aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus
diff options
context:
space:
mode:
authorAlexander Marsalek <amarsalek@iaik.tugraz.at>2021-02-08 15:09:46 +0100
committerAlexander Marsalek <amarsalek@iaik.tugraz.at>2021-02-08 17:28:31 +0100
commiteffa0dc13b11d18ef917dcd1f8be3a21d686b735 (patch)
tree56d9898d3df42d24ca242492fbe09bb17c1d0287 /eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus
parent5a07ce3e84615cb088ed844312d726679095ec03 (diff)
downloadNational_eIDAS_Gateway-effa0dc13b11d18ef917dcd1f8be3a21d686b735.tar.gz
National_eIDAS_Gateway-effa0dc13b11d18ef917dcd1f8be3a21d686b735.tar.bz2
National_eIDAS_Gateway-effa0dc13b11d18ef917dcd1f8be3a21d686b735.zip
added ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyPendingRequest.java8
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java8
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java775
3 files changed, 788 insertions, 3 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyPendingRequest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyPendingRequest.java
new file mode 100644
index 00000000..9a91ecbd
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyPendingRequest.java
@@ -0,0 +1,8 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy;
+
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
+
+public class DummyPendingRequest extends RequestImpl {
+ private static final long serialVersionUID = 8136280395622411505L;
+}
+
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java
index 379f64ee..2579bb40 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java
@@ -22,6 +22,8 @@ import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine;
import org.apache.commons.lang3.RandomStringUtils;
import org.apache.commons.lang3.StringUtils;
import org.junit.Assert;
@@ -73,8 +75,8 @@ public class GenerateMobilePhoneSignatureRequestTaskTest {
private PvpMetadataResolverFactory metadataFactory;
@Autowired
private DummyGuiBuilderConfigurationFactory guiBuilderConfigFactory;
-// @Autowired
-// private SamlVerificationEngine samlVerifyEngine;
+ @Autowired
+ private SamlVerificationEngine samlVerifyEngine;
// @Autowired
// private ITransactionStorage transactionStorage;
@@ -284,7 +286,7 @@ public class GenerateMobilePhoneSignatureRequestTaskTest {
msg.setEntityID(authnRequest.getIssuer().getValue());
metadataProvider.addMetadataResolverIntoChain(
metadataFactory.createMetadataProvider(METADATA_SP_PATH, null, "jUnit SP", null));
-// samlVerifyEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
+ //samlVerifyEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider));
//TODO
//check other elements
// Assert.assertNotNull("Proxy-Scope", authnRequest.getScoping());
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java
new file mode 100644
index 00000000..a07343f9
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java
@@ -0,0 +1,775 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
+
+
+import java.io.IOException;
+import java.util.Base64;
+
+import javax.xml.transform.TransformerException;
+
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyAuthConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.joda.time.DateTime;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.Response;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+//@ContextConfiguration({"/spring/SpringTest-context_mapConfig_full.xml", "classpath:/spring/test_eaaf_core.beans.xml"})
+@ContextConfiguration(locations = {
+ "/SpringTest-context_tasks_test1.xml",
+ "/SpringTest-context_basic_mapConfig1.xml"
+})
+public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
+
+ private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
+ private static final String TEST_SIGNED_AUTHBLOCK = "MIIBbjCCARSgAwIBAgIEXh7TNzAKBggqhkjOPQQDAjA/MQswCQYDVQQG"
+ + "EwJBVDENMAsGA1UECgwERUdJWjEOMAwGA1UECwwFalVuaXQxETAPBgNVBAMMCG1ldGFkYXRhMB4XDTIwMDExNTA4NTQxNVoXDTMw"
+ + "MDExNDA4NTQxNVowPzELMAkGA1UEBhMCQVQxDTALBgNVBAoMBEVHSVoxDjAMBgNVBAsMBWpVbml0MREwDwYDVQQDDAhtZXRhZGF0"
+ + "YTBZMBMGByqGSM49AgEGCCqGSM49AwEHA0IABBdBkaxt31p++aZeP3SmlWITj9SYO4McV2ccXFsH4X4QMHuKAMUvjxPm1kdU01eT"
+ + "OWdiQX0GpDIBspYMZh8ZKcwwCgYIKoZIzj0EAwIDSAAwRQIhAJ3QKlk9cd90s+i8y62fvmGF6LtfNO+JvkWqDUBeQImnAiA2KwFt"
+ + "zO7STAp9MEwQGe0vt0F8mO1ttrLE+rr6YxdwGA==";
+
+ @Autowired(required = true)
+ private ApplicationContext context;
+ @Autowired(required = true)
+ protected DummyAuthConfigMap authConfig;
+ @Autowired private IdAustriaClientAuthMetadataProvider metadataProvider;
+ @Autowired private IdAustriaClientAuthCredentialProvider credentialProvider;
+ @Autowired private PvpMetadataResolverFactory metadataFactory;
+
+ final ExecutionContext executionContext = new ExecutionContextImpl();
+ private MockHttpServletRequest httpReq;
+ private MockHttpServletResponse httpResp;
+ private DummyPendingRequest pendingReq;
+ private DummyOA oaParam;
+
+ private ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask task;
+
+ /**
+ * JUnit class initializer.
+ *
+ * @throws Exception In case of an OpenSAML3 initialization error
+ */
+ @BeforeClass
+ public static void initialize() throws Exception {
+ EaafOpenSaml3xInitializer.eaafInitialize();
+
+ }
+
+ /**
+ * jUnit test set-up.
+ *
+ * @throws Exception In case of an set-up error
+ */
+ @Before
+ public void setUp() throws Exception {
+ task = (ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask) context.getBean("ReceiveMobilePhoneSignatureResponseTask");
+
+ httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+ httpReq.setScheme("https");
+ httpReq.setServerPort(443);
+ httpReq.setContextPath("/authhandler");
+ httpResp = new MockHttpServletResponse();
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ authConfig.putConfigValue("modules.eidascentralauth.request.sign.alias", "sig");
+// authConfig.putConfigValue(AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, "false");
+
+ oaParam = new DummyOA();
+ oaParam.setUniqueAppId("http://test.com/test");
+ oaParam.setTargetIdentifier(
+ EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2));
+ oaParam.setEidasEnabled(true);
+ oaParam.putGenericConfigurationKey(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+ oaParam.putGenericConfigurationKey(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, null);
+ oaParam.setMandateProfilesCsv(
+ RandomStringUtils.randomAlphabetic(5)
+ + "," + RandomStringUtils.randomAlphabetic(5)
+ + "," + RandomStringUtils.randomAlphabetic(5));
+
+ pendingReq = new DummyPendingRequest();
+ pendingReq.initialize(httpReq, authConfig);
+ pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10));
+ pendingReq.setOnlineApplicationConfiguration(oaParam);
+ //pendingReq.setAuthUrl("https://localhost/authhandler");
+
+ metadataProvider.fullyDestroy();
+
+ }
+
+ @Test
+ public void unsupportedHttpMethode() {
+ httpReq = new MockHttpServletRequest("PUT", "https://localhost/authhandler");
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail("Invalid response not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.03",
+ ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void httpGetNoMessage() {
+ httpReq = new MockHttpServletRequest("GET", "https://localhost/authhandler");
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail("Invalid response not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.12",
+ ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void httpPostNoMessage() {
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail("Invalid response not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.12",
+ ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void httpPostMessageNotSigned() throws IOException {
+
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.class.getResourceAsStream(
+ "/data/Response_without_sig_classpath_entityid.xml"))));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail("Invalid response not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.12",
+ ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void httpPostMessageWrongDestinationEndpoint() throws IOException, SamlSigningException,
+ Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+ TransformerException, MarshallingException {
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_with_wrong_destination_endpoint.xml",
+ credentialProvider.getMessageSigningCredential(), true);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail("Invalid response not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.12",
+ ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void httpPostValidSignedNoMetadata() throws IOException, SamlSigningException,
+ Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+ MarshallingException, TransformerException {
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_without_sig_classpath_entityid.xml",
+ credentialProvider.getMessageSigningCredential(), true);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail("Invalid response not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.11",
+ ((EaafException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionOutDated() throws IOException, SamlSigningException,
+ Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+ MarshallingException, TransformerException {
+
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_without_sig_classpath_entityid.xml",
+ credentialProvider.getMessageSigningCredential(), false);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail("Invalid response not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.12",
+ ((EaafException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionFromWrongIdp() throws IOException, SamlSigningException,
+ Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+ MarshallingException, TransformerException {
+
+ oaParam.putGenericConfigurationKey(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, "http://wrong.idp");
+
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_without_sig_classpath_entityid.xml",
+ credentialProvider.getMessageSigningCredential(),
+ true);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail("Invalid response not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.08",
+ ((EaafException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionMissingAttributes() throws IOException, SamlSigningException,
+ Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+ MarshallingException, TransformerException {
+
+ oaParam.putGenericConfigurationKey(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_without_sig_classpath_entityid.xml",
+ credentialProvider.getMessageSigningCredential(),
+ true);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail("Invalid response not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.12",
+ ((EaafException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void httpPostValidSignedWithError() throws IOException, SamlSigningException,
+ Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+ MarshallingException, TransformerException {
+
+ oaParam.putGenericConfigurationKey(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_without_sig_with_error.xml",
+ credentialProvider.getMessageSigningCredential(),
+ true);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail("Invalid response not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.05",
+ ((EaafException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void httpPostValidSignedWitUserStopErrorCode() throws IOException, SamlSigningException,
+ Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+ MarshallingException, TransformerException, TaskExecutionException {
+
+ oaParam.putGenericConfigurationKey(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_without_sig_with_error_userstop.xml",
+ credentialProvider.getMessageSigningCredential(),
+ true);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+ //perform test
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+ Assert.assertTrue("process not cancelled", executionContext.isProcessCancelled());
+ Assert.assertTrue("process not stopped by user", pendingReq.isAbortedByUser());
+ Assert.assertFalse("should not authenticated", pendingReq.isAuthenticated());
+
+ }
+
+ @Test
+ public void httpPostValidSignedWithErrorAndNoSubCode() throws IOException, SamlSigningException,
+ Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+ MarshallingException, TransformerException {
+
+ oaParam.putGenericConfigurationKey(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_without_sig_with_error_without_subcode.xml",
+ credentialProvider.getMessageSigningCredential(),
+ true);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail("Invalid response not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.05",
+ ((EaafException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void httpPostValidSignedWithErrorAndEmptySubCode() throws IOException, SamlSigningException,
+ Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+ MarshallingException, TransformerException {
+
+ oaParam.putGenericConfigurationKey(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_without_sig_with_error_empty_subcode.xml",
+ credentialProvider.getMessageSigningCredential(),
+ true);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail("Invalid response not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.05",
+ ((EaafException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void responseWrongEidasBind() throws IOException, SamlSigningException,
+ Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+ MarshallingException, TransformerException {
+
+ oaParam.putGenericConfigurationKey(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_with_EID_wrong_data.xml",
+ credentialProvider.getMessageSigningCredential(),
+ true);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+ try {
+ task.execute(pendingReq, executionContext);
+ Assert.fail("Invalid response not detected");
+
+ } catch (final TaskExecutionException e) {
+ Assert.assertNotNull(e.getPendingRequestID());
+ Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ Assert.assertNotNull(e.getOriginalException());
+ org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class,
+ e.getOriginalException());
+ Assert.assertEquals("sp.pvp2.12",
+ ((EaafException) e.getOriginalException()).getErrorId());
+
+ }
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionEidValid() throws IOException, SamlSigningException,
+ Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+ MarshallingException, TransformerException, TaskExecutionException {
+
+ oaParam.putGenericConfigurationKey(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_with_EID.xml",
+ credentialProvider.getMessageSigningCredential(),
+ true);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+ //perform task
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+// Assert.assertTrue("Wrong EID-Process flag",
+// (boolean) executionContext.get(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS));
+// Assert.assertFalse("Wrong Mandate flag",
+// (boolean) executionContext.get(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES));
+
+ Assert.assertEquals("piiTransactionId", "piiId_112233445566", pendingReq.getUniquePiiTransactionIdentifier());
+
+ final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+
+ Assert.assertTrue("E-ID flag", session.isEidProcess());
+ Assert.assertTrue("Foreign flag", session.isForeigner());
+// Assert.assertEquals("eidasBind", EIDAS_BIND, session.getQcBind());
+// Assert.assertEquals("vsz",
+// "OD/kCGIFbjLTW0po6IZSmoaz3uhPYlO3S5bs9JnK0A5DHtufM3APLuDc3Llp4PeNdEa4NrCmgHr1YUiHT5irT8eDAfGpIbQHJg==",
+// session.getVsz());
+// Assert.assertArrayEquals("signedConsent",
+// Base64.getDecoder().decode(TEST_SIGNED_AUTHBLOCK), session.getSignedAuthBlock());
+// Assert.assertEquals("AuthBlockType", AuthHandlerConstants.AuthBlockType.JWS, session.getSignedAuthBlockType());
+
+ Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel());
+ Assert.assertEquals("CountryCode", "IT", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class));
+ Assert.assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
+
+// Assert.assertNull("SigCert", session.getEncodedSignerCertificate());
+
+// Assert.assertFalse("Mandate flag", session.isMandateUsed());
+// Assert.assertNull("MandateInfos", session.getMandateDate());
+
+ Assert.assertNull("MandateType", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.MANDATE_TYPE_NAME, String.class));
+ Assert.assertNull("Legal Person CommonName", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class));
+ Assert.assertNull("Legal Person SourcePin",session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class));
+ Assert.assertNull("Legal Person SourcePinType", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class));
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionLegacyValid() throws IOException, SamlSigningException,
+ Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+ MarshallingException, TransformerException, TaskExecutionException {
+// authConfig.putConfigValue(AuthHandlerConstants.PROP_CONFIG_LEGACY_ALLOW, "true");
+ oaParam.putGenericConfigurationKey(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_with_legacy.xml",
+ credentialProvider.getMessageSigningCredential(),
+ true);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+ String piiTransId = pendingReq.getUniquePiiTransactionIdentifier();
+
+ //perform task
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+// Assert.assertFalse("Wrong EID-Process flag",
+// (boolean) executionContext.get(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS));
+// Assert.assertFalse("Wrong Mandate flag",
+// (boolean) executionContext.get(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES));
+
+ Assert.assertEquals("piiTransactionId", piiTransId, pendingReq.getUniquePiiTransactionIdentifier());
+
+ final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+
+ Assert.assertFalse("E-ID flag", session.isEidProcess());
+ Assert.assertTrue("Foreign flag", session.isForeigner());
+ Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/test", session.getQaaLevel());
+ Assert.assertEquals("CountryCode", "AB", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class));
+ Assert.assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
+
+ Assert.assertEquals("FamilyName", "Mustermann", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class));
+ Assert.assertEquals("Givenname", "Max", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.GIVEN_NAME_NAME, String.class));
+ Assert.assertEquals("DateOfBirth", "1940-01-01", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.BIRTHDATE_NAME, String.class));
+
+ Assert.assertEquals("bPK", "BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.BPK_NAME, String.class));
+ Assert.assertEquals("bPK-Target", "urn:publicid:gv.at:cdid+BF", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class));
+ Assert.assertEquals("AuthBlock", TEST_SIGNED_AUTHBLOCK, session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class));
+
+// Assert.assertNull("SigCert", session.getEncodedSignerCertificate());
+// Assert.assertNull("eidasBind", session.getQcBind());
+// Assert.assertNull("signedConsent", session.getSignedAuthBlock());
+// Assert.assertEquals("signedConsentType", AuthBlockType.NONE, session.getSignedAuthBlockType());
+
+ Assert.assertFalse("Mandate flag", session.isMandateUsed());
+// Assert.assertNull("MandateInfos", session.getMandateDate());
+
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionWithLegacyAndEid() throws IOException, SamlSigningException,
+ Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
+ MarshallingException, TransformerException, TaskExecutionException {
+
+ oaParam.putGenericConfigurationKey(
+ IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, METADATA_PATH);
+
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+
+ final Response response = initializeResponse(
+ "classpath:/data/idp_metadata_classpath_entity.xml",
+ "/data/Response_with_legacy_and_EID.xml",
+ credentialProvider.getMessageSigningCredential(),
+ true);
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
+ DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes("UTF-8")));
+
+ //perform task
+ task.execute(pendingReq, executionContext);
+
+ //validate state
+// Assert.assertTrue("Wrong EID-Process flag",
+// (boolean) executionContext.get(AuthHandlerConstants.PROCESSCONTEXT_WAS_EID_PROCESS));
+ final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+// Assert.assertFalse("Wrong Mandate flag",
+// (boolean) executionContext.get(AuthHandlerConstants.HTTP_PARAM_USE_MANDATES));
+
+// Assert.assertTrue("E-ID flag", session.isEidProcess());
+// Assert.assertTrue("Foreign flag", session.isForeigner());
+ Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/test", session.getQaaLevel());
+ Assert.assertEquals("CountryCode", "AB", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class));
+ Assert.assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
+
+// Assert.assertEquals("eidasBind", EIDAS_BIND, session.getQcBind());
+// Assert.assertArrayEquals("signedConsent",
+// Base64.getDecoder().decode(TEST_SIGNED_AUTHBLOCK), session.getSignedAuthBlock());
+
+ Assert.assertEquals("FamilyName", "Mustermann", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.PRINCIPAL_NAME_NAME, String.class));
+ Assert.assertEquals("Givenname", "Max", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.GIVEN_NAME_NAME, String.class));
+ Assert.assertEquals("DateOfBirth", "1940-01-01", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.BIRTHDATE_NAME, String.class));
+
+ Assert.assertEquals("FamilyName", "BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.BPK_NAME, String.class));
+ Assert.assertEquals("FamilyName", "urn:publicid:gv.at:cdid+BF", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.EID_SECTOR_FOR_IDENTIFIER_NAME, String.class));
+ Assert.assertEquals("FamilyName", TEST_SIGNED_AUTHBLOCK, session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.EID_IDENTITY_LINK_NAME, String.class));
+
+// Assert.assertNull("SigCert", session.getEncodedSignerCertificate());
+
+ Assert.assertFalse("Mandate flag", session.isMandateUsed());
+// Assert.assertNull("MandateInfos", session.getMandateDate());
+
+ Assert.assertNull("MandateType", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.MANDATE_TYPE_NAME, String.class));
+ Assert.assertNull("Legal Person CommonName", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, String.class));
+ Assert.assertNull("Legal Person SourcePin",session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, String.class));
+ Assert.assertNull("Legal Person SourcePinType", session.getGenericDataFromSession(
+ ExtendedPvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, String.class));
+
+ }
+
+
+
+
+ private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential,
+ boolean validConditions) throws SamlSigningException, XMLParserException, UnmarshallingException,
+ Pvp2MetadataException {
+
+ final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(
+ XMLObjectProviderRegistrySupport.getParserPool(),
+ ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.class.getResourceAsStream(responsePath));
+ response.setIssueInstant(DateTime.now());
+ final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+ issuer.setValue(idpEntityId);
+ response.setIssuer(issuer);
+
+ if (validConditions) {
+ response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5));
+
+ }
+
+ return Saml2Utils.signSamlObject(response, credential, true);
+ }
+
+}