1 files changed, 24 insertions, 1 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index 2e6790c5..0621081a 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -221,6 +221,7 @@ public class CreateIdentityLinkTaskEidNewTest {
     Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());    
     Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
     Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
+    Assert.assertFalse("binding pubKey", authBlockJson.has("bindingPublicKey"));
     
     
     // check vsz request
@@ -312,9 +313,11 @@ public class CreateIdentityLinkTaskEidNewTest {
     signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
     signContentResp.getOut().add(signContentEntry);
     when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
-
+    
     String randomTestSp = RandomStringUtils.randomAlphabetic(10);
+    String bindingPubKey = RandomStringUtils.randomAlphabetic(10);
     pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp);
+    pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey);
     
     //perform test
     task.execute(pendingReq, executionContext);
@@ -329,8 +332,28 @@ public class CreateIdentityLinkTaskEidNewTest {
     Assert.assertNotNull("AuthProcessData", authProcessData);
     Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class));
 
+    // check authblock signature
     String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class);
     Assert.assertNotNull("AuthBlock", authBlock);
+    final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
+        BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));
+    Pair<KeyStore, Provider> keyStore = getKeyStore();
+    X509Certificate[] trustedCerts = EaafKeyStoreUtils
+        .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond();
+    JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints);
+    Assert.assertTrue("AuthBlock not valid", result.isValid());        
+    JsonNode authBlockJson = mapper.readTree(result.getPayLoad());    
+    Assert.assertNotNull("deserialized AuthBlock", authBlockJson);
+    
+    Assert.assertNotNull("no piiTransactionId in pendingRequesdt", 
+        storedPendingReq.getUniquePiiTransactionIdentifier());
+    Assert.assertEquals("piiTransactionId", storedPendingReq.getUniquePiiTransactionIdentifier(), 
+        authBlockJson.get("piiTransactionId").asText());
+    Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText());    
+    Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty());
+    Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty());
+    Assert.assertTrue("binding pubKey", authBlockJson.has("bindingPublicKey"));
+    Assert.assertEquals("binding PubKey", bindingPubKey, authBlockJson.get("bindingPublicKey").asText());
     
     Assert.assertTrue("EID process", authProcessData.isEidProcess());
     Assert.assertTrue("foreigner process", authProcessData.isForeigner());