aboutsummaryrefslogtreecommitdiff
path: root/connector/src/test/java/at/asitplus
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2019-12-11 12:45:58 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2019-12-11 12:45:58 +0100
commit3734d910935f34427632a36206aa3b6b0822c9bf (patch)
tree4a834c00ea143eb331ae633d847e47a051408a17 /connector/src/test/java/at/asitplus
parent7bdb891ffe9e14e86b23a10579c8d97759ba4830 (diff)
downloadNational_eIDAS_Gateway-3734d910935f34427632a36206aa3b6b0822c9bf.tar.gz
National_eIDAS_Gateway-3734d910935f34427632a36206aa3b6b0822c9bf.tar.bz2
National_eIDAS_Gateway-3734d910935f34427632a36206aa3b6b0822c9bf.zip
fix LoA level validation error in AuthnRequestValidator.java
Diffstat (limited to 'connector/src/test/java/at/asitplus')
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java211
1 files changed, 211 insertions, 0 deletions
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java
new file mode 100644
index 00000000..56d257b5
--- /dev/null
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java
@@ -0,0 +1,211 @@
+package at.asitplus.eidas.specific.connector.test;
+
+import java.io.IOException;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.saml2.core.AuthnRequest;
+import org.opensaml.xml.ConfigurationException;
+import org.opensaml.xml.io.Unmarshaller;
+import org.opensaml.xml.io.UnmarshallerFactory;
+import org.opensaml.xml.io.UnmarshallingException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/applicationContext.xml",
+ "/specific_eIDAS_connector.beans.xml",
+ "/eaaf_core.beans.xml",
+ "/eaaf_pvp.beans.xml",
+ "/eaaf_pvp_idp.beans.xml",
+ "/spring/SpringTest-context_simple_storage.xml" })
+@WebAppConfiguration
+public class AuthnRequestValidatorTest {
+
+ @Autowired private IConfiguration basicConfig;
+ @Autowired protected IAuthnRequestValidator authRequestValidator;
+
+ private MockHttpServletRequest httpReq;
+ private MockHttpServletResponse httpResp;
+ private TestRequestImpl pendingReq;
+
+ /**
+ * jUnit class initializer.
+ * @throws ConfigurationException In case of an error
+ *
+ */
+ @BeforeClass
+ public static void classInitializer() throws ConfigurationException {
+ final String current = new java.io.File(".").toURI().toString();
+ System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties");
+
+ EaafDefaultSaml2Bootstrap.bootstrap();
+ }
+
+ /**
+ * jUnit test set-up.
+ *
+ */
+ @Before
+ public void initialize() {
+ httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+ httpResp = new MockHttpServletResponse();
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ Map<String, String> spConfig = new HashMap<>();
+ spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphabetic(10));
+
+ pendingReq = new TestRequestImpl();
+ pendingReq.setAuthUrl("https://localhost/ms_connector");
+ pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+ pendingReq.setSpConfig(new ServiceProviderConfiguration(spConfig, basicConfig));
+ }
+
+ @Test
+ public void loaLowRequested() throws AuthnRequestValidatorException, ParserConfigurationException,
+ SAXException, IOException, UnmarshallingException {
+ AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml");
+
+ //test
+ authRequestValidator.validate(httpReq, pendingReq, authReq, null);
+
+ //validate
+ Assert.assertNotNull("spEntityId is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
+ Assert.assertEquals("SP EntityId not match",
+ "https://demo.egiz.gv.at/demoportal-openID_demo",
+ pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
+
+ Assert.assertNotNull("SP ProviderName is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
+ Assert.assertEquals("SP ProviderName not match",
+ "OpenID Connect Demo",
+ pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
+
+ Assert.assertNotNull("Requested SP LoA is null",
+ pendingReq.getServiceProviderConfiguration().getRequiredLoA());
+ Assert.assertFalse("Requested SP LoA is null",
+ pendingReq.getServiceProviderConfiguration().getRequiredLoA().isEmpty());
+ Assert.assertEquals("SP LoA count not match", 1,
+ pendingReq.getServiceProviderConfiguration().getRequiredLoA().size());
+ Assert.assertEquals("SP LoA not match",
+ "http://eidas.europa.eu/LoA/substantial",
+ pendingReq.getServiceProviderConfiguration().getRequiredLoA().get(0));
+
+ Assert.assertNotNull("bPK Target is null",
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+BF",
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+
+ }
+
+ @Test
+ public void loaSubstentialRequested() throws AuthnRequestValidatorException, ParserConfigurationException,
+ SAXException, IOException, UnmarshallingException {
+ AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_2.xml");
+
+ //test
+ authRequestValidator.validate(httpReq, pendingReq, authReq, null);
+
+ //validate
+ Assert.assertNotNull("spEntityId is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
+ Assert.assertEquals("SP EntityId not match",
+ "https://demo.egiz.gv.at/demoportal-openID_demo",
+ pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
+
+ Assert.assertNotNull("SP ProviderName is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
+ Assert.assertEquals("SP ProviderName not match",
+ "OpenID Connect Demo",
+ pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
+
+ Assert.assertNotNull("Requested SP LoA is null",
+ pendingReq.getServiceProviderConfiguration().getRequiredLoA());
+ Assert.assertFalse("Requested SP LoA is null",
+ pendingReq.getServiceProviderConfiguration().getRequiredLoA().isEmpty());
+ Assert.assertEquals("SP LoA count not match", 1,
+ pendingReq.getServiceProviderConfiguration().getRequiredLoA().size());
+ Assert.assertEquals("SP LoA not match",
+ "http://eidas.europa.eu/LoA/substantial",
+ pendingReq.getServiceProviderConfiguration().getRequiredLoA().get(0));
+
+ Assert.assertNotNull("bPK Target is null",
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+BF",
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+
+ }
+
+ @Test
+ public void loaHighRequested() throws AuthnRequestValidatorException, ParserConfigurationException,
+ SAXException, IOException, UnmarshallingException {
+ AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_3.xml");
+
+ //test
+ authRequestValidator.validate(httpReq, pendingReq, authReq, null);
+
+ //validate
+ Assert.assertNotNull("spEntityId is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
+ Assert.assertEquals("SP EntityId not match",
+ "https://demo.egiz.gv.at/demoportal-openID_demo",
+ pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID));
+
+ Assert.assertNotNull("SP ProviderName is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
+ Assert.assertEquals("SP ProviderName not match",
+ "OpenID Connect Demo",
+ pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME));
+
+ Assert.assertNotNull("Requested SP LoA is null",
+ pendingReq.getServiceProviderConfiguration().getRequiredLoA());
+ Assert.assertFalse("Requested SP LoA is null",
+ pendingReq.getServiceProviderConfiguration().getRequiredLoA().isEmpty());
+ Assert.assertEquals("SP LoA count not match", 1,
+ pendingReq.getServiceProviderConfiguration().getRequiredLoA().size());
+ Assert.assertEquals("SP LoA not match",
+ "http://eidas.europa.eu/LoA/high",
+ pendingReq.getServiceProviderConfiguration().getRequiredLoA().get(0));
+
+ Assert.assertNotNull("bPK Target is null",
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+ Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+XX",
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+
+ }
+
+ private AuthnRequest getAuthRequest(String resource) throws
+ ParserConfigurationException, SAXException, IOException, UnmarshallingException {
+ final Element authBlockDom =
+ DomUtils.parseXmlValidating(AuthnRequestValidatorTest.class.getResourceAsStream(resource));
+
+ final UnmarshallerFactory unmarshallerFactory =
+ org.opensaml.xml.Configuration.getUnmarshallerFactory();
+ final Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDom);
+ return (AuthnRequest) unmarshaller.unmarshall(authBlockDom);
+
+ }
+}