void simpleClasspathMetadataWithoutSigValidation() throws Pvp2MetadataException, ComponentInitializationException, ResolverException, Pvp2InternalErrorException { final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( "classpath:/data/pvp_metadata_wrong_sig.xml", filterChain, "jUnit test", null); final EntityDescriptor entityIdNotExists = mdResolver.getEntityDescriptor( "https://demo.egiz.gv.at/notExtist/"); Assert.assertNull("No EntityDescripter", entityIdNotExists); final EntityDescriptor entityId = mdResolver.getEntityDescriptor( "https://demo.egiz.gv.at/demoportal_demologin/"); Assert.assertNotNull("No EntityDescripter", entityId); Assert.assertNotNull("Metadata provider is null", mdResolver); final MetadataCredentialResolver resolver = createKeyInfoResolver(mdResolver); final CriteriaSet criteriaSet = new CriteriaSet(); criteriaSet.add(new EntityIdCriterion("https://demo.egiz.gv.at/demoportal_demologin/")); criteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME)); criteriaSet.add(new UsageCriterion(UsageType.SIGNING)); final SignatureValidationParameters sigValCrit = new SignatureValidationParameters(); sigValCrit.setBlacklistedAlgorithms( ConfigurationService.get(SignatureValidationConfiguration.class) .getBlacklistedAlgorithms()); sigValCrit.setSignatureTrustEngine( TrustEngineFactory.getSignatureKnownKeysTrustEngine(mdResolver)); criteriaSet.add(new SignatureValidationParametersCriterion(sigValCrit)); final Iterable keyInfos = resolver.resolve(criteriaSet); Assert.assertNotNull("KeyInfos null", keyInfos); } @Test public void noCredentials() throws KeyStoreException { final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; final KeyStore keystore = KeyStore.getInstance("JKS"); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( keystore, metadataUrl)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); try { metadataResolverFactory.createMetadataProvider( metadataUrl, filterChain, "jUnit test", null); Assert.fail("Untrusted signature not detected"); } catch (final Pvp2MetadataException e) { Assert.assertEquals("Wrong errorCode", "internal.pvp.07", e.getErrorId()); } } @Test public void wrongCredentials() throws CertificateException, KeyStoreException, NoSuchAlgorithmException, IOException { final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; final KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); final BasicX509Credential credential = new BasicX509Credential((X509Certificate) fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); keystore.setCertificateEntry("1", credential.getEntityCertificate()); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( keystore, metadataUrl)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); try { metadataResolverFactory.createMetadataProvider( metadataUrl, filterChain, "jUnit test", null); Assert.fail("Untrusted signature not detected"); } catch (final Pvp2MetadataException e) { Assert.assertEquals("Wrong errorCode", "internal.pvp.07", e.getErrorId()); } } @Test public void validCredentialsInvalidSig() throws CertificateException, Pvp2MetadataException, ResolverException, KeyStoreException, NoSuchAlgorithmException, IOException { final String metadataUrl = "classpath:/data/pvp_metadata_moaid_test.xml"; final KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); keystore.setCertificateEntry("1", fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); keystore.setCertificateEntry("2", fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( keystore, metadataUrl)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); try { metadataResolverFactory.createMetadataProvider( metadataUrl, filterChain, "jUnit test", null); Assert.fail("Untrusted signature not detected"); } catch (final Pvp2MetadataException e) { Assert.assertEquals("Wrong errorCode", "internal.pvp.07", e.getErrorId()); } } @Test public void metadataSignatureValidCredentials() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, KeyStoreException, NoSuchAlgorithmException { mockWebServer.shutdown(); mockWebServer = new MockWebServer(); mockServerUrl = mockWebServer.url("/sp/metadata"); final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_moaid_test.xml")); metadata.setValidUntil(DateTime.now().plusDays(1)); metadata.setSignature(null); metadata.setEntityID(RandomStringUtils.randomAlphabetic(10)); final EntityDescriptor signedMatadata = Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); final Element metadataElement = XMLObjectSupport.marshall(signedMatadata); mockWebServer.enqueue(new MockResponse().setResponseCode(200) .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); final KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); keystore.setCertificateEntry("1", fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); keystore.setCertificateEntry("2", fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); keystore.setCertificateEntry("3", fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( keystore, mockServerUrl.url().toString())); filterList.add(new PvpEntityCategoryFilter(true)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( mockServerUrl.url().toString(), filterChain, "jUnit test", httpClientFactory.getHttpClient()); final EntityDescriptor entityIdNotExists = mdResolver.getEntityDescriptor( metadata.getEntityID()); Assert.assertNotNull("No EntityDescripter", entityIdNotExists); } @Test public void metadataSignatureValidCredentialsSecond() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, KeyStoreException, NoSuchAlgorithmException { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid_with_entityCategory.xml")); metadata.setValidUntil(DateTime.now().plusDays(1)); metadata.setSignature(null); metadata.setEntityID(RandomStringUtils.randomAlphabetic(10)); final EntityDescriptor signedMatadata = Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); final Element metadataElement = XMLObjectSupport.marshall(signedMatadata); mockWebServer.enqueue(new MockResponse().setResponseCode(200) .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); final KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); keystore.setCertificateEntry("1", fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); keystore.setCertificateEntry("2", fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); keystore.setCertificateEntry("3", fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( keystore, mockServerUrl.url().toString())); filterList.add(new PvpEntityCategoryFilter(true)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( mockServerUrl.url().toString(), filterChain, "jUnit test", httpClientFactory.getHttpClient()); final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID()); Assert.assertNotNull("No EntityDescripter", descr); final List reqAttr = descr.getSPSSODescriptor(SAMLConstants.SAML20P_NS) .getAttributeConsumingServices().get(0).getRequestAttributes(); Assert.assertNotNull("Req. attributes are null", reqAttr); Assert.assertEquals("# of req. attributes", 20, reqAttr.size()); } @Test public void metadataSignatureValidCredentialsThird() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, KeyStoreException, NoSuchAlgorithmException { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), MetadataResolverTest.class.getResourceAsStream( "/data/pvp_metadata_valid_with_entityCategory_egov.xml")); metadata.setValidUntil(DateTime.now().plusDays(1)); metadata.setSignature(null); metadata.setEntityID(RandomStringUtils.randomAlphabetic(10)); final EntityDescriptor signedMatadata = Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); final Element metadataElement = XMLObjectSupport.marshall(signedMatadata); mockWebServer.enqueue(new MockResponse().setResponseCode(200) .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); final KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); keystore.setCertificateEntry("1", fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); keystore.setCertificateEntry("2", fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); keystore.setCertificateEntry("3", fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( keystore, mockServerUrl.url().toString())); filterList.add(new PvpEntityCategoryFilter(true)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( mockServerUrl.url().toString(), filterChain, "jUnit test", httpClientFactory.getHttpClient()); final EntityDescriptor descr = mdResolver.getEntityDescriptor(metadata.getEntityID()); Assert.assertNotNull("No EntityDescripter", descr); final List reqAttr = descr.getSPSSODescriptor(SAMLConstants.SAML20P_NS) .getAttributeConsumingServices().get(0).getRequestAttributes(); Assert.assertNotNull("Req. attributes are null", reqAttr); Assert.assertEquals("# of req. attributes", 9, reqAttr.size()); } @Test public void metadataExpired() throws CertificateException, Pvp2MetadataException, ResolverException, XMLParserException, UnmarshallingException, SamlSigningException, CredentialsNotAvailableException, MarshallingException, TransformerException, IOException, KeyStoreException, NoSuchAlgorithmException { final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), MetadataResolverTest.class.getResourceAsStream("/data/pvp_metadata_valid.xml")); metadata.setValidUntil(DateTime.now().minusDays(2)); metadata.setSignature(null); Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); final Element metadataElement = XMLObjectSupport.marshall(metadata); mockWebServer.enqueue(new MockResponse().setResponseCode(200) .setBody(SerializeSupport.nodeToString(metadataElement)) .setHeader("Content-Type", "text/html;charset=utf-8")); final KeyStore keystore = KeyStore.getInstance("JKS"); keystore.load(null, "junit".toCharArray()); final CertificateFactory fact = CertificateFactory.getInstance("X.509"); keystore.setCertificateEntry("1", fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/metadata_sig_cert.crt"))); keystore.setCertificateEntry("2", fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/assertion_sig_cert.crt"))); keystore.setCertificateEntry("2", fact.generateCertificate( MetadataResolverTest.class.getResourceAsStream("/data/junit_metadata_sig_cert.crt"))); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); filterList.add(new SimpleMetadataSignatureVerificationFilter( keystore, mockServerUrl.url().toString())); filterList.add(new RequiredValidUntilFilter()); filterList.add(new PvpEntityCategoryFilter(false)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); try { metadataResolverFactory.createMetadataProvider( mockServerUrl.url().toString(), filterChain, "jUnit test", httpClientFactory.getHttpClient()); Assert.fail("Expired metadata not detected"); } catch (final Pvp2MetadataException e) { Assert.assertEquals("Wrong errorCode", "internal.pvp.09", e.getErrorId()); } } @Test public void simpleClasspathMetadataWithoutSigValidationMoaidTwoSigKeys() throws Pvp2MetadataException, ComponentInitializationException, ResolverException, Pvp2InternalErrorException { final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); final String entityIdToResolve = "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata"; final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( "classpath:/data/pvp_metadata_moaid_test.xml", filterChain, "jUnit test", null); final EntityDescriptor entityIdNotExists = mdResolver.getEntityDescriptor( "https://demo.egiz.gv.at/notExtist/"); Assert.assertNull("No EntityDescripter", entityIdNotExists); final EntityDescriptor entityId = mdResolver.getEntityDescriptor(entityIdToResolve); Assert.assertNotNull("No EntityDescripter", entityId); Assert.assertNotNull("Metadata provider is null", mdResolver); final MetadataCredentialResolver resolver = createKeyInfoResolver(mdResolver); final CriteriaSet sigCriteriaSet = new CriteriaSet(); sigCriteriaSet.add(new EntityIdCriterion(entityIdToResolve)); sigCriteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME)); sigCriteriaSet.add(new UsageCriterion(UsageType.SIGNING)); final SignatureValidationParameters sigValCrit = new SignatureValidationParameters(); sigValCrit.setBlacklistedAlgorithms( ConfigurationService.get(SignatureValidationConfiguration.class) .getBlacklistedAlgorithms()); sigValCrit.setSignatureTrustEngine( TrustEngineFactory.getSignatureKnownKeysTrustEngine(mdResolver)); sigCriteriaSet.add(new SignatureValidationParametersCriterion(sigValCrit)); final Iterable singingKeyInfos = resolver.resolve(sigCriteriaSet); Assert.assertNotNull("Signing KeyInfos null", singingKeyInfos); Assert.assertTrue("First Credential resolved", singingKeyInfos.iterator().hasNext()); Assert.assertTrue("Second Credential resolved", singingKeyInfos.iterator().hasNext()); final CriteriaSet encCriteriaSet = new CriteriaSet(); encCriteriaSet.add(new EntityIdCriterion(entityIdToResolve)); encCriteriaSet.add(new EntityRoleCriterion(SPSSODescriptor.DEFAULT_ELEMENT_NAME)); encCriteriaSet.add(new UsageCriterion(UsageType.ENCRYPTION)); final Iterable encKeyInfos = resolver.resolve(encCriteriaSet); Assert.assertNotNull("Encryption KeyInfos null", encKeyInfos); Assert.assertTrue("No Credential resolved", encKeyInfos.iterator().hasNext()); } @Test public void httpMetadataLoading() throws UnsupportedEncodingException, IOException, ResolverException, Pvp2MetadataException { mockWebServer.enqueue(new MockResponse().setResponseCode(200) .setBody(new String(IOUtils.toByteArray( MetadataResolverTest.class.getResourceAsStream( "/data/pvp_metadata_moaid_test.xml")), "UTF-8")) .setHeader("Content-Type", "text/xml")); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); final String entityIdToResolve = "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata"; final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( mockServerUrl.url().toString(), filterChain, "jUnit test", httpClientFactory.getHttpClient()); final EntityDescriptor entityIdNotExists = mdResolver.getEntityDescriptor( "https://demo.egiz.gv.at/notExtist/"); Assert.assertNull("No EntityDescripter", entityIdNotExists); final EntityDescriptor entityId = mdResolver.getEntityDescriptor(entityIdToResolve); Assert.assertNotNull("No EntityDescripter", entityId); } @Test public void httpMetadataLoadingRefeshFailed() throws UnsupportedEncodingException, IOException, ResolverException, Pvp2MetadataException { mockWebServer.enqueue(new MockResponse().setResponseCode(200) .setBody(new String(IOUtils.toByteArray( MetadataResolverTest.class.getResourceAsStream( "/data/pvp_metadata_moaid_test.xml")), "UTF-8")) .setHeader("Content-Type", "text/xml")); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); final String entityIdToResolve = "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata"; final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( mockServerUrl.url().toString(), filterChain, "jUnit test", httpClientFactory.getHttpClient()); final EntityDescriptor entityIdNotExists = mdResolver.getEntityDescriptor( "https://demo.egiz.gv.at/notExtist/"); Assert.assertNull("No EntityDescripter", entityIdNotExists); final EntityDescriptor entityId = mdResolver.getEntityDescriptor(entityIdToResolve); Assert.assertNotNull("No EntityDescripter", entityId); final DateTime lastRefreshSucess = mdResolver.getLastSuccessfulRefresh(); try { mdResolver.refresh(); Assert.fail("Refesh possible without available metadata"); } catch (final ResolverException e) { Assert.assertFalse("Wrong Refesh success flag", mdResolver.wasLastRefreshSuccess()); Assert.assertEquals("Wrong refresh success date", lastRefreshSucess, mdResolver .getLastSuccessfulRefresh()); } } @Test public void httpMetadataLoadingWithRefeshSuccess() throws UnsupportedEncodingException, IOException, ResolverException, Pvp2MetadataException { mockWebServer.enqueue(new MockResponse().setResponseCode(200) .setBody(new String(IOUtils.toByteArray( MetadataResolverTest.class.getResourceAsStream( "/data/pvp_metadata_moaid_test.xml")), "UTF-8")) .setHeader("Content-Type", "text/xml")); mockWebServer.enqueue(new MockResponse().setResponseCode(200) .setBody(new String(IOUtils.toByteArray( MetadataResolverTest.class.getResourceAsStream( "/data/pvp_metadata_moaid_test.xml")), "UTF-8")) .setHeader("Content-Type", "text/xml")); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); final String entityIdToResolve = "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata"; final IPvp2MetadataProvider mdResolver = metadataResolverFactory.createMetadataProvider( mockServerUrl.url().toString(), filterChain, "jUnit test", httpClientFactory.getHttpClient()); final EntityDescriptor entityIdNotExists = mdResolver.getEntityDescriptor( "https://demo.egiz.gv.at/notExtist/"); Assert.assertNull("No EntityDescripter", entityIdNotExists); final EntityDescriptor entityId = mdResolver.getEntityDescriptor(entityIdToResolve); Assert.assertNotNull("No EntityDescripter", entityId); // refresh metadata mdResolver.refresh(); Assert.assertTrue("Refresh not sucessful", mdResolver.wasLastRefreshSuccess()); } @Test public void httpMetadataLoadingWithoutHttpClient() throws UnsupportedEncodingException, IOException, ResolverException, Pvp2MetadataException { mockWebServer.enqueue(new MockResponse().setResponseCode(200) .setBody(new String(IOUtils.toByteArray( MetadataResolverTest.class.getResourceAsStream( "/data/pvp_metadata_moaid_test.xml")), "UTF-8")) .setHeader("Content-Type", "text/xml")); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); try { metadataResolverFactory.createMetadataProvider( mockServerUrl.url().toString(), filterChain, "jUnit test", null); Assert.fail("No httpclient not detected"); } catch (final Pvp2MetadataException e) { Assert.assertEquals("Wrong errorCode", "internal.pvp.09", e.getErrorId()); Assert.assertNotNull("No error params", e.getParams()); Assert.assertEquals("Wrong params size", 2, e.getParams().length); } } @Test public void httpMetadataLoadingWrongUrl() throws UnsupportedEncodingException, IOException, ResolverException, Pvp2MetadataException { mockWebServer.enqueue(new MockResponse().setResponseCode(200) .setBody(new String(IOUtils.toByteArray( MetadataResolverTest.class.getResourceAsStream( "/data/pvp_metadata_moaid_test.xml")), "UTF-8")) .setHeader("Content-Type", "text/xml")); final List filterList = new ArrayList<>(); filterList.add(new SchemaValidationFilter(true)); final MetadataFilterChain filterChain = new MetadataFilterChain(); filterChain.setFilters(filterList); try { metadataResolverFactory.createMetadataProvider( "http://127.0.0.1/notexist", filterChain, "jUnit test", httpClientFactory.getHttpClient()); Assert.fail("No httpclient not detected"); } catch (final Pvp2MetadataException e) { Assert.assertEquals("Wrong errorCode", "internal.pvp.09", e.getErrorId()); Assert.assertNotNull("No error params", e.getParams()); Assert.assertEquals("Wrong params size", 2, e.getParams().length); } } private MetadataCredentialResolver createKeyInfoResolver(IPvp2MetadataProvider mdResolver) throws ComponentInitializationException { final List keyInfoProvider = new ArrayList<>(); keyInfoProvider.add(new DSAKeyValueProvider()); keyInfoProvider.add(new RSAKeyValueProvider()); keyInfoProvider.add(new InlineX509DataProvider()); final KeyInfoCredentialResolver keyInfoCredentialResolver = new BasicProviderKeyInfoCredentialResolver( keyInfoProvider); final PredicateRoleDescriptorResolver roleDescriptorResolver = new PredicateRoleDescriptorResolver( mdResolver); roleDescriptorResolver.setRequireValidMetadata(true); roleDescriptorResolver.initialize(); final MetadataCredentialResolver resolver = new MetadataCredentialResolver(); resolver.setRoleDescriptorResolver(roleDescriptorResolver); resolver.setKeyInfoCredentialResolver(keyInfoCredentialResolver); resolver.initialize(); return resolver; } }