Test input/output for MobilePhoneSignature task

2 files changed, 81 insertions, 22 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
index 0f40b337..8c7815be 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
@@ -184,7 +184,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
       throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
           new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e));
     } catch (final Exception e) {
-      e.printStackTrace();
+      // todo catch ManualFixNecessaryException in any other way?
       log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e);
       throw new TaskExecutionException(pendingReq, ERROR_MSG_03,
           new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java
index c180e6f9..01688214 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java
@@ -3,8 +3,10 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
 import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
 import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
@@ -19,10 +21,12 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
 import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
 import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
 import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
 import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
 import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
 import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import com.google.common.collect.Lists;
 import net.shibboleth.utilities.java.support.xml.ParserPool;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.RandomStringUtils;
@@ -54,9 +58,11 @@ import java.io.InputStream;
 import java.nio.charset.StandardCharsets;
 import java.util.Base64;
 import java.util.Collections;
+import java.util.List;
 import java.util.Objects;
 
 import static org.junit.Assert.*;
+import static org.mockito.ArgumentMatchers.any;
 import static org.mockito.ArgumentMatchers.eq;
 import static org.springframework.util.Assert.isInstanceOf;
 
@@ -68,6 +74,7 @@ import static org.springframework.util.Assert.isInstanceOf;
 public class ReceiveMobilePhoneSignatureResponseTaskTest {
 
   private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
+  private static final String BPK_FROM_ID_AUSTRIA = "BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=";
 
   @Autowired
   protected MsConnectorDummyConfigMap authConfig;
@@ -212,8 +219,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
 
   @Test
   public void httpPostValidSignedAssertionOutDated() throws Exception {
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
+    setupMetadataResolver();
     initResponse("/data/Response_without_sig_classpath_entityid.xml", false);
 
     TaskExecutionException e = assertThrows(TaskExecutionException.class,
@@ -228,8 +234,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
   public void httpPostValidSignedAssertionFromWrongIdp() throws Exception {
     authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
         "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5));
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
+    setupMetadataResolver();
     initResponse("/data/Response_without_sig_classpath_entityid.xml", true);
 
     TaskExecutionException e = assertThrows(TaskExecutionException.class,
@@ -242,8 +247,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
 
   @Test
   public void httpPostValidSignedAssertionMissingAttributes() throws Exception {
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
+    setupMetadataResolver();
     initResponse("/data/Response_without_sig_classpath_entityid.xml", true);
 
     TaskExecutionException e = assertThrows(TaskExecutionException.class,
@@ -256,8 +260,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
 
   @Test
   public void httpPostValidSignedWithError() throws Exception {
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
+    setupMetadataResolver();
     initResponse("/data/Response_without_sig_with_error.xml", true);
 
     TaskExecutionException e = assertThrows(TaskExecutionException.class,
@@ -270,8 +273,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
 
   @Test
   public void httpPostValidSignedWitUserStopErrorCode() throws Exception {
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
+    setupMetadataResolver();
     initResponse("/data/Response_without_sig_with_error_userstop.xml", true);
 
     task.execute(pendingReq, executionContext);
@@ -283,8 +285,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
 
   @Test
   public void httpPostValidSignedWithErrorAndNoSubCode() throws Exception {
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
+    setupMetadataResolver();
     initResponse("/data/Response_without_sig_with_error_without_subcode.xml", true);
 
     TaskExecutionException e = assertThrows(TaskExecutionException.class,
@@ -297,8 +298,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
 
   @Test
   public void httpPostValidSignedWithErrorAndEmptySubCode() throws Exception {
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
+    setupMetadataResolver();
     initResponse("/data/Response_without_sig_with_error_empty_subcode.xml", true);
 
     TaskExecutionException e = assertThrows(TaskExecutionException.class,
@@ -311,8 +311,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
 
   @Test
   public void httpPostValidSignedAssertionEidValidButNameMismatch() throws Exception {
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
+    setupMetadataResolver();
     initResponse("/data/Response_with_EID.xml", true);
     AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
     SimpleEidasData eidData = createEidasDataMatchingToSamlResponse();
@@ -328,22 +327,77 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
   }
 
   @Test
-  public void httpPostValidSignedAssertionEidValid() throws Exception {
-    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
-        METADATA_PATH, null, "jUnit IDP", null));
+  public void httpPostValidSignedAssertionEidValid_NoRegisterResult() throws Exception {
+    setupMetadataResolver();
+    initResponse("/data/Response_with_EID.xml", true);
+    AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+    SimpleEidasData eidData = createEidasDataMatchingToSamlResponse();
+    authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
+    MergedRegisterSearchResult registerSearchResult = new MergedRegisterSearchResult(Collections.emptyList(), Collections.emptyList());
+    Mockito.when(registerSearchService.searchWithBpkZp(eq(BPK_FROM_ID_AUSTRIA))).thenReturn(registerSearchResult);
+
+    task.execute(pendingReq, executionContext);
+
+    AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+    assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel());
+    assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
+    assertNull("Matching BPK", session.getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK));
+    assertEquals("Transition To S16", true, executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK));
+  }
+
+  @Test
+  public void httpPostValidSignedAssertionEidValid_ExactlyOneRegisterResult() throws Exception {
+    setupMetadataResolver();
     initResponse("/data/Response_with_EID.xml", true);
     AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
     SimpleEidasData eidData = createEidasDataMatchingToSamlResponse();
     authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
-    Mockito.when(registerSearchService.searchWithBpkZp(eq("BF:QVGm48cqcM4UcyhDTNGYmVdrIoY="))).thenReturn(new MergedRegisterSearchResult(Collections.emptyList(), Collections.emptyList()));
+    MergedRegisterSearchResult registerSearchResult = buildResultWithOneMatch();
+    Mockito.when(registerSearchService.searchWithBpkZp(eq(BPK_FROM_ID_AUSTRIA))).thenReturn(registerSearchResult);
 
     task.execute(pendingReq, executionContext);
 
     AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
     assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel());
     assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
+    assertNull("Matching BPK", session.getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK));
+    assertNull("Transition To S16", executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK));
+    Mockito.verify(registerSearchService).step7aKittProcess(any(), eq(registerSearchResult), eq(eidData), eq(pendingReq));
+  }
+
+  @Test
+  public void httpPostValidSignedAssertionEidValid_MoreThanOneRegisterResult() throws Exception {
+    setupMetadataResolver();
+    initResponse("/data/Response_with_EID.xml", true);
+    AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+    SimpleEidasData eidData = createEidasDataMatchingToSamlResponse();
+    authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
+    MergedRegisterSearchResult registerSearchResult = buildResultWithTwoMatches();
+    Mockito.when(registerSearchService.searchWithBpkZp(eq(BPK_FROM_ID_AUSTRIA))).thenReturn(registerSearchResult);
+
+
+    TaskExecutionException e = assertThrows(TaskExecutionException.class,
+        () -> task.execute(pendingReq, executionContext));
 
-    //TODO this is the good case
+    assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+    isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+    isInstanceOf(ManualFixNecessaryException.class, e.getOriginalException().getCause());
+    assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+    AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+    assertNull("Matching BPK", session.getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK));
+    assertNull("Transition To S16", executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK));
+  }
+
+  @NotNull
+  private MergedRegisterSearchResult buildResultWithOneMatch() {
+    return new MergedRegisterSearchResult(Collections.singletonList(new RegisterResult(BPK_FROM_ID_AUSTRIA, "bar", "foo", "foo", "bar")), Collections.emptyList());
+  }
+
+  @NotNull
+  private MergedRegisterSearchResult buildResultWithTwoMatches() {
+    List<RegisterResult> results = Lists.newArrayList(new RegisterResult(BPK_FROM_ID_AUSTRIA, "bar", "foo", "foo", "bar"),
+        new RegisterResult("bpk", "pseudonym", "givenName", "familyName", "dateOfBirth"));
+    return new MergedRegisterSearchResult(results, Collections.emptyList());
   }
 
   @NotNull
@@ -377,4 +431,9 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
     addSamlResponseToHttpReq(signedResponse);
   }
 
+  private void setupMetadataResolver() throws Pvp2MetadataException {
+    metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+        METADATA_PATH, null, "jUnit IDP", null));
+  }
+
 }