aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-12-11 17:50:40 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-12-11 17:50:40 +0100
commit89cf59a91757d9aa919759d709a04a2257e602fb (patch)
treead66878064b73580e92ed1b11d26bee096287308
parentedb3c1d835bec492063d36b8c5eb43ae9cdb707e (diff)
downloadNational_eIDAS_Gateway-89cf59a91757d9aa919759d709a04a2257e602fb.tar.gz
National_eIDAS_Gateway-89cf59a91757d9aa919759d709a04a2257e602fb.tar.bz2
National_eIDAS_Gateway-89cf59a91757d9aa919759d709a04a2257e602fb.zip
fix wrong flag in SZR client to get encryptedBaseId
extend validation in jUnit test for CreateIdentityLink with E-ID task
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java87
2 files changed, 84 insertions, 5 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
index 067825d8..6de5dae9 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/szr/SzrClient.java
@@ -231,7 +231,7 @@ public class SzrClient {
final String resp;
try {
- resp = this.szr.getStammzahlEncrypted(personInfo, false);
+ resp = this.szr.getStammzahlEncrypted(personInfo, true);
} catch (SZRException_Exception e) {
throw new SzrCommunicationException("ernb.02", new Object[]{e.getMessage()}, e);
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index 2bc0c86c..34f641a7 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -2,6 +2,8 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.Mockito.times;
+import static org.mockito.Mockito.verify;
import static org.powermock.api.mockito.PowerMockito.when;
import java.io.IOException;
@@ -13,6 +15,7 @@ import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
+import java.util.Iterator;
import java.util.List;
import java.util.Map;
@@ -29,6 +32,7 @@ import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
+import org.mockito.ArgumentCaptor;
import org.powermock.core.classloader.annotations.PrepareForTest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.mock.web.MockHttpServletRequest;
@@ -71,6 +75,8 @@ import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import eu.eidas.auth.commons.attribute.PersonType;
import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
import lombok.val;
+import szrservices.JwsHeaderParam;
+import szrservices.PersonInfoType;
import szrservices.SZR;
import szrservices.SignContentEntry;
import szrservices.SignContentResponseType;
@@ -112,7 +118,9 @@ public class CreateIdentityLinkTaskEidNewTest {
AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512, AlgorithmIdentifiers.RSA_PSS_USING_SHA256,
AlgorithmIdentifiers.RSA_PSS_USING_SHA512));
- private ObjectMapper mapper = new ObjectMapper();
+ private static ObjectMapper mapper = new ObjectMapper();
+
+ private AuthenticationResponse response;
@Rule
public final SoapServiceRule soap = SoapServiceRule.newInstance();
@@ -147,7 +155,7 @@ public class CreateIdentityLinkTaskEidNewTest {
oaParam = new DummySpConfiguration(spConfig, basicConfig);
pendingReq = new TestRequestImpl();
- final AuthenticationResponse response = buildDummyAuthResponse();
+ response = buildDummyAuthResponse();
pendingReq.getSessionData(AuthProcessDataWrapper.class)
.setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
@@ -166,7 +174,8 @@ public class CreateIdentityLinkTaskEidNewTest {
@Test
public void successfulProcess() throws Exception {
//initialize test
- when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
+ String vsz = RandomStringUtils.randomNumeric(10);
+ when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(vsz);
val signContentResp = new SignContentResponseType();
final SignContentEntry signContentEntry = new SignContentEntry();
signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
@@ -207,6 +216,76 @@ public class CreateIdentityLinkTaskEidNewTest {
Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
+ //check vsz request
+ ArgumentCaptor<PersonInfoType> argument4 = ArgumentCaptor.forClass(PersonInfoType.class);
+ ArgumentCaptor<Boolean> argument5 = ArgumentCaptor.forClass(Boolean.class);
+ verify(szrMock, times(1)).getStammzahlEncrypted(argument4.capture(), argument5.capture());
+
+ Boolean param5 = argument5.getValue();
+ Assert.assertTrue("insertERnP flag", param5);
+ PersonInfoType person = argument4.getValue();
+ Assert.assertEquals("FamilyName",
+ response.getAttributes().getAttributeValuesByFriendlyName("FamilyName").getFirstValue(
+ response.getAttributes().getDefinitionsByFriendlyName("FamilyName").iterator().next()),
+ person.getPerson().getName().getFamilyName());
+ Assert.assertEquals("GivenName",
+ response.getAttributes().getAttributeValuesByFriendlyName("FirstName").getFirstValue(
+ response.getAttributes().getDefinitionsByFriendlyName("FirstName").iterator().next()),
+ person.getPerson().getName().getGivenName());
+ Assert.assertEquals("DateOfBirth",
+ response.getAttributes().getAttributeValuesByFriendlyName("DateOfBirth").getFirstValue(
+ response.getAttributes().getDefinitionsByFriendlyName("DateOfBirth").iterator().next())
+ .toString().split("T")[0],
+ person.getPerson().getDateOfBirth());
+
+ Assert.assertEquals("CitizenCountry", "LU", person.getTravelDocument().getIssuingCountry());
+ Assert.assertEquals("DocumentType", "ELEKTR_DOKUMENT", person.getTravelDocument().getDocumentType());
+
+ Assert.assertEquals("Identifier",
+ response.getAttributes().getAttributeValuesByFriendlyName("PersonIdentifier").getFirstValue(
+ response.getAttributes().getDefinitionsByFriendlyName("PersonIdentifier").iterator().next())
+ .toString().split("/")[2],
+ person.getTravelDocument().getDocumentNumber());
+
+
+
+ //check bcBind singing request
+ ArgumentCaptor<Boolean> argument1 = ArgumentCaptor.forClass(Boolean.class);
+ ArgumentCaptor<List<JwsHeaderParam>> argument2 = ArgumentCaptor.forClass(List.class);
+ ArgumentCaptor<List<SignContentEntry>> argument3 = ArgumentCaptor.forClass(List.class);
+ verify(szrMock, times(1)).signContent(argument1.capture(), argument2.capture(), argument3.capture());
+ Boolean param1 = argument1.getValue();
+ Assert.assertFalse("addCert flag", param1);
+
+ List<JwsHeaderParam> param2 = argument2.getValue();
+ Assert.assertNotNull("JWS Headers", param2);
+ Assert.assertFalse("JWS Headers empty", param2.isEmpty());
+ Assert.assertEquals("Wrong JWS header size", 1, param2.size());
+ Assert.assertEquals("Missing JWS header key", "urn:at.gv.eid:bindtype", param2.get(0).getKey());
+ Assert.assertEquals("Missing JWS header value", "urn:at.gv.eid:eidasBind", param2.get(0).getValue());
+
+ List<SignContentEntry> param3 = argument3.getValue();
+ Assert.assertNotNull("sign Payload", param3);
+ Assert.assertEquals("wrong sign-payload size", 1, param3.size());
+ Assert.assertNotNull("payload", param3.get(0).getValue().getBytes());
+ JsonNode bcBind = mapper.readTree(param3.get(0).getValue().getBytes());
+ Assert.assertNotNull("bcbind req", bcBind);
+
+ Assert.assertEquals("vsz", vsz, bcBind.get("urn:eidgvat:attributes.vsz.value").asText());
+ Assert.assertEquals("eid status", "urn:eidgvat:eid.status.eidas",
+ bcBind.get("urn:eidgvat:attributes.eid.status").asText());
+ Assert.assertTrue("pubKeys", bcBind.has("urn:eidgvat:attributes.user.pubkeys"));
+ Assert.assertTrue("pubKeys", bcBind.get("urn:eidgvat:attributes.user.pubkeys").isArray());
+ Iterator<JsonNode> pubKeys = bcBind.get("urn:eidgvat:attributes.user.pubkeys").elements();
+ Assert.assertTrue("No PubKey", pubKeys.hasNext());
+ Assert.assertEquals("Wrong pubKey",
+ "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxcB5jnrAwGn7xjgVFv1UBUv1pluwDRFQx7x5O6rSn7pblYfwaWeKa8y"
+ + "jS5BDDaZ00mhhnSlm2XByNrkg5yBGetTgBGtQVAxV5apfuAWN8TS3uSXgdZol7Khd6kraUITtnulvLe8tNaboom5P0zN6UxbJN"
+ + "NVLishVp80HiRXiDbplCTUk8b5cYtmivdb0+5JBTa7L5N/anRVnHHoJCXgNPTouO8daUHZbG1mPk0HgqD8rhZ+OBzE+APKH9No"
+ + "agedSrGRDLdIgZxkrg0mxmfsZQIi2wdJSi3y0PAjEps/s4j0nmw9bPRgCMNLBqqjxtN5JKC8E1yyLm7YefXv/nPaMwIDAQAB",
+ pubKeys.next().asText());
+ Assert.assertFalse("More than one PubKey", pubKeys.hasNext());
+
}
@Test
@@ -280,7 +359,7 @@ public class CreateIdentityLinkTaskEidNewTest {
.attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller").build();
final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder()
- .put(attributeDef, "de/st/" + RandomStringUtils.randomNumeric(64))
+ .put(attributeDef, "LU/ST/" + RandomStringUtils.randomNumeric(64))
.put(attributeDef2, RandomStringUtils.randomAlphabetic(10))
.put(attributeDef3, RandomStringUtils.randomAlphabetic(10)).put(attributeDef4, "2001-01-01").build();