Merge branch 'connector_update_SZRv4' into 'nightlybuild'

Integration of E-ID functionality See merge request egiz/eidas_at_proxy!1
author: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-11-27 09:18:38 +0100
committer: Thomas Lenz <thomas.lenz@egiz.gv.at> 2020-11-27 09:18:38 +0100
commit: 7a800070338bec49cf3a4e2e6f76a0778f9eae02 (patch)
tree: 91a5f1521a0a6a02ed3e21f21d25b1792881f2ad /eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus
parent: 1dcc1b9cd5d6e2a50817474c597e2924f67be2b1 (diff)
parent: 9f684f489a2825d1c8fde371b7e71b8d7513060a (diff)
download: National_eIDAS_Gateway-7a800070338bec49cf3a4e2e6f76a0778f9eae02.tar.gz
National_eIDAS_Gateway-7a800070338bec49cf3a4e2e6f76a0778f9eae02.tar.bz2
National_eIDAS_Gateway-7a800070338bec49cf3a4e2e6f76a0778f9eae02.zip
3 files changed, 425 insertions, 56 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
index fca548b7..9709aeb9 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java
@@ -19,17 +19,20 @@
  * file for details on the various modules and licenses.
  * The "NOTICE" text file is part of the distribution. Any derivative works
  * that you distribute must include a readable copy of the "NOTICE" text file.
-*/
+ */
 
 package at.asitplus.eidas.specific.modules.auth.eidas.v2.test;
 
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyList;
 import static org.mockito.Mockito.when;
 
 import java.io.IOException;
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
 import java.security.NoSuchProviderException;
+import java.util.Arrays;
+import java.util.List;
 
 import javax.xml.bind.JAXBContext;
 import javax.xml.bind.JAXBException;
@@ -37,9 +40,11 @@ import javax.xml.bind.Unmarshaller;
 import javax.xml.parsers.ParserConfigurationException;
 import javax.xml.ws.soap.SOAPFaultException;
 
+import org.apache.commons.lang3.RandomStringUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.cxf.binding.soap.SoapFault;
 import org.junit.Assert;
+import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Ignore;
 import org.junit.Rule;
@@ -70,11 +75,16 @@ import at.gv.egiz.eaaf.core.exceptions.EaafParserException;
 import at.gv.egiz.eaaf.core.impl.data.Triple;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser;
 import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import szrservices.GetBPKFromStammzahlEncryptedResponse;
+import szrservices.GetBPKFromStammzahlEncryptedResponseType;
 import szrservices.GetIdentityLinkEidasResponse;
 import szrservices.IdentityLinkType;
 import szrservices.PersonInfoType;
 import szrservices.SZR;
 import szrservices.SZRException_Exception;
+import szrservices.SignContentEntry;
+import szrservices.SignContentResponse;
+import szrservices.SignContentResponseType;
 import szrservices.TravelDocumentType;
 
 @RunWith(SpringJUnit4ClassRunner.class)
@@ -91,12 +101,17 @@ public class SzrClientTest {
   private static final String familyName = "Mustermann";
   private static final String dateOfBirth = "1989-05-05";
   private static final String eIDASeID = "IS/AT/1234sdgsdfg56789ABCDEF";
-
   private static final String DUMMY_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP";
 
+  private SZR szrMock = null;
+
+
+  @Rule
+  public SoapServiceRule soap = SoapServiceRule.newInstance();
+
   /**
    * jUnit class initializer.
-   * 
+   *
    * @throws IOException In case of an error
    */
   @BeforeClass
@@ -106,24 +121,110 @@ public class SzrClientTest {
 
   }
 
-  @Rule
-  public SoapServiceRule soap = SoapServiceRule.newInstance();
+  /**
+   * Initialize jUnit test.
+   */
+  @Before
+  public void initializer() {
+    if (szrMock == null) {
+      szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr");
+
+    }
+  }
+
 
   @Test
-  public void getIdentityLinkRawModeValidResponse() throws SZRException_Exception, EaafParserException,
-      NoSuchProviderException, IOException, InvalidKeyException, EidasSAuthenticationException, JAXBException {
-    setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml", "http://localhost:1234/demoszr");
+  public void getStammzahlenEcryptedTest() throws JAXBException, SZRException_Exception, SzrCommunicationException {
+    final GetBPKFromStammzahlEncryptedResponse szrResponse = new GetBPKFromStammzahlEncryptedResponse();
+    final GetBPKFromStammzahlEncryptedResponseType result1 = new GetBPKFromStammzahlEncryptedResponseType();
+    szrResponse.getOut().add(result1);
+
+    result1.setKey(RandomStringUtils.randomAlphanumeric(20));
+
+    //    when(szrMock.getBPKFromStammzahlEncrypted(anyList()))
+    //        .thenReturn(Arrays.asList(result1));
+    when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(result1.getKey());
+
+    String stammzahlEncrypted = szrClient.getEncryptedStammzahl(new PersonInfoType());
+
+    Assert.assertEquals("bcBind not match", result1.getKey(), stammzahlEncrypted);
+
+    when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(null);
+    try {
+      stammzahlEncrypted = szrClient.getEncryptedStammzahl(new PersonInfoType());
+    } catch (SzrCommunicationException e) {
+      Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01"));
+    }
+  }
+
+  @Test
+  public void getBcBindValid() throws SZRException_Exception, SzrCommunicationException {
+    final SignContentResponse szrResponse = new SignContentResponse();
+    final SignContentEntry result1 = new SignContentEntry();
+    final SignContentResponseType content = new SignContentResponseType();
+    content.getOut().add(result1);
+    szrResponse.setSignContentResponse(content);
+
+    result1.setKey("bcBindReq");
+    result1.setValue(RandomStringUtils.randomAlphanumeric(100));
+
+    when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content);
+
+    final String bcBind = szrClient
+        .getBcBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10),
+                   RandomStringUtils.randomAlphabetic(10));
+
+    Assert.assertNotNull("bcBind is null", bcBind);
+    Assert.assertEquals("bcBind not match", result1.getValue(), bcBind);
+
+    when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(null);
+    try {
+      szrClient
+          .getBcBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10),
+                     RandomStringUtils.randomAlphabetic(10));
+    } catch (SzrCommunicationException e) {
+      Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01"));
+    }
+
+    final SignContentEntry result2 = new SignContentEntry();
+    final SignContentResponseType content1 = new SignContentResponseType();
+    content1.getOut().add(result2);
+    when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content1);
+    try {
+      szrClient
+          .getBcBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10),
+                     RandomStringUtils.randomAlphabetic(10));
+    } catch (SzrCommunicationException e) {
+      Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01"));
+    }
+
+    result2.setKey("bcBindReq");
+    result2.setValue("");
+    when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content1);
+    try {
+      szrClient
+          .getBcBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10),
+                     RandomStringUtils.randomAlphabetic(10));
+    } catch (SzrCommunicationException e) {
+      Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01"));
+    }
+  }
+
+  @Test
+  public void getIdentityLinkRawModeValidResponse()
+      throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException,
+      EidasSAuthenticationException, JAXBException {
+    setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml");
 
     try {
       log.debug("Starting connecting SZR Gateway");
-      final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(
-          getPersonInfo());
+      final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(getPersonInfo());
 
       Assert.assertNotNull(result);
       Assert.assertNotNull(result.getAssertion());
 
-      final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser((Element) result
-          .getAssertion()).parseIdentityLink();
+      final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser((Element) result.getAssertion())
+          .parseIdentityLink();
       Assert.assertNotNull(identityLink);
 
       System.out.println(identityLink.getSerializedSamlAssertion());
@@ -144,16 +245,14 @@ public class SzrClientTest {
   }
 
   @Test
-  public void getIdentityLinkRawModeErrorTravelerDocExists() throws SZRException_Exception,
-      EaafParserException, NoSuchProviderException, IOException, InvalidKeyException,
+  public void getIdentityLinkRawModeErrorTravelerDocExists()
+      throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException,
       EidasSAuthenticationException, JAXBException, ParserConfigurationException, SAXException {
-    setSzrExceptionIdentityLink("/data/szr/szr_resp_error_travelerdocexists.xml",
-        "http://localhost:1234/demoszr");
+    setSzrExceptionIdentityLink("/data/szr/szr_resp_error_travelerdocexists.xml");
 
     try {
       log.debug("Starting connecting SZR Gateway");
-      szrClient.getIdentityLinkInRawMode(
-          getPersonInfo());
+      szrClient.getIdentityLinkInRawMode(getPersonInfo());
       Assert.fail();
 
     } catch (final SzrCommunicationException e) {
@@ -163,8 +262,7 @@ public class SzrClientTest {
       Assert.assertNotNull(((SOAPFaultException) e.getCause()).getFault());
       checkElement("p344:F455", ((SOAPFaultException) e.getCause()).getFault().getFaultCode());
       checkElement(
-          "The travel document you sent to insert a person already exists for another person. "
-          + "Either check the document or have the person altered accordingly",
+          "The travel document you sent to insert a person already exists for another person. " + "Either check the document or have the person altered accordingly",
           ((SOAPFaultException) e.getCause()).getFault().getFaultString());
 
     }
@@ -174,13 +272,16 @@ public class SzrClientTest {
   @Ignore
   @Test
   public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException {
-    final String bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET,
-        basicConfig.getBasicConfiguration(
-            Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
-            "no VKZ defined"));
+    final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, basicConfig
+        .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"));
 
-    if (StringUtils.isEmpty(bPK)) {
-      throw new SzrCommunicationException("ernb.01", new Object[] { "bPK is null or empty" });
+    if (bPK.isEmpty()) {
+      throw new SzrCommunicationException("ernb.01", new Object[]{"bPK list is empty"});
+    }
+    for (final String b : bPK) {
+      if (StringUtils.isEmpty(b)) {
+        throw new SzrCommunicationException("ernb.01", new Object[]{"bPK is null or empty"});
+      }
     }
 
   }
@@ -191,37 +292,28 @@ public class SzrClientTest {
 
   }
 
-  private void setSzrResponseIdentityLink(String responseXmlPath, String serviceUrl) throws JAXBException,
-      SZRException_Exception {
-    final SZR szrServiceMock = soap.mock(SZR.class, serviceUrl);
-    final JAXBContext jaxbContext = JAXBContext.newInstance(
-        szrservices.ObjectFactory.class,
-        org.xmlsoap.schemas.ws._2002._04.secext.ObjectFactory.class,
-        org.w3._2001._04.xmldsig_more.ObjectFactory.class,
-        org.w3._2000._09.xmldsig.ObjectFactory.class,
-        at.gv.egov.pvp1.ObjectFactory.class,
-        at.gv.e_government.reference.namespace.persondata._20020228.ObjectFactory.class);
+  private void setSzrResponseIdentityLink(String responseXmlPath) throws JAXBException, SZRException_Exception {
+    final JAXBContext jaxbContext = JAXBContext
+        .newInstance(szrservices.ObjectFactory.class, org.w3._2001._04.xmldsig_more.ObjectFactory.class,
+                     org.w3._2000._09.xmldsig.ObjectFactory.class,
+                     at.gv.e_government.reference.namespace.persondata._20020228.ObjectFactory.class);
     final Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller();
     final GetIdentityLinkEidasResponse szrResponse = (GetIdentityLinkEidasResponse) jaxbUnmarshaller
         .unmarshal(this.getClass().getResourceAsStream(responseXmlPath));
-    when(szrServiceMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenReturn(szrResponse
-        .getGetIdentityLinkReturn());
+    when(szrMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenReturn(szrResponse.getGetIdentityLinkReturn());
 
   }
 
-  private void setSzrExceptionIdentityLink(String responseXmlPath, String serviceUrl) throws JAXBException,
-      ParserConfigurationException, SAXException, IOException, SZRException_Exception {
-    final SZR szrServiceMock = soap.mock(SZR.class, serviceUrl);
-    final Element detailerror = DomUtils.parseXmlNonValidating(this.getClass().getResourceAsStream(
-        responseXmlPath));
+  private void setSzrExceptionIdentityLink(String responseXmlPath)
+      throws JAXBException, ParserConfigurationException, SAXException, IOException, SZRException_Exception {
+    final Element detailerror = DomUtils.parseXmlNonValidating(this.getClass().getResourceAsStream(responseXmlPath));
     final javax.xml.namespace.QName qName = new javax.xml.namespace.QName("urn:SZRServices", "F455", "p344");
     final SoapFault fault = new SoapFault(
-        "The travel document you sent to insert a person already exists for another person. "
-        + "Either check the document or have the person altered accordingly",
+        "The travel document you sent to insert a person already exists for another person. " + "Either check the document or have the person altered accordingly",
         qName);
     fault.setRole("urn:SZRServices");
     fault.setDetail(detailerror);
-    when(szrServiceMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenThrow(fault);
+    when(szrMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenThrow(fault);
 
   }
 
@@ -233,7 +325,7 @@ public class SzrClientTest {
       return hashBase64;
 
     } catch (final Exception ex) {
-      throw new EidasSAuthenticationException("internal.03", new Object[] {}, ex);
+      throw new EidasSAuthenticationException("internal.03", new Object[]{}, ex);
 
     }
   }
@@ -249,8 +341,7 @@ public class SzrClientTest {
     personInfo.setTravelDocument(eDocument);
 
     // parse some eID attributes
-    final Triple<String, String, String> eIdentifier =
-        EidasResponseUtils.parseEidasPersonalIdentifier(eIDASeID);
+    final Triple<String, String, String> eIdentifier = EidasResponseUtils.parseEidasPersonalIdentifier(eIDASeID);
     final String uniqueId = createHashFromUniqueId(eIdentifier.getThird());
     final String citizenCountry = eIdentifier.getFirst();
 
@@ -262,9 +353,9 @@ public class SzrClientTest {
     eDocument.setDocumentNumber(uniqueId);
 
     // eID document information
-    eDocument.setDocumentType(basicConfig.getBasicConfiguration(
-        Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE,
-        Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE));
+    eDocument.setDocumentType(basicConfig
+                                  .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE,
+                                                         Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE));
 
     return personInfo;
   }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
index 2f6a989e..2f573f53 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java
@@ -27,6 +27,7 @@ import java.io.IOException;
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
 import java.security.NoSuchProviderException;
+import java.util.List;
 
 import org.apache.commons.lang3.StringUtils;
 import org.junit.Ignore;
@@ -58,7 +59,7 @@ import szrservices.PersonInfoType;
 import szrservices.SZRException_Exception;
 import szrservices.TravelDocumentType;
 
-//@Ignore
+@Ignore
 @RunWith(SpringJUnit4ClassRunner.class)
 @ContextConfiguration("/SpringTest-context_basic_test.xml")
 public class SzrClientTestProduction {
@@ -132,13 +133,18 @@ public class SzrClientTestProduction {
   @Ignore
   @Test
   public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException {
-    final String bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET,
+    final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET,
         basicConfig.getBasicConfiguration(
             Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ,
             "no VKZ defined"));
 
-    if (StringUtils.isEmpty(bPK)) {
-      throw new SzrCommunicationException("ernb.01", new Object[] { "bPK is null or empty" });
+    if (bPK.isEmpty()) {
+      throw new SzrCommunicationException("ernb.01", new Object[]{"bPK list is empty"});
+    }
+    for (String b : bPK) {
+      if (StringUtils.isEmpty(b)) {
+        throw new SzrCommunicationException("ernb.01", new Object[]{"bPK is null or empty"});
+      }
     }
 
   }
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
new file mode 100644
index 00000000..dd485ee6
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -0,0 +1,272 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
+
+import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
+import static org.mockito.ArgumentMatchers.any;
+import static org.powermock.api.mockito.PowerMockito.when;
+
+import java.io.IOException;
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.security.KeyStore;
+import java.security.Provider;
+import java.security.cert.X509Certificate;
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+
+import org.apache.commons.lang3.RandomStringUtils;
+import org.jetbrains.annotations.NotNull;
+import org.jose4j.jwa.AlgorithmConstraints;
+import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
+import org.jose4j.jws.AlgorithmIdentifiers;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.powermock.core.classloader.annotations.PrepareForTest;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.annotation.DirtiesContext;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import com.skjolberg.mockito.soap.SoapServiceRule;
+
+import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils.JwsResult;
+import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory;
+import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils;
+import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration;
+import at.gv.egiz.eaaf.core.impl.data.Pair;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import eu.eidas.auth.commons.attribute.AttributeDefinition;
+import eu.eidas.auth.commons.attribute.ImmutableAttributeMap;
+import eu.eidas.auth.commons.attribute.PersonType;
+import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
+import lombok.val;
+import szrservices.SZR;
+import szrservices.SignContentEntry;
+import szrservices.SignContentResponseType;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+//@RunWith(PowerMockRunner.class)
+//@PowerMockRunnerDelegate(SpringJUnit4ClassRunner.class)
+@PrepareForTest(CreateIdentityLinkTask.class)
+@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS)
+@ContextConfiguration("/SpringTest-context_tasks_test.xml")
+public class CreateIdentityLinkTaskEidNewTest {
+
+  @Autowired(required = true)
+  private CreateIdentityLinkTask task;
+
+  @Autowired(required = true)
+  private IConfiguration basicConfig;
+  @Autowired
+  protected EidasAttributeRegistry attrRegistry;
+
+  @Autowired
+  EaafKeyStoreFactory keyStoreFactory;
+
+  @Autowired
+  private AuthBlockSigningService authBlockSigner;
+
+  final ExecutionContext executionContext = new ExecutionContextImpl();
+  private MockHttpServletRequest httpReq;
+  private MockHttpServletResponse httpResp;
+  private TestRequestImpl pendingReq;
+  private DummySpConfiguration oaParam;
+  private SZR szrMock;
+
+  private static final String PW = "f/+saJBc3a}*/T^s";
+  private static final String ALIAS = "connectorkeypair";
+
+  private static final List<String> BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(Arrays
+      .asList(AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256,
+          AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512, AlgorithmIdentifiers.RSA_PSS_USING_SHA256,
+          AlgorithmIdentifiers.RSA_PSS_USING_SHA512));
+
+  @Rule
+  public final SoapServiceRule soap = SoapServiceRule.newInstance();
+
+  /**
+   * jUnit class initializer.
+   *
+   * @throws IOException In case of an error
+   */
+  @BeforeClass
+  public static void classInitializer() throws IOException {
+    final String current = new java.io.File(".").toURI().toString();
+    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_3.properties");
+
+  }
+
+  /**
+   * jUnit test set-up.
+   */
+  @Before
+  public void setUp() throws EaafStorageException, URISyntaxException {
+
+    httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+    httpResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+    final Map<String, String> spConfig = new HashMap<>();
+    spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp");
+    spConfig.put("target", "urn:publicid:gv.at:cdid+XX");
+    spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true");
+    oaParam = new DummySpConfiguration(spConfig, basicConfig);
+    pendingReq = new TestRequestImpl();
+
+    final AuthenticationResponse response = buildDummyAuthResponse();
+
+    pendingReq.getSessionData(AuthProcessDataWrapper.class)
+        .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response);
+    pendingReq.setSpConfig(oaParam);
+    pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue());
+    pendingReq.setAuthUrl("http://test.com/");
+    pendingReq.setTransactionId("avaasbav");
+
+    executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "XX");
+    executionContext.put(EaafConstants.PROCESS_ENGINE_REQUIRES_NO_POSTAUTH_REDIRECT, true);
+
+    szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr");
+  }
+
+  @Test
+  public void successfulProcess() throws Exception {
+    //initialize test
+    when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
+    val signContentResp = new SignContentResponseType();
+    final SignContentEntry signContentEntry = new SignContentEntry();
+    signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
+    signContentResp.getOut().add(signContentEntry);
+    when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
+
+    //perform test
+    task.execute(pendingReq, executionContext);
+
+    //validate state
+    final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+    Assert.assertNotNull("AuthProcessData", authProcessData);
+    Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class));
+
+    String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class);
+    Assert.assertNotNull("AuthBlock", authBlock);
+
+    //check authblock signature
+    final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
+        BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));
+    Pair<KeyStore, Provider> keyStore = getKeyStore();
+    X509Certificate[] trustedCerts = EaafKeyStoreUtils
+        .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond();
+    JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints);
+    Assert.assertTrue("AuthBlock not valid", result.isValid());
+    
+  }
+
+  @Test
+  public void getStammzahlEncryptedExceptionTest() throws Exception {
+    try {
+      when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(null);
+      task.execute(pendingReq, executionContext);
+    } catch (TaskExecutionException e) {
+      Assert.assertEquals("Incorrect exception thrown", e.getMessage(),
+          "IdentityLink generation for foreign person " + "FAILED.");
+      Assert.assertEquals("Incorrect exception thrown", ((SzrCommunicationException) e.getCause()).getErrorId(),
+          "ernb.01");
+      Assert.assertTrue("Incorrect exception thrown", e.getCause().getMessage().contains("Stammzahl response empty"));
+    }
+  }
+
+  @Test
+  public void signContentExceptionTest() throws Exception {
+    try {
+      when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
+      when(szrMock, "signContent", any(), any(), any()).thenReturn(null);
+      task.execute(pendingReq, executionContext);
+    } catch (TaskExecutionException e) {
+      Assert.assertEquals("Incorrect exception thrown", e.getMessage(),
+          "IdentityLink generation for foreign person " + "FAILED.");
+      Assert.assertEquals("Incorrect exception thrown", ((SzrCommunicationException) e.getCause()).getErrorId(),
+          "ernb.01");
+      Assert.assertTrue("Incorrect exception thrown", e.getCause().getMessage().contains("BcBind response empty"));
+    }
+  }
+
+  private Pair<KeyStore, Provider> getKeyStore() throws EaafException {
+    // read Connector wide config data TODO connector wide!
+    String keyStoreName = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME);
+    String keyStorePw = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PASSWORD);
+    String keyStorePath = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PATH);
+    String keyStoreType = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_TYPE);
+
+
+    //build new KeyStore configuration
+    KeyStoreConfiguration keyStoreConfiguration = new KeyStoreConfiguration();
+    keyStoreConfiguration.setFriendlyName("jUnit test");
+
+    keyStoreConfiguration.setSoftKeyStoreFilePath(keyStorePath);
+    keyStoreConfiguration.setSoftKeyStorePassword(keyStorePw);
+    keyStoreConfiguration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.fromString(keyStoreType));
+    keyStoreConfiguration.setKeyStoreName(keyStoreName);
+
+    //build new KeyStore based on configuration
+    return keyStoreFactory.buildNewKeyStore(keyStoreConfiguration);
+
+  }
+
+  @NotNull
+  private AuthenticationResponse buildDummyAuthResponse() throws URISyntaxException {
+    final AttributeDefinition attributeDef = AttributeDefinition.builder()
+        .friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).nameUri(new URI("ad", "sd", "ff"))
+        .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "af"))
+        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build();
+    final AttributeDefinition attributeDef2 = AttributeDefinition.builder()
+        .friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).nameUri(new URI("ad", "sd", "fff"))
+        .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "aff"))
+        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build();
+    final AttributeDefinition attributeDef3 = AttributeDefinition.builder()
+        .friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME).nameUri(new URI("ad", "sd", "ffff"))
+        .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "afff"))
+        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build();
+    final AttributeDefinition attributeDef4 = AttributeDefinition.builder()
+        .friendlyName(Constants.eIDAS_ATTR_DATEOFBIRTH).nameUri(new URI("ad", "sd", "fffff"))
+        .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "affff"))
+        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller").build();
+
+    final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder()
+        .put(attributeDef, "de/st/" + RandomStringUtils.randomNumeric(64))
+        .put(attributeDef2, RandomStringUtils.randomAlphabetic(10))
+        .put(attributeDef3, RandomStringUtils.randomAlphabetic(10)).put(attributeDef4, "2001-01-01").build();
+
+    val b = new AuthenticationResponse.Builder();
+    return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf").subjectNameIdFormat("afaf")
+        .attributes(attributeMap).build();
+  }
+}
author	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-11-27 09:18:38 +0100
committer	Thomas Lenz <thomas.lenz@egiz.gv.at>	2020-11-27 09:18:38 +0100
commit	7a800070338bec49cf3a4e2e6f76a0778f9eae02 (patch)
tree	91a5f1521a0a6a02ed3e21f21d25b1792881f2ad /eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus
parent	1dcc1b9cd5d6e2a50817474c597e2924f67be2b1 (diff)
parent	9f684f489a2825d1c8fde371b7e71b8d7513060a (diff)
download	National_eIDAS_Gateway-7a800070338bec49cf3a4e2e6f76a0778f9eae02.tar.gz National_eIDAS_Gateway-7a800070338bec49cf3a4e2e6f76a0778f9eae02.tar.bz2 National_eIDAS_Gateway-7a800070338bec49cf3a4e2e6f76a0778f9eae02.zip