aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus
diff options
context:
space:
mode:
authorThomas Lenz <thomas.lenz@egiz.gv.at>2020-11-07 18:21:49 +0100
committerThomas Lenz <thomas.lenz@egiz.gv.at>2020-11-07 18:21:49 +0100
commit57d813b9cfbbd231a2e6f9d47169b31435d1d6c0 (patch)
tree7ce36328e4250bc798840daa73ff0f42f8f41a85 /eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus
parentf358f3ba6a24d5e9575b3fd63e3fbfe8848b63c4 (diff)
downloadNational_eIDAS_Gateway-57d813b9cfbbd231a2e6f9d47169b31435d1d6c0.tar.gz
National_eIDAS_Gateway-57d813b9cfbbd231a2e6f9d47169b31435d1d6c0.tar.bz2
National_eIDAS_Gateway-57d813b9cfbbd231a2e6f9d47169b31435d1d6c0.zip
code clean-up and first jUnit test modifications for CreateIdentityLink task
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java204
2 files changed, 129 insertions, 77 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
index a30ea2a0..2f573f53 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
@@ -59,7 +59,7 @@ import szrservices.PersonInfoType;
import szrservices.SZRException_Exception;
import szrservices.TravelDocumentType;
-//@Ignore
+@Ignore
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration("/SpringTest-context_basic_test.xml")
public class SzrClientTestProduction {
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index 888b7631..f67b4d93 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -1,7 +1,5 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
-import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTSTORE_FRIENDLYNAME;
-import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PASSWORD;
import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
import static org.mockito.ArgumentMatchers.any;
import static org.powermock.api.mockito.PowerMockito.when;
@@ -9,13 +7,22 @@ import static org.powermock.api.mockito.PowerMockito.when;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
+import java.security.KeyStore;
+import java.security.Provider;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collections;
import java.util.HashMap;
+import java.util.List;
import java.util.Map;
import javax.xml.namespace.QName;
import org.apache.commons.lang3.RandomStringUtils;
import org.jetbrains.annotations.NotNull;
+import org.jose4j.jwa.AlgorithmConstraints;
+import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
+import org.jose4j.jws.AlgorithmIdentifiers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
@@ -38,12 +45,18 @@ import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummySpecificCommunicationService;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils.JwsResult;
import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
import at.gv.egiz.eaaf.core.api.data.EaafConstants;
import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
@@ -53,7 +66,6 @@ import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
import eu.eidas.auth.commons.attribute.PersonType;
import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
import lombok.val;
-import szrservices.PersonInfoType;
import szrservices.SZR;
import szrservices.SignContentEntry;
import szrservices.SignContentResponseType;
@@ -66,17 +78,16 @@ import szrservices.SignContentResponseType;
@ContextConfiguration("/SpringTest-context_tasks_test.xml")
public class CreateIdentityLinkTaskEidNewTest {
-
@Autowired(required = true)
private CreateIdentityLinkTask task;
- // @Autowired(required = true)
- // private FinalizeAuthenticationTask authTask;
- @Autowired(required = true)
- private DummySpecificCommunicationService commService;
+
@Autowired(required = true)
private IConfiguration basicConfig;
@Autowired
protected EidasAttributeRegistry attrRegistry;
+
+ @Autowired
+ EaafKeyStoreFactory keyStoreFactory;
final ExecutionContext executionContext = new ExecutionContextImpl();
private MockHttpServletRequest httpReq;
@@ -88,6 +99,13 @@ public class CreateIdentityLinkTaskEidNewTest {
private static final String PW = "f/+saJBc3a}*/T^s";
private static final String ALIAS = "connectorkeypair";
+ private static final List<String> BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(
+ Arrays.asList(
+ AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256,
+ AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512,
+ AlgorithmIdentifiers.RSA_PSS_USING_SHA256,
+ AlgorithmIdentifiers.RSA_PSS_USING_SHA512));
+
@Rule
public final SoapServiceRule soap = SoapServiceRule.newInstance();
@@ -99,7 +117,8 @@ public class CreateIdentityLinkTaskEidNewTest {
@BeforeClass
public static void classInitializer() throws IOException {
final String current = new java.io.File(".").toURI().toString();
- System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_3.properties");
+ System.setProperty("eidas.ms.configuration", current
+ + "src/test/resources/config/junit_config_3.properties");
}
@@ -118,16 +137,13 @@ public class CreateIdentityLinkTaskEidNewTest {
spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true");
- spConfig.put(PROP_CONFIG_SP_AUTHBLOCK_KEYSTORE_PASSWORD, PW);
- spConfig.put(PROP_CONFIG_SP_AUTHBLOCK_KEYSTSTORE_FRIENDLYNAME, ALIAS);
oaParam = new DummySpConfiguration(spConfig, basicConfig);
pendingReq = new TestRequestImpl();
- AuthenticationResponse response = buildDummyAuthResponse();
-
+ final AuthenticationResponse response = buildDummyAuthResponse();
pendingReq.getSessionData(AuthProcessDataWrapper.class)
- .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
+ .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
pendingReq.setSpConfig(oaParam);
pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue());
pendingReq.setAuthUrl("http://test.com/");
@@ -141,73 +157,109 @@ public class CreateIdentityLinkTaskEidNewTest {
@NotNull
private AuthenticationResponse buildDummyAuthResponse() throws URISyntaxException {
- AttributeDefinition attributeDef = AttributeDefinition.builder()
- .friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)
- .nameUri(new URI("ad", "sd", "ff"))
- .personType(PersonType.LEGAL_PERSON)
- .xmlType(new QName("http://saf", "as", "af"))
- .attributeValueMarshaller(
- "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller")
- .build();
- AttributeDefinition attributeDef2 = AttributeDefinition.builder()
- .friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME)
- .nameUri(new URI("ad", "sd", "fff"))
- .personType(PersonType.LEGAL_PERSON)
- .xmlType(new QName("http://saf", "as", "aff"))
- .attributeValueMarshaller(
- "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller")
- .build();
- AttributeDefinition attributeDef3 = AttributeDefinition.builder()
- .friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME)
- .nameUri(new URI("ad", "sd", "ffff"))
- .personType(PersonType.LEGAL_PERSON)
- .xmlType(new QName("http://saf", "as", "afff"))
- .attributeValueMarshaller(
- "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller")
- .build();
- AttributeDefinition attributeDef4 = AttributeDefinition.builder().friendlyName(Constants.eIDAS_ATTR_DATEOFBIRTH)
- .nameUri(new URI("ad", "sd", "fffff"))
- .personType(PersonType.LEGAL_PERSON)
- .xmlType(new QName("http://saf", "as", "affff"))
- .attributeValueMarshaller(
- "eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller")
- .build();
-
- ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder().put(attributeDef, "de/st/" + RandomStringUtils
- .randomNumeric(64)).put(attributeDef2, RandomStringUtils.randomAlphabetic(10)).put(attributeDef3,
- RandomStringUtils
- .randomAlphabetic(10))
- .put(attributeDef4, "2001-01-01").build();
-
+ final AttributeDefinition attributeDef = AttributeDefinition.builder()
+ .friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)
+ .nameUri(new URI("ad", "sd", "ff"))
+ .personType(PersonType.LEGAL_PERSON)
+ .xmlType(new QName("http://saf", "as", "af"))
+ .attributeValueMarshaller(
+ "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller")
+ .build();
+ final AttributeDefinition attributeDef2 = AttributeDefinition.builder()
+ .friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME)
+ .nameUri(new URI("ad", "sd", "fff"))
+ .personType(PersonType.LEGAL_PERSON)
+ .xmlType(new QName("http://saf", "as", "aff"))
+ .attributeValueMarshaller(
+ "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller")
+ .build();
+ final AttributeDefinition attributeDef3 = AttributeDefinition.builder()
+ .friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME)
+ .nameUri(new URI("ad", "sd", "ffff"))
+ .personType(PersonType.LEGAL_PERSON)
+ .xmlType(new QName("http://saf", "as", "afff"))
+ .attributeValueMarshaller(
+ "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller")
+ .build();
+ final AttributeDefinition attributeDef4 = AttributeDefinition.builder().friendlyName(
+ Constants.eIDAS_ATTR_DATEOFBIRTH)
+ .nameUri(new URI("ad", "sd", "fffff"))
+ .personType(PersonType.LEGAL_PERSON)
+ .xmlType(new QName("http://saf", "as", "affff"))
+ .attributeValueMarshaller(
+ "eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller")
+ .build();
+
+ final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder().put(attributeDef, "de/st/"
+ + RandomStringUtils
+ .randomNumeric(64)).put(attributeDef2, RandomStringUtils.randomAlphabetic(10)).put(attributeDef3,
+ RandomStringUtils
+ .randomAlphabetic(10))
+ .put(attributeDef4, "2001-01-01").build();
val b = new AuthenticationResponse.Builder();
- return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf").subjectNameIdFormat("afaf")
- .attributes(attributeMap).build();
+ return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf")
+ .subjectNameIdFormat("afaf")
+ .attributes(attributeMap).build();
}
@Test
- public void fullTest() {
- // keystore password f/+saJBc3a}*/T^s
- try {
-
- String test = szrMock.getStammzahlEncrypted(new PersonInfoType(), false);
-
- when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
- val signContentResp = new SignContentResponseType();
- SignContentEntry signContentEntry = new SignContentEntry();
- signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
- signContentResp.getOut().add(signContentEntry);
- when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
- task.execute(pendingReq, executionContext);
-
- } catch (Exception e) {
- e.printStackTrace();
- Assert.fail();
- }
-
+ public void successfulProcess() throws Exception {
+ //initialize test
+ when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
+ val signContentResp = new SignContentResponseType();
+ final SignContentEntry signContentEntry = new SignContentEntry();
+ signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
+ signContentResp.getOut().add(signContentEntry);
+ when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
+
+ //perform test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ Assert.assertNotNull("AuthProcessData", authProcessData);
+ Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class));
+
+ String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class);
+ Assert.assertNotNull("AuthBlock", authBlock);
+
+ //check authblock signature
+ final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
+ BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING
+ .toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));
+ Pair<KeyStore, Provider> keyStore = getKeyStore();
+ X509Certificate[] trustedCerts = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
+ keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond();
+ JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts) , constraints);
+ Assert.assertTrue("AuthBlock not valid", result.isValid());
+
+ }
+ private Pair<KeyStore, Provider> getKeyStore() throws EaafException {
+ // read Connector wide config data TODO connector wide!
+ String keyStoreName = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME);
+ String keyStorePw = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PASSWORD);
+ String keyStorePath = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PATH);
+ String keyStoreType = basicConfig
+ .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_TYPE);
+
+
+ //build new KeyStore configuration
+ KeyStoreConfiguration keyStoreConfiguration = new KeyStoreConfiguration();
+ keyStoreConfiguration.setFriendlyName("jUnit test");
+
+ keyStoreConfiguration.setSoftKeyStoreFilePath(keyStorePath);
+ keyStoreConfiguration.setSoftKeyStorePassword(keyStorePw);
+ keyStoreConfiguration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.fromString(keyStoreType));
+ keyStoreConfiguration.setKeyStoreName(keyStoreName);
+
+ //build new KeyStore based on configuration
+ return keyStoreFactory.buildNewKeyStore(keyStoreConfiguration);
+
}
}
-
-