aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2
diff options
context:
space:
mode:
authorChristian Kollmann <christian.kollmann@a-sit.at>2021-02-25 07:54:53 +0100
committerChristian Kollmann <christian.kollmann@a-sit.at>2021-02-25 13:27:12 +0100
commit0c4fe92684a707040fd7536da05945a64b309740 (patch)
treee0ecf1d6367b2e110d9f1801506b9d6d6385f750 /eidas_modules/authmodule-eIDAS-v2
parent3338a3dd00fabf28f1de8579535b1626dbe99908 (diff)
downloadNational_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.tar.gz
National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.tar.bz2
National_eIDAS_Gateway-0c4fe92684a707040fd7536da05945a64b309740.zip
Refactor tasks for MobilePhoneSignature login and tests
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java18
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java (renamed from eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java)105
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java543
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java371
5 files changed, 436 insertions, 603 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
index 2a7beb3b..e7a5547a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/dao/SimpleMobileSignatureData.java
@@ -24,12 +24,12 @@
package at.asitplus.eidas.specific.modules.auth.eidas.v2.dao;
import lombok.Data;
+import org.apache.commons.lang3.builder.EqualsBuilder;
@Data
public class SimpleMobileSignatureData {
private String citizenCountryCode;
-
private String bpk;
private String givenName;
private String familyName;
@@ -37,19 +37,15 @@ public class SimpleMobileSignatureData {
/**
* Compares the received authentication data from the mobile phone signature with the eid data received via eIDAS.
+ *
* @param simpleEidasData The extracted eIDAS data
* @return Returns true, if the eIDAS data matches the mobile phone signature data and false otherwise.
*/
public boolean equalsSimpleEidasData(SimpleEidasData simpleEidasData) {
- if (!simpleEidasData.getGivenName().equals(givenName)) {
- return false;
- }
- if (!simpleEidasData.getFamilyName().equals(familyName)) {
- return false;
- }
- if (!simpleEidasData.getDateOfBirth().equals(dateOfBirth)) {
- return false;
- }
- return true;
+ return new EqualsBuilder()
+ .append(simpleEidasData.getGivenName(), givenName)
+ .append(simpleEidasData.getFamilyName(), familyName)
+ .append(simpleEidasData.getDateOfBirth(), dateOfBirth)
+ .isEquals();
}
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
index 81be04b5..0f40b337 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
@@ -64,7 +64,6 @@ import org.opensaml.messaging.decoder.MessageDecodingException;
import org.opensaml.saml.saml2.core.Response;
import org.opensaml.saml.saml2.core.StatusCode;
import org.opensaml.saml.saml2.metadata.IDPSSODescriptor;
-import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
@@ -86,16 +85,12 @@ import static at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.I
*/
@Slf4j
@Component("ReceiveMobilePhoneSignatureResponseTask")
-public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends AbstractAuthServletTask {
+public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServletTask {
- @Autowired
- private SamlVerificationEngine samlVerificationEngine;
- @Autowired
- private RegisterSearchService registerSearchService;
- @Autowired
- private IdAustriaClientAuthCredentialProvider credentialProvider;
- @Autowired
- IdAustriaClientAuthMetadataProvider metadataProvider;
+ private final SamlVerificationEngine samlVerificationEngine;
+ private final RegisterSearchService registerSearchService;
+ private final IdAustriaClientAuthCredentialProvider credentialProvider;
+ private final IdAustriaClientAuthMetadataProvider metadataProvider;
private static final String ERROR_PVP_03 = "sp.pvp2.03";
private static final String ERROR_PVP_05 = "sp.pvp2.05";
@@ -107,9 +102,22 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
private static final String ERROR_MSG_00 = "Receive INVALID PVP Response from ID Austria system";
private static final String ERROR_MSG_01 = "Processing PVP response from 'ID Austria system' FAILED.";
- private static final String ERROR_MSG_02 = "PVP response decrytion FAILED. No credential found.";
+ private static final String ERROR_MSG_02 = "PVP response decryption FAILED. No credential found.";
private static final String ERROR_MSG_03 = "PVP response validation FAILED.";
+ /**
+ * Creates the new task, with autowired dependencies from Spring.
+ */
+ public ReceiveMobilePhoneSignatureResponseTask(SamlVerificationEngine samlVerificationEngine,
+ RegisterSearchService registerSearchService,
+ IdAustriaClientAuthCredentialProvider credentialProvider,
+ IdAustriaClientAuthMetadataProvider metadataProvider) {
+ this.samlVerificationEngine = samlVerificationEngine;
+ this.registerSearchService = registerSearchService;
+ this.credentialProvider = credentialProvider;
+ this.metadataProvider = metadataProvider;
+ }
+
@Override
public void execute(ExecutionContext executionContext, HttpServletRequest request, HttpServletResponse response)
throws TaskExecutionException {
@@ -118,7 +126,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
IDecoder decoder = loadDecoder(request);
EaafUriCompare comparator = loadComparator(request);
InboundMessage inboundMessage = decodeAndVerifyMessage(request, response, decoder, comparator);
- final Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage);
+ Pair<PvpSProfileResponse, Boolean> processedMsg = validateAssertion((PvpSProfileResponse) inboundMessage);
if (processedMsg.getSecond()) {
stopProcessFromUserDecision(executionContext, request, response);
return;
@@ -138,30 +146,22 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
*
*/
- final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
MergedRegisterSearchResult initialSearchResult =
authProcessData.getGenericDataFromSession(DATA_INITIAL_REGISTER_RESULT, MergedRegisterSearchResult.class);
SimpleEidasData eidasData = authProcessData.getGenericDataFromSession(DATA_SIMPLE_EIDAS, SimpleEidasData.class);
+ String bpkZp = extractBpkZp(extractor, authProcessData, eidasData);
- SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData);
- if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
- //TODO User has cheated?
- throw new InvalidUserInputException();
- }
-
- String bpkZp = simpleMobileSignatureData.getBpk();
MergedRegisterSearchResult result = registerSearchService.searchWithBpkZp(bpkZp);
if (result.getResultCount() == 0) {
- //go to step 16
executionContext.put(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK, true);
return;
} else if (result.getResultCount() == 1) {
String bpk = registerSearchService.step7aKittProcess(initialSearchResult, result, eidasData, pendingReq);
authProcessData.setGenericDataToSession(Constants.DATA_RESULT_MATCHING_BPK, bpk);
return;
- //node 110
} else if (result.getResultCount() > 1) {
- throw new ManualFixNecessaryException("bpkZp: " + bpkZp);// node 108
+ throw new ManualFixNecessaryException("bpkZp: " + bpkZp);
}
// set NeedConsent to false, because user gives consent during authentication
@@ -180,7 +180,7 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
throw new TaskExecutionException(pendingReq, ERROR_MSG_01,
new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
} catch (final CredentialsNotAvailableException e) {
- log.debug("PVP response decrytion FAILED. No credential found.", e);
+ log.debug("PVP response decryption FAILED. No credential found.", e);
throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e));
} catch (final Exception e) {
@@ -191,6 +191,17 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
}
}
+ private String extractBpkZp(AssertionAttributeExtractor extractor,
+ AuthProcessDataWrapper authProcessData,
+ SimpleEidasData eidasData) throws EaafBuilderException, InvalidUserInputException {
+ SimpleMobileSignatureData simpleMobileSignatureData = getAuthDataFromInterfederation(extractor, authProcessData);
+ if (!simpleMobileSignatureData.equalsSimpleEidasData(eidasData)) {
+ //TODO User has cheated?
+ throw new InvalidUserInputException();
+ }
+ return simpleMobileSignatureData.getBpk();
+ }
+
@NotNull
private InboundMessage decodeAndVerifyMessage(HttpServletRequest request, HttpServletResponse response,
IDecoder decoder, EaafUriCompare comparator) throws Exception {
@@ -297,33 +308,31 @@ public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask extends
throws EaafBuilderException {
List<String> requiredAttributes = IdAustriaClientAuthConstants.DEFAULT_REQUIRED_PVP_ATTRIBUTE_NAMES;
SimpleMobileSignatureData result = new SimpleMobileSignatureData();
- try {
- if (!extractor.containsAllRequiredAttributes(requiredAttributes)) {
- log.warn("PVP Response from 'ID Austria node' contains not all requested attributes.");
- throw new AssertionValidationExeption(ERROR_PVP_06, new Object[]{MODULE_NAME_FOR_LOGGING});
+ if (!extractor.containsAllRequiredAttributes(requiredAttributes)) {
+ log.warn("PVP Response from 'ID Austria node' contains not all requested attributes.");
+ AssertionValidationExeption e = new AssertionValidationExeption(ERROR_PVP_06,
+ new Object[]{MODULE_NAME_FOR_LOGGING});
+ throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
+ }
+ final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
+ for (final String attrName : includedAttrNames) {
+ if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
+ result.setBpk(extractor.getSingleAttributeValue(attrName));
}
- final Set<String> includedAttrNames = extractor.getAllIncludeAttributeNames();
- for (final String attrName : includedAttrNames) {
- if (PvpAttributeDefinitions.BPK_NAME.equals(attrName)) {
- result.setBpk(extractor.getSingleAttributeValue(attrName));
- }
- if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) {
- result.setGivenName(extractor.getSingleAttributeValue(attrName));
- }
- if (PvpAttributeDefinitions.PRINCIPAL_NAME_NAME.equals(attrName)) {
- result.setFamilyName(extractor.getSingleAttributeValue(attrName));
- }
- if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) {
- result.setDateOfBirth(extractor.getSingleAttributeValue(attrName));
- }
- if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
- authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName));
- }
+ if (PvpAttributeDefinitions.GIVEN_NAME_NAME.equals(attrName)) {
+ result.setGivenName(extractor.getSingleAttributeValue(attrName));
+ }
+ if (PvpAttributeDefinitions.PRINCIPAL_NAME_NAME.equals(attrName)) {
+ result.setFamilyName(extractor.getSingleAttributeValue(attrName));
+ }
+ if (PvpAttributeDefinitions.BIRTHDATE_NAME.equals(attrName)) {
+ result.setDateOfBirth(extractor.getSingleAttributeValue(attrName));
+ }
+ if (PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME.equals(attrName)) {
+ authProcessData.setQaaLevel(extractor.getSingleAttributeValue(attrName));
}
- authProcessData.setIssueInstant(extractor.getAssertionIssuingDate());
- } catch (final AssertionValidationExeption e) {
- throw new EaafBuilderException(ERROR_PVP_06, null, e.getMessage(), e);
}
+ authProcessData.setIssueInstant(extractor.getAssertionIssuingDate());
return result;
}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
index 34046e55..ed086493 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/resources/eidas_v2_auth.beans.xml
@@ -121,7 +121,7 @@
scope="prototype" />
<bean id="ReceiveMobilePhoneSignatureResponseTask"
- class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask"
+ class="at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseTask"
scope="prototype" />
<bean id="GenerateAustrianResidenceGuiTask"
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java
deleted file mode 100644
index 42dd3ddc..00000000
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.java
+++ /dev/null
@@ -1,543 +0,0 @@
-package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
-
-import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
-import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest;
-import at.gv.egiz.eaaf.core.api.data.EaafConstants;
-import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
-import at.gv.egiz.eaaf.core.exceptions.EaafException;
-import at.gv.egiz.eaaf.core.exceptions.EaafStorageException;
-import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
-import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
-import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
-import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
-import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential;
-import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
-import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException;
-import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
-import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
-import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
-import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
-import net.shibboleth.utilities.java.support.xml.XMLParserException;
-import org.apache.commons.io.IOUtils;
-import org.apache.commons.lang3.RandomStringUtils;
-import org.joda.time.DateTime;
-import org.junit.Before;
-import org.junit.BeforeClass;
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
-import org.opensaml.core.xml.io.MarshallingException;
-import org.opensaml.core.xml.io.UnmarshallingException;
-import org.opensaml.core.xml.util.XMLObjectSupport;
-import org.opensaml.saml.saml2.core.Issuer;
-import org.opensaml.saml.saml2.core.Response;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.ApplicationContext;
-import org.springframework.mock.web.MockHttpServletRequest;
-import org.springframework.mock.web.MockHttpServletResponse;
-import org.springframework.test.context.ContextConfiguration;
-import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
-
-import javax.xml.transform.TransformerException;
-import java.io.IOException;
-import java.util.Base64;
-
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertFalse;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertThrows;
-import static org.junit.Assert.assertTrue;
-import static org.junit.Assert.fail;
-import static org.springframework.util.Assert.isInstanceOf;
-
-@RunWith(SpringJUnit4ClassRunner.class)
-@ContextConfiguration(locations = {
- "/SpringTest-context_tasks_test.xml",
- "/SpringTest-context_basic_mapConfig.xml"
-})
-public class ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest {
-
- private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
-
- @Autowired
- private ApplicationContext context;
- @Autowired
- protected MsConnectorDummyConfigMap authConfig;
- @Autowired
- private IdAustriaClientAuthMetadataProvider metadataProvider;
- @Autowired
- private IdAustriaClientAuthCredentialProvider credentialProvider;
- @Autowired
- private PvpMetadataResolverFactory metadataFactory;
-
- private final ExecutionContext executionContext = new ExecutionContextImpl();
- private MockHttpServletRequest httpReq;
- private MockHttpServletResponse httpResp;
- private DummyPendingRequest pendingReq;
-
- private ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask task;
-
- /**
- * JUnit class initializer.
- *
- * @throws Exception In case of an OpenSAML3 initialization error
- */
- @BeforeClass
- public static void initialize() throws Exception {
- EaafOpenSaml3xInitializer.eaafInitialize();
-
- }
-
- /**
- * jUnit test set-up.
- *
- * @throws Exception In case of an set-up error
- */
- @Before
- public void setUp() throws Exception {
- task = (ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask) context.getBean(
- "ReceiveMobilePhoneSignatureResponseTask");
-
- httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
- httpReq.setScheme("https");
- httpReq.setServerPort(443);
- httpReq.setContextPath("/authhandler");
- httpResp = new MockHttpServletResponse();
- RequestContextHolder.resetRequestAttributes();
- RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
-
- authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, METADATA_PATH);
-
- DummyOA oaParam = new DummyOA();
- oaParam.setUniqueAppId("http://test.com/test");
- oaParam.setTargetIdentifier(EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2));
-
- pendingReq = new DummyPendingRequest();
- pendingReq.initialize(httpReq, authConfig);
- pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10));
- pendingReq.setOnlineApplicationConfiguration(oaParam);
-
- metadataProvider.fullyDestroy();
- }
-
- @Test
- public void unsupportedHttpMethode() {
- httpReq = new MockHttpServletRequest("PUT", "https://localhost/authhandler");
- RequestContextHolder.resetRequestAttributes();
- RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.03", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
- }
-
- @Test
- public void httpGetNoMessage() {
- httpReq = new MockHttpServletRequest("GET", "https://localhost/authhandler");
- RequestContextHolder.resetRequestAttributes();
- RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
-
- }
-
- @Test
- public void httpPostNoMessage() {
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
- }
-
- @Test
- public void httpPostMessageNotSigned() throws IOException {
-
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTask.class
- .getResourceAsStream(
- "/data/Response_without_sig_classpath_entityid.xml"))));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
-
- }
-
- @Test
- public void httpPostMessageWrongDestinationEndpoint() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- TransformerException, MarshallingException {
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_with_wrong_destination_endpoint.xml",
- credentialProvider.getMessageSigningCredential(), true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
-
- }
-
- @Test
- public void httpPostValidSignedNoMetadata() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException {
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_classpath_entityid.xml",
- credentialProvider.getMessageSigningCredential(), true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.11", ((EaafException) e.getOriginalException()).getErrorId());
- }
-
- @Test
- public void httpPostValidSignedAssertionOutDated() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_classpath_entityid.xml",
- credentialProvider.getMessageSigningCredential(), false);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId());
-
- }
-
- @Test
- public void httpPostValidSignedAssertionFromWrongIdp() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException {
-
- authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
- "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5));
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_classpath_entityid.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.08", ((EaafException) e.getOriginalException()).getErrorId());
-
- }
-
- @Test
- public void httpPostValidSignedAssertionMissingAttributes() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_classpath_entityid.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId());
-
- }
-
- @Test
- public void httpPostValidSignedWithError() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_with_error.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- final TaskExecutionException e = assertThrows(TaskExecutionException.class,
- () -> task.execute(pendingReq, executionContext));
-
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
-
- }
-
- @Test
- public void httpPostValidSignedWitUserStopErrorCode() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException, TaskExecutionException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_with_error_userstop.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- // perform test
- task.execute(pendingReq, executionContext);
-
- // validate state
- assertTrue("process not cancelled", executionContext.isProcessCancelled());
- assertTrue("process not stopped by user", pendingReq.isAbortedByUser());
- assertFalse("should not authenticated", pendingReq.isAuthenticated());
-
- }
-
- @Test
- public void httpPostValidSignedWithErrorAndNoSubCode() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_with_error_without_subcode.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- try {
- task.execute(pendingReq, executionContext);
- fail("Invalid response not detected");
-
- } catch (final TaskExecutionException e) {
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
- }
- }
-
- @Test
- public void httpPostValidSignedWithErrorAndEmptySubCode() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_without_sig_with_error_empty_subcode.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- try {
- task.execute(pendingReq, executionContext);
- fail("Invalid response not detected");
-
- } catch (final TaskExecutionException e) {
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
-
- }
- }
-
- @Test
- public void httpPostValidSignedAssertionEidValid() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException, TaskExecutionException, EaafStorageException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_with_EID.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- // put SimpleEidasData in session
- final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- final SimpleEidasData eidData = new SimpleEidasData();
- eidData.setFamilyName("Mustermann");
- eidData.setGivenName("Max");
- eidData.setDateOfBirth("1940-01-01");
- authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
-
- // perform task
- task.execute(pendingReq, executionContext);
-
- // validate state
- final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel());
- assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
-
- //TODO:
-
- }
-
- @Test
- public void httpPostValidSignedAssertionEidValidButNameMissmatch() throws IOException, SamlSigningException,
- Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException,
- MarshallingException, TransformerException, TaskExecutionException, EaafStorageException {
-
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
-
- final Response response = initializeResponse(
- "classpath:/data/idp_metadata_classpath_entity.xml",
- "/data/Response_with_EID.xml",
- credentialProvider.getMessageSigningCredential(),
- true);
- httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(
- DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes(
- "UTF-8")));
-
- // put SimpleEidasData in session
- final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
- final SimpleEidasData eidData = new SimpleEidasData();
- eidData.setFamilyName("Mustermann1");
- eidData.setGivenName("Max");
- eidData.setDateOfBirth("1940-01-01");
- authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
-
- // perform task
- try {
- task.execute(pendingReq, executionContext);
- fail("Invalid response not detected");
-
- } catch (final TaskExecutionException e) {
- assertNotNull(e.getPendingRequestID());
- assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
- assertNotNull(e.getOriginalException());
- isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
- assertTrue(e.getOriginalException().getCause() instanceof InvalidUserInputException);
- }
-
- }
-
- private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential,
- boolean validConditions) throws SamlSigningException, XMLParserException, UnmarshallingException,
- Pvp2MetadataException {
-
- final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(
- XMLObjectProviderRegistrySupport.getParserPool(),
- ReceiveMobilePhoneSignatureResponseAndSearchInRegistersTaskTest.class.getResourceAsStream(
- responsePath));
- response.setIssueInstant(DateTime.now());
- final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
- issuer.setValue(idpEntityId);
- response.setIssuer(issuer);
-
- if (validConditions) {
- response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5));
-
- }
-
- return Saml2Utils.signSamlObject(response, credential, true);
- }
-
-}
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java
new file mode 100644
index 00000000..5ea7b59b
--- /dev/null
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java
@@ -0,0 +1,371 @@
+package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
+
+import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseTask;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest;
+import at.gv.egiz.eaaf.core.api.data.EaafConstants;
+import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
+import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
+import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
+import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import net.shibboleth.utilities.java.support.xml.ParserPool;
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.jetbrains.annotations.NotNull;
+import org.joda.time.DateTime;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.MarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.saml.saml2.core.Issuer;
+import org.opensaml.saml.saml2.core.Response;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.xml.transform.TransformerException;
+import java.io.IOException;
+import java.io.InputStream;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Objects;
+
+import static org.junit.Assert.*;
+import static org.springframework.util.Assert.isInstanceOf;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration(locations = {
+ "/SpringTest-context_tasks_test.xml",
+ "/SpringTest-context_basic_mapConfig.xml"
+})
+public class ReceiveMobilePhoneSignatureResponseTaskTest {
+
+ private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
+
+ @Autowired
+ protected MsConnectorDummyConfigMap authConfig;
+ @Autowired
+ private IdAustriaClientAuthMetadataProvider metadataProvider;
+ @Autowired
+ private IdAustriaClientAuthCredentialProvider credentialProvider;
+ @Autowired
+ private PvpMetadataResolverFactory metadataFactory;
+ @Autowired
+ private ReceiveMobilePhoneSignatureResponseTask task;
+
+ private final ExecutionContext executionContext = new ExecutionContextImpl();
+ private MockHttpServletRequest httpReq;
+ private MockHttpServletResponse httpResp;
+ private DummyPendingRequest pendingReq;
+
+ /**
+ * JUnit class initializer.
+ *
+ * @throws Exception In case of an OpenSAML3 initialization error
+ */
+ @BeforeClass
+ public static void initialize() throws Exception {
+ EaafOpenSaml3xInitializer.eaafInitialize();
+ }
+
+ /**
+ * jUnit test set-up.
+ *
+ * @throws Exception In case of an set-up error
+ */
+ @Before
+ public void setUp() throws Exception {
+ httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+ httpReq.setScheme("https");
+ httpReq.setServerPort(443);
+ httpReq.setContextPath("/authhandler");
+ httpResp = new MockHttpServletResponse();
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, METADATA_PATH);
+
+ DummyOA oaParam = new DummyOA();
+ oaParam.setUniqueAppId("http://test.com/test");
+ oaParam.setTargetIdentifier(EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2));
+
+ pendingReq = new DummyPendingRequest();
+ pendingReq.initialize(httpReq, authConfig);
+ pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10));
+ pendingReq.setOnlineApplicationConfiguration(oaParam);
+
+ metadataProvider.fullyDestroy();
+ }
+
+ @Test
+ public void unsupportedHttpMethod() {
+ httpReq = new MockHttpServletRequest("PUT", "https://localhost/authhandler");
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.03", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpGetNoMessage() {
+ httpReq = new MockHttpServletRequest("GET", "https://localhost/authhandler");
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+ }
+
+ @Test
+ public void httpPostNoMessage() {
+ httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler");
+ RequestContextHolder.resetRequestAttributes();
+ RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp));
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostMessageNotSigned() throws IOException {
+ byte[] bytes = IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseTask.class
+ .getResourceAsStream("/data/Response_without_sig_classpath_entityid.xml"));
+ httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(bytes));
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+ }
+
+ @Test
+ public void httpPostMessageWrongDestinationEndpoint() throws Exception {
+ initResponse("/data/Response_with_wrong_destination_endpoint.xml", true);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+
+ }
+
+ @Test
+ public void httpPostValidSignedNoMetadata() throws Exception {
+ initResponse("/data/Response_without_sig_classpath_entityid.xml", true);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.11", ((EaafException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionOutDated() throws Exception {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_without_sig_classpath_entityid.xml", false);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionFromWrongIdp() throws Exception {
+ authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
+ "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5));
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_without_sig_classpath_entityid.xml", true);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.08", ((EaafException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionMissingAttributes() throws Exception {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_without_sig_classpath_entityid.xml", true);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostValidSignedWithError() throws Exception {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_without_sig_with_error.xml", true);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostValidSignedWitUserStopErrorCode() throws Exception {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_without_sig_with_error_userstop.xml", true);
+
+ task.execute(pendingReq, executionContext);
+
+ assertTrue("process not cancelled", executionContext.isProcessCancelled());
+ assertTrue("process not stopped by user", pendingReq.isAbortedByUser());
+ assertFalse("should not authenticated", pendingReq.isAuthenticated());
+ }
+
+ @Test
+ public void httpPostValidSignedWithErrorAndNoSubCode() throws Exception {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_without_sig_with_error_without_subcode.xml", true);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostValidSignedWithErrorAndEmptySubCode() throws Exception {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_without_sig_with_error_empty_subcode.xml", true);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId());
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionEidValidButNameMismatch() throws Exception {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_with_EID.xml", true);
+ AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ SimpleEidasData eidData = createEidasDataMatchingToSamlResponse();
+ eidData.setFamilyName(eidData.getFamilyName() + "notmatching");
+ authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
+
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ isInstanceOf(InvalidUserInputException.class, e.getOriginalException().getCause());
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionEidValid() throws Exception {
+ // klar darstellen: was ist input, was ist dann expected output ... eigentlich für alle tasks!
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ initResponse("/data/Response_with_EID.xml", true);
+ AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ SimpleEidasData eidData = createEidasDataMatchingToSamlResponse();
+ authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
+
+ task.execute(pendingReq, executionContext);
+
+ AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel());
+ assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
+
+ //TODO this is the good case
+ }
+
+ @NotNull
+ private SimpleEidasData createEidasDataMatchingToSamlResponse() {
+ // data from "/data/Response_with_EID.xml"
+ SimpleEidasData result = new SimpleEidasData();
+ result.setFamilyName("Mustermann");
+ result.setGivenName("Max");
+ result.setDateOfBirth("1940-01-01");
+ return result;
+ }
+
+ private void addSamlResponseToHttpReq(Response response) throws TransformerException, IOException, MarshallingException {
+ String node = DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response));
+ String base64encoded = Base64.getEncoder().encodeToString(node.getBytes(StandardCharsets.UTF_8));
+ httpReq.addParameter("SAMLResponse", base64encoded);
+ }
+
+ private void initResponse(String responsePath, boolean validConditions) throws Exception {
+ InputStream inputStream = ReceiveMobilePhoneSignatureResponseTaskTest.class.getResourceAsStream(responsePath);
+ ParserPool parserPool = Objects.requireNonNull(XMLObjectProviderRegistrySupport.getParserPool());
+ Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(parserPool, inputStream);
+ response.setIssueInstant(DateTime.now());
+ Issuer issuer = Saml2Utils.createSamlObject(Issuer.class);
+ issuer.setValue("classpath:/data/idp_metadata_classpath_entity.xml");
+ response.setIssuer(issuer);
+ if (validConditions) {
+ response.getAssertions().get(0).getConditions().setNotOnOrAfter(DateTime.now().plusMinutes(5));
+ }
+ Response signedResponse = Saml2Utils.signSamlObject(response, credentialProvider.getMessageSigningCredential(), true);
+ addSamlResponseToHttpReq(signedResponse);
+ }
+
+}