aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src/test/java/at
diff options
context:
space:
mode:
authorChristian Kollmann <christian.kollmann@a-sit.at>2021-02-25 07:54:53 +0100
committerChristian Kollmann <christian.kollmann@a-sit.at>2021-02-25 13:27:12 +0100
commit0c4fe92684a707040fd7536da05945a64b309740 (patch)
treee0ecf1d6367b2e110d9f1801506b9d6d6385f750 /eidas_modules/authmodule-eIDAS-v2/src/test/java/at
parent3338a3dd00fabf28f1de8579535b1626dbe99908 (diff)
downloadNational_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.tar.gz
National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.tar.bz2
National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.zip
Refactor tasks for MobilePhoneSignature login and tests
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/test/java/at')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java543
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java371
2 files changed, 371 insertions, 543 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java
deleted file mode 100644
index 42dd3ddc..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java
+++ /dev/null
@@ -1,543 +0,0 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
-
-import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest;
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
-import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
-import net.shibboleth.utilities.java.support.xml.XMLParserException;
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang3.RandomStringUtils;
-import org.joda.time.DateTime;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
-import org.opensaml.core.xml.io.MarshallingException;
-import org.opensaml.core.xml.io.UnmarshallingException;
-import org.opensaml.core.xml.util.XMLObjectSupport;
-import org.opensaml.saml.saml2.core.Issuer;
-import org.opensaml.saml.saml2.core.Response;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
-
-import javax.xml.transform.TransformerException;
-import java.io.IOException;
-import java.util.Base64;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertThrows;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import static org.springframework.util.Assert.isInstanceOf;
-
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration(locations = {
- "/SpringTest-context_tasks_test.xml",
- "/SpringTest-context_basic_mapConfig.xml"
-})
-public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
-
- private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
-
- @Autowired
- private ApplicationContext context;
- @Autowired
- protected MsConnectorDummyConfigMap authConfig;
- @Autowired
- private IdAustriaClientAuthMetadataProvider metadataProvider;
- @Autowired
- private IdAustriaClientAuthCredentialProvider credentialProvider;
- @Autowired
- private PvpMetadataResolverFactory metadataFactory;
-
- private final ExecutionContext executionContext = new ExecutionContextImpl();
- private MockHttpServletRequest httpReq;
- private MockHttpServletResponse httpResp;
- private DummyPendingRequest pendingReq;
-
- private ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask task;
-
- /**
- * JUnit class initializer.
- *
- * @throws Exception In case of an OpenSAML3 initialization error
- */
- @BeforeClass
- public static void initialize() throws Exception {
- EaafOpenSaml3xInitializer.eaafInitialize();
-
- }
-
- /**
- * jUnit test set-up.
- *
- * @throws Exception In case of an set-up error
- */
- @Before
- public void setUp() throws Exception {
- task = (ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask) context.getBean(
- "ReceiveMobilePhoneSignatureResponseTask");
-
- httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
- httpReq.setScheme("https");
- httpReq.setServerPort(443);
- httpReq.setContextPath("/authhandler");
- httpResp = new MockHttpServletResponse();
- RequestContextHolder.resetRequestAttributes();
- RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
-
- authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, METADATA_PATH);
-
- DummyOA oaParam = new DummyOA();
- oaParam.setUniqueAppId("http://test.com/test");
- oaParam.setTargetIdentifier(EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2));
-
- pendingReq = new DummyPendingRequest();
- pendingReq.initialize(httpReq, authConfig);
- pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10));
- pendingReq.setOnlineApplicationConfiguration(oaParam);
-
- metadataProvider.fullyDestroy();
- }
-
- @Test
- public void unsupportedHttpMethode() {
- httpReq = new MockHttpServletRequest("PUT", "https://localhost/authhandler");
- RequestContextHolder.resetRequestAttributes();
- RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.03", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
- }
-
- @Test
- public void httpGetNoMessage() {
- httpReq = new MockHttpServletRequest("GET", "https://localhost/authhandler");
- RequestContextHolder.resetRequestAttributes();
- RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
-
- }
-
- @Test
- public void httpPostNoMessage() {
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
- }
-
- @Test
- public void httpPostMessageNotSigned() throws IOException {
-
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.class
- .getResourceAsStream(
- "/data/Response_without_sig_classpath_entityid.xml"))));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
-
- }
-
- @Test
- public void httpPostMessageWrongDestinationEndpoint() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- TransformerException, MarshallingException {
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_with_wrong_destination_endpoint.xml",
- credentialProvider.getMessageSigningCredential(), true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
-
- }
-
- @Test
- public void httpPostValidSignedNoMetadata() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException {
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_classpath_entityid.xml",
- credentialProvider.getMessageSigningCredential(), true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.11", ((EaafException) e.getOriginalException()).getErrorId());
- }
-
- @Test
- public void httpPostValidSignedAssertionOutDated() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_classpath_entityid.xml",
- credentialProvider.getMessageSigningCredential(), false);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId());
-
- }
-
- @Test
- public void httpPostValidSignedAssertionFromWrongIdp() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException {
-
- authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
- "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5));
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_classpath_entityid.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.08", ((EaafException) e.getOriginalException()).getErrorId());
-
- }
-
- @Test
- public void httpPostValidSignedAssertionMissingAttributes() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_classpath_entityid.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId());
-
- }
-
- @Test
- public void httpPostValidSignedWithError() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_with_error.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
-
- }
-
- @Test
- public void httpPostValidSignedWitUserStopErrorCode() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException, TaskExecutionException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_with_error_userstop.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- // perform test
- task.execute(pendingReq, executionContext);
-
- // validate state
- assertTrue("process not cancelled", executionContext.isProcessCancelled());
- assertTrue("process not stopped by user", pendingReq.isAbortedByUser());
- assertFalse("should not authenticated", pendingReq.isAuthenticated());
-
- }
-
- @Test
- public void httpPostValidSignedWithErrorAndNoSubCode() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_with_error_without_subcode.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- try {
- task.execute(pendingReq, executionContext);
- fail("Invalid response not detected");
-
- } catch (final TaskExecutionException e) {
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
- }
- }
-
- @Test
- public void httpPostValidSignedWithErrorAndEmptySubCode() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_with_error_empty_subcode.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- try {
- task.execute(pendingReq, executionContext);
- fail("Invalid response not detected");
-
- } catch (final TaskExecutionException e) {
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
-
- }
- }
-
- @Test
- public void httpPostValidSignedAssertionEidValid() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException, TaskExecutionException, EaafStorageException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_with_EID.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- // put SimpleEidasData in session
- final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- final SimpleEidasData eidData = new SimpleEidasData();
- eidData.setFamilyName("Mustermann");
- eidData.setGivenName("Max");
- eidData.setDateOfBirth("1940-01-01");
- authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
-
- // perform task
- task.execute(pendingReq, executionContext);
-
- // validate state
- final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel());
- assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
-
- //TODO:
-
- }
-
- @Test
- public void httpPostValidSignedAssertionEidValidButNameMissmatch() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException, TaskExecutionException, EaafStorageException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_with_EID.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- // put SimpleEidasData in session
- final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- final SimpleEidasData eidData = new SimpleEidasData();
- eidData.setFamilyName("Mustermann1");
- eidData.setGivenName("Max");
- eidData.setDateOfBirth("1940-01-01");
- authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
-
- // perform task
- try {
- task.execute(pendingReq, executionContext);
- fail("Invalid response not detected");
-
- } catch (final TaskExecutionException e) {
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertTrue(e.getOriginalException().getCause() instanceof InvalidUserInputException);
- }
-
- }
-
- private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential,
- boolean validConditions) throws SamlSigningException, XMLParserException, UnmarshallingException,
- Pvp2MetadataException {
-
- final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(
- XMLObjectProviderRegistrySupport.getParserPool(),
- ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.class.getResourceAsStream(
- responsePath));
- response.setIssueInstant(DateTime.now());
- final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
- issuer.setValue(idpEntityId);
- response.setIssuer(issuer);
-
- if (validConditions) {
- response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5));
-
- }
-
- return Saml2Utils.signSamlObject(response, credential, true);
- }
-
-}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java
new file mode 100644
index 00000000..5ea7b59b
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java
@@ -0,0 +1,371 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
+
+import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import net.shibboleth.utilities.java.support.xml.ParserPool;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.jetbrains.annotations.NotNull;
+import org.joda.time.DateTime;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.Response;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.xml.transform.TransformerException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Objects;
+
+import static org.junit.Assert.*;
+import static org.springframework.util.Assert.isInstanceOf;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+ "/SpringTest-context_tasks_test.xml",
+ "/SpringTest-context_basic_mapConfig.xml"
+})
+public class ReceiveMobilePhoneSignatureResponseTaskTest {
+
+ private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
+
+ @Autowired
+ protected MsConnectorDummyConfigMap authConfig;
+ @Autowired
+ private IdAustriaClientAuthMetadataProvider metadataProvider;
+ @Autowired
+ private IdAustriaClientAuthCredentialProvider credentialProvider;
+ @Autowired
+ private PvpMetadataResolverFactory metadataFactory;
+ @Autowired
+ private ReceiveMobilePhoneSignatureResponseTask task;
+
+ private final ExecutionContext executionContext = new ExecutionContextImpl();
+ private MockHttpServletRequest httpReq;
+ private MockHttpServletResponse httpResp;
+ private DummyPendingRequest pendingReq;
+
+ /**
+ * JUnit class initializer.
+ *
+ * @throws Exception In case of an OpenSAML3 initialization error
+ */
+ @BeforeClass
+ public static void initialize() throws Exception {
+ EaafOpenSaml3xInitializer.eaafInitialize();
+ }
+
+ /**
+ * jUnit test set-up.
+ *
+ * @throws Exception In case of an set-up error
+ */
+ @Before
+ public void setUp() throws Exception {
+ httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+ httpReq.setScheme("https");
+ httpReq.setServerPort(443);
+ httpReq.setContextPath("/authhandler");
+ httpResp = new MockHttpServletResponse();
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, METADATA_PATH);
+
+ DummyOA oaParam = new DummyOA();
+ oaParam.setUniqueAppId("http://test.com/test");
+ oaParam.setTargetIdentifier(EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2));
+
+ pendingReq = new DummyPendingRequest();
+ pendingReq.initialize(httpReq, authConfig);
+ pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10));
+ pendingReq.setOnlineApplicationConfiguration(oaParam);
+
+ metadataProvider.fullyDestroy();
+ }
+
+ @Test
+ public void unsupportedHttpMethod() {
+ httpReq = new MockHttpServletRequest("PUT", "https://localhost/authhandler");
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.03", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpGetNoMessage() {
+ httpReq = new MockHttpServletRequest("GET", "https://localhost/authhandler");
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+ }
+
+ @Test
+ public void httpPostNoMessage() {
+ httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostMessageNotSigned() throws IOException {
+ byte[] bytes = IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseTask.class
+ .getResourceAsStream("/data/Response_without_sig_classpath_entityid.xml"));
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(bytes));
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+ }
+
+ @Test
+ public void httpPostMessageWrongDestinationEndpoint() throws Exception {
+ initResponse("/data/Response_with_wrong_destination_endpoint.xml", true);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+ }
+
+ @Test
+ public void httpPostValidSignedNoMetadata() throws Exception {
+ initResponse("/data/Response_without_sig_classpath_entityid.xml", true);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.11", ((EaafException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionOutDated() throws Exception {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_without_sig_classpath_entityid.xml", false);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionFromWrongIdp() throws Exception {
+ authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
+ "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5));
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_without_sig_classpath_entityid.xml", true);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.08", ((EaafException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionMissingAttributes() throws Exception {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_without_sig_classpath_entityid.xml", true);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostValidSignedWithError() throws Exception {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_without_sig_with_error.xml", true);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostValidSignedWitUserStopErrorCode() throws Exception {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_without_sig_with_error_userstop.xml", true);
+
+ task.execute(pendingReq, executionContext);
+
+ assertTrue("process not cancelled", executionContext.isProcessCancelled());
+ assertTrue("process not stopped by user", pendingReq.isAbortedByUser());
+ assertFalse("should not authenticated", pendingReq.isAuthenticated());
+ }
+
+ @Test
+ public void httpPostValidSignedWithErrorAndNoSubCode() throws Exception {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_without_sig_with_error_without_subcode.xml", true);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostValidSignedWithErrorAndEmptySubCode() throws Exception {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_without_sig_with_error_empty_subcode.xml", true);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionEidValidButNameMismatch() throws Exception {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_with_EID.xml", true);
+ AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ SimpleEidasData eidData = createEidasDataMatchingToSamlResponse();
+ eidData.setFamilyName(eidData.getFamilyName() + "notmatching");
+ authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ isInstanceOf(InvalidUserInputException.class, e.getOriginalException().getCause());
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionEidValid() throws Exception {
+ // klar darstellen: was ist input, was ist dann expected output ... eigentlich für alle tasks!
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_with_EID.xml", true);
+ AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ SimpleEidasData eidData = createEidasDataMatchingToSamlResponse();
+ authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
+
+ task.execute(pendingReq, executionContext);
+
+ AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel());
+ assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
+
+ //TODO this is the good case
+ }
+
+ @NotNull
+ private SimpleEidasData createEidasDataMatchingToSamlResponse() {
+ // data from "/data/Response_with_EID.xml"
+ SimpleEidasData result = new SimpleEidasData();
+ result.setFamilyName("Mustermann");
+ result.setGivenName("Max");
+ result.setDateOfBirth("1940-01-01");
+ return result;
+ }
+
+ private void addSamlResponseToHttpReq(Response response) throws TransformerException, IOException, MarshallingException {
+ String node = DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response));
+ String base64encoded = Base64.getEncoder().encodeToString(node.getBytes(StandardCharsets.UTF_8));
+ httpReq.addParameter("SAMLResponse", base64encoded);
+ }
+
+ private void initResponse(String responsePath, boolean validConditions) throws Exception {
+ InputStream inputStream = ReceiveMobilePhoneSignatureResponseTaskTest.class.getResourceAsStream(responsePath);
+ ParserPool parserPool = Objects.requireNonNull(XMLObjectProviderRegistrySupport.getParserPool());
+ Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(parserPool, inputStream);
+ response.setIssueInstant(DateTime.now());
+ Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+ issuer.setValue("classpath:/data/idp_metadata_classpath_entity.xml");
+ response.setIssuer(issuer);
+ if (validConditions) {
+ response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5));
+ }
+ Response signedResponse = Saml2Utils.signSamlObject(response, credentialProvider.getMessageSigningCredential(), true);
+ addSamlResponseToHttpReq(signedResponse);
+ }
+
+}