diff options
Diffstat (limited to 'connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java')
| -rw-r--r-- | connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java | 337 |
1 files changed, 0 insertions, 337 deletions
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java deleted file mode 100644 index a9612297..00000000 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java +++ /dev/null @@ -1,337 +0,0 @@ -package at.asitplus.eidas.specific.connector.test.saml2; - -import java.io.ByteArrayInputStream; -import java.io.IOException; -import java.io.UnsupportedEncodingException; -import java.security.cert.CertificateException; -import java.security.cert.CertificateFactory; -import java.security.cert.X509Certificate; -import java.time.Instant; -import java.util.List; -import java.util.Timer; - -import javax.xml.transform.TransformerException; - -import org.junit.Assert; -import org.junit.Before; -import org.junit.BeforeClass; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.opensaml.core.config.InitializationException; -import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; -import org.opensaml.core.xml.io.MarshallingException; -import org.opensaml.core.xml.io.UnmarshallingException; -import org.opensaml.core.xml.util.XMLObjectSupport; -import org.opensaml.saml.metadata.resolver.impl.ResourceBackedMetadataResolver; -import org.opensaml.saml.saml2.core.RequestAbstractType; -import org.opensaml.saml.saml2.metadata.EntityDescriptor; -import org.opensaml.saml.saml2.metadata.IDPSSODescriptor; -import org.opensaml.saml.saml2.metadata.RoleDescriptor; -import org.opensaml.saml.saml2.metadata.SPSSODescriptor; -import org.opensaml.saml.security.impl.SAMLSignatureProfileValidator; -import org.opensaml.security.credential.Credential; -import org.opensaml.security.x509.BasicX509Credential; -import org.opensaml.xmlsec.signature.support.SignatureException; -import org.opensaml.xmlsec.signature.support.SignatureValidator; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.core.io.ResourceLoader; -import org.springframework.mock.web.MockHttpServletRequest; -import org.springframework.mock.web.MockHttpServletResponse; -import org.springframework.test.annotation.DirtiesContext; -import org.springframework.test.annotation.DirtiesContext.ClassMode; -import org.springframework.test.context.ActiveProfiles; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.test.context.web.WebAppConfiguration; -import org.springframework.util.Base64Utils; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; - -import at.asitplus.eidas.specific.connector.controller.Pvp2SProfileEndpoint; -import at.asitplus.eidas.specific.connector.provider.PvpEndPointCredentialProvider; -import at.asitplus.eidas.specific.connector.provider.PvpMetadataProvider; -import at.asitplus.eidas.specific.core.MsEidasNodeConstants; -import at.gv.egiz.eaaf.core.api.IRequest; -import at.gv.egiz.eaaf.core.api.IRequestStorage; -import at.gv.egiz.eaaf.core.exceptions.EaafException; -import at.gv.egiz.eaaf.core.impl.utils.DomUtils; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.OpenSaml3ResourceAdapter; -import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; -import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; -import net.shibboleth.utilities.java.support.component.ComponentInitializationException; -import net.shibboleth.utilities.java.support.xml.XMLParserException; - -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration({ - "/applicationContext.xml", - "/spring/SpringTest_connector.beans.xml", - "/eaaf_core.beans.xml", - "/eaaf_pvp.beans.xml", - "/eaaf_pvp_idp.beans.xml", - "/spring/SpringTest-context_simple_storage.xml" }) -@ActiveProfiles(profiles = {"deprecatedConfig"}) -@WebAppConfiguration -@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) -public class Pvp2SProfileEndPointTest { - - - @Autowired private Pvp2SProfileEndpoint controller; - @Autowired private PvpEndPointCredentialProvider credentialProvider; - @Autowired private PvpMetadataProvider metadataProvider; - @Autowired private ResourceLoader resourceLoader; - @Autowired private IRequestStorage storage; - - private static CertificateFactory fact; - - - private MockHttpServletRequest httpReq; - private MockHttpServletResponse httpResp; - - - /** - * jUnit class initializer. - * @throws ComponentInitializationException In case of an error - * @throws InitializationException In case of an error - * @throws CertificateException - * - */ - @BeforeClass - public static void classInitializer() throws InitializationException, - ComponentInitializationException, CertificateException { - final String current = new java.io.File(".").toURI().toString(); - System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties"); - - EaafOpenSaml3xInitializer.eaafInitialize(); - - fact = CertificateFactory.getInstance("X.509"); - - } - - /** - * jUnit test set-up. - * @throws EaafException - * - */ - @Before - public void initialize() throws EaafException { - httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); - httpResp = new MockHttpServletResponse(); - RequestContextHolder.resetRequestAttributes(); - RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - - } - - @Test - public void authnReqWrongEndpoint() throws EaafException, XMLParserException, UnmarshallingException, - UnsupportedEncodingException, TransformerException, IOException, MarshallingException, - ComponentInitializationException { - //initialize test - final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( - XMLObjectProviderRegistrySupport.getParserPool(), - Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_3.xml")); - authnReq.setIssueInstant(Instant.now()); - RequestAbstractType signedAuthnReq = - Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true); - String b64 = Base64Utils.encodeToString(DomUtils.serializeNode( - XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); - httpReq.setParameter("SAMLRequest", b64); - - final org.springframework.core.io.Resource resource = resourceLoader.getResource( - "classpath:/data/metadata_valid.xml"); - Timer timer = new Timer("PVP metadata-resolver refresh"); - ResourceBackedMetadataResolver fileSystemResolver = - new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); - fileSystemResolver.setId("test"); - fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); - fileSystemResolver.initialize(); - metadataProvider.addMetadataResolverIntoChain(fileSystemResolver); - - - //request SAML2 authentication - try { - controller.pvpIdpPostRequest(httpReq, httpResp); - Assert.fail("wrong AuthnRequest not detected"); - - }catch (EaafException e) { - Assert.assertEquals("wrong errorId", "pvp2.22", e.getErrorId()); - - } - } - - @Test - public void authnReqWrongSigned() throws EaafException, XMLParserException, UnmarshallingException, - UnsupportedEncodingException, TransformerException, IOException, MarshallingException, - ComponentInitializationException { - //initialize test - final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( - XMLObjectProviderRegistrySupport.getParserPool(), - Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml")); - authnReq.setIssueInstant(Instant.now()); - RequestAbstractType signedAuthnReq = - Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true); - String b64 = Base64Utils.encodeToString(DomUtils.serializeNode( - XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); - httpReq.setParameter("SAMLRequest", b64); - - final org.springframework.core.io.Resource resource = resourceLoader.getResource( - "classpath:/data/metadata_valid.xml"); - Timer timer = new Timer("PVP metadata-resolver refresh"); - ResourceBackedMetadataResolver fileSystemResolver = - new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); - fileSystemResolver.setId("test"); - fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); - fileSystemResolver.initialize(); - metadataProvider.addMetadataResolverIntoChain(fileSystemResolver); - - - //request SAML2 authentication - try { - controller.pvpIdpPostRequest(httpReq, httpResp); - Assert.fail("wrong AuthnRequest not detected"); - - }catch (EaafException e) { - Assert.assertEquals("wrong errorId", "pvp2.21", e.getErrorId()); - - } - } - - @Test - public void authnReqMetadataExpired() throws EaafException, XMLParserException, UnmarshallingException, - UnsupportedEncodingException, TransformerException, IOException, MarshallingException, - ComponentInitializationException { - //initialize test - final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( - XMLObjectProviderRegistrySupport.getParserPool(), - Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml")); - authnReq.setIssueInstant(Instant.now()); - RequestAbstractType signedAuthnReq = - Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true); - String b64 = Base64Utils.encodeToString(DomUtils.serializeNode( - XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); - httpReq.setParameter("SAMLRequest", b64); - - final org.springframework.core.io.Resource resource = resourceLoader.getResource( - "classpath:/data/metadata_expired.xml"); - Timer timer = new Timer("PVP metadata-resolver refresh"); - ResourceBackedMetadataResolver fileSystemResolver = - new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); - fileSystemResolver.setId("test"); - fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); - fileSystemResolver.initialize(); - metadataProvider.addMetadataResolverIntoChain(fileSystemResolver); - - - //request SAML2 authentication - try { - controller.pvpIdpPostRequest(httpReq, httpResp); - Assert.fail("wrong AuthnRequest not detected"); - - }catch (EaafException e) { - Assert.assertEquals("wrong errorId", "pvp2.21", e.getErrorId()); - - } - } - - @Test - public void authnReqValid() throws EaafException, XMLParserException, UnmarshallingException, - UnsupportedEncodingException, TransformerException, IOException, MarshallingException, - ComponentInitializationException { - //initialize test - final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( - XMLObjectProviderRegistrySupport.getParserPool(), - Pvp2SProfileEndPointTest.class.getResourceAsStream("/data/pvp2_authn_1.xml")); - authnReq.setIssueInstant(Instant.now()); - RequestAbstractType signedAuthnReq = - Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true); - String b64 = Base64Utils.encodeToString(DomUtils.serializeNode( - XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); - httpReq.setParameter("SAMLRequest", b64); - - final org.springframework.core.io.Resource resource = resourceLoader.getResource( - "classpath:/data/metadata_valid.xml"); - Timer timer = new Timer("PVP metadata-resolver refresh"); - ResourceBackedMetadataResolver fileSystemResolver = - new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); - fileSystemResolver.setId("test"); - fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); - fileSystemResolver.initialize(); - metadataProvider.addMetadataResolverIntoChain(fileSystemResolver); - - - //request SAML2 authentication - controller.pvpIdpPostRequest(httpReq, httpResp); - - - //validate state - Assert.assertEquals("http statuscode", 200, httpResp.getStatus()); - Assert.assertEquals("Wrong http ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); - - String html = httpResp.getContentAsString(); - Assert.assertNotNull("html result is null", html); - Assert.assertFalse("html result is empty", html.isEmpty()); - Assert.assertTrue("Wrong page", html.contains("action=\"/myHomeCountry\"")); - - String pattern = "<input type=\"hidden\" name=\"pendingid\" value=\""; - int pendingIdStart = html.indexOf(pattern) + pattern.length(); - int pendingIdEnd = html.indexOf("\"", pendingIdStart); - String pendingReqId = html.substring(pendingIdStart, pendingIdEnd); - Assert.assertFalse("pendingReqId is empty", pendingReqId.isEmpty()); - - IRequest pendingReq = storage.getPendingRequest(pendingReqId); - Assert.assertNotNull("pendingReq", pendingReq); - Assert.assertNotNull("piiTransId", pendingReq.getUniquePiiTransactionIdentifier()); - Assert.assertNotNull("piiTransId", pendingReq.getUniqueTransactionIdentifier()); - - Assert.assertEquals("wrong OA Id", "https://demo.egiz.gv.at/demoportal-openID_demo", - pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class)); - Assert.assertEquals("wrong bPK Target", "urn:publicid:gv.at:cdid+BF", - pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - - - } - - @Test - public void checkSaml2Metadata() throws EaafException, UnsupportedEncodingException, XMLParserException, - UnmarshallingException, CertificateException, SignatureException { - - //request SAML2 Metadata - controller.pvpMetadataRequest(httpReq, httpResp); - - //validate state - Assert.assertEquals("http statuscode", 200, httpResp.getStatus()); - Assert.assertEquals("Wrong http ContentType", "application/xml", httpResp.getContentType()); - - String html = httpResp.getContentAsString(); - Assert.assertNotNull("html result is null", html); - Assert.assertFalse("html result is empty", html.isEmpty()); - - - final EntityDescriptor entity = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( - XMLObjectProviderRegistrySupport.getParserPool(), - new ByteArrayInputStream(html.getBytes("UTF-8"))); - - Assert.assertNotNull("Unmarshalling failed", entity); - Assert.assertNotNull("EntityId is null", entity.getEntityID()); - - Assert.assertNotNull("Signature is null", entity.getSignature()); - final SAMLSignatureProfileValidator sigValidator = new SAMLSignatureProfileValidator(); - sigValidator.validate(entity.getSignature()); - - final Credential cred = new BasicX509Credential((X509Certificate) fact.generateCertificate( - Pvp2SProfileEndPointTest.class.getResourceAsStream("/config/keys/Metadata.pem"))); - SignatureValidator.validate(entity.getSignature(), cred); - - Assert.assertEquals("wrong entityId", "http://localhost/pvp/metadata", entity.getEntityID()); - Assert.assertNotNull("IDPSSODescr", entity.getRoleDescriptors(IDPSSODescriptor.DEFAULT_ELEMENT_NAME)); - Assert.assertNotNull("SPSSODescr", entity.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME)); - Assert.assertEquals("SPSSODescr. size", 0, - entity.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME).size()); - - List<RoleDescriptor> idp = entity.getRoleDescriptors(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); - Assert.assertEquals("IDP descr. size", 1, idp.size()); - Assert.assertEquals("IDP descr. endpoints", 2, idp.get(0).getEndpoints().size()); - Assert.assertEquals("IDP descr. keyDescr", 1, idp.get(0).getKeyDescriptors().size()); - - } - -} |