diff options
author | Christian Kollmann <christian.kollmann@a-sit.at> | 2021-02-25 07:54:53 +0100 |
---|---|---|
committer | Christian Kollmann <christian.kollmann@a-sit.at> | 2021-02-25 13:27:12 +0100 |
commit | 0c4fe92684a707040fd7536da05945a64b309740 (patch) | |
tree | e0ecf1d6367b2e110d9f1801506b9d6d6385f750 /eidas_modules/authmodule-eIDAS-v2/src/test/java/at | |
parent | 3338a3dd00fabf28f1de8579535b1626dbe99908 (diff) | |
download | National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.tar.gz National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.tar.bz2 National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.zip |
Refactor tasks for MobilePhoneSignature login and tests
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/test/java/at')
2 files changed, 371 insertions, 543 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java deleted file mode 100644 index 42dd3ddc..00000000 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java +++ /dev/null @@ -1,543 +0,0 @@ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; - -import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; -import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; -import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; -import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; -import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; -import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; -import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; -import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; -import net.shibboleth.utilities.java.support.xml.XMLParserException; -import org.apache.commons.io.IOUtils; -import org.apache.commons.lang3.RandomStringUtils; -import org.joda.time.DateTime; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; -import org.opensaml.core.xml.io.MarshallingException; -import org.opensaml.core.xml.io.UnmarshallingException; -import org.opensaml.core.xml.util.XMLObjectSupport; -import org.opensaml.saml.saml2.core.Issuer; -import org.opensaml.saml.saml2.core.Response; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.context.ApplicationContext; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import javax.xml.transform.TransformerException; -import java.io.IOException; -import java.util.Base64; - -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertThrows; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; -import static org.springframework.util.Assert.isInstanceOf; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations = { - "/SpringTest-context_tasks_test.xml", - "/SpringTest-context_basic_mapConfig.xml" -}) -public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest { - - private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml"; - - @Autowired - private ApplicationContext context; - @Autowired - protected MsConnectorDummyConfigMap authConfig; - @Autowired - private IdAustriaClientAuthMetadataProvider metadataProvider; - @Autowired - private IdAustriaClientAuthCredentialProvider credentialProvider; - @Autowired - private PvpMetadataResolverFactory metadataFactory; - - private final ExecutionContext executionContext = new ExecutionContextImpl(); - private MockHttpServletRequest httpReq; - private MockHttpServletResponse httpResp; - private DummyPendingRequest pendingReq; - - private ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask task; - - /** - * JUnit class initializer. - * - * @throws Exception In case of an OpenSAML3 initialization error - */ - @BeforeClass - public static void initialize() throws Exception { - EaafOpenSaml3xInitializer.eaafInitialize(); - - } - - /** - * jUnit test set-up. - * - * @throws Exception In case of an set-up error - */ - @Before - public void setUp() throws Exception { - task = (ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask) context.getBean( - "ReceiveMobilePhoneSignatureResponseTask"); - - httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); - httpReq.setScheme("https"); - httpReq.setServerPort(443); - httpReq.setContextPath("/authhandler"); - httpResp = new MockHttpServletResponse(); - RequestContextHolder.resetRequestAttributes(); - RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - - authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, METADATA_PATH); - - DummyOA oaParam = new DummyOA(); - oaParam.setUniqueAppId("http://test.com/test"); - oaParam.setTargetIdentifier(EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2)); - - pendingReq = new DummyPendingRequest(); - pendingReq.initialize(httpReq, authConfig); - pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10)); - pendingReq.setOnlineApplicationConfiguration(oaParam); - - metadataProvider.fullyDestroy(); - } - - @Test - public void unsupportedHttpMethode() { - httpReq = new MockHttpServletRequest("PUT", "https://localhost/authhandler"); - RequestContextHolder.resetRequestAttributes(); - RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.03", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - } - - @Test - public void httpGetNoMessage() { - httpReq = new MockHttpServletRequest("GET", "https://localhost/authhandler"); - RequestContextHolder.resetRequestAttributes(); - RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - - } - - @Test - public void httpPostNoMessage() { - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - } - - @Test - public void httpPostMessageNotSigned() throws IOException { - - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.class - .getResourceAsStream( - "/data/Response_without_sig_classpath_entityid.xml")))); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - - } - - @Test - public void httpPostMessageWrongDestinationEndpoint() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - TransformerException, MarshallingException { - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_with_wrong_destination_endpoint.xml", - credentialProvider.getMessageSigningCredential(), true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); - - } - - @Test - public void httpPostValidSignedNoMetadata() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException { - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_classpath_entityid.xml", - credentialProvider.getMessageSigningCredential(), true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.11", ((EaafException) e.getOriginalException()).getErrorId()); - } - - @Test - public void httpPostValidSignedAssertionOutDated() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_classpath_entityid.xml", - credentialProvider.getMessageSigningCredential(), false); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId()); - - } - - @Test - public void httpPostValidSignedAssertionFromWrongIdp() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException { - - authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, - "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5)); - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_classpath_entityid.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.08", ((EaafException) e.getOriginalException()).getErrorId()); - - } - - @Test - public void httpPostValidSignedAssertionMissingAttributes() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_classpath_entityid.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId()); - - } - - @Test - public void httpPostValidSignedWithError() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_with_error.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - final TaskExecutionException e = assertThrows(TaskExecutionException.class, - () -> task.execute(pendingReq, executionContext)); - - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); - - } - - @Test - public void httpPostValidSignedWitUserStopErrorCode() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException, TaskExecutionException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_with_error_userstop.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - // perform test - task.execute(pendingReq, executionContext); - - // validate state - assertTrue("process not cancelled", executionContext.isProcessCancelled()); - assertTrue("process not stopped by user", pendingReq.isAbortedByUser()); - assertFalse("should not authenticated", pendingReq.isAuthenticated()); - - } - - @Test - public void httpPostValidSignedWithErrorAndNoSubCode() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_with_error_without_subcode.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - try { - task.execute(pendingReq, executionContext); - fail("Invalid response not detected"); - - } catch (final TaskExecutionException e) { - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); - } - } - - @Test - public void httpPostValidSignedWithErrorAndEmptySubCode() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_without_sig_with_error_empty_subcode.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - try { - task.execute(pendingReq, executionContext); - fail("Invalid response not detected"); - - } catch (final TaskExecutionException e) { - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); - - } - } - - @Test - public void httpPostValidSignedAssertionEidValid() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException, TaskExecutionException, EaafStorageException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_with_EID.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - // put SimpleEidasData in session - final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - final SimpleEidasData eidData = new SimpleEidasData(); - eidData.setFamilyName("Mustermann"); - eidData.setGivenName("Max"); - eidData.setDateOfBirth("1940-01-01"); - authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); - - // perform task - task.execute(pendingReq, executionContext); - - // validate state - final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); - assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel()); - assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString()); - - //TODO: - - } - - @Test - public void httpPostValidSignedAssertionEidValidButNameMissmatch() throws IOException, SamlSigningException, - Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, - MarshallingException, TransformerException, TaskExecutionException, EaafStorageException { - - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); - - final Response response = initializeResponse( - "classpath:/data/idp_metadata_classpath_entity.xml", - "/data/Response_with_EID.xml", - credentialProvider.getMessageSigningCredential(), - true); - httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( - DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( - "UTF-8"))); - - // put SimpleEidasData in session - final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); - final SimpleEidasData eidData = new SimpleEidasData(); - eidData.setFamilyName("Mustermann1"); - eidData.setGivenName("Max"); - eidData.setDateOfBirth("1940-01-01"); - authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); - - // perform task - try { - task.execute(pendingReq, executionContext); - fail("Invalid response not detected"); - - } catch (final TaskExecutionException e) { - assertNotNull(e.getPendingRequestID()); - assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); - assertNotNull(e.getOriginalException()); - isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); - assertTrue(e.getOriginalException().getCause() instanceof InvalidUserInputException); - } - - } - - private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential, - boolean validConditions) throws SamlSigningException, XMLParserException, UnmarshallingException, - Pvp2MetadataException { - - final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream( - XMLObjectProviderRegistrySupport.getParserPool(), - ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.class.getResourceAsStream( - responsePath)); - response.setIssueInstant(DateTime.now()); - final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); - issuer.setValue(idpEntityId); - response.setIssuer(issuer); - - if (validConditions) { - response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5)); - - } - - return Saml2Utils.signSamlObject(response, credential, true); - } - -} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java new file mode 100644 index 00000000..5ea7b59b --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java @@ -0,0 +1,371 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import net.shibboleth.utilities.java.support.xml.ParserPool; +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang3.RandomStringUtils; +import org.jetbrains.annotations.NotNull; +import org.joda.time.DateTime; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.saml2.core.Issuer; +import org.opensaml.saml.saml2.core.Response; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import javax.xml.transform.TransformerException; +import java.io.IOException; +import java.io.InputStream; +import java.nio.charset.StandardCharsets; +import java.util.Base64; +import java.util.Objects; + +import static org.junit.Assert.*; +import static org.springframework.util.Assert.isInstanceOf; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +public class ReceiveMobilePhoneSignatureResponseTaskTest { + + private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml"; + + @Autowired + protected MsConnectorDummyConfigMap authConfig; + @Autowired + private IdAustriaClientAuthMetadataProvider metadataProvider; + @Autowired + private IdAustriaClientAuthCredentialProvider credentialProvider; + @Autowired + private PvpMetadataResolverFactory metadataFactory; + @Autowired + private ReceiveMobilePhoneSignatureResponseTask task; + + private final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private DummyPendingRequest pendingReq; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void initialize() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + } + + /** + * jUnit test set-up. + * + * @throws Exception In case of an set-up error + */ + @Before + public void setUp() throws Exception { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.setScheme("https"); + httpReq.setServerPort(443); + httpReq.setContextPath("/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, METADATA_PATH); + + DummyOA oaParam = new DummyOA(); + oaParam.setUniqueAppId("http://test.com/test"); + oaParam.setTargetIdentifier(EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2)); + + pendingReq = new DummyPendingRequest(); + pendingReq.initialize(httpReq, authConfig); + pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setOnlineApplicationConfiguration(oaParam); + + metadataProvider.fullyDestroy(); + } + + @Test + public void unsupportedHttpMethod() { + httpReq = new MockHttpServletRequest("PUT", "https://localhost/authhandler"); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.03", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpGetNoMessage() { + httpReq = new MockHttpServletRequest("GET", "https://localhost/authhandler"); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostNoMessage() { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostMessageNotSigned() throws IOException { + byte[] bytes = IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseTask.class + .getResourceAsStream("/data/Response_without_sig_classpath_entityid.xml")); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(bytes)); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostMessageWrongDestinationEndpoint() throws Exception { + initResponse("/data/Response_with_wrong_destination_endpoint.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostValidSignedNoMetadata() throws Exception { + initResponse("/data/Response_without_sig_classpath_entityid.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.11", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedAssertionOutDated() throws Exception { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_without_sig_classpath_entityid.xml", false); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedAssertionFromWrongIdp() throws Exception { + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5)); + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_without_sig_classpath_entityid.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.08", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedAssertionMissingAttributes() throws Exception { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_without_sig_classpath_entityid.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedWithError() throws Exception { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_without_sig_with_error.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedWitUserStopErrorCode() throws Exception { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_without_sig_with_error_userstop.xml", true); + + task.execute(pendingReq, executionContext); + + assertTrue("process not cancelled", executionContext.isProcessCancelled()); + assertTrue("process not stopped by user", pendingReq.isAbortedByUser()); + assertFalse("should not authenticated", pendingReq.isAuthenticated()); + } + + @Test + public void httpPostValidSignedWithErrorAndNoSubCode() throws Exception { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_without_sig_with_error_without_subcode.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedWithErrorAndEmptySubCode() throws Exception { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_without_sig_with_error_empty_subcode.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedAssertionEidValidButNameMismatch() throws Exception { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_with_EID.xml", true); + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + SimpleEidasData eidData = createEidasDataMatchingToSamlResponse(); + eidData.setFamilyName(eidData.getFamilyName() + "notmatching"); + authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + isInstanceOf(InvalidUserInputException.class, e.getOriginalException().getCause()); + } + + @Test + public void httpPostValidSignedAssertionEidValid() throws Exception { + // klar darstellen: was ist input, was ist dann expected output ... eigentlich für alle tasks! + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + initResponse("/data/Response_with_EID.xml", true); + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + SimpleEidasData eidData = createEidasDataMatchingToSamlResponse(); + authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); + + task.execute(pendingReq, executionContext); + + AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel()); + assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString()); + + //TODO this is the good case + } + + @NotNull + private SimpleEidasData createEidasDataMatchingToSamlResponse() { + // data from "/data/Response_with_EID.xml" + SimpleEidasData result = new SimpleEidasData(); + result.setFamilyName("Mustermann"); + result.setGivenName("Max"); + result.setDateOfBirth("1940-01-01"); + return result; + } + + private void addSamlResponseToHttpReq(Response response) throws TransformerException, IOException, MarshallingException { + String node = DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)); + String base64encoded = Base64.getEncoder().encodeToString(node.getBytes(StandardCharsets.UTF_8)); + httpReq.addParameter("SAMLResponse", base64encoded); + } + + private void initResponse(String responsePath, boolean validConditions) throws Exception { + InputStream inputStream = ReceiveMobilePhoneSignatureResponseTaskTest.class.getResourceAsStream(responsePath); + ParserPool parserPool = Objects.requireNonNull(XMLObjectProviderRegistrySupport.getParserPool()); + Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(parserPool, inputStream); + response.setIssueInstant(DateTime.now()); + Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); + issuer.setValue("classpath:/data/idp_metadata_classpath_entity.xml"); + response.setIssuer(issuer); + if (validConditions) { + response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5)); + } + Response signedResponse = Saml2Utils.signSamlObject(response, credentialProvider.getMessageSigningCredential(), true); + addSamlResponseToHttpReq(signedResponse); + } + +} |