diff options
Diffstat (limited to 'connector/src/test/java/at')
2 files changed, 284 insertions, 195 deletions
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java index 63b11322..890d4b19 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java @@ -1,12 +1,13 @@ package at.asitplus.eidas.specific.connector.test; import static org.mockito.ArgumentMatchers.any; -import static org.powermock.api.mockito.PowerMockito.when; +import static org.mockito.Mockito.when; import java.io.ByteArrayInputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.lang.reflect.Field; +import java.math.BigInteger; import java.net.URISyntaxException; import java.time.Instant; import java.util.Map; @@ -60,11 +61,25 @@ import at.asitplus.eidas.specific.connector.test.saml2.Pvp2SProfileEndPointTest; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.EidasSignalServlet; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.gv.bmi.namespace.zmr_su.base._20040201.ResponseType; +import at.gv.bmi.namespace.zmr_su.base._20040201.WorkflowInfoServer; +import at.gv.bmi.namespace.zmr_su.base._20040201_.ServicePort; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasIdentitaetErgebnisType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.NatuerlichePersonErgebnisType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.NatuerlichePersonErgebnisType.PersonenName; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonErgebnisSatzType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonErgebnisType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenResponse; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.Personendaten; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonensuchergebnisType; +import at.gv.e_government.reference.namespace.persondata.de._20040201.IdentificationType; import at.gv.egiz.components.spring.api.SpringBootApplicationContextInitializer; +import at.gv.egiz.eaaf.core.api.IStatusMessenger; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.impl.idp.controller.ProtocolFinalizationController; +import at.gv.egiz.eaaf.core.impl.logging.LogMessageProviderFactory; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; import at.gv.egiz.eaaf.core.impl.utils.Random; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; @@ -82,9 +97,12 @@ import eu.eidas.auth.commons.tx.BinaryLightToken; import eu.eidas.specificcommunication.SpecificCommunicationDefinitionBeanNames; import eu.eidas.specificcommunication.exception.SpecificCommunicationException; import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; +import lombok.SneakyThrows; import lombok.val; import net.shibboleth.utilities.java.support.component.ComponentInitializationException; import net.shibboleth.utilities.java.support.xml.XMLParserException; +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; import szrservices.SZR; import szrservices.SignContentEntry; import szrservices.SignContentResponseType; @@ -93,7 +111,7 @@ import szrservices.SignContentResponseType; @SpringBootTest @ContextConfiguration(initializers = { org.springframework.boot.context.config.DelegatingApplicationContextInitializer.class, - SpringBootApplicationContextInitializer.class + SpringBootApplicationContextInitializer.class }) @TestPropertySource(locations = { "file:src/test/resources/config/junit_config_1_springboot.properties" }) @DirtiesContext(classMode = ClassMode.AFTER_CLASS) @@ -101,32 +119,40 @@ import szrservices.SignContentResponseType; public class FullStartUpAndProcessTest { private static final String FINAL_REDIRECT = "http://localhost/public/secure/finalizeAuthProtocol?pendingid="; - + @Autowired private WebApplicationContext wac; @Autowired private PvpEndPointCredentialProvider credentialProvider; @Autowired private PvpMetadataProvider metadataProvider; @Autowired private ResourceLoader resourceLoader; @Autowired private EidasAttributeRegistry attrRegistry; - + @Autowired private Pvp2SProfileEndpoint sProfile; @Autowired private ProcessEngineSignalController signal; @Autowired private EidasSignalServlet eidasSignal; @Autowired private ProtocolFinalizationController finalize; - + + @Autowired private IStatusMessenger messager; + @Rule public final SoapServiceRule soap = SoapServiceRule.newInstance(); - + private SZR szrMock; + private ServicePort zmrClient; + + private static MockWebServer mockWebServer; private String cc; private String givenName; private String familyName; private String dateOfBirth; private String personalId; + private String pseudonym; private String vsz; private String eidasBind; - - + + + + /** * jUnit class initializer. * @throws InterruptedException In case of an error @@ -135,10 +161,11 @@ public class FullStartUpAndProcessTest { * */ @BeforeClass - public static void classInitializer() throws InterruptedException, InitializationException, ComponentInitializationException { + @SneakyThrows + public static void classInitializer() { final String current = new java.io.File(".").toURI().toString(); System.clearProperty("eidas.ms.configuration"); - + //eIDAS Ref. Impl. properties System.setProperty("EIDAS_CONFIG_REPOSITORY", current.substring("file:".length()) + "../basicConfig/eIDAS/"); @@ -146,27 +173,34 @@ public class FullStartUpAndProcessTest { + "../basicConfig/eIDAS/"); System.setProperty("SPECIFIC_PROXY_SERVICE_CONFIG_REPOSITORY", current.substring("file:".length()) + "../basicConfig/eIDAS/"); - + EaafOpenSaml3xInitializer.eaafInitialize(); + + // start ERnP mockup WebServer + mockWebServer = new MockWebServer(); + mockWebServer.start(1718); } - + /** * Test shut-down. * * @throws Exception In case of an error */ @AfterClass - public static void closeIgniteNode() throws Exception { + @SneakyThrows + public static void closeIgniteNode() { System.out.println("Closiong Ignite Node ... "); Ignition.stopAll(true); - //set Ignite-node holder to 'null' because static holders are shared between different tests final Field field = IgniteInstanceInitializerSpecificCommunication.class.getDeclaredField("instance"); field.setAccessible(true); field.set(null, null); + // shut-down ERnP mock-up WebServer + mockWebServer.shutdown(); + } /** @@ -182,27 +216,30 @@ public class FullStartUpAndProcessTest { for (FilterRegistrationBean<?> filter : filters.values()) { if (filter.isEnabled()) { builder.addFilter(filter.getFilter(), "/*"); - + } } + LogMessageProviderFactory.setStatusMessager(messager); + szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr"); - - - + zmrClient = soap.mock(ServicePort.class, "http://localhost:1234/demozmr"); + + cc = RandomStringUtils.randomAlphabetic(2).toUpperCase(); - personalId = cc + "/AT/" + RandomStringUtils.randomNumeric(64); + pseudonym = RandomStringUtils.randomNumeric(64); + personalId = cc + "/AT/" + pseudonym; familyName = RandomStringUtils.randomAlphabetic(10); givenName = RandomStringUtils.randomAlphabetic(10); dateOfBirth = "2015-10-12"; - + vsz = RandomStringUtils.randomNumeric(10); eidasBind = RandomStringUtils.randomAlphanumeric(50); - + } - + @Test - public void userStopProcess() throws UnsupportedEncodingException, XMLParserException, UnmarshallingException, + public void userStopProcess() throws UnsupportedEncodingException, XMLParserException, UnmarshallingException, TransformerException, IOException, MarshallingException, ComponentInitializationException, EaafException { //start authentication process by sending a SAML2 Authn-Request MockHttpServletRequest saml2Req = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); @@ -210,74 +247,74 @@ public class FullStartUpAndProcessTest { MockHttpServletResponse selectCountryResp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(saml2Req, selectCountryResp)); - - // send SAML2 AuthnRequest + + // send SAML2 AuthnRequest sProfile.pvpIdpPostRequest(saml2Req, selectCountryResp); - + //check country-selection response Assert.assertEquals("no country-selection page", 200, selectCountryResp.getStatus()); Assert.assertEquals("cc-selection page", "text/html;charset=UTF-8", selectCountryResp.getContentType()); String selectionPage = selectCountryResp.getContentAsString(); Assert.assertNotNull("selectionPage is null", selectionPage); Assert.assertFalse("selectionPage is empty", selectionPage.isEmpty()); - - String pendingReqId = extractRequestToken(selectionPage, - "<input type=\"hidden\" name=\"pendingid\" value=\""); + + String pendingReqId = extractRequestToken(selectionPage, + "<input type=\"hidden\" name=\"pendingid\" value=\""); Assert.assertFalse("PendingReqId", pendingReqId.isEmpty()); - - + + // set-up user-stop request MockHttpServletRequest userStopReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); userStopReq.setParameter("pendingid", pendingReqId); userStopReq.setParameter(EaafConstants.PARAM_HTTP_STOP_PROCESS, "true"); - + MockHttpServletResponse finalizeResp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(userStopReq, finalizeResp)); - + // send user-stop request signal.performGenericAuthenticationProcess(userStopReq, finalizeResp); - + //validate state Assert.assertEquals("forward to finalization", 302, finalizeResp.getStatus()); Assert.assertNotNull("missing redirect header", finalizeResp.getHeader("Location")); Assert.assertTrue("wrong redirect header", finalizeResp.getHeader("Location").startsWith(FINAL_REDIRECT)); String finalPendingReqId = finalizeResp.getHeader("Location").substring(FINAL_REDIRECT.length()); Assert.assertFalse("final pendingRequestId", finalPendingReqId.isEmpty()); - + //set-up finalization request MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); finalizationReq.setParameter("pendingid", finalPendingReqId); - + MockHttpServletResponse saml2Resp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, saml2Resp)); - + // exexcute finalization step finalize.finalizeAuthProtocol(finalizationReq, saml2Resp); - + //validate state Assert.assertEquals("forward to finalization", 200, saml2Resp.getStatus()); Assert.assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", saml2Resp.getContentType()); String saml2RespPage = saml2Resp.getContentAsString(); Assert.assertNotNull("selectionPage is null", saml2RespPage); Assert.assertFalse("selectionPage is empty", saml2RespPage.isEmpty()); - + //validate SAML2 response - String saml2RespB64 = extractRequestToken(saml2RespPage, + String saml2RespB64 = extractRequestToken(saml2RespPage, "<input type=\"hidden\" name=\"SAMLResponse\" value=\""); Assert.assertNotNull("SAML2 response", saml2RespB64); - + StatusResponseType saml2 = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream( - XMLObjectProviderRegistrySupport.getParserPool(), + XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(Base64Utils.decodeFromString(saml2RespB64))); - Assert.assertEquals("SAML2 status", "urn:oasis:names:tc:SAML:2.0:status:Responder", + Assert.assertEquals("SAML2 status", "urn:oasis:names:tc:SAML:2.0:status:Responder", saml2.getStatus().getStatusCode().getValue()); - Assert.assertEquals("ms-connector status", "1005", + Assert.assertEquals("ms-connector status", "1005", saml2.getStatus().getStatusCode().getStatusCode().getValue()); - + } - + @Test public void fullSuccessProcess() throws EaafException, Exception { //start authentication process by sending a SAML2 Authn-Request @@ -286,149 +323,201 @@ public class FullStartUpAndProcessTest { MockHttpServletResponse selectCountryResp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(saml2Req, selectCountryResp)); - - // send SAML2 AuthnRequest + + // send SAML2 AuthnRequest sProfile.pvpIdpPostRequest(saml2Req, selectCountryResp); - + //check country-selection response Assert.assertEquals("no country-selection page", 200, selectCountryResp.getStatus()); Assert.assertEquals("cc-selection page", "text/html;charset=UTF-8", selectCountryResp.getContentType()); String selectionPage = selectCountryResp.getContentAsString(); Assert.assertNotNull("selectionPage is null", selectionPage); Assert.assertFalse("selectionPage is empty", selectionPage.isEmpty()); - - String pendingReqId = extractRequestToken(selectionPage, - "<input type=\"hidden\" name=\"pendingid\" value=\""); + + String pendingReqId = extractRequestToken(selectionPage, + "<input type=\"hidden\" name=\"pendingid\" value=\""); Assert.assertFalse("PendingReqId", pendingReqId.isEmpty()); - - + + // set-up country-selection request MockHttpServletRequest selectCountryReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); selectCountryReq.setParameter("pendingid", pendingReqId); selectCountryReq.setParameter("selectedCountry", cc); - + MockHttpServletResponse forwardEidasNodeResp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(selectCountryReq, forwardEidasNodeResp)); - + // send country-selection request signal.performGenericAuthenticationProcess(selectCountryReq, forwardEidasNodeResp); - + //check forward to eIDAS node response Assert.assertEquals("forward to eIDAS Node", 200, forwardEidasNodeResp.getStatus()); Assert.assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", forwardEidasNodeResp.getContentType()); String forwardPage = forwardEidasNodeResp.getContentAsString(); Assert.assertNotNull("forward to eIDAS Node is null", forwardPage); Assert.assertFalse("forward to eIDAS Node is empty", forwardPage.isEmpty()); - - String eidasNodeReqToken = extractRequestToken(forwardPage, + + String eidasNodeReqToken = extractRequestToken(forwardPage, "<input type=\"hidden\" name=\"token\" value=\""); Assert.assertFalse("eidas req. token", eidasNodeReqToken.isEmpty()); - + //check eIDAS node request and build respose String eidasRespToken = validateEidasNodeRequestAndBuildResponse(eidasNodeReqToken); Assert.assertFalse("eidas resp. token", eidasRespToken.isEmpty()); - - + + // set-up eIDAS-node response MockHttpServletRequest eidasNodeRespReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); eidasNodeRespReq.setParameter("token", eidasRespToken); - + MockHttpServletResponse finalizeResp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(eidasNodeRespReq, finalizeResp)); - - injectSzrResponse(); + + // inject ZMR, ERnP and SZR responses for matching + injectZmrResponse(); + injectSzrResponse(); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody("{}") // empty response because we simulate result from ZMR + .setHeader("Content-Type", "application/json;charset=utf-8")); //excute eIDAS node response eidasSignal.restoreEidasAuthProcess(eidasNodeRespReq, finalizeResp); - + //validate state Assert.assertEquals("forward to finalization", 302, finalizeResp.getStatus()); Assert.assertNotNull("missing redirect header", finalizeResp.getHeader("Location")); Assert.assertTrue("wrong redirect header", finalizeResp.getHeader("Location").startsWith(FINAL_REDIRECT)); String finalPendingReqId = finalizeResp.getHeader("Location").substring(FINAL_REDIRECT.length()); Assert.assertFalse("final pendingRequestId", finalPendingReqId.isEmpty()); - - + + //set-up finalization request MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); finalizationReq.setParameter("pendingid", finalPendingReqId); - + MockHttpServletResponse saml2Resp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, saml2Resp)); - + // exexcute finalization step finalize.finalizeAuthProtocol(finalizationReq, saml2Resp); - + //validate state Assert.assertEquals("forward to finalization", 200, saml2Resp.getStatus()); Assert.assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", saml2Resp.getContentType()); String saml2RespPage = saml2Resp.getContentAsString(); Assert.assertNotNull("selectionPage is null", saml2RespPage); Assert.assertFalse("selectionPage is empty", saml2RespPage.isEmpty()); - + //validate SAML2 response - String saml2RespB64 = extractRequestToken(saml2RespPage, + String saml2RespB64 = extractRequestToken(saml2RespPage, "<input type=\"hidden\" name=\"SAMLResponse\" value=\""); Assert.assertNotNull("SAML2 response", saml2RespB64); - + StatusResponseType saml2 = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream( - XMLObjectProviderRegistrySupport.getParserPool(), + XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(Base64Utils.decodeFromString(saml2RespB64))); Assert.assertEquals("SAML2 status", Constants.SUCCESS_URI, saml2.getStatus().getStatusCode().getValue()); - + final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(saml2); + Assert.assertEquals("wrong resp attr. size", 7, extractor.getAllIncludeAttributeNames().size()); - Assert.assertEquals("Wrong attr: LoA ", "http://eidas.europa.eu/LoA/high", + Assert.assertEquals("Wrong attr: LoA ", "http://eidas.europa.eu/LoA/high", extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.108")); - Assert.assertEquals("Wrong attr: PVP_VERSION ", "2.2", + Assert.assertEquals("Wrong attr: PVP_VERSION ", "2.2", extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.10")); - Assert.assertEquals("Wrong attr: EID_ISSUER_NATION ", cc, + Assert.assertEquals("Wrong attr: EID_ISSUER_NATION ", cc, extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.32")); - Assert.assertEquals("Wrong attr: eidasBind", eidasBind, + Assert.assertEquals("Wrong attr: eidasBind", eidasBind, extractor.getSingleAttributeValue("urn:eidgvat:attributes.eidbind")); - Assert.assertNotNull("Wrong attr: authBlock", + Assert.assertNotNull("Wrong attr: authBlock", extractor.getSingleAttributeValue("urn:eidgvat:attributes.authblock.signed")); - Assert.assertNotNull("Wrong attr: piiTras.Id ", + Assert.assertNotNull("Wrong attr: piiTras.Id ", extractor.getSingleAttributeValue("urn:eidgvat:attributes.piiTransactionId")); Assert.assertEquals("Wrong attr:EID_STATUS_LEVEL ", "http://eid.gv.at/eID/status/identity", extractor.getSingleAttributeValue(PvpAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_NAME)); - + } private void injectSzrResponse() throws Exception { - - when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(vsz); + + when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(vsz); val signContentResp = new SignContentResponseType(); final SignContentEntry signContentEntry = new SignContentEntry(); signContentEntry.setValue(eidasBind); signContentResp.getOut().add(signContentEntry); - when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp); - + when(szrMock.signContent(any(), any(), any())).thenReturn(signContentResp); + + } + + private void injectZmrResponse() throws Exception { + ResponseType resp = new ResponseType(); + + WorkflowInfoServer workflow = new WorkflowInfoServer(); + workflow.setProzessInstanzID(new BigInteger(RandomStringUtils.randomNumeric(10))); + resp.setWorkflowInfoServer(workflow); + + PersonSuchenResponse persRespObj = new PersonSuchenResponse(); + PersonensuchergebnisType searchResult = new PersonensuchergebnisType(); + PersonErgebnisSatzType personInfoObj = new PersonErgebnisSatzType(); + resp.setPersonSuchenResponse(persRespObj); + persRespObj.setPersonensuchergebnis(searchResult); + + searchResult.setGefundeneSaetzeERnP(0); + searchResult.setGefundeneSaetze(1); + searchResult.getPersonErgebnisSatz().add(personInfoObj); + + PersonErgebnisType personInfo = new PersonErgebnisType(); + Personendaten personDataObj = new Personendaten(); + personInfoObj.setPersonendaten(personDataObj); + personDataObj.getPersonErgebnis().add(personInfo); + + EidasIdentitaetErgebnisType eidasPersonalIdentifier = new EidasIdentitaetErgebnisType(); + personInfo.getEidasIdentitaet().add(eidasPersonalIdentifier); + eidasPersonalIdentifier.setEidasWert(pseudonym); + eidasPersonalIdentifier.setEidasArt(Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER); + eidasPersonalIdentifier.setStaatscode2(cc); + + NatuerlichePersonErgebnisType natInfo = new NatuerlichePersonErgebnisType(); + IdentificationType bpk = new IdentificationType(); + PersonenName natName = new PersonenName(); + natInfo.getIdentification().add(bpk); + natInfo.setPersonenName(natName); + personInfo.setNatuerlichePerson(natInfo); + + bpk.setType(EaafConstants.URN_PREFIX_CDID + "ZP"); + bpk.setValue(RandomStringUtils.randomAlphabetic(10)); + natInfo.setGeburtsdatum(dateOfBirth); + natName.setFamilienname(familyName); + natName.setVorname(givenName); + + when(zmrClient.service(any(), any())).thenReturn(resp); + } - private String validateEidasNodeRequestAndBuildResponse(String eidasNodeReqToken) + + private String validateEidasNodeRequestAndBuildResponse(String eidasNodeReqToken) throws SpecificCommunicationException, URISyntaxException { final SpecificCommunicationService springManagedSpecificConnectorCommunicationService = (SpecificCommunicationService) wac.getBean( SpecificCommunicationDefinitionBeanNames.SPECIFIC_CONNECTOR_COMMUNICATION_SERVICE.toString()); - - //read request and validate basic properties - ILightRequest req = springManagedSpecificConnectorCommunicationService.getAndRemoveRequest(eidasNodeReqToken, + + //read request and validate basic properties + ILightRequest req = springManagedSpecificConnectorCommunicationService.getAndRemoveRequest(eidasNodeReqToken, attrRegistry.getCoreAttributeRegistry().getAttributes()); - + Assert.assertNotNull("eIDAS Node req", req); Assert.assertEquals("Wrong CC", cc, req.getCitizenCountryCode()); Assert.assertEquals("Wrong CC", EaafConstants.EIDAS_LOA_HIGH, req.getLevelOfAssurance()); - - + + //set response from eIDAS node BinaryLightToken respoToken = springManagedSpecificConnectorCommunicationService.putResponse( buildDummyAuthResponse(Constants.SUCCESS_URI, req.getId())); return Base64Utils.encodeToString(respoToken.getTokenBytes()); - + } private AuthenticationResponse buildDummyAuthResponse(String statusCode, String reqId) throws URISyntaxException { @@ -440,7 +529,7 @@ public class FullStartUpAndProcessTest { Constants.eIDAS_ATTR_CURRENTGIVENNAME).first(); final AttributeDefinition<?> attributeDef4 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( Constants.eIDAS_ATTR_DATEOFBIRTH).first(); - + final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder() .put(attributeDef, personalId) .put(attributeDef2, familyName) @@ -457,20 +546,20 @@ public class FullStartUpAndProcessTest { .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .attributes(attributeMap) .build(); - + } - + private String extractRequestToken(String selectionPage, String selector) { int start = selectionPage.indexOf(selector); Assert.assertTrue("find no pendingReqId location start", start > 0); int end = selectionPage.indexOf("\"", start + selector.length()); Assert.assertTrue("find no pendingReqId location end", end > 0); return selectionPage.substring(start + selector.length(), end); - + } - private void injectSaml2AuthnReq(MockHttpServletRequest saml2Req) throws XMLParserException, UnmarshallingException, - SamlSigningException, CredentialsNotAvailableException, UnsupportedEncodingException, TransformerException, + private void injectSaml2AuthnReq(MockHttpServletRequest saml2Req) throws XMLParserException, UnmarshallingException, + SamlSigningException, CredentialsNotAvailableException, UnsupportedEncodingException, TransformerException, IOException, MarshallingException, ComponentInitializationException { final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), @@ -479,18 +568,18 @@ public class FullStartUpAndProcessTest { RequestAbstractType signedAuthnReq = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true); String b64 = Base64Utils.encodeToString(DomUtils.serializeNode( - XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); + XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); saml2Req.setParameter("SAMLRequest", b64); - + final org.springframework.core.io.Resource resource = resourceLoader.getResource( "classpath:/data/metadata_valid_without_encryption.xml"); Timer timer = new Timer("PVP metadata-resolver refresh"); - ResourceBackedMetadataResolver fileSystemResolver = + ResourceBackedMetadataResolver fileSystemResolver = new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); fileSystemResolver.setId("test"); fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); - fileSystemResolver.initialize(); + fileSystemResolver.initialize(); metadataProvider.addMetadataResolverIntoChain(fileSystemResolver); - + } } diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java index ebc07680..a9612297 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/saml2/Pvp2SProfileEndPointTest.java @@ -80,37 +80,37 @@ public class Pvp2SProfileEndPointTest { @Autowired private PvpMetadataProvider metadataProvider; @Autowired private ResourceLoader resourceLoader; @Autowired private IRequestStorage storage; - + private static CertificateFactory fact; - - + + private MockHttpServletRequest httpReq; private MockHttpServletResponse httpResp; - + /** * jUnit class initializer. * @throws ComponentInitializationException In case of an error * @throws InitializationException In case of an error - * @throws CertificateException - * + * @throws CertificateException + * */ @BeforeClass - public static void classInitializer() throws InitializationException, + public static void classInitializer() throws InitializationException, ComponentInitializationException, CertificateException { final String current = new java.io.File(".").toURI().toString(); System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties"); - + EaafOpenSaml3xInitializer.eaafInitialize(); - + fact = CertificateFactory.getInstance("X.509"); - + } - + /** * jUnit test set-up. - * @throws EaafException - * + * @throws EaafException + * */ @Before public void initialize() throws EaafException { @@ -118,12 +118,12 @@ public class Pvp2SProfileEndPointTest { httpResp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - + } - + @Test - public void authnReqWrongEndpoint() throws EaafException, XMLParserException, UnmarshallingException, - UnsupportedEncodingException, TransformerException, IOException, MarshallingException, + public void authnReqWrongEndpoint() throws EaafException, XMLParserException, UnmarshallingException, + UnsupportedEncodingException, TransformerException, IOException, MarshallingException, ComponentInitializationException { //initialize test final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( @@ -133,34 +133,34 @@ public class Pvp2SProfileEndPointTest { RequestAbstractType signedAuthnReq = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true); String b64 = Base64Utils.encodeToString(DomUtils.serializeNode( - XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); + XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); httpReq.setParameter("SAMLRequest", b64); - + final org.springframework.core.io.Resource resource = resourceLoader.getResource( "classpath:/data/metadata_valid.xml"); Timer timer = new Timer("PVP metadata-resolver refresh"); - ResourceBackedMetadataResolver fileSystemResolver = + ResourceBackedMetadataResolver fileSystemResolver = new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); fileSystemResolver.setId("test"); fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); - fileSystemResolver.initialize(); + fileSystemResolver.initialize(); metadataProvider.addMetadataResolverIntoChain(fileSystemResolver); - - + + //request SAML2 authentication try { controller.pvpIdpPostRequest(httpReq, httpResp); Assert.fail("wrong AuthnRequest not detected"); - + }catch (EaafException e) { - Assert.assertEquals("wrong errorId", "pvp2.22", e.getErrorId()); - - } + Assert.assertEquals("wrong errorId", "pvp2.22", e.getErrorId()); + + } } - + @Test - public void authnReqWrongSigned() throws EaafException, XMLParserException, UnmarshallingException, - UnsupportedEncodingException, TransformerException, IOException, MarshallingException, + public void authnReqWrongSigned() throws EaafException, XMLParserException, UnmarshallingException, + UnsupportedEncodingException, TransformerException, IOException, MarshallingException, ComponentInitializationException { //initialize test final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( @@ -170,34 +170,34 @@ public class Pvp2SProfileEndPointTest { RequestAbstractType signedAuthnReq = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true); String b64 = Base64Utils.encodeToString(DomUtils.serializeNode( - XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); + XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); httpReq.setParameter("SAMLRequest", b64); - + final org.springframework.core.io.Resource resource = resourceLoader.getResource( "classpath:/data/metadata_valid.xml"); Timer timer = new Timer("PVP metadata-resolver refresh"); - ResourceBackedMetadataResolver fileSystemResolver = + ResourceBackedMetadataResolver fileSystemResolver = new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); fileSystemResolver.setId("test"); fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); - fileSystemResolver.initialize(); + fileSystemResolver.initialize(); metadataProvider.addMetadataResolverIntoChain(fileSystemResolver); - - + + //request SAML2 authentication try { controller.pvpIdpPostRequest(httpReq, httpResp); Assert.fail("wrong AuthnRequest not detected"); - + }catch (EaafException e) { - Assert.assertEquals("wrong errorId", "pvp2.21", e.getErrorId()); - - } + Assert.assertEquals("wrong errorId", "pvp2.21", e.getErrorId()); + + } } - + @Test - public void authnReqMetadataExpired() throws EaafException, XMLParserException, UnmarshallingException, - UnsupportedEncodingException, TransformerException, IOException, MarshallingException, + public void authnReqMetadataExpired() throws EaafException, XMLParserException, UnmarshallingException, + UnsupportedEncodingException, TransformerException, IOException, MarshallingException, ComponentInitializationException { //initialize test final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( @@ -207,34 +207,34 @@ public class Pvp2SProfileEndPointTest { RequestAbstractType signedAuthnReq = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMetaDataSigningCredential(), true); String b64 = Base64Utils.encodeToString(DomUtils.serializeNode( - XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); + XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); httpReq.setParameter("SAMLRequest", b64); - + final org.springframework.core.io.Resource resource = resourceLoader.getResource( "classpath:/data/metadata_expired.xml"); Timer timer = new Timer("PVP metadata-resolver refresh"); - ResourceBackedMetadataResolver fileSystemResolver = + ResourceBackedMetadataResolver fileSystemResolver = new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); fileSystemResolver.setId("test"); fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); - fileSystemResolver.initialize(); + fileSystemResolver.initialize(); metadataProvider.addMetadataResolverIntoChain(fileSystemResolver); - - + + //request SAML2 authentication try { controller.pvpIdpPostRequest(httpReq, httpResp); Assert.fail("wrong AuthnRequest not detected"); - + }catch (EaafException e) { - Assert.assertEquals("wrong errorId", "pvp2.21", e.getErrorId()); - - } + Assert.assertEquals("wrong errorId", "pvp2.21", e.getErrorId()); + + } } - + @Test - public void authnReqValid() throws EaafException, XMLParserException, UnmarshallingException, - UnsupportedEncodingException, TransformerException, IOException, MarshallingException, + public void authnReqValid() throws EaafException, XMLParserException, UnmarshallingException, + UnsupportedEncodingException, TransformerException, IOException, MarshallingException, ComponentInitializationException { //initialize test final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( @@ -244,67 +244,67 @@ public class Pvp2SProfileEndPointTest { RequestAbstractType signedAuthnReq = Saml2Utils.signSamlObject(authnReq, credentialProvider.getMessageSigningCredential(), true); String b64 = Base64Utils.encodeToString(DomUtils.serializeNode( - XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); + XMLObjectSupport.getMarshaller(signedAuthnReq).marshall(signedAuthnReq)).getBytes("UTF-8")); httpReq.setParameter("SAMLRequest", b64); - + final org.springframework.core.io.Resource resource = resourceLoader.getResource( "classpath:/data/metadata_valid.xml"); Timer timer = new Timer("PVP metadata-resolver refresh"); - ResourceBackedMetadataResolver fileSystemResolver = + ResourceBackedMetadataResolver fileSystemResolver = new ResourceBackedMetadataResolver(timer, new OpenSaml3ResourceAdapter(resource)); fileSystemResolver.setId("test"); fileSystemResolver.setParserPool(XMLObjectProviderRegistrySupport.getParserPool()); - fileSystemResolver.initialize(); + fileSystemResolver.initialize(); metadataProvider.addMetadataResolverIntoChain(fileSystemResolver); - - + + //request SAML2 authentication controller.pvpIdpPostRequest(httpReq, httpResp); - - + + //validate state Assert.assertEquals("http statuscode", 200, httpResp.getStatus()); Assert.assertEquals("Wrong http ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); - + String html = httpResp.getContentAsString(); Assert.assertNotNull("html result is null", html); - Assert.assertFalse("html result is empty", html.isEmpty()); + Assert.assertFalse("html result is empty", html.isEmpty()); Assert.assertTrue("Wrong page", html.contains("action=\"/myHomeCountry\"")); - - String pattern = "<input type=\"hidden\" name=\"pendingid\" value=\""; + + String pattern = "<input type=\"hidden\" name=\"pendingid\" value=\""; int pendingIdStart = html.indexOf(pattern) + pattern.length(); - int pendingIdEnd = html.indexOf("\"", pendingIdStart); - String pendingReqId = html.substring(pendingIdStart, pendingIdEnd); + int pendingIdEnd = html.indexOf("\"", pendingIdStart); + String pendingReqId = html.substring(pendingIdStart, pendingIdEnd); Assert.assertFalse("pendingReqId is empty", pendingReqId.isEmpty()); - + IRequest pendingReq = storage.getPendingRequest(pendingReqId); - Assert.assertNotNull("pendingReq", pendingReq); + Assert.assertNotNull("pendingReq", pendingReq); Assert.assertNotNull("piiTransId", pendingReq.getUniquePiiTransactionIdentifier()); Assert.assertNotNull("piiTransId", pendingReq.getUniqueTransactionIdentifier()); - - Assert.assertEquals("wrong OA Id", "https://demo.egiz.gv.at/demoportal-openID_demo", + + Assert.assertEquals("wrong OA Id", "https://demo.egiz.gv.at/demoportal-openID_demo", pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID, String.class)); - Assert.assertEquals("wrong bPK Target", "urn:publicid:gv.at:cdid+BF", + Assert.assertEquals("wrong bPK Target", "urn:publicid:gv.at:cdid+BF", pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); - - + + } - + @Test - public void checkSaml2Metadata() throws EaafException, UnsupportedEncodingException, XMLParserException, + public void checkSaml2Metadata() throws EaafException, UnsupportedEncodingException, XMLParserException, UnmarshallingException, CertificateException, SignatureException { - + //request SAML2 Metadata controller.pvpMetadataRequest(httpReq, httpResp); - + //validate state Assert.assertEquals("http statuscode", 200, httpResp.getStatus()); Assert.assertEquals("Wrong http ContentType", "application/xml", httpResp.getContentType()); - + String html = httpResp.getContentAsString(); Assert.assertNotNull("html result is null", html); - Assert.assertFalse("html result is empty", html.isEmpty()); - + Assert.assertFalse("html result is empty", html.isEmpty()); + final EntityDescriptor entity = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), @@ -320,18 +320,18 @@ public class Pvp2SProfileEndPointTest { final Credential cred = new BasicX509Credential((X509Certificate) fact.generateCertificate( Pvp2SProfileEndPointTest.class.getResourceAsStream("/config/keys/Metadata.pem"))); SignatureValidator.validate(entity.getSignature(), cred); - + Assert.assertEquals("wrong entityId", "http://localhost/pvp/metadata", entity.getEntityID()); Assert.assertNotNull("IDPSSODescr", entity.getRoleDescriptors(IDPSSODescriptor.DEFAULT_ELEMENT_NAME)); Assert.assertNotNull("SPSSODescr", entity.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME)); - Assert.assertEquals("SPSSODescr. size", 0, + Assert.assertEquals("SPSSODescr. size", 0, entity.getRoleDescriptors(SPSSODescriptor.DEFAULT_ELEMENT_NAME).size()); - + List<RoleDescriptor> idp = entity.getRoleDescriptors(IDPSSODescriptor.DEFAULT_ELEMENT_NAME); Assert.assertEquals("IDP descr. size", 1, idp.size()); Assert.assertEquals("IDP descr. endpoints", 2, idp.get(0).getEndpoints().size()); Assert.assertEquals("IDP descr. keyDescr", 1, idp.get(0).getKeyDescriptors().size()); - + } - + } |