diff options
author | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-11-27 09:18:38 +0100 |
---|---|---|
committer | Thomas Lenz <thomas.lenz@egiz.gv.at> | 2020-11-27 09:18:38 +0100 |
commit | 7a800070338bec49cf3a4e2e6f76a0778f9eae02 (patch) | |
tree | 91a5f1521a0a6a02ed3e21f21d25b1792881f2ad /eidas_modules/authmodule-eIDAS-v2/src/test | |
parent | 1dcc1b9cd5d6e2a50817474c597e2924f67be2b1 (diff) | |
parent | 9f684f489a2825d1c8fde371b7e71b8d7513060a (diff) | |
download | National_eIDAS_Gateway-7a800070338bec49cf3a4e2e6f76a0778f9eae02.tar.gz National_eIDAS_Gateway-7a800070338bec49cf3a4e2e6f76a0778f9eae02.tar.bz2 National_eIDAS_Gateway-7a800070338bec49cf3a4e2e6f76a0778f9eae02.zip |
Merge branch 'connector_update_SZRv4' into 'nightlybuild'
Integration of E-ID functionality
See merge request egiz/eidas_at_proxy!1
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/test')
8 files changed, 562 insertions, 56 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java index fca548b7..9709aeb9 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java @@ -19,17 +19,20 @@ * file for details on the various modules and licenses. * The "NOTICE" text file is part of the distribution. Any derivative works * that you distribute must include a readable copy of the "NOTICE" text file. -*/ + */ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.anyList; import static org.mockito.Mockito.when; import java.io.IOException; import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchProviderException; +import java.util.Arrays; +import java.util.List; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBException; @@ -37,9 +40,11 @@ import javax.xml.bind.Unmarshaller; import javax.xml.parsers.ParserConfigurationException; import javax.xml.ws.soap.SOAPFaultException; +import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; import org.apache.cxf.binding.soap.SoapFault; import org.junit.Assert; +import org.junit.Before; import org.junit.BeforeClass; import org.junit.Ignore; import org.junit.Rule; @@ -70,11 +75,16 @@ import at.gv.egiz.eaaf.core.exceptions.EaafParserException; import at.gv.egiz.eaaf.core.impl.data.Triple; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import szrservices.GetBPKFromStammzahlEncryptedResponse; +import szrservices.GetBPKFromStammzahlEncryptedResponseType; import szrservices.GetIdentityLinkEidasResponse; import szrservices.IdentityLinkType; import szrservices.PersonInfoType; import szrservices.SZR; import szrservices.SZRException_Exception; +import szrservices.SignContentEntry; +import szrservices.SignContentResponse; +import szrservices.SignContentResponseType; import szrservices.TravelDocumentType; @RunWith(SpringJUnit4ClassRunner.class) @@ -91,12 +101,17 @@ public class SzrClientTest { private static final String familyName = "Mustermann"; private static final String dateOfBirth = "1989-05-05"; private static final String eIDASeID = "IS/AT/1234sdgsdfg56789ABCDEF"; - private static final String DUMMY_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP"; + private SZR szrMock = null; + + + @Rule + public SoapServiceRule soap = SoapServiceRule.newInstance(); + /** * jUnit class initializer. - * + * * @throws IOException In case of an error */ @BeforeClass @@ -106,24 +121,110 @@ public class SzrClientTest { } - @Rule - public SoapServiceRule soap = SoapServiceRule.newInstance(); + /** + * Initialize jUnit test. + */ + @Before + public void initializer() { + if (szrMock == null) { + szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr"); + + } + } + @Test - public void getIdentityLinkRawModeValidResponse() throws SZRException_Exception, EaafParserException, - NoSuchProviderException, IOException, InvalidKeyException, EidasSAuthenticationException, JAXBException { - setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml", "http://localhost:1234/demoszr"); + public void getStammzahlenEcryptedTest() throws JAXBException, SZRException_Exception, SzrCommunicationException { + final GetBPKFromStammzahlEncryptedResponse szrResponse = new GetBPKFromStammzahlEncryptedResponse(); + final GetBPKFromStammzahlEncryptedResponseType result1 = new GetBPKFromStammzahlEncryptedResponseType(); + szrResponse.getOut().add(result1); + + result1.setKey(RandomStringUtils.randomAlphanumeric(20)); + + // when(szrMock.getBPKFromStammzahlEncrypted(anyList())) + // .thenReturn(Arrays.asList(result1)); + when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(result1.getKey()); + + String stammzahlEncrypted = szrClient.getEncryptedStammzahl(new PersonInfoType()); + + Assert.assertEquals("bcBind not match", result1.getKey(), stammzahlEncrypted); + + when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(null); + try { + stammzahlEncrypted = szrClient.getEncryptedStammzahl(new PersonInfoType()); + } catch (SzrCommunicationException e) { + Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); + } + } + + @Test + public void getBcBindValid() throws SZRException_Exception, SzrCommunicationException { + final SignContentResponse szrResponse = new SignContentResponse(); + final SignContentEntry result1 = new SignContentEntry(); + final SignContentResponseType content = new SignContentResponseType(); + content.getOut().add(result1); + szrResponse.setSignContentResponse(content); + + result1.setKey("bcBindReq"); + result1.setValue(RandomStringUtils.randomAlphanumeric(100)); + + when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content); + + final String bcBind = szrClient + .getBcBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10)); + + Assert.assertNotNull("bcBind is null", bcBind); + Assert.assertEquals("bcBind not match", result1.getValue(), bcBind); + + when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(null); + try { + szrClient + .getBcBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10)); + } catch (SzrCommunicationException e) { + Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); + } + + final SignContentEntry result2 = new SignContentEntry(); + final SignContentResponseType content1 = new SignContentResponseType(); + content1.getOut().add(result2); + when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content1); + try { + szrClient + .getBcBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10)); + } catch (SzrCommunicationException e) { + Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); + } + + result2.setKey("bcBindReq"); + result2.setValue(""); + when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content1); + try { + szrClient + .getBcBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10)); + } catch (SzrCommunicationException e) { + Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); + } + } + + @Test + public void getIdentityLinkRawModeValidResponse() + throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException, + EidasSAuthenticationException, JAXBException { + setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml"); try { log.debug("Starting connecting SZR Gateway"); - final IdentityLinkType result = szrClient.getIdentityLinkInRawMode( - getPersonInfo()); + final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(getPersonInfo()); Assert.assertNotNull(result); Assert.assertNotNull(result.getAssertion()); - final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser((Element) result - .getAssertion()).parseIdentityLink(); + final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser((Element) result.getAssertion()) + .parseIdentityLink(); Assert.assertNotNull(identityLink); System.out.println(identityLink.getSerializedSamlAssertion()); @@ -144,16 +245,14 @@ public class SzrClientTest { } @Test - public void getIdentityLinkRawModeErrorTravelerDocExists() throws SZRException_Exception, - EaafParserException, NoSuchProviderException, IOException, InvalidKeyException, + public void getIdentityLinkRawModeErrorTravelerDocExists() + throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException, EidasSAuthenticationException, JAXBException, ParserConfigurationException, SAXException { - setSzrExceptionIdentityLink("/data/szr/szr_resp_error_travelerdocexists.xml", - "http://localhost:1234/demoszr"); + setSzrExceptionIdentityLink("/data/szr/szr_resp_error_travelerdocexists.xml"); try { log.debug("Starting connecting SZR Gateway"); - szrClient.getIdentityLinkInRawMode( - getPersonInfo()); + szrClient.getIdentityLinkInRawMode(getPersonInfo()); Assert.fail(); } catch (final SzrCommunicationException e) { @@ -163,8 +262,7 @@ public class SzrClientTest { Assert.assertNotNull(((SOAPFaultException) e.getCause()).getFault()); checkElement("p344:F455", ((SOAPFaultException) e.getCause()).getFault().getFaultCode()); checkElement( - "The travel document you sent to insert a person already exists for another person. " - + "Either check the document or have the person altered accordingly", + "The travel document you sent to insert a person already exists for another person. " + "Either check the document or have the person altered accordingly", ((SOAPFaultException) e.getCause()).getFault().getFaultString()); } @@ -174,13 +272,16 @@ public class SzrClientTest { @Ignore @Test public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException { - final String bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, - basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, - "no VKZ defined")); + final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, basicConfig + .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined")); - if (StringUtils.isEmpty(bPK)) { - throw new SzrCommunicationException("ernb.01", new Object[] { "bPK is null or empty" }); + if (bPK.isEmpty()) { + throw new SzrCommunicationException("ernb.01", new Object[]{"bPK list is empty"}); + } + for (final String b : bPK) { + if (StringUtils.isEmpty(b)) { + throw new SzrCommunicationException("ernb.01", new Object[]{"bPK is null or empty"}); + } } } @@ -191,37 +292,28 @@ public class SzrClientTest { } - private void setSzrResponseIdentityLink(String responseXmlPath, String serviceUrl) throws JAXBException, - SZRException_Exception { - final SZR szrServiceMock = soap.mock(SZR.class, serviceUrl); - final JAXBContext jaxbContext = JAXBContext.newInstance( - szrservices.ObjectFactory.class, - org.xmlsoap.schemas.ws._2002._04.secext.ObjectFactory.class, - org.w3._2001._04.xmldsig_more.ObjectFactory.class, - org.w3._2000._09.xmldsig.ObjectFactory.class, - at.gv.egov.pvp1.ObjectFactory.class, - at.gv.e_government.reference.namespace.persondata._20020228.ObjectFactory.class); + private void setSzrResponseIdentityLink(String responseXmlPath) throws JAXBException, SZRException_Exception { + final JAXBContext jaxbContext = JAXBContext + .newInstance(szrservices.ObjectFactory.class, org.w3._2001._04.xmldsig_more.ObjectFactory.class, + org.w3._2000._09.xmldsig.ObjectFactory.class, + at.gv.e_government.reference.namespace.persondata._20020228.ObjectFactory.class); final Unmarshaller jaxbUnmarshaller = jaxbContext.createUnmarshaller(); final GetIdentityLinkEidasResponse szrResponse = (GetIdentityLinkEidasResponse) jaxbUnmarshaller .unmarshal(this.getClass().getResourceAsStream(responseXmlPath)); - when(szrServiceMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenReturn(szrResponse - .getGetIdentityLinkReturn()); + when(szrMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenReturn(szrResponse.getGetIdentityLinkReturn()); } - private void setSzrExceptionIdentityLink(String responseXmlPath, String serviceUrl) throws JAXBException, - ParserConfigurationException, SAXException, IOException, SZRException_Exception { - final SZR szrServiceMock = soap.mock(SZR.class, serviceUrl); - final Element detailerror = DomUtils.parseXmlNonValidating(this.getClass().getResourceAsStream( - responseXmlPath)); + private void setSzrExceptionIdentityLink(String responseXmlPath) + throws JAXBException, ParserConfigurationException, SAXException, IOException, SZRException_Exception { + final Element detailerror = DomUtils.parseXmlNonValidating(this.getClass().getResourceAsStream(responseXmlPath)); final javax.xml.namespace.QName qName = new javax.xml.namespace.QName("urn:SZRServices", "F455", "p344"); final SoapFault fault = new SoapFault( - "The travel document you sent to insert a person already exists for another person. " - + "Either check the document or have the person altered accordingly", + "The travel document you sent to insert a person already exists for another person. " + "Either check the document or have the person altered accordingly", qName); fault.setRole("urn:SZRServices"); fault.setDetail(detailerror); - when(szrServiceMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenThrow(fault); + when(szrMock.getIdentityLinkEidas(any(PersonInfoType.class))).thenThrow(fault); } @@ -233,7 +325,7 @@ public class SzrClientTest { return hashBase64; } catch (final Exception ex) { - throw new EidasSAuthenticationException("internal.03", new Object[] {}, ex); + throw new EidasSAuthenticationException("internal.03", new Object[]{}, ex); } } @@ -249,8 +341,7 @@ public class SzrClientTest { personInfo.setTravelDocument(eDocument); // parse some eID attributes - final Triple<String, String, String> eIdentifier = - EidasResponseUtils.parseEidasPersonalIdentifier(eIDASeID); + final Triple<String, String, String> eIdentifier = EidasResponseUtils.parseEidasPersonalIdentifier(eIDASeID); final String uniqueId = createHashFromUniqueId(eIdentifier.getThird()); final String citizenCountry = eIdentifier.getFirst(); @@ -262,9 +353,9 @@ public class SzrClientTest { eDocument.setDocumentNumber(uniqueId); // eID document information - eDocument.setDocumentType(basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, - Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); + eDocument.setDocumentType(basicConfig + .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, + Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); return personInfo; } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java index 2f6a989e..2f573f53 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java @@ -27,6 +27,7 @@ import java.io.IOException; import java.security.InvalidKeyException; import java.security.MessageDigest; import java.security.NoSuchProviderException; +import java.util.List; import org.apache.commons.lang3.StringUtils; import org.junit.Ignore; @@ -58,7 +59,7 @@ import szrservices.PersonInfoType; import szrservices.SZRException_Exception; import szrservices.TravelDocumentType; -//@Ignore +@Ignore @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration("/SpringTest-context_basic_test.xml") public class SzrClientTestProduction { @@ -132,13 +133,18 @@ public class SzrClientTestProduction { @Ignore @Test public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException { - final String bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, + final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, basicConfig.getBasicConfiguration( Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined")); - if (StringUtils.isEmpty(bPK)) { - throw new SzrCommunicationException("ernb.01", new Object[] { "bPK is null or empty" }); + if (bPK.isEmpty()) { + throw new SzrCommunicationException("ernb.01", new Object[]{"bPK list is empty"}); + } + for (String b : bPK) { + if (StringUtils.isEmpty(b)) { + throw new SzrCommunicationException("ernb.01", new Object[]{"bPK is null or empty"}); + } } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java new file mode 100644 index 00000000..dd485ee6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java @@ -0,0 +1,272 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE; +import static org.mockito.ArgumentMatchers.any; +import static org.powermock.api.mockito.PowerMockito.when; + +import java.io.IOException; +import java.net.URI; +import java.net.URISyntaxException; +import java.security.KeyStore; +import java.security.Provider; +import java.security.cert.X509Certificate; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.xml.namespace.QName; + +import org.apache.commons.lang3.RandomStringUtils; +import org.jetbrains.annotations.NotNull; +import org.jose4j.jwa.AlgorithmConstraints; +import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; +import org.jose4j.jws.AlgorithmIdentifiers; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.powermock.core.classloader.annotations.PrepareForTest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import com.skjolberg.mockito.soap.SoapServiceRule; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils.JwsResult; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreFactory; +import at.gv.egiz.eaaf.core.impl.credential.EaafKeyStoreUtils; +import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.attribute.PersonType; +import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; +import lombok.val; +import szrservices.SZR; +import szrservices.SignContentEntry; +import szrservices.SignContentResponseType; + +@RunWith(SpringJUnit4ClassRunner.class) +//@RunWith(PowerMockRunner.class) +//@PowerMockRunnerDelegate(SpringJUnit4ClassRunner.class) +@PrepareForTest(CreateIdentityLinkTask.class) +@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) +@ContextConfiguration("/SpringTest-context_tasks_test.xml") +public class CreateIdentityLinkTaskEidNewTest { + + @Autowired(required = true) + private CreateIdentityLinkTask task; + + @Autowired(required = true) + private IConfiguration basicConfig; + @Autowired + protected EidasAttributeRegistry attrRegistry; + + @Autowired + EaafKeyStoreFactory keyStoreFactory; + + @Autowired + private AuthBlockSigningService authBlockSigner; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + private DummySpConfiguration oaParam; + private SZR szrMock; + + private static final String PW = "f/+saJBc3a}*/T^s"; + private static final String ALIAS = "connectorkeypair"; + + private static final List<String> BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(Arrays + .asList(AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, + AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512, AlgorithmIdentifiers.RSA_PSS_USING_SHA256, + AlgorithmIdentifiers.RSA_PSS_USING_SHA512)); + + @Rule + public final SoapServiceRule soap = SoapServiceRule.newInstance(); + + /** + * jUnit class initializer. + * + * @throws IOException In case of an error + */ + @BeforeClass + public static void classInitializer() throws IOException { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_3.properties"); + + } + + /** + * jUnit test set-up. + */ + @Before + public void setUp() throws EaafStorageException, URISyntaxException { + + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + final Map<String, String> spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); + spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); + spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true"); + oaParam = new DummySpConfiguration(spConfig, basicConfig); + pendingReq = new TestRequestImpl(); + + final AuthenticationResponse response = buildDummyAuthResponse(); + + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); + pendingReq.setSpConfig(oaParam); + pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); + pendingReq.setAuthUrl("http://test.com/"); + pendingReq.setTransactionId("avaasbav"); + + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "XX"); + executionContext.put(EaafConstants.PROCESS_ENGINE_REQUIRES_NO_POSTAUTH_REDIRECT, true); + + szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr"); + } + + @Test + public void successfulProcess() throws Exception { + //initialize test + when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10)); + val signContentResp = new SignContentResponseType(); + final SignContentEntry signContentEntry = new SignContentEntry(); + signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10)); + signContentResp.getOut().add(signContentEntry); + when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp); + + //perform test + task.execute(pendingReq, executionContext); + + //validate state + final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertNotNull("AuthProcessData", authProcessData); + Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class)); + + String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); + Assert.assertNotNull("AuthBlock", authBlock); + + //check authblock signature + final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT, + BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()])); + Pair<KeyStore, Provider> keyStore = getKeyStore(); + X509Certificate[] trustedCerts = EaafKeyStoreUtils + .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond(); + JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints); + Assert.assertTrue("AuthBlock not valid", result.isValid()); + + } + + @Test + public void getStammzahlEncryptedExceptionTest() throws Exception { + try { + when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(null); + task.execute(pendingReq, executionContext); + } catch (TaskExecutionException e) { + Assert.assertEquals("Incorrect exception thrown", e.getMessage(), + "IdentityLink generation for foreign person " + "FAILED."); + Assert.assertEquals("Incorrect exception thrown", ((SzrCommunicationException) e.getCause()).getErrorId(), + "ernb.01"); + Assert.assertTrue("Incorrect exception thrown", e.getCause().getMessage().contains("Stammzahl response empty")); + } + } + + @Test + public void signContentExceptionTest() throws Exception { + try { + when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10)); + when(szrMock, "signContent", any(), any(), any()).thenReturn(null); + task.execute(pendingReq, executionContext); + } catch (TaskExecutionException e) { + Assert.assertEquals("Incorrect exception thrown", e.getMessage(), + "IdentityLink generation for foreign person " + "FAILED."); + Assert.assertEquals("Incorrect exception thrown", ((SzrCommunicationException) e.getCause()).getErrorId(), + "ernb.01"); + Assert.assertTrue("Incorrect exception thrown", e.getCause().getMessage().contains("BcBind response empty")); + } + } + + private Pair<KeyStore, Provider> getKeyStore() throws EaafException { + // read Connector wide config data TODO connector wide! + String keyStoreName = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME); + String keyStorePw = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PASSWORD); + String keyStorePath = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PATH); + String keyStoreType = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_TYPE); + + + //build new KeyStore configuration + KeyStoreConfiguration keyStoreConfiguration = new KeyStoreConfiguration(); + keyStoreConfiguration.setFriendlyName("jUnit test"); + + keyStoreConfiguration.setSoftKeyStoreFilePath(keyStorePath); + keyStoreConfiguration.setSoftKeyStorePassword(keyStorePw); + keyStoreConfiguration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.fromString(keyStoreType)); + keyStoreConfiguration.setKeyStoreName(keyStoreName); + + //build new KeyStore based on configuration + return keyStoreFactory.buildNewKeyStore(keyStoreConfiguration); + + } + + @NotNull + private AuthenticationResponse buildDummyAuthResponse() throws URISyntaxException { + final AttributeDefinition attributeDef = AttributeDefinition.builder() + .friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).nameUri(new URI("ad", "sd", "ff")) + .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "af")) + .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); + final AttributeDefinition attributeDef2 = AttributeDefinition.builder() + .friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).nameUri(new URI("ad", "sd", "fff")) + .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "aff")) + .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); + final AttributeDefinition attributeDef3 = AttributeDefinition.builder() + .friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME).nameUri(new URI("ad", "sd", "ffff")) + .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "afff")) + .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build(); + final AttributeDefinition attributeDef4 = AttributeDefinition.builder() + .friendlyName(Constants.eIDAS_ATTR_DATEOFBIRTH).nameUri(new URI("ad", "sd", "fffff")) + .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "affff")) + .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller").build(); + + final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder() + .put(attributeDef, "de/st/" + RandomStringUtils.randomNumeric(64)) + .put(attributeDef2, RandomStringUtils.randomAlphabetic(10)) + .put(attributeDef3, RandomStringUtils.randomAlphabetic(10)).put(attributeDef4, "2001-01-01").build(); + + val b = new AuthenticationResponse.Builder(); + return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf").subjectNameIdFormat("afaf") + .attributes(attributeMap).build(); + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml index dd116bd3..7d5a4c53 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/SpringTest-context_tasks_test.xml @@ -45,6 +45,9 @@ ref="specificConnectorAdditionalAttributesFileWithPath" /> </bean> + <bean id="authBlockSigningService" + class="at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService" /> + <!-- Authentication Process Tasks --> <bean id="ConnecteIDASNodeTask" class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask" diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties index 35867187..21ed51e7 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_1.properties @@ -50,6 +50,14 @@ eidas.ms.auth.eIDAS.szrclient.params.vkz= eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false +eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +eidas.ms.auth.eIDAS.authblock.keystore.path=./../keystore/teststore.jks +eidas.ms.auth.eIDAS.authblock.keystore.type=jks +eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair +eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + + #Raw eIDAS Id data storage eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_2.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_2.properties index 95ac8ec5..dcdadce5 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_2.properties +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_2.properties @@ -49,6 +49,14 @@ eidas.ms.auth.eIDAS.szrclient.params.vkz= eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false +eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +eidas.ms.auth.eIDAS.authblock.keystore.path=./../keystore/teststore.jks +eidas.ms.auth.eIDAS.authblock.keystore.type=jks +eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair +eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + + #Raw eIDAS Id data storage eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties new file mode 100644 index 00000000..c830d447 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/config/junit_config_3.properties @@ -0,0 +1,118 @@ +## Basic service configuration +eidas.ms.context.url.prefix= +eidas.ms.context.url.request.validation=false + +eidas.ms.context.use.clustermode=true + +##Monitoring +eidas.ms.monitoring.eIDASNode.metadata.url= + + +##Specific logger configuration +eidas.ms.technicallog.write.MDS.into.techlog=true +eidas.ms.revisionlog.write.MDS.into.revisionlog=true +eidas.ms.revisionlog.logIPAddressOfUser=true + +##Directory for static Web content +eidas.ms.webcontent.static.directory=webcontent/ +eidas.ms.webcontent.templates=templates/ +eidas.ms.webcontent.properties=properties/messages + +## extended validation of pending-request Id's +eidas.ms.core.pendingrequestid.maxlifetime=300 +eidas.ms.core.pendingrequestid.digist.algorithm=HmacSHA256 +eidas.ms.core.pendingrequestid.digist.secret=pendingReqIdSecret + +## eIDAS Ref. Implementation connector ### +eidas.ms.auth.eIDAS.node_v2.entityId=ownSpecificConnector +eidas.ms.auth.eIDAS.node_v2.forward.endpoint=http://test.com/ +eidas.ms.auth.eIDAS.node_v2.forward.method=POST +eidas.ms.auth.eIDAS.node_v2.countrycode=AT +eidas.ms.auth.eIDAS.node_v2.publicSectorTargets=.* +eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier=true +eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs=true +eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs=myNode + +eidas.ms.auth.eIDAS.node_v2.loa.requested.minimum=http://eidas.europa.eu/LoA/high + +eidas.ms.auth.eIDAS.szrclient.useTestService=true +eidas.ms.auth.eIDAS.szrclient.endpoint.prod= +eidas.ms.auth.eIDAS.szrclient.endpoint.test=http://localhost:1234/demoszr +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.path=keys/..... +eidas.ms.auth.eIDAS.szrclient.ssl.keyStore.password= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.path= +eidas.ms.auth.eIDAS.szrclient.ssl.trustStore.password= +eidas.ms.auth.eIDAS.szrclient.timeout.connection=15 +eidas.ms.auth.eIDAS.szrclient.timeout.response=30 +eidas.ms.auth.eIDAS.szrclient.params.vkz= + +eidas.ms.auth.eIDAS.authblock.keystore.password=f/+saJBc3a}*/T^s +eidas.ms.auth.eIDAS.authblock.keystore.friendlyName=connectorkeypair +eidas.ms.auth.eIDAS.authblock.keystore.path=./../keystore/teststore.jks +eidas.ms.auth.eIDAS.authblock.keystore.type=jks +eidas.ms.auth.eIDAS.authblock.key.alias=connectorkeypair +eidas.ms.auth.eIDAS.authblock.key.password=f/+saJBc3a}*/T^s + + +eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation=false + + +#Raw eIDAS Id data storage +eidas.ms.auth.eIDAS.szrclient.workarounds.eidmapping.revisionlog.active=true + +eidas.ms.auth.eIDAS.szrclient.params.setPlaceOfBirthIfAvailable=true +eidas.ms.auth.eIDAS.szrclient.params.setBirthNameIfAvailable=true + +eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true +eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false + +##without mandates +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.onlynatural.3=DateOfBirth,true + +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.4=PlaceOfBirth,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.5=BirthName,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.6=Gender,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.7=CurrentAddress,false +eidas.ms.auth.eIDAS.node_v2.attributes.requested.de.onlynatural.8=testtest,false + +##with mandates ---- NOT FULLY SUPPORTED AT THE MOMENT ----- +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.0=PersonIdentifier,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.1=FamilyName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.2=FirstName,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.3=DateOfBirth,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.4=LegalPerson,true +eidas.ms.auth.eIDAS.node_v2.attributes.requested.representation.5=LegalName,true + + +## PVP2 S-Profile end-point configuration +eidas.ms.pvp2.keystore.path=keys/..... +eidas.ms.pvp2.keystore.password= +eidas.ms.pvp2.key.metadata.alias= +eidas.ms.pvp2.key.metadata.password= +eidas.ms.pvp2.key.signing.alias= +eidas.ms.pvp2.key.signing.password= +eidas.ms.pvp2.metadata.validity=24 + +## Service Provider configuration +eidas.ms.sp.0.uniqueID= +eidas.ms.sp.0.pvp2.metadata.truststore= +eidas.ms.sp.0.pvp2.metadata.truststore.password= +eidas.ms.sp.0.newEidMode=true + + +#eidas.ms.sp.0.friendlyName= +#eidas.ms.sp.0.pvp2.metadata.url= +#eidas.ms.sp.0.policy.allowed.requested.targets=.* +#eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + + +##only for advanced config +eidas.ms.configuration.sp.disableRegistrationRequirement= +eidas.ms.configuration.restrictions.baseID.spTransmission= +eidas.ms.configuration.auth.default.countrycode= +eidas.ms.configuration.pvp.scheme.validation= +eidas.ms.configuration.pvp.enable.entitycategories=
\ No newline at end of file diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/teststore.jks b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/teststore.jks Binary files differnew file mode 100644 index 00000000..fcc6400c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/resources/keystore/teststore.jks |