diff options
Diffstat (limited to 'connector/src/test')
6 files changed, 195 insertions, 8 deletions
diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java index 17ecb2ca..552c448e 100644 --- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/utils/AuthenticationDataBuilderTest.java @@ -32,6 +32,7 @@ import org.w3c.dom.Element; import at.asitplus.eidas.specific.connector.builder.AuthenticationDataBuilder; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions; @@ -72,6 +73,7 @@ public class AuthenticationDataBuilderTest { private TestRequestImpl pendingReq; private DummySpConfiguration oaParam; + private Map<String, String> spConfig; private String eidasBind; private String authBlock; @@ -92,7 +94,7 @@ public class AuthenticationDataBuilderTest { RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - final Map<String, String> spConfig = new HashMap<>(); + spConfig = new HashMap<>(); spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); spConfig.put(PROP_CONFIG_SP_NEW_EID_MODE, "true"); @@ -106,25 +108,89 @@ public class AuthenticationDataBuilderTest { authBlock = RandomStringUtils.randomAlphanumeric(20); eidasBind = RandomStringUtils.randomAlphanumeric(20); pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(Constants.SZR_AUTHBLOCK, authBlock); - pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(Constants.EIDAS_BIND, eidasBind); - pendingReq.getSessionData(AuthProcessDataWrapper.class) .setQaaLevel(EaafConstants.EIDAS_LOA_PREFIX + RandomStringUtils.randomAlphabetic(5)); pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, - RandomStringUtils.randomAlphabetic(2)); + RandomStringUtils.randomAlphabetic(2).toUpperCase()); LocaleContextHolder.resetLocaleContext(); } @Test - public void eidMode() throws EaafAuthenticationException { + public void eidasProxyMode() throws EaafAuthenticationException, EaafStorageException { // initialize state boolean isTestIdentity = RandomUtils.nextBoolean(); + pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + + String givenName = RandomStringUtils.randomAlphabetic(10); + String familyName = RandomStringUtils.randomAlphabetic(10); + String dateOfBirth = "1956-12-08"; + String bpk = RandomStringUtils.randomAlphanumeric(10); + String cc = pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class); + String spC = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + + spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + cc + "+" + spC); + + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setForeigner(false); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.GIVEN_NAME_NAME, givenName); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, familyName); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.BIRTHDATE_NAME, dateOfBirth); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, bpk); + + //set LoA level attribute instead of explicit session-data + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, + pendingReq.getSessionData(AuthProcessDataWrapper.class).getQaaLevel()); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setQaaLevel(null); + + + + // execute test + IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); + + + // validate state + Assert.assertNotNull("AuthData null", authData); + Assert.assertNull("authBlock null", authData.getGenericData(Constants.SZR_AUTHBLOCK, String.class)); + Assert.assertNull("eidasBind null", authData.getGenericData(Constants.EIDAS_BIND, String.class)); + + Assert.assertEquals("LoA", pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, String.class), + authData.getEidasQaaLevel()); + Assert.assertEquals("CitizenCountry", cc, authData.getCiticenCountryCode()); + Assert.assertEquals("familyName", familyName, authData.getFamilyName()); + Assert.assertEquals("givenName", givenName, authData.getGivenName()); + Assert.assertEquals("DateOfBirth", dateOfBirth, authData.getFormatedDateOfBirth()); + + Assert.assertEquals("bPK", pendingReq.getSessionData(AuthProcessDataWrapper.class) + .getGenericDataFromSession(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class), + authData.getGenericData(MsProxyServiceConstants.ATTR_EIDAS_PERSONAL_IDENTIFIER, String.class)); + + Assert.assertEquals("testIdentity flag", + isTestIdentity ? EidIdentityStatusLevelValues.TESTIDENTITY : EidIdentityStatusLevelValues.IDENTITY, + ((EidAuthenticationData)authData).getEidStatus()); + + + } + + @Test + public void eidMode() throws EaafAuthenticationException, EaafStorageException { + // initialize state + boolean isTestIdentity = RandomUtils.nextBoolean(); pendingReq.getSessionData(EidAuthProcessDataWrapper.class).setTestIdentity(isTestIdentity); + pendingReq.getSessionData(AuthProcessDataWrapper.class).setEidProcess(true); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(Constants.SZR_AUTHBLOCK, authBlock); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(Constants.EIDAS_BIND, eidasBind); // execute IAuthData authData = authenticationDataBuilder.buildAuthenticationData(pendingReq); diff --git a/connector/src/test/resources/config/junit_config_1.properties b/connector/src/test/resources/config/junit_config_1.properties index f6b3e4c1..044e33a6 100644 --- a/connector/src/test/resources/config/junit_config_1.properties +++ b/connector/src/test/resources/config/junit_config_1.properties @@ -116,6 +116,36 @@ eidas.ms.sp.1.policy.allowed.requested.targets=test eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true + +#### eIDAS ms-specific Proxy-Service configuration +eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy +eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint + + +## PVP2 S-Profile communication with ID Austria System +# EntityId and optional metadata of ID Austria System +eidas.ms.modules.idaustriaauth.idp.entityId=http://junit.idaustria.at/idp +#eidas.ms.modules.idaustriaauth.idp.metadataUrl=http://junit.idaustria.at/idp/metadata + +# SAML2 client configuration +eidas.ms.modules.idaustriaauth.keystore.type=jks +#eidas.ms.modules.idaustriaauth.keystore.name= +eidas.ms.modules.idaustriaauth.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.keystore.password=password +eidas.ms.modules.idaustriaauth.metadata.sign.alias=meta +eidas.ms.modules.idaustriaauth.metadata.sign.password=password +eidas.ms.modules.idaustriaauth.request.sign.alias=sig +eidas.ms.modules.idaustriaauth.request.sign.password=password +eidas.ms.modules.idaustriaauth.response.encryption.alias=enc +eidas.ms.modules.idaustriaauth.response.encryption.password=password + +# TrustStore to validate SAML2 metadata from ID Austria +eidas.ms.modules.idaustriaauth.truststore.type=jks +eidas.ms.modules.idaustriaauth.truststore.name= +eidas.ms.modules.idaustriaauth.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.truststore.password=password + + ##only for advanced config eidas.ms.configuration.sp.disableRegistrationRequirement= #eidas.ms.configuration.restrictions.baseID.spTransmission= diff --git a/connector/src/test/resources/config/junit_config_1_springboot.properties b/connector/src/test/resources/config/junit_config_1_springboot.properties index e63cda7b..991036fe 100644 --- a/connector/src/test/resources/config/junit_config_1_springboot.properties +++ b/connector/src/test/resources/config/junit_config_1_springboot.properties @@ -43,7 +43,6 @@ eidas.ms.auth.eIDAS.szrclient.debug.logfullmessages=true eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution=false - ## PVP2 S-Profile end-point configuration eidas.ms.pvp2.keystore.type=jks eidas.ms.pvp2.keystore.path=keys/junit.jks @@ -81,3 +80,34 @@ eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata eidas.ms.sp.1.policy.allowed.requested.targets=test eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true + + +#### eIDAS ms-specific Proxy-Service configuration +eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy +eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint + + +## PVP2 S-Profile communication with ID Austria System +# EntityId and optional metadata of ID Austria System +eidas.ms.modules.idaustriaauth.idp.entityId=http://junit.idaustria.at/idp +#eidas.ms.modules.idaustriaauth.idp.metadataUrl=http://junit.idaustria.at/idp/metadata + +# SAML2 client configuration +eidas.ms.modules.idaustriaauth.keystore.type=jks +#eidas.ms.modules.idaustriaauth.keystore.name= +eidas.ms.modules.idaustriaauth.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.keystore.password=password +eidas.ms.modules.idaustriaauth.metadata.sign.alias=meta +eidas.ms.modules.idaustriaauth.metadata.sign.password=password +eidas.ms.modules.idaustriaauth.request.sign.alias=sig +eidas.ms.modules.idaustriaauth.request.sign.password=password +eidas.ms.modules.idaustriaauth.response.encryption.alias=enc +eidas.ms.modules.idaustriaauth.response.encryption.password=password + +# TrustStore to validate SAML2 metadata from ID Austria +eidas.ms.modules.idaustriaauth.truststore.type=jks +eidas.ms.modules.idaustriaauth.truststore.name= +eidas.ms.modules.idaustriaauth.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.truststore.password=password + + diff --git a/connector/src/test/resources/config/junit_config_2_springboot.properties b/connector/src/test/resources/config/junit_config_2_springboot.properties index ecb22dec..de887fe6 100644 --- a/connector/src/test/resources/config/junit_config_2_springboot.properties +++ b/connector/src/test/resources/config/junit_config_2_springboot.properties @@ -81,3 +81,33 @@ eidas.ms.sp.1.pvp2.metadata.url=http://junit.test/metadata eidas.ms.sp.1.policy.allowed.requested.targets=test eidas.ms.sp.1.policy.hasBaseIdTransferRestriction=true + + +#### eIDAS ms-specific Proxy-Service configuration +eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy +eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint + + +## PVP2 S-Profile communication with ID Austria System +# EntityId and optional metadata of ID Austria System +eidas.ms.modules.idaustriaauth.idp.entityId=http://junit.idaustria.at/idp +#eidas.ms.modules.idaustriaauth.idp.metadataUrl=http://junit.idaustria.at/idp/metadata + +# SAML2 client configuration +eidas.ms.modules.idaustriaauth.keystore.type=jks +#eidas.ms.modules.idaustriaauth.keystore.name= +eidas.ms.modules.idaustriaauth.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.keystore.password=password +eidas.ms.modules.idaustriaauth.metadata.sign.alias=meta +eidas.ms.modules.idaustriaauth.metadata.sign.password=password +eidas.ms.modules.idaustriaauth.request.sign.alias=sig +eidas.ms.modules.idaustriaauth.request.sign.password=password +eidas.ms.modules.idaustriaauth.response.encryption.alias=enc +eidas.ms.modules.idaustriaauth.response.encryption.password=password + +# TrustStore to validate SAML2 metadata from ID Austria +eidas.ms.modules.idaustriaauth.truststore.type=jks +eidas.ms.modules.idaustriaauth.truststore.name= +eidas.ms.modules.idaustriaauth.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.truststore.password=password + diff --git a/connector/src/test/resources/config/junit_config_3.properties b/connector/src/test/resources/config/junit_config_3.properties index 8b2c63a8..b4de5aa9 100644 --- a/connector/src/test/resources/config/junit_config_3.properties +++ b/connector/src/test/resources/config/junit_config_3.properties @@ -109,6 +109,37 @@ eidas.ms.sp.0.newEidMode=true #eidas.ms.sp.0.policy.hasBaseIdTransferRestriction=false + +#### eIDAS ms-specific Proxy-Service configuration +eidas.ms.auth.eIDAS.node_v2.proxy.entityId=ownSpecificProxy +eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint=http://eidas.proxy/endpoint + + +## PVP2 S-Profile communication with ID Austria System +# EntityId and optional metadata of ID Austria System +eidas.ms.modules.idaustriaauth.idp.entityId=http://junit.idaustria.at/idp +#eidas.ms.modules.idaustriaauth.idp.metadataUrl=http://junit.idaustria.at/idp/metadata + +# SAML2 client configuration +eidas.ms.modules.idaustriaauth.keystore.type=jks +#eidas.ms.modules.idaustriaauth.keystore.name= +eidas.ms.modules.idaustriaauth.keystore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.keystore.password=password +eidas.ms.modules.idaustriaauth.metadata.sign.alias=meta +eidas.ms.modules.idaustriaauth.metadata.sign.password=password +eidas.ms.modules.idaustriaauth.request.sign.alias=sig +eidas.ms.modules.idaustriaauth.request.sign.password=password +eidas.ms.modules.idaustriaauth.response.encryption.alias=enc +eidas.ms.modules.idaustriaauth.response.encryption.password=password + +# TrustStore to validate SAML2 metadata from ID Austria +eidas.ms.modules.idaustriaauth.truststore.type=jks +eidas.ms.modules.idaustriaauth.truststore.name= +eidas.ms.modules.idaustriaauth.truststore.path=keys/junit_test.jks +eidas.ms.modules.idaustriaauth.truststore.password=password + + + ##only for advanced config eidas.ms.configuration.sp.disableRegistrationRequirement= eidas.ms.configuration.restrictions.baseID.spTransmission= diff --git a/connector/src/test/resources/config/keys/junit_test.jks b/connector/src/test/resources/config/keys/junit_test.jks Binary files differnew file mode 100644 index 00000000..ee6254a9 --- /dev/null +++ b/connector/src/test/resources/config/keys/junit_test.jks |