aboutsummaryrefslogtreecommitdiff
path: root/connector/src/test/java
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-12-15 18:21:07 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-12-15 18:21:07 +0100
commit47e2b6c838233aec6482ae81db91d8d48f0d3ea3 (patch)
tree495db98e50d49f8170896df6a4577a8e480866d0 /connector/src/test/java
parent230e6c3890c7e63b286e9a08001e5ffd63743d2c (diff)
parent76bba5972cfa6d6272a73cbdf56a8705419c55c8 (diff)
downloadNational_eIDAS_Gateway-47e2b6c838233aec6482ae81db91d8d48f0d3ea3.tar.gz
National_eIDAS_Gateway-47e2b6c838233aec6482ae81db91d8d48f0d3ea3.tar.bz2
National_eIDAS_Gateway-47e2b6c838233aec6482ae81db91d8d48f0d3ea3.zip
Merge branch 'feature/EID_connection' into 'nightlybuild'
Feature/eid connection See merge request egiz/eidas_at_proxy!2
Diffstat (limited to 'connector/src/test/java')
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java297
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/BasicConfigurationTest.java135
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java14
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java32
-rw-r--r--connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java335
5 files changed, 778 insertions, 35 deletions
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java
index 1721fe61..316dcb5f 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthenticationDataBuilderTest.java
@@ -1,18 +1,15 @@
package at.asitplus.eidas.specific.connector.test;
+import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
+
+import java.io.IOException;
+import java.security.PublicKey;
+import java.util.Date;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.transform.TransformerException;
-import at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
-import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
-import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
-import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
import org.apache.commons.lang3.RandomStringUtils;
import org.junit.Assert;
import org.junit.Before;
@@ -29,14 +26,32 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.test.context.web.WebAppConfiguration;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
+import org.w3c.dom.Element;
-import java.util.HashMap;
-import java.util.Map;
-
-import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
+import at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink;
+import at.gv.egiz.eaaf.core.exceptions.EaafAuthenticationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafBuilderException;
+import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration({"/applicationContext.xml", "/SpringTest_connector.beans.xml", "/eaaf_core.beans.xml", "/eaaf_pvp.beans.xml", "/eaaf_pvp_idp.beans.xml", "/spring/SpringTest-context_simple_storage.xml"})
+@ContextConfiguration({ "/applicationContext.xml", "/SpringTest_connector.beans.xml", "/eaaf_core.beans.xml",
+ "/eaaf_pvp.beans.xml", "/eaaf_pvp_idp.beans.xml", "/spring/SpringTest-context_simple_storage.xml" })
@WebAppConfiguration
public class AuthenticationDataBuilderTest {
@@ -55,11 +70,11 @@ public class AuthenticationDataBuilderTest {
private String eidasBind;
private String authBlock;
-
@BeforeClass
public static void classInitializer() throws InitializationException, ComponentInitializationException {
final String current = new java.io.File(".").toURI().toString();
- System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_3.properties");
+ System.setProperty("eidas.ms.configuration", current
+ + "src/test/resources/config/junit_config_3.properties");
EaafOpenSaml3xInitializer.eaafInitialize();
}
@@ -80,28 +95,258 @@ public class AuthenticationDataBuilderTest {
pendingReq = new TestRequestImpl();
pendingReq.setAuthUrl("https://localhost/ms_connector");
pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+ pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10));
pendingReq.setSpConfig(oaParam);
- pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
authBlock = RandomStringUtils.randomAlphanumeric(20);
eidasBind = RandomStringUtils.randomAlphanumeric(20);
- pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.SZR_AUTHBLOCK, authBlock);
- pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(Constants.EIDAS_BIND, eidasBind);
+ pendingReq.getSessionData(AuthProcessDataWrapper.class)
+ .setGenericDataToSession(Constants.SZR_AUTHBLOCK, authBlock);
+ pendingReq.getSessionData(AuthProcessDataWrapper.class)
+ .setGenericDataToSession(Constants.EIDAS_BIND, eidasBind);
+ pendingReq.getSessionData(AuthProcessDataWrapper.class)
+ .setQaaLevel(EaafConstants.EIDAS_LOA_PREFIX + RandomStringUtils.randomAlphabetic(5));
+ pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession(
+ PvpAttributeDefinitions.EID_ISSUING_NATION_NAME,
+ RandomStringUtils.randomAlphabetic(2));
+
LocaleContextHolder.resetLocaleContext();
+
}
@Test
- public void first() throws EaafAuthenticationException {
+ public void eidMode() throws EaafAuthenticationException {
+ // initialize state
+ pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true);
+
+ // execute
IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+ // validate state
Assert.assertNotNull("AuthData null", authData);
Assert.assertNotNull("authBlock null", authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class));
Assert.assertNotNull("eidasBind null", authData.getGenericData(Constants.EIDAS_BIND, String.class));
- Assert.assertNotNull("eidasBind null", authData.getEidasQaaLevel());
+ Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
+
String authBlock = authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class);
String eidasBind = authData.getGenericData(Constants.EIDAS_BIND, String.class);
- Assert.assertEquals("authBlock not equal", authBlock, this.authBlock);
- Assert.assertEquals("eidasBind not equal", eidasBind, this.eidasBind);
+ Assert.assertEquals("authBlock not equal", this.authBlock, authBlock);
+ Assert.assertEquals("eidasBind not equal", this.eidasBind, eidasBind);
+ Assert.assertEquals("piiTransactionId",
+ authData.getGenericData(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, String.class),
+ this.pendingReq.getUniquePiiTransactionIdentifier());
+ Assert.assertNotNull("assertion validTo", authData.getSsoSessionValidTo());
+ Assert.assertEquals("LoA", pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel(),
+ authData.getEidasQaaLevel());
+ Assert.assertEquals("EID-ISSUING-NATION",
+ pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(
+ PvpAttributeDefinitions.EID_ISSUING_NATION_NAME),
+ authData.getCiticenCountryCode());
+
+ Assert.assertNull("bPK", authData.getBpk());
+ Assert.assertNull("bPKType", authData.getBpkType());
+ Assert.assertNull("FamilyName", authData.getFamilyName());
+ Assert.assertNull("GivenName", authData.getGivenName());
+ Assert.assertNull("DateOfBirth", authData.getDateOfBirth());
+ Assert.assertNull("baseId", authData.getIdentificationValue());
+ Assert.assertNull("baseIdType", authData.getIdentificationType());
+ Assert.assertNull("IDL", authData.getIdentityLink());
+
+ }
+
+ @Test
+ public void moaIdMode() throws EaafAuthenticationException, EaafBuilderException {
+ //initialize state
+ pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(false);
+ IIdentityLink idl = buildDummyIdl();
+ pendingReq.getSessionData(AuthProcessDataWrapper.class).setIdentityLink(idl);
+
+ //execute
+ IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq);
+
+ //validate state
+ Assert.assertNotNull("AuthData null", authData);
+ Assert.assertNull("authBlock null", authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class));
+ Assert.assertNull("eidasBind null", authData.getGenericData(Constants.EIDAS_BIND, String.class));
+ Assert.assertNull("piiTransactionId",
+ authData.getGenericData(ExtendedPvpAttributeDefinitions.EID_PII_TRANSACTION_ID_NAME, String.class));
+
+
+ Assert.assertNotNull("assertion validTo", authData.getSsoSessionValidTo());
+ Assert.assertNotNull("LoA null", authData.getEidasQaaLevel());
+ Assert.assertEquals("LoA", pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel(),
+ authData.getEidasQaaLevel());
+ Assert.assertEquals("EID-ISSUING-NATION",
+ pendingReq.getSessionData(AuthProcessDataWrapper.class).getGenericDataFromSession(
+ PvpAttributeDefinitions.EID_ISSUING_NATION_NAME),
+ authData.getCiticenCountryCode());
+
+ Assert.assertEquals("FamilyName", idl.getFamilyName(), authData.getFamilyName());
+ Assert.assertEquals("GivenName", idl.getGivenName(), authData.getGivenName());
+ Assert.assertEquals("DateOfBirth", idl.getDateOfBirth(), authData.getFormatedDateOfBirth());
+ Assert.assertEquals("bPK",
+ BpkBuilder.generateAreaSpecificPersonIdentifier(
+ idl.getIdentificationValue(), EaafConstants.URN_PREFIX_CDID + "XX").getFirst(),
+ authData.getBpk());
+ Assert.assertEquals("bPKType", EaafConstants.URN_PREFIX_CDID + "XX", authData.getBpkType());
+ Assert.assertNotNull("IDL", authData.getIdentityLink());
+
+
+ }
+
+ private IIdentityLink buildDummyIdl() {
+ return new IIdentityLink() {
+
+ String familyName = RandomStringUtils.randomAlphabetic(10);
+ String givenName = RandomStringUtils.randomAlphabetic(10);
+ String dateOfBirth = "1955-02-03";
+ String baseId = RandomStringUtils.randomAlphanumeric(20);
+ String saml2Serialized = RandomStringUtils.randomAlphanumeric(150);
+
+
+
+ @Override
+ public void setSamlAssertion(Element arg0) throws TransformerException, IOException {
+
+ }
+
+ @Override
+ public void setPublicKey(PublicKey[] arg0) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setPrPerson(Element arg0) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setIssueInstant(String arg0) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setIdentificationValue(String arg0) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setIdentificationType(String arg0) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setGivenName(String arg0) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setFamilyName(String arg0) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setDsigReferenceTransforms(Element[] arg0) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public void setDateOfBirth(String arg0) {
+ // TODO Auto-generated method stub
+
+ }
+
+ @Override
+ public String getSerializedSamlAssertion() {
+ return this.saml2Serialized;
+ }
+
+ @Override
+ public Element getSamlAssertion() {
+ IIdentityLink fullIdl;
+ try {
+ fullIdl = new SimpleIdentityLinkAssertionParser(
+ AuthenticationDataBuilderTest.class.getResourceAsStream("/data/test_idl_1.xml")).parseIdentityLink();
+ return fullIdl.getSamlAssertion();
+
+ } catch (EaafParserException e) {
+ e.printStackTrace();
+ }
+
+ return null;
+
+ }
+
+ @Override
+ public PublicKey[] getPublicKey() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Element getPrPerson() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getName() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public Date getIssueInstantDate() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getIssueInstant() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getIdentificationValue() {
+ return this.baseId;
+ }
+
+ @Override
+ public String getIdentificationType() {
+ return EaafConstants.URN_PREFIX_BASEID;
+ }
+
+ @Override
+ public String getGivenName() {
+ return this.givenName;
+ }
+
+ @Override
+ public String getFamilyName() {
+ return this.familyName;
+ }
+
+ @Override
+ public Element[] getDsigReferenceTransforms() {
+ // TODO Auto-generated method stub
+ return null;
+ }
+
+ @Override
+ public String getDateOfBirth() {
+ return this.dateOfBirth;
+
+ }
+ };
}
}
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/BasicConfigurationTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/BasicConfigurationTest.java
new file mode 100644
index 00000000..6e52f113
--- /dev/null
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/BasicConfigurationTest.java
@@ -0,0 +1,135 @@
+package at.asitplus.eidas.specific.connector.test;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.security.cert.CertificateException;
+
+import org.junit.Assert;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+
+import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
+import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration;
+import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/applicationContext.xml",
+ "/specific_eIDAS_connector.beans.xml",
+ "/eaaf_core.beans.xml",
+ "/eaaf_pvp.beans.xml",
+ "/eaaf_pvp_idp.beans.xml",
+ "/spring/SpringTest-context_simple_storage.xml" })
+@WebAppConfiguration
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
+public class BasicConfigurationTest {
+
+ @Autowired private IConfigurationWithSP basicConfig;
+
+ /**
+ * jUnit class initializer.
+ * @throws ComponentInitializationException In case of an error
+ * @throws InitializationException In case of an error
+ * @throws CertificateException
+ *
+ */
+ @BeforeClass
+ public static void classInitializer() throws InitializationException,
+ ComponentInitializationException, CertificateException {
+ final String current = new java.io.File(".").toURI().toString();
+ System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties");
+
+ }
+
+
+ @Test
+ public void basicConfig() throws MalformedURLException, EaafException {
+ Assert.assertEquals("validate req. URL", "http://localhost",
+ basicConfig.validateIdpUrl(new URL("http://junit/test")));
+
+ Assert.assertEquals("validate req. URL", "http://localhost",
+ basicConfig.validateIdpUrl(new URL("http://localhost/test1/test")));
+
+ }
+
+ @Test
+ public void loadSpNotExist() throws EaafConfigurationException {
+ //check
+ ISpConfiguration sp = basicConfig.getServiceProviderConfiguration(
+ "https://not/exist");
+
+ //validate state
+ Assert.assertNull("spConfig", sp);
+
+
+ }
+
+ @Test
+ public void loadSpDefault() throws EaafConfigurationException {
+ //check
+ ISpConfiguration sp = basicConfig.getServiceProviderConfiguration(
+ "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata");
+
+ //validate state
+ Assert.assertNotNull("spConfig", sp);
+ Assert.assertEquals("BaseId transfare restrication", true, sp.hasBaseIdTransferRestriction());
+ Assert.assertEquals("BaseId process restrication", false, sp.hasBaseIdInternalProcessingRestriction());
+
+ Assert.assertEquals("req. LoA size", 1, sp.getRequiredLoA().size());
+ Assert.assertEquals("req. LoA", EaafConstants.EIDAS_LOA_HIGH, sp.getRequiredLoA().get(0));
+ Assert.assertEquals("LoA matching mode",
+ EaafConstants.EIDAS_LOA_MATCHING_MINIMUM, sp.getLoAMatchingMode());
+
+ }
+
+ @Test
+ public void loadSpNoBaseIdTransferRestriction() throws EaafException {
+ //check
+ ServiceProviderConfiguration sp = basicConfig.getServiceProviderConfiguration(
+ "https://demo.egiz.gv.at/demoportal_moaid-2.0/sp/eidas/metadata", ServiceProviderConfiguration.class);
+
+ //validate state
+ Assert.assertNotNull("spConfig", sp);
+ Assert.assertNull("bPKTarget already set", sp.getAreaSpecificTargetIdentifier());
+
+ //validate baseId transfer restriction
+ sp.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_CDID + "ZP");
+ Assert.assertEquals("BaseId restrication", false, sp.hasBaseIdTransferRestriction());
+ Assert.assertEquals("bPKTarget", EaafConstants.URN_PREFIX_CDID + "ZP", sp.getAreaSpecificTargetIdentifier());
+
+ sp.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+123456h");
+ Assert.assertEquals("BaseId restrication", true, sp.hasBaseIdTransferRestriction());
+
+ }
+
+ @Test
+ public void loadSpWithMsSpecificConfig() throws EaafConfigurationException {
+ //check
+ ServiceProviderConfiguration sp = basicConfig.getServiceProviderConfiguration(
+ "https://demo.egiz.gv.at/junit_test", ServiceProviderConfiguration.class);
+
+ //validate state
+ Assert.assertNotNull("spConfig", sp);
+ Assert.assertEquals("friendlyName", "jUnit test", sp.getFriendlyName());
+ Assert.assertEquals("UniqueId", "https://demo.egiz.gv.at/junit_test", sp.getUniqueIdentifier());
+ Assert.assertEquals("BaseId restrication", true, sp.hasBaseIdTransferRestriction());
+ Assert.assertEquals("generic config value", false,
+ sp.isConfigurationValue("policy.allowed.requested.targets"));
+ Assert.assertEquals("generic config value", "test",
+ sp.getConfigurationValue("policy.allowed.requested.targets"));
+ Assert.assertEquals("not_exist_value", "true", sp.getConfigurationValue("not.exist", "true"));
+
+ }
+}
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java
index b7c6cd44..f6d22c98 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/AuthBlockAttributeBuilderTest.java
@@ -13,6 +13,7 @@ import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import at.asitplus.eidas.specific.connector.attributes.AuthBlockAttributeBuilder;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
import at.gv.egiz.eaaf.core.api.idp.IAuthData;
import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
@@ -42,6 +43,19 @@ public class AuthBlockAttributeBuilderTest extends AbstractAttributeBuilderTest
}
@Test
+ public void checkName() {
+ Assert.assertEquals("Wrong attr. name",
+ ExtendedPvpAttributeDefinitions.EID_AUTHBLOCK_SIGNED_NAME, attrBuilde.getName());
+
+ }
+
+ @Test
+ public void checkEmptyAttribute() {
+ Assert.assertNull("empty attr.", attrBuilde.buildEmpty(gen));
+
+ }
+
+ @Test
public void okTest() {
log.info("starting: " + mTestName);
try {
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java
index 254efb59..9a2c6cdc 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/attributes/EidasBindAttributeBuilderTest.java
@@ -1,13 +1,7 @@
package at.asitplus.eidas.specific.connector.test.attributes;
-import at.asitplus.eidas.specific.connector.attributes.EidasBindAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
-import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
-import at.gv.egiz.eaaf.core.api.idp.IAuthData;
-import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
-import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
-import at.gv.egiz.eaaf.core.impl.idp.auth.attributes.AbstractAttributeBuilderTest;
-import lombok.extern.slf4j.Slf4j;
+import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.EIDAS_BIND;
+
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
@@ -17,7 +11,14 @@ import org.junit.runner.RunWith;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import static at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants.EIDAS_BIND;
+import at.asitplus.eidas.specific.connector.attributes.EidasBindAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder;
+import at.gv.egiz.eaaf.core.api.idp.IAuthData;
+import at.gv.egiz.eaaf.core.exceptions.UnavailableAttributeException;
+import at.gv.egiz.eaaf.core.impl.idp.AuthenticationData;
+import at.gv.egiz.eaaf.core.impl.idp.auth.attributes.AbstractAttributeBuilderTest;
+import lombok.extern.slf4j.Slf4j;
@Slf4j
@@ -36,6 +37,19 @@ public class EidasBindAttributeBuilderTest extends AbstractAttributeBuilderTest
}
@Test
+ public void checkName() {
+ Assert.assertEquals("Wrong attr. name",
+ ExtendedPvpAttributeDefinitions.EID_EIDBIND_NAME, attrBuilde.getName());
+
+ }
+
+ @Test
+ public void checkEmptyAttribute() {
+ Assert.assertNull("empty attr.", attrBuilde.buildEmpty(gen));
+
+ }
+
+ @Test
public void okTest() {
log.info("starting: " + mTestName);
try {
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java
new file mode 100644
index 00000000..81ee2625
--- /dev/null
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java
@@ -0,0 +1,335 @@
+package at.asitplus.eidas.specific.connector.test.saml2;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.UnsupportedEncodingException;
+import java.security.cert.CertificateException;
+import java.security.cert.CertificateFactory;
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.Timer;
+
+import javax.xml.transform.TransformerException;
+
+import org.joda.time.DateTime;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.metadata.EntityDescriptor;
+import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
+import org.opensaml.saml.saml2.metadata.RoleDescriptor;
+import org.opensaml.saml.saml2.metadata.SPSSODescriptor;
+import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator;
+import org.opensaml.security.credential.Credential;
+import org.opensaml.security.x509.BasicX509Credential;
+import org.opensaml.xmlsec.signature.support.SignatureException;
+import org.opensaml.xmlsec.signature.support.SignatureValidator;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.io.ResourceLoader;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.annotation.DirtiesContext.ClassMode;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.test.context.web.WebAppConfiguration;
+import org.springframework.util.Base64Utils;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint;
+import at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider;
+import at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider;
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.IRequestStorage;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({
+ "/applicationContext.xml",
+ "/specific_eIDAS_connector.beans.xml",
+ "/eaaf_core.beans.xml",
+ "/eaaf_pvp.beans.xml",
+ "/eaaf_pvp_idp.beans.xml",
+ "/spring/SpringTest-context_simple_storage.xml" })
+@WebAppConfiguration
+@DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
+public class Pvp2SProfileEndPointTest {
+
+
+ @Autowired private Pvp2SProfileEndpoint controller;
+ @Autowired private PvpEndPointCredentialProvider credentialProvider;
+ @Autowired private PvpMetadataProvider metadataProvider;
+ @Autowired private ResourceLoader resourceLoader;
+ @Autowired private IRequestStorage storage;
+
+ private static CertificateFactory fact;
+
+
+ private MockHttpServletRequest httpReq;
+ private MockHttpServletResponse httpResp;
+
+
+ /**
+ * jUnit class initializer.
+ * @throws ComponentInitializationException In case of an error
+ * @throws InitializationException In case of an error
+ * @throws CertificateException
+ *
+ */
+ @BeforeClass
+ public static void classInitializer() throws InitializationException,
+ ComponentInitializationException, CertificateException {
+ final String current = new java.io.File(".").toURI().toString();
+ System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties");
+
+ EaafOpenSaml3xInitializer.eaafInitialize();
+
+ fact = CertificateFactory.getInstance("X.509");
+
+ }
+
+ /**
+ * jUnit test set-up.
+ * @throws EaafException
+ *
+ */
+ @Before
+ public void initialize() throws EaafException {
+ httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+ httpResp = new MockHttpServletResponse();
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ }
+
+ @Test
+ public void authnReqWrongEndpoint() throws EaafException, XMLParserException, UnmarshallingException,
+ UnsupportedEncodingException, TransformerException, IOException, MarshallingException,
+ ComponentInitializationException {
+ //initialize test
+ final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_3.xml"));
+ authnReq.setIssueInstant(DateTime.now());
+ RequestAbstractType signedAuthnReq =
+ Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true);
+ String b64 = Base64Utils.encodeToString(DomUtils.serializeNode(
+ XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8"));
+ httpReq.setParameter("SAMLRequest", b64);
+
+ final org.springframework.core.io.Resource resource = resourceLoader.getResource(
+ "classpath:/data/metadata_valid.xml");
+ Timer timer = new Timer("PVP metadata-resolver refresh");
+ ResourceBackedMetadataResolver fileSystemResolver =
+ new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
+ fileSystemResolver.setId("test");
+ fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
+ fileSystemResolver.initialize();
+ metadataProvider.addMetadataResolverIntoChain(fileSystemResolver);
+
+
+ //request SAML2 authentication
+ try {
+ controller.pvpIdpPostRequest(httpReq, httpResp);
+ Assert.fail("wrong AuthnRequest not detected");
+
+ }catch (EaafException e) {
+ Assert.assertEquals("wrong errorId", "pvp2.22", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void authnReqWrongSigned() throws EaafException, XMLParserException, UnmarshallingException,
+ UnsupportedEncodingException, TransformerException, IOException, MarshallingException,
+ ComponentInitializationException {
+ //initialize test
+ final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml"));
+ authnReq.setIssueInstant(DateTime.now());
+ RequestAbstractType signedAuthnReq =
+ Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true);
+ String b64 = Base64Utils.encodeToString(DomUtils.serializeNode(
+ XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8"));
+ httpReq.setParameter("SAMLRequest", b64);
+
+ final org.springframework.core.io.Resource resource = resourceLoader.getResource(
+ "classpath:/data/metadata_valid.xml");
+ Timer timer = new Timer("PVP metadata-resolver refresh");
+ ResourceBackedMetadataResolver fileSystemResolver =
+ new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
+ fileSystemResolver.setId("test");
+ fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
+ fileSystemResolver.initialize();
+ metadataProvider.addMetadataResolverIntoChain(fileSystemResolver);
+
+
+ //request SAML2 authentication
+ try {
+ controller.pvpIdpPostRequest(httpReq, httpResp);
+ Assert.fail("wrong AuthnRequest not detected");
+
+ }catch (EaafException e) {
+ Assert.assertEquals("wrong errorId", "pvp2.21", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void authnReqMetadataExpired() throws EaafException, XMLParserException, UnmarshallingException,
+ UnsupportedEncodingException, TransformerException, IOException, MarshallingException,
+ ComponentInitializationException {
+ //initialize test
+ final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml"));
+ authnReq.setIssueInstant(DateTime.now());
+ RequestAbstractType signedAuthnReq =
+ Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true);
+ String b64 = Base64Utils.encodeToString(DomUtils.serializeNode(
+ XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8"));
+ httpReq.setParameter("SAMLRequest", b64);
+
+ final org.springframework.core.io.Resource resource = resourceLoader.getResource(
+ "classpath:/data/metadata_expired.xml");
+ Timer timer = new Timer("PVP metadata-resolver refresh");
+ ResourceBackedMetadataResolver fileSystemResolver =
+ new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
+ fileSystemResolver.setId("test");
+ fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
+ fileSystemResolver.initialize();
+ metadataProvider.addMetadataResolverIntoChain(fileSystemResolver);
+
+
+ //request SAML2 authentication
+ try {
+ controller.pvpIdpPostRequest(httpReq, httpResp);
+ Assert.fail("wrong AuthnRequest not detected");
+
+ }catch (EaafException e) {
+ Assert.assertEquals("wrong errorId", "pvp2.21", e.getErrorId());
+
+ }
+ }
+
+ @Test
+ public void authnReqValid() throws EaafException, XMLParserException, UnmarshallingException,
+ UnsupportedEncodingException, TransformerException, IOException, MarshallingException,
+ ComponentInitializationException {
+ //initialize test
+ final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml"));
+ authnReq.setIssueInstant(DateTime.now());
+ RequestAbstractType signedAuthnReq =
+ Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true);
+ String b64 = Base64Utils.encodeToString(DomUtils.serializeNode(
+ XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8"));
+ httpReq.setParameter("SAMLRequest", b64);
+
+ final org.springframework.core.io.Resource resource = resourceLoader.getResource(
+ "classpath:/data/metadata_valid.xml");
+ Timer timer = new Timer("PVP metadata-resolver refresh");
+ ResourceBackedMetadataResolver fileSystemResolver =
+ new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource));
+ fileSystemResolver.setId("test");
+ fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool());
+ fileSystemResolver.initialize();
+ metadataProvider.addMetadataResolverIntoChain(fileSystemResolver);
+
+
+ //request SAML2 authentication
+ controller.pvpIdpPostRequest(httpReq, httpResp);
+
+
+ //validate state
+ Assert.assertEquals("http statuscode", 200, httpResp.getStatus());
+ Assert.assertEquals("Wrong http ContentType", "text/html;charset=UTF-8", httpResp.getContentType());
+
+ String html = httpResp.getContentAsString();
+ Assert.assertNotNull("html result is null", html);
+ Assert.assertFalse("html result is empty", html.isEmpty());
+ Assert.assertTrue("Wrong page", html.contains("action=\"/myHomeCountry\""));
+
+ String pattern = "<input type=\"hidden\" name=\"pendingid\" value=\"";
+ int pendingIdStart = html.indexOf(pattern) + pattern.length();
+ int pendingIdEnd = html.indexOf("\"", pendingIdStart);
+ String pendingReqId = html.substring(pendingIdStart, pendingIdEnd);
+ Assert.assertFalse("pendingReqId is empty", pendingReqId.isEmpty());
+
+ IRequest pendingReq = storage.getPendingRequest(pendingReqId);
+ Assert.assertNotNull("pendingReq", pendingReq);
+ Assert.assertNotNull("piiTransId", pendingReq.getUniquePiiTransactionIdentifier());
+ Assert.assertNotNull("piiTransId", pendingReq.getUniqueTransactionIdentifier());
+
+ Assert.assertEquals("wrong OA Id", "https://demo.egiz.gv.at/demoportal-openID_demo",
+ pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class));
+ Assert.assertEquals("wrong bPK Target", "urn:publicid:gv.at:cdid+BF",
+ pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
+
+
+ }
+
+ @Test
+ public void checkSaml2Metadata() throws EaafException, UnsupportedEncodingException, XMLParserException,
+ UnmarshallingException, CertificateException, SignatureException {
+
+ //request SAML2 Metadata
+ controller.pvpMetadataRequest(httpReq, httpResp);
+
+ //validate state
+ Assert.assertEquals("http statuscode", 200, httpResp.getStatus());
+ Assert.assertEquals("Wrong http ContentType", "application/xml", httpResp.getContentType());
+
+ String html = httpResp.getContentAsString();
+ Assert.assertNotNull("html result is null", html);
+ Assert.assertFalse("html result is empty", html.isEmpty());
+
+
+ final EntityDescriptor entity = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ new ByteArrayInputStream(html.getBytes("UTF-8")));
+
+ Assert.assertNotNull("Unmarshalling failed", entity);
+ Assert.assertNotNull("EntityId is null", entity.getEntityID());
+
+ Assert.assertNotNull("Signature is null", entity.getSignature());
+ final SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator();
+ sigValidator.validate(entity.getSignature());
+
+ final Credential cred = new BasicX509Credential((X509Certificate) fact.generateCertificate(
+ Pvp2SProfileEndPointTest.class.getResourceAsStream("/config/keys/Metadata.pem")));
+ SignatureValidator.validate(entity.getSignature(), cred);
+
+ Assert.assertEquals("wrong entityId", "http://localhost/pvp/metadata", entity.getEntityID());
+ Assert.assertNotNull("IDPSSODescr", entity.getRoleDescriptors(IDPSSODescriptor.DEFAULT_ELEMENT_NAME));
+ Assert.assertNotNull("SPSSODescr", entity.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME));
+ Assert.assertEquals("SPSSODescr. size", 0,
+ entity.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME).size());
+
+ List<RoleDescriptor> idp = entity.getRoleDescriptors(IDPSSODescriptor.DEFAULT_ELEMENT_NAME);
+ Assert.assertEquals("IDP descr. size", 1, idp.size());
+ Assert.assertEquals("IDP descr. endpoints", 2, idp.get(0).getEndpoints().size());
+ Assert.assertEquals("IDP descr. keyDescr", 1, idp.get(0).getKeyDescriptors().size());
+
+ }
+
+}