diff options
author | Alexander Marsalek <amarsalek@iaik.tugraz.at> | 2021-02-08 13:04:07 +0100 |
---|---|---|
committer | Alexander Marsalek <amarsalek@iaik.tugraz.at> | 2021-02-08 13:30:23 +0100 |
commit | 5a07ce3e84615cb088ed844312d726679095ec03 (patch) | |
tree | d0fec0b20ddf9dbddfa7d5d4e747ec1838b7b953 /eidas_modules/authmodule-eIDAS-v2/src/test/java/at | |
parent | 6e16e4bbddf6dcddf2ed7b25fd55b41adfa4a08c (diff) | |
download | National_eIDAS_Gateway-5a07ce3e84615cb088ed844312d726679095ec03.tar.gz National_eIDAS_Gateway-5a07ce3e84615cb088ed844312d726679095ec03.tar.bz2 National_eIDAS_Gateway-5a07ce3e84615cb088ed844312d726679095ec03.zip |
GenerateMobilePhoneSignatureRequestTaskTest
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/test/java/at')
4 files changed, 946 insertions, 0 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyAuthConfigMap.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyAuthConfigMap.java new file mode 100644 index 00000000..ba531029 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyAuthConfigMap.java @@ -0,0 +1,144 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URL; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; + +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +import org.apache.commons.lang3.StringUtils; + +/** + * Dummy Application-configuration implementation for jUnit tests. + * + * @author tlenz + * + */ +public class DummyAuthConfigMap implements IConfigurationWithSP { + + private Map<String, String> config = new HashMap<>(); + + /** + * Empty Dummy Application-configuration. + * + */ + public DummyAuthConfigMap() { + + } + + /** + * Dummy Application-configuration. + * + * @param configIs Property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final InputStream configIs) throws IOException { + + final Properties props = new Properties(); + props.load(configIs); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + /** + * Dummy Application-configuration. + * + * @param path Path to property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final String path) throws IOException { + + final Properties props = new Properties(); + props.load(this.getClass().getResourceAsStream(path)); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + + @Override + public String getBasicConfiguration(final String key) { + return config.get(key); + + } + + @Override + public String getBasicConfiguration(final String key, final String defaultValue) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return defaultValue; + } else { + return value; + } + + } + + @Override + public boolean getBasicConfigurationBoolean(final String key) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return false; + } else { + return Boolean.valueOf(value); + } + } + + @Override + public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) { + return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue))); + + } + + @Override + public Map<String, String> getBasicConfigurationWithPrefix(final String prefix) { + return KeyValueUtils.getSubSetWithPrefix(config, prefix); + + } + + @Override + public ISpConfiguration getServiceProviderConfiguration(final String uniqueID) + throws EaafConfigurationException { + return null; + } + + @Override + public <T> T getServiceProviderConfiguration(final String spIdentifier, final Class<T> decorator) + throws EaafConfigurationException { + return null; + } + + @Override + public URI getConfigurationRootDirectory() { + return new java.io.File(".").toURI(); + + } + + @Override + public String validateIdpUrl(final URL authReqUrl) throws EaafException { + return authReqUrl.toString(); + } + + public void putConfigValue(final String key, final String value) { + config.put(key, value); + } + + public void removeConfigValue(final String key) { + config.remove(key); + + } + + public void removeAll() { + config.clear(); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyOA.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyOA.java new file mode 100644 index 00000000..cf879562 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyOA.java @@ -0,0 +1,304 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.builder.BpkBuilder; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +import lombok.Getter; +import lombok.Setter; + +public class DummyOA implements IAhSpConfiguration{ + + private static final long serialVersionUID = 1L; + private String uniqueAppId = null; + private String targetIdentifier = null; + private String friendlyName = null; + private String cc = "AT"; + private final Map<String, String> config = new HashMap<>(); + private final List<Pair<String, String>> reqAttributes = new ArrayList<>(); + + private boolean mandateEnabled = false; + private boolean onlyMandateEnabled = false; + private String mandateProfilesCsv; + + private boolean eidasEnabled = false; + + private boolean testCredentialEnabled = true; + private String additionalBpkTargetCsv; + private List<Pair<String, String>> additionalEncBpkTargets; + + @Setter + private boolean restricted = true; + + @Setter + private long latestVdaAuthentication = 60 * 365 * 5; + + @Getter + @Setter + private boolean publicServiceProvider; + + @Getter + @Setter + private boolean multiMandateEnabled; + + @Setter + private String bmiUniqueIdentifier; + + @Override + public Map<String, String> getFullConfiguration() { + return this.config; + } + + @Override + public String getConfigurationValue(final String key) { + return this.config.get(key); + } + + @Override + public String getConfigurationValue(final String key, final String defaultValue) { + if (StringUtils.isNotEmpty(getConfigurationValue(key))) { + return getConfigurationValue(key); + } else { + return defaultValue; + } + } + + @Override + public boolean isConfigurationValue(final String key) { + if (StringUtils.isNotEmpty(getConfigurationValue(key))) { + return Boolean.valueOf(getConfigurationValue(key)); + } else { + return false; + } + + } + + @Override + public boolean isConfigurationValue(final String key, final boolean defaultValue) { + return Boolean.parseBoolean(getConfigurationValue(key, String.valueOf(defaultValue))); + + } + + @Override + public boolean containsConfigurationKey(final String key) { + return this.config.containsKey(key); + } + + @Override + public String getUniqueIdentifier() { + return this.uniqueAppId; + } + + @Override + public String getUniqueApplicationRegisterIdentifier() { + return this.bmiUniqueIdentifier; + + } + + @Override + public String getFriendlyName() { + return this.friendlyName; + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return false; + } + + @Override + public List<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getTargetsWithNoBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getRequiredLoA() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getLoAMatchingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAreaSpecificTargetIdentifier() { + return this.targetIdentifier; + } + + @Override + public boolean isTestCredentialEnabled() { + return this.testCredentialEnabled; + } + + @Override + public List<String> getTestCredentialOids() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<Pair<String, String>> getRequiredAttributes() { + return this.reqAttributes; + + } + + public void setUniqueAppId(final String uniqueAppId) { + this.uniqueAppId = uniqueAppId; + } + + @Override + public String getCountryCode() { + return cc; + } + + @Override + public void setCountryCode(final String cc) { + this.cc = cc; + + } + + public void setTargetIdentifier(final String targetIdentifier) { + this.targetIdentifier = BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(targetIdentifier); + + } + + public void setFriendlyName(final String friendlyName) { + this.friendlyName = friendlyName; + } + + public void putGenericConfigurationKey(final String key, final String value) { + this.config.put(key, value); + + } + + public void addRequiredAttribute(final String attrUri) { + this.reqAttributes.add(Pair.newInstance(attrUri, null)); + + } + + public void removeRequiredAttribute(final String attrUri) { + for (final Pair<String, String> el : reqAttributes) { + if (el.getFirst().equals(attrUri)) { + reqAttributes.remove(el); + break; + + } + + + } + } + + public void addRequiredAttribute(final String attrUri, String param) { + this.reqAttributes.add(Pair.newInstance(attrUri, param)); + + } + + @Override + public boolean isMandateEnabled() { + return this.mandateEnabled; + } + + @Override + public boolean isOnlyMandateEnabled() { + return this.onlyMandateEnabled; + + } + + @Override + public List<String> getMandateProfiles() { + return KeyValueUtils.getListOfCsvValues(mandateProfilesCsv); + } + + @Override + public List<String> getAdditionalBpkTargets() { + return KeyValueUtils.getListOfCsvValues(additionalBpkTargetCsv); + + } + + @Override + public List<Pair<String, String>> getAdditionalForeignBpkTargets() { + if (additionalEncBpkTargets == null) { + return Collections.emptyList(); + + } else { + return additionalEncBpkTargets; + + } + } + + @Override + public long lastVdaAuthenticationDelay() { + return latestVdaAuthentication; + + } + + @Override + public boolean isRestrictedServiceProvider() { + return this.restricted ; + } + + + public void setMandateEnabled(final boolean mandateEnabled) { + this.mandateEnabled = mandateEnabled; + } + + public void setOnlyMandateEnabled(final boolean onlyMandateEnabled) { + this.onlyMandateEnabled = onlyMandateEnabled; + } + + public void setMandateProfilesCsv(final String mandateProfilesCsv) { + this.mandateProfilesCsv = mandateProfilesCsv; + } + + public void setTestCredentialEnabled(final boolean testCredentialEnabled) { + this.testCredentialEnabled = testCredentialEnabled; + } + + public void setAdditionalBpkTargetCsv(String additionalBpkTargetCsv) { + this.additionalBpkTargetCsv = additionalBpkTargetCsv; + } + + public void setAdditionalEncBpkTargets(List<Pair<String, String>> additionalEncBpkTargets) { + this.additionalEncBpkTargets = additionalEncBpkTargets; + } + + @Override + public boolean isEnabled() { + return true; + } + + @Override + public boolean isEidasEnabled() { + return this.eidasEnabled; + + } + + public void setEidasEnabled(boolean eidasEnabled) { + this.eidasEnabled = eidasEnabled; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/IAhSpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/IAhSpConfiguration.java new file mode 100644 index 00000000..13d61f15 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/IAhSpConfiguration.java @@ -0,0 +1,152 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy; + +import java.util.List; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Pair; + +public interface IAhSpConfiguration extends ISpConfiguration { + + + /** + * Flag if this Service Provider is enabled. + * + * @return true if the SP is enabled, otherwise false + */ + boolean isEnabled(); + + /** + * Get unique identifier that is used in Application-Register from BM.I. + * + * <p>If no BM.I specific identifier is available then this method returns + * the same identifier as <code>getUniqueIdentifier()</code></p> + * + * @return unique identifier from BM.I AppReg, or generic uniqueId of no specific exists + */ + String getUniqueApplicationRegisterIdentifier(); + + /** + * Flag that marks this Service-Provider as <i>public</i> or <i>private</i>. + * + * <p><b>Default:</b> If it is not set or has an unknown value, its <i>private</i> by default</p> + * + * @return <code>true</code> if it is from <i>public</i>, otherwise <code>false</code> + */ + boolean isPublicServiceProvider(); + + /** + * Enable test identities for this Service Provider. + * + * @return true if test identities are allowed, otherwise false + */ + boolean isTestCredentialEnabled(); + + /** + * Get a List of OID's that refine the set of allowed test identities. + * + * @return @link {@link List} of test-identity OID's + */ + @Nullable + List<String> getTestCredentialOids(); + + + /** + * Get a List of unique attribute URI's that are required by this SP. + * + * @return {@link List} of attribute URI's / parameter {@link Pair}s + */ + List<Pair<String, String>> getRequiredAttributes(); + + + /** + * Get the CountryCode for this service. <br> + * <br> + * <b>Default:</b> AT + * + * @return + */ + String getCountryCode(); + + /** + * Set the CountryCode for this service. If not countryCode is set, AT is used as default. + * + * @param cc Service-Provider country-code + */ + void setCountryCode(String cc); + + /** + * Enable mandates for this service provider. + * + * @return <code>true</code> if mandates are enabled, otherwise <code>false</code> + */ + boolean isMandateEnabled(); + + /** + * Enables multi-mandates for this service-provider. + * + * @return <code>true</code> if multi-mandates are enabled, otherwise <code>false</code> + */ + boolean isMultiMandateEnabled(); + + /** + * Only mandates are allowed for this service provider. + * + * @return <code>true</code> if only mandates are allowed, otherwise <code>false</code> + */ + boolean isOnlyMandateEnabled(); + + /** + * Get a {@link List} of mandate profiles that are supported by this Service provider. + * + * @return + */ + @Nonnull List<String> getMandateProfiles(); + + + /** + * eIDAS authentication allowed flag. + * + * @return <code>true</code> if eIDAS authentication is enabled, otherwise <code>false</code> + */ + boolean isEidasEnabled(); + + /** + * Get a List of targets for additional bPKs that are required by this service provider. + * + * @return List of prefixed bPK targets + */ + @Nonnull List<String> getAdditionalBpkTargets(); + + /** + * Get a list of foreign bPK targets that are required by this service provider. + * + * @return List of pairs with prefixed bPK targets as first element and VKZ as second element + */ + @Nonnull List<Pair<String, String>> getAdditionalForeignBpkTargets(); + + /** + * Flag that indicates that service-provider as restricted or unrestricted. + * + * <p>A restricted service-provider can only used by test-identities that contains a + * valid application-restriction in User-Certificate Pinning</p> + * + * <p><b>Default:</b> true</p> + * + * @return <code>true</code> if it is restricted, otherwise <code>false</code> + */ + boolean isRestrictedServiceProvider(); + + +/** + * Defines the time in minutes how long the last VDA registration h@Override + ave passed as maximum. + * + * @return time in minutes + */ +long lastVdaAuthenticationDelay(); + +} + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java new file mode 100644 index 00000000..379f64ee --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java @@ -0,0 +1,346 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyAuthConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttribute; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.schema.XSString; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.core.AuthnRequest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.util.Base64; +import java.util.Map; + +@RunWith(SpringJUnit4ClassRunner.class) +@TestPropertySource(locations = {"classpath:/config/junit_config_1-.properties" }) +//@ContextConfiguration({"/spring/SpringTest-context_mapConfig_full.xml", "classpath:/spring/test_eaaf_core.beans.xml"}) +//@TestPropertySource(locations = { "classpath:/config/junit_config_1_springboot.properties" }) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test1.xml", + "/SpringTest-context_basic_mapConfig1.xml" +}) + +public class GenerateMobilePhoneSignatureRequestTaskTest { + + private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml"; + private static final String METADATA_SP_PATH = "classpath:/data/sp_metadata_junit.xml"; + + @Autowired(required = true) + private ApplicationContext context; + @Autowired(required = true) + protected DummyAuthConfigMap authConfig; + @Autowired + private IdAustriaClientAuthMetadataProvider metadataProvider; + @Autowired + private PvpMetadataResolverFactory metadataFactory; + @Autowired + private DummyGuiBuilderConfigurationFactory guiBuilderConfigFactory; +// @Autowired +// private SamlVerificationEngine samlVerifyEngine; +// @Autowired +// private ITransactionStorage transactionStorage; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + private DummyOA oaParam; + + private GenerateMobilePhoneSignatureRequestTask task; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void initialize() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * jUnit test set-up. + * + * @throws Exception In case of an set-up error + */ + @Before + public void setUp() throws Exception { + task = (GenerateMobilePhoneSignatureRequestTask) context.getBean("GenerateMobilePhoneSignatureRequestTask"); + + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + authConfig.putConfigValue("modules.idaustriaclient.request.sign.alias", "sig"); + + oaParam = new DummyOA(); + oaParam.setUniqueAppId("http://test.com/test"); + oaParam.setBmiUniqueIdentifier(oaParam.getUniqueIdentifier() + "#" + RandomStringUtils.randomAlphanumeric(5)); + oaParam.setTargetIdentifier( + EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2)); + oaParam.setEidasEnabled(true); + oaParam.putGenericConfigurationKey( + IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, null); + // oaParam.setMandateProfilesCsv( + // RandomStringUtils.randomAlphabetic(5) + // + "," + RandomStringUtils.randomAlphabetic(5) + // + "," + RandomStringUtils.randomAlphabetic(5)); + + pendingReq = new TestRequestImpl(); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(oaParam); + pendingReq.setAuthUrl("https://localhost/authhandler"); + + metadataProvider.fullyDestroy(); + guiBuilderConfigFactory.setVelocityBuilderConfig(createDummyGuiConfig()); + + } + + @Test + public void noMetadataAvailableOnGlobalConfig() { + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_NODE_ENTITYID, + RandomStringUtils.randomAlphabetic(10)); + + try { + task.execute(pendingReq, executionContext); + Assert.fail(); + + } catch (final TaskExecutionException e) { + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, + e.getOriginalException()); + Assert.assertEquals("module.eidasauth.02", + ((EaafConfigurationException) e.getOriginalException()).getErrorId()); + + } + } + + @Test + public void noMetadataAvailableOnSpConfig() { + oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, + RandomStringUtils.randomAlphabetic(10)); + + try { + task.execute(pendingReq, executionContext); + Assert.fail(); + + } catch (final TaskExecutionException e) { + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, + e.getOriginalException()); + Assert.assertEquals("module.eidasauth.02", + ((EaafConfigurationException) e.getOriginalException()).getErrorId()); + + } + } + + @Test + public void noMetadataSigningKeyStore() throws Pvp2MetadataException { + oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, + METADATA_PATH); + + authConfig.removeConfigValue("modules.idaustriaclient.request.sign.alias"); + + metadataProvider.addMetadataResolverIntoChain( + metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null)); + + try { + task.execute(pendingReq, executionContext); + Assert.fail(); + + } catch (final TaskExecutionException e) { + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(CredentialsNotAvailableException.class, + e.getOriginalException()); + Assert.assertEquals("internal.pvp.01", + ((CredentialsNotAvailableException) e.getOriginalException()).getErrorId()); + + } + } + + @Test + public void success() throws Exception { + oaParam.putGenericConfigurationKey(IdAustriaClientAuthConstants.CONFIG_PROPS_APPSPECIFIC_EIDAS_NODE_URL, + METADATA_PATH); + metadataProvider.addMetadataResolverIntoChain( + metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null)); + pendingReq.setTransactionId(RandomStringUtils.randomAlphanumeric(10)); + + task.execute(pendingReq, executionContext); + + final EaafRequestedAttributes reqAttr = validate(); + Assert.assertEquals("#Req Attribute", 2, reqAttr.getAttributes().size()); + + Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.transactionId", + reqAttr.getAttributes().get(0).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(0).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(0).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(0).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + Assert.assertEquals("Req. Attr. Value", pendingReq.getUniqueTransactionIdentifier(), + ((XSString) reqAttr.getAttributes().get(0).getAttributeValues().get(0)).getValue()); + + Assert.assertEquals("Wrong req attr.", "urn:oid:1.2.40.0.10.2.1.1.261.34", + reqAttr.getAttributes().get(1).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(1).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(1).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + Assert.assertEquals("Req. Attr. Value", oaParam.getAreaSpecificTargetIdentifier(), + ((XSString) reqAttr.getAttributes().get(1).getAttributeValues().get(0)).getValue()); + + } + + private EaafRequestedAttributes validate() throws Exception { + Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus()); + Assert.assertEquals("ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); + Assert.assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding()); + + final String html = httpResp.getContentAsString(); + Assert.assertNotNull("XML Metadata", html); + + final int startIndex = html.indexOf("SAMLRequest="); + Assert.assertTrue("No SAMLRequest in html", startIndex >= 0); + final String authnXml = html.substring(startIndex + "SAMLRequest=".length()); + //TODO why do i have to do that?? => remove "} from end +// String authnXml2 = authnXml1.substring(0,authnXml1.length()-2); + + //check if relaystate was stored + final int startIndexRelayState = html.indexOf("RelayState="); + Assert.assertTrue("wrong RelayState in HTML", + startIndexRelayState >= 0); + String relayState = html.substring(startIndexRelayState + "RelayState=".length(), startIndex); +// String storedPendingReqId = transactionStorage.get(relayState, String.class); +// Assert.assertEquals("relayStore not map to pendingRequestId", +// pendingReq.getPendingRequestId(), storedPendingReqId); + + + final AuthnRequest authnRequest = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream( + Base64.getDecoder().decode(authnXml))); + + Assert.assertNotNull("AuthnReq", authnRequest); + Assert.assertNotNull("Issuer", authnRequest.getIssuer()); + Assert.assertEquals("EntityId", + "https://localhost/authhandler" + IdAustriaClientAuthConstants.ENDPOINT_METADATA, + authnRequest.getIssuer().getValue()); + + //check XML scheme + Saml2Utils.schemeValidation(authnRequest); + + + //check signature + final PvpSProfileRequest msg = new PvpSProfileRequest( + authnRequest, + SAMLConstants.SAML2_POST_BINDING_URI); + msg.setEntityID(authnRequest.getIssuer().getValue()); + metadataProvider.addMetadataResolverIntoChain( + metadataFactory.createMetadataProvider(METADATA_SP_PATH, null, "jUnit SP", null)); +// samlVerifyEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); +//TODO + //check other elements +// Assert.assertNotNull("Proxy-Scope", authnRequest.getScoping()); +// Assert.assertNotNull("RequesterIds", authnRequest.getScoping().getRequesterIDs()); +// Assert.assertEquals("#RequesterIds", 1, authnRequest.getScoping().getRequesterIDs().size()); +// Assert.assertEquals("RequesterId", oaParam.getUniqueApplicationRegisterIdentifier(), +// authnRequest.getScoping().getRequesterIDs().get(0).getRequesterID()); + + Assert.assertNotNull("RequestedAuthnContext", authnRequest.getRequestedAuthnContext()); + Assert.assertNotNull("AuthnContextClassRef", + authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs()); + Assert.assertEquals("#AuthnContextClassRef", 1, + authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().size()); + Assert.assertEquals("LoA", "http://eidas.europa.eu/LoA/high", + authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().get(0).getAuthnContextClassRef()); + + Assert.assertNotNull("Extensions", authnRequest.getExtensions()); + Assert.assertFalse("No Requested attributes", + authnRequest.getExtensions().getUnknownXMLObjects().isEmpty()); + + Assert.assertEquals("#ReqAttributes", 1, authnRequest.getExtensions().getUnknownXMLObjects().size()); + org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class, + authnRequest.getExtensions().getUnknownXMLObjects().get(0), "No Requested Attributes object"); + + return (EaafRequestedAttributes) authnRequest.getExtensions().getUnknownXMLObjects().get(0); + } + + private IVelocityGuiBuilderConfiguration createDummyGuiConfig() { + return new IVelocityGuiBuilderConfiguration() { + + @Override + public Map<String, Object> getViewParameters() { + return null; + } + + @Override + public String getViewName() { + return "SAML2 Post-Binding"; + } + + @Override + public String getDefaultContentType() { + return null; + } + + @Override + public InputStream getTemplate(String viewName) { + return GenerateMobilePhoneSignatureRequestTaskTest.class.getResourceAsStream("/data/pvp_postbinding_template.html"); + } + + @Override + public String getClasspathTemplateDir() { + return null; + + } + }; + } + +} |