diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src/test/java')
34 files changed, 7963 insertions, 693 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java index 62d5c556..f23d61db 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/EidasSignalServletTest.java @@ -14,7 +14,6 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; -import org.powermock.core.classloader.annotations.PrepareForTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; @@ -47,12 +46,10 @@ import eu.eidas.auth.commons.tx.BinaryLightToken; import eu.eidas.specificcommunication.exception.SpecificCommunicationException; @RunWith(SpringJUnit4ClassRunner.class) -@PrepareForTest(CreateIdentityLinkTask.class) @DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) @ContextConfiguration(locations = { "/SpringTest-context_tasks_test.xml", "/SpringTest-context_basic_mapConfig.xml"}) -@EnableWebMvc public class EidasSignalServletTest { @Autowired private MsConnectorDummyConfigMap basicConfig; @@ -61,14 +58,14 @@ public class EidasSignalServletTest { @Autowired private ITransactionStorage transStore; @Autowired private DummyProtocolAuthService protAuthService; @Autowired private DummySpecificCommunicationService connector; - - + + private MockHttpServletRequest httpReq; private MockHttpServletResponse httpResp; private TestRequestImpl pendingReq; private MsConnectorDummySpConfiguration oaParam; - - + + /** * jUnit test set-up. */ @@ -78,7 +75,7 @@ public class EidasSignalServletTest { httpResp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - + final Map<String, String> spConfig = new HashMap<>(); spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); @@ -92,51 +89,51 @@ public class EidasSignalServletTest { pendingReq.setAuthUrl("http://test.com/"); pendingReq.setTransactionId("avaasbav"); pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); - + connector.setiLightResponse(null); - - + + } - + @Test public void noResponsToken() throws IOException, EaafException { //set-up - + //execute test controller.restoreEidasAuthProcess(httpReq, httpResp); - + //validate state Assert.assertNull("eIDAS response", httpReq.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE)); Assert.assertNotNull("missing error", protAuthService.getException()); - Assert.assertEquals("Wrong errorId", "auth.26", + Assert.assertEquals("Wrong errorId", "auth.26", ((EaafException) protAuthService.getException()).getErrorId()); - + } - + @Test public void unknownResponseToken() throws IOException, EaafException { //set-up - httpReq.setParameter(EidasParameterKeys.TOKEN.toString(), + httpReq.setParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); - + //execute test controller.restoreEidasAuthProcess(httpReq, httpResp); - + //validate state Assert.assertNull("eIDAS response", httpReq.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE)); Assert.assertNotNull("missing error", protAuthService.getException()); - Assert.assertEquals("Wrong errorId", "auth.26", + Assert.assertEquals("Wrong errorId", "auth.26", ((EaafException) protAuthService.getException()).getErrorId()); - + } - + @Test public void withRelayState() throws IOException, EaafException, SpecificCommunicationException { - //set-up - String relayState = RandomStringUtils.randomAlphanumeric(10); + //set-up + String relayState = RandomStringUtils.randomAlphanumeric(10); pendingReq.setPendingReqId(relayState); storage.storePendingRequest(pendingReq); - + Builder iLightResponse = new AuthenticationResponse.Builder(); iLightResponse.id("_".concat(Random.nextHexRandom16())) .issuer(RandomStringUtils.randomAlphabetic(10)) @@ -145,37 +142,37 @@ public class EidasSignalServletTest { .inResponseTo("_".concat(Random.nextHexRandom16())) .subjectNameIdFormat("afaf") .relayState(relayState); - + AuthenticationResponse eidasResp = iLightResponse.build(); - BinaryLightToken token = connector.putResponse(eidasResp); - httpReq.setParameter(EidasParameterKeys.TOKEN.toString(), + BinaryLightToken token = connector.putResponse(eidasResp); + httpReq.setParameter(EidasParameterKeys.TOKEN.toString(), Base64.getEncoder().encodeToString(token.getTokenBytes())); - + //execute test controller.restoreEidasAuthProcess(httpReq, httpResp); - - + + //validate state Assert.assertNotNull("eIDAS response", httpReq.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE)); - Assert.assertEquals("wrong eIDAS response", eidasResp, + Assert.assertEquals("wrong eIDAS response", eidasResp, httpReq.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE)); - - Assert.assertNotNull("missing error", protAuthService.getException()); - Assert.assertEquals("Wrong errorId", "PendingRequest object is not of type 'RequestImpl.class'", + + Assert.assertNotNull("missing error", protAuthService.getException()); + Assert.assertEquals("Wrong errorId", "PendingRequest object is not of type 'RequestImpl.class'", ((EaafException) protAuthService.getException()).getErrorId()); - + } - + @Test public void withOutRelayStateMissingPendingReq() throws IOException, EaafException, SpecificCommunicationException { - //set-up - String pendingReqId = RandomStringUtils.randomAlphanumeric(10); + //set-up + String pendingReqId = RandomStringUtils.randomAlphanumeric(10); pendingReq.setPendingReqId(pendingReqId); storage.storePendingRequest(pendingReq); - + String inResponseTo = "_".concat(Random.nextHexRandom16()); - + Builder iLightResponse = new AuthenticationResponse.Builder(); iLightResponse.id("_".concat(Random.nextHexRandom16())) .issuer(RandomStringUtils.randomAlphabetic(10)) @@ -183,35 +180,35 @@ public class EidasSignalServletTest { .statusCode(Constants.SUCCESS_URI) .inResponseTo(inResponseTo) .subjectNameIdFormat("afaf"); - + AuthenticationResponse eidasResp = iLightResponse.build(); - BinaryLightToken token = connector.putResponse(eidasResp); - httpReq.setParameter(EidasParameterKeys.TOKEN.toString(), + BinaryLightToken token = connector.putResponse(eidasResp); + httpReq.setParameter(EidasParameterKeys.TOKEN.toString(), Base64.getEncoder().encodeToString(token.getTokenBytes())); - + //execute test controller.restoreEidasAuthProcess(httpReq, httpResp); - - + + //validate state Assert.assertNull("eIDAS response", httpReq.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE)); Assert.assertNotNull("missing error", protAuthService.getException()); - Assert.assertEquals("Wrong errorId", "auth.26", + Assert.assertEquals("Wrong errorId", "auth.26", ((EaafException) protAuthService.getException()).getErrorId()); - + } - + @Test public void withInResponseToElement() throws IOException, EaafException, SpecificCommunicationException { - //set-up - String pendingReqId = RandomStringUtils.randomAlphanumeric(10); + //set-up + String pendingReqId = RandomStringUtils.randomAlphanumeric(10); pendingReq.setPendingReqId(pendingReqId); storage.storePendingRequest(pendingReq); - + String inResponseTo = "_".concat(Random.nextHexRandom16()); transStore.put(inResponseTo, pendingReqId, -1); - + Builder iLightResponse = new AuthenticationResponse.Builder(); iLightResponse.id("_".concat(Random.nextHexRandom16())) .issuer(RandomStringUtils.randomAlphabetic(10)) @@ -219,26 +216,26 @@ public class EidasSignalServletTest { .statusCode(Constants.SUCCESS_URI) .inResponseTo(inResponseTo) .subjectNameIdFormat("afaf"); - + AuthenticationResponse eidasResp = iLightResponse.build(); - BinaryLightToken token = connector.putResponse(eidasResp); - httpReq.setParameter(EidasParameterKeys.TOKEN.toString(), + BinaryLightToken token = connector.putResponse(eidasResp); + httpReq.setParameter(EidasParameterKeys.TOKEN.toString(), Base64.getEncoder().encodeToString(token.getTokenBytes())); - + //execute test controller.restoreEidasAuthProcess(httpReq, httpResp); - - + + //validate state Assert.assertNotNull("eIDAS response", httpReq.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE)); - Assert.assertEquals("wrong eIDAS response", eidasResp, + Assert.assertEquals("wrong eIDAS response", eidasResp, httpReq.getAttribute(Constants.DATA_FULL_EIDAS_RESPONSE)); - - Assert.assertNotNull("missing error", protAuthService.getException()); - Assert.assertEquals("Wrong errorId", "PendingRequest object is not of type 'RequestImpl.class'", + + Assert.assertNotNull("missing error", protAuthService.getException()); + Assert.assertEquals("Wrong errorId", "PendingRequest object is not of type 'RequestImpl.class'", ((EaafException) protAuthService.getException()).getErrorId()); - + } - + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientProductionTest.java index 1e7ff369..a5b83b13 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTestProduction.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientProductionTest.java @@ -21,18 +21,21 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; - -import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.MessageDigest; -import java.security.NoSuchProviderException; -import java.util.List; +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.clients; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; +import at.gv.egiz.eaaf.core.exceptions.EaafParserException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; import org.bouncycastle.util.encoders.Base64; -import org.joda.time.DateTime; import org.junit.Assert; import org.junit.Ignore; import org.junit.Test; @@ -44,27 +47,10 @@ import org.springframework.test.annotation.IfProfileValue; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.util.Base64Utils; import org.w3c.dom.Element; - -import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; -import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; -import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; -import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.api.idp.IConfiguration; -import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; -import at.gv.egiz.eaaf.core.exceptions.EaafParserException; -import at.gv.egiz.eaaf.core.impl.data.Triple; -import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import szrservices.IdentityLinkType; -import szrservices.PersonInfoType; -import szrservices.SZRException_Exception; -import szrservices.TravelDocumentType; + +import java.util.List; @IfProfileValue(name = "spring.profiles.active", value = "devEnvironment") @@ -76,20 +62,14 @@ import szrservices.TravelDocumentType; //"classpath:/application.properties", "file:/home/tlenz/Projekte/config/ms_connector/default_config.properties", }) -public class SzrClientTestProduction { - private static final Logger log = LoggerFactory.getLogger(SzrClientTestProduction.class); +public class SzrClientProductionTest { + private static final Logger log = LoggerFactory.getLogger(SzrClientProductionTest.class); @Autowired SzrClient szrClient; @Autowired IConfiguration basicConfig; - private static final String givenName = "Franz"; - private static final String familyName = "Mustermann"; - // private static final String dateOfBirth = "1989-05-05"; - private static final String dateOfBirth = "1989-05-04"; - private static final String eIDASeID = "IS/AT/1234ffgsdfg56789ABCDEF"; - private static final String DUMMY_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP"; @Test @@ -98,38 +78,29 @@ public class SzrClientTestProduction { } @Test - public void getVsz() throws SzrCommunicationException, EidasSAuthenticationException { - String vsz = szrClient.getEncryptedStammzahl(getPersonInfo()); + public void getVsz() throws EidasSAuthenticationException { + String vsz = szrClient.getEncryptedStammzahl(getEidData()); Assert.assertNotNull("vsz", vsz); - + } @Test - public void getEidasBind() throws SzrCommunicationException, EidasSAuthenticationException { + public void getEidasBind() throws EidasSAuthenticationException { String vsz = RandomStringUtils.randomAlphanumeric(10); String bindingPubKey = Base64.toBase64String(RandomStringUtils.random(20).getBytes()); String eidStatus = "urn:eidgvat:eid.status.eidas"; - ErnbEidData eidData = new ErnbEidData(); - eidData.setFamilyName(familyName); - eidData.setGivenName(givenName); - eidData.setDateOfBirth(new DateTime()); - eidData.setCitizenCountryCode("IS"); - eidData.setPseudonym("1234sdgsdfg56789ABCDEF"); - - - String eidasBind = szrClient.getEidsaBind(vsz, bindingPubKey, eidStatus, eidData); - + + String eidasBind = szrClient.getEidasBind(vsz, bindingPubKey, eidStatus, getEidData()); + Assert.assertNotNull("eidasBind", eidasBind); - + } - - + + @Test - public void getIdentityLinkRawMode() throws SZRException_Exception, EaafParserException, - NoSuchProviderException, IOException, InvalidKeyException, EidasSAuthenticationException { + public void getIdentityLinkRawMode() throws EaafParserException, EidasSAuthenticationException { log.debug("Starting connecting SZR Gateway"); - final IdentityLinkType result = szrClient.getIdentityLinkInRawMode( - getPersonInfo()); + final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(getEidData()); final Element idlFromSzr = (Element) result.getAssertion(); final IIdentityLink identityLink = new SimpleIdentityLinkAssertionParser(idlFromSzr).parseIdentityLink(); @@ -173,11 +144,10 @@ public class SzrClientTestProduction { @Ignore @Test - public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException { - final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, - basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, - "no VKZ defined")); + public void getBpkTest() throws EidasSAuthenticationException { + String vkz = basicConfig.getBasicConfiguration( + Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined"); + final List<String> bPK = szrClient.getBpk(getEidData(), DUMMY_TARGET, vkz); if (bPK.isEmpty()) { throw new SzrCommunicationException("ernb.01", new Object[]{"bPK list is empty"}); @@ -190,47 +160,14 @@ public class SzrClientTestProduction { } - private String createHashFromUniqueId(String uniqueId) throws EidasSAuthenticationException { - try { - final MessageDigest md = MessageDigest.getInstance("SHA-256"); - final byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); - final String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); - return hashBase64; - - } catch (final Exception ex) { - throw new EidasSAuthenticationException("internal.03", new Object[] {}, ex); - - } + private SimpleEidasData getEidData() { + return SimpleEidasData.builder() + .familyName("Mustermann") + .givenName("Franz") + .dateOfBirth("1989-05-04") + .citizenCountryCode("IS") + .pseudonym("1234ffgsdfg56789ABCDEF") + .build(); } - private PersonInfoType getPersonInfo() throws EidasSAuthenticationException { - final PersonInfoType personInfo = new PersonInfoType(); - final PersonNameType personName = new PersonNameType(); - final PhysicalPersonType naturalPerson = new PhysicalPersonType(); - final TravelDocumentType eDocument = new TravelDocumentType(); - - naturalPerson.setName(personName); - personInfo.setPerson(naturalPerson); - personInfo.setTravelDocument(eDocument); - - // parse some eID attributes - final Triple<String, String, String> eIdentifier = - EidasResponseUtils.parseEidasPersonalIdentifier(eIDASeID); - final String uniqueId = createHashFromUniqueId(eIdentifier.getThird()); - final String citizenCountry = eIdentifier.getFirst(); - - // person information - personName.setFamilyName(familyName); - personName.setGivenName(givenName); - naturalPerson.setDateOfBirth(dateOfBirth); - eDocument.setIssuingCountry(citizenCountry); - eDocument.setDocumentNumber(uniqueId); - - // eID document information - eDocument.setDocumentType(basicConfig.getBasicConfiguration( - Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, - Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); - - return personInfo; - } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java index 786b10de..ee1ecf9f 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/SzrClientTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/SzrClientTest.java @@ -21,16 +21,13 @@ * that you distribute must include a readable copy of the "NOTICE" text file. */ -package at.asitplus.eidas.specific.modules.auth.eidas.v2.test; +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.clients; import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.anyList; import static org.mockito.Mockito.when; import java.io.IOException; -import java.security.InvalidKeyException; -import java.security.MessageDigest; -import java.security.NoSuchProviderException; import java.util.List; import javax.xml.bind.JAXBContext; @@ -43,45 +40,34 @@ import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; import org.apache.cxf.binding.soap.SoapFault; -import org.joda.time.DateTime; -import org.jose4j.lang.JoseException; import org.junit.Assert; import org.junit.Before; import org.junit.Ignore; import org.junit.Rule; import org.junit.Test; import org.junit.runner.RunWith; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.util.Base64Utils; import org.w3c.dom.Element; import org.xml.sax.SAXException; -import com.fasterxml.jackson.core.JsonProcessingException; -import com.fasterxml.jackson.databind.JsonMappingException; -import com.fasterxml.jackson.databind.ObjectMapper; import com.github.skjolber.mockito.soap.SoapServiceRule; import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.szr.SzrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.szr.SzrClient; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; -import at.gv.e_government.reference.namespace.persondata._20020228.PersonNameType; -import at.gv.e_government.reference.namespace.persondata._20020228.PhysicalPersonType; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.auth.data.IIdentityLink; import at.gv.egiz.eaaf.core.exceptions.EaafParserException; -import at.gv.egiz.eaaf.core.impl.data.Triple; import at.gv.egiz.eaaf.core.impl.idp.auth.data.SimpleIdentityLinkAssertionParser; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import lombok.extern.slf4j.Slf4j; import szrservices.GetBPKFromStammzahlEncryptedResponse; import szrservices.GetBPKFromStammzahlEncryptedResponseType; import szrservices.GetIdentityLinkEidasResponse; @@ -92,29 +78,21 @@ import szrservices.SZRException_Exception; import szrservices.SignContentEntry; import szrservices.SignContentResponse; import szrservices.SignContentResponseType; -import szrservices.TravelDocumentType; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { "/SpringTest-context_tasks_test.xml", "/SpringTest-context_basic_mapConfig.xml"}) @DirtiesContext(classMode = ClassMode.AFTER_CLASS) +@Slf4j public class SzrClientTest { - private static final Logger log = LoggerFactory.getLogger(SzrClientTest.class); @Autowired SzrClient szrClient; @Autowired MsConnectorDummyConfigMap basicConfig; - private static ObjectMapper mapper = new ObjectMapper(); - - private static final String givenName = "Franz"; - private static final String familyName = "Mustermann"; - private static final String dateOfBirth = "1989-05-05"; - private static final String eIDASeID = "IS/AT/1234sdgsdfg56789ABCDEF"; private static final String DUMMY_TARGET = EaafConstants.URN_PREFIX_CDID + "ZP"; private SZR szrMock = null; - ErnbEidData eidData = null; @Rule public SoapServiceRule soap = SoapServiceRule.newInstance(); @@ -126,25 +104,17 @@ public class SzrClientTest { public void initializer() { if (szrMock == null) { szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr"); - } - - eidData = new ErnbEidData(); - eidData.setFamilyName(familyName); - eidData.setGivenName(givenName); - eidData.setDateOfBirth(new DateTime()); - eidData.setCitizenCountryCode("IS"); - eidData.setPseudonym("1234sdgsdfg56789ABCDEF"); - + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "false"); - + } @Test - public void getStammzahlenEcryptedTest() throws JAXBException, SZRException_Exception, SzrCommunicationException { + public void getStammzahlenEcryptedTest() throws SZRException_Exception, SzrCommunicationException { final GetBPKFromStammzahlEncryptedResponse szrResponse = new GetBPKFromStammzahlEncryptedResponse(); final GetBPKFromStammzahlEncryptedResponseType result1 = new GetBPKFromStammzahlEncryptedResponseType(); szrResponse.getOut().add(result1); @@ -155,13 +125,13 @@ public class SzrClientTest { // .thenReturn(Arrays.asList(result1)); when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(result1.getKey()); - String stammzahlEncrypted = szrClient.getEncryptedStammzahl(new PersonInfoType()); + String stammzahlEncrypted = szrClient.getEncryptedStammzahl(getEidData()); Assert.assertEquals("bcBind not match", result1.getKey(), stammzahlEncrypted); when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(null); try { - stammzahlEncrypted = szrClient.getEncryptedStammzahl(new PersonInfoType()); + szrClient.getEncryptedStammzahl(getEidData()); } catch (SzrCommunicationException e) { Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); } @@ -181,45 +151,45 @@ public class SzrClientTest { when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content); final String bcBind = szrClient - .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), - RandomStringUtils.randomAlphabetic(10), eidData); + .getEidasBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10), getEidData()); Assert.assertNotNull("bcBind is null", bcBind); Assert.assertEquals("bcBind not match", result1.getValue(), bcBind); - + } @Test public void eidasBindNull() throws SZRException_Exception { when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(null); - - try { + + try { szrClient - .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), - RandomStringUtils.randomAlphabetic(10), eidData); + .getEidasBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10), getEidData()); } catch (SzrCommunicationException e) { Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); - - } + + } } - + @Test public void eidasBindInvalidResponse() throws SZRException_Exception { final SignContentEntry result2 = new SignContentEntry(); final SignContentResponseType content1 = new SignContentResponseType(); content1.getOut().add(result2); when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content1); - + try { szrClient - .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), - RandomStringUtils.randomAlphabetic(10), eidData); + .getEidasBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10), getEidData()); } catch (SzrCommunicationException e) { Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); - + } } - + public void eidasBindEmptyResponse() throws SZRException_Exception { final SignContentEntry result2 = new SignContentEntry(); final SignContentResponseType content1 = new SignContentResponseType(); @@ -227,20 +197,19 @@ public class SzrClientTest { result2.setKey("bcBindReq"); result2.setValue(""); when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content1); - + try { szrClient - .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), - RandomStringUtils.randomAlphabetic(10), eidData); + .getEidasBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10), getEidData()); } catch (SzrCommunicationException e) { Assert.assertTrue("Not correct error", e.getMessage().contains("ernb.01")); - - } + + } } - + @Test - public void eidasBindValid() throws SZRException_Exception, SzrCommunicationException, JsonMappingException, - JsonProcessingException, JoseException { + public void eidasBindValid() throws SZRException_Exception, SzrCommunicationException { final SignContentResponse szrResponse = new SignContentResponse(); final SignContentEntry result1 = new SignContentEntry(); final SignContentResponseType content = new SignContentResponseType(); @@ -253,19 +222,18 @@ public class SzrClientTest { when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content); final String bcBind = szrClient - .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), - RandomStringUtils.randomAlphabetic(10), eidData); + .getEidasBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10), getEidData()); Assert.assertNotNull("bcBind is null", bcBind); Assert.assertEquals("bcBind not match", result1.getValue(), bcBind); - + } @Test - public void eidasBindValidWithMds() throws SZRException_Exception, SzrCommunicationException, JoseException, - JsonMappingException, JsonProcessingException { + public void eidasBindValidWithMds() throws SZRException_Exception, SzrCommunicationException { basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.eidasbind.mds.inject", "true"); - + final SignContentResponse szrResponse = new SignContentResponse(); final SignContentEntry result1 = new SignContentEntry(); final SignContentResponseType content = new SignContentResponseType(); @@ -278,23 +246,22 @@ public class SzrClientTest { when(szrMock.signContent(any(), anyList(), anyList())).thenReturn(content); final String bcBind = szrClient - .getEidsaBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), - RandomStringUtils.randomAlphabetic(10), eidData); + .getEidasBind(RandomStringUtils.randomAlphabetic(10), RandomStringUtils.randomAlphabetic(10), + RandomStringUtils.randomAlphabetic(10), getEidData()); Assert.assertNotNull("bcBind is null", bcBind); Assert.assertEquals("bcBind not match", result1.getValue(), bcBind); } - + @Test public void getIdentityLinkRawModeValidResponse() - throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException, - EidasSAuthenticationException, JAXBException { + throws SZRException_Exception, EaafParserException, JAXBException { setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml"); try { log.debug("Starting connecting SZR Gateway"); - final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(getPersonInfo()); + final IdentityLinkType result = szrClient.getIdentityLinkInRawMode(getEidData()); Assert.assertNotNull(result); Assert.assertNotNull(result.getAssertion()); @@ -322,13 +289,12 @@ public class SzrClientTest { @Test public void getIdentityLinkRawModeErrorTravelerDocExists() - throws SZRException_Exception, EaafParserException, NoSuchProviderException, IOException, InvalidKeyException, - EidasSAuthenticationException, JAXBException, ParserConfigurationException, SAXException { + throws SZRException_Exception, IOException, ParserConfigurationException, SAXException { setSzrExceptionIdentityLink("/data/szr/szr_resp_error_travelerdocexists.xml"); try { log.debug("Starting connecting SZR Gateway"); - szrClient.getIdentityLinkInRawMode(getPersonInfo()); + szrClient.getIdentityLinkInRawMode(getEidData()); Assert.fail(); } catch (final SzrCommunicationException e) { @@ -347,8 +313,8 @@ public class SzrClientTest { @Ignore @Test - public void getBpkTest() throws SZRException_Exception, EidasSAuthenticationException { - final List<String> bPK = szrClient.getBpk(getPersonInfo(), DUMMY_TARGET, basicConfig + public void getBpkTest() throws EidasSAuthenticationException { + final List<String> bPK = szrClient.getBpk(getEidData(), DUMMY_TARGET, basicConfig .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_VKZ, "no VKZ defined")); if (bPK.isEmpty()) { @@ -368,6 +334,7 @@ public class SzrClientTest { } + @SuppressWarnings("SameParameterValue") private void setSzrResponseIdentityLink(String responseXmlPath) throws JAXBException, SZRException_Exception { final JAXBContext jaxbContext = JAXBContext .newInstance(szrservices.ObjectFactory.class, org.w3._2001._04.xmldsig_more.ObjectFactory.class, @@ -380,8 +347,9 @@ public class SzrClientTest { } + @SuppressWarnings("SameParameterValue") private void setSzrExceptionIdentityLink(String responseXmlPath) - throws JAXBException, ParserConfigurationException, SAXException, IOException, SZRException_Exception { + throws ParserConfigurationException, SAXException, IOException, SZRException_Exception { final Element detailerror = DomUtils.parseXmlNonValidating(this.getClass().getResourceAsStream(responseXmlPath)); final javax.xml.namespace.QName qName = new javax.xml.namespace.QName("urn:SZRServices", "F455", "p344"); final SoapFault fault = new SoapFault( @@ -393,47 +361,15 @@ public class SzrClientTest { } - private String createHashFromUniqueId(String uniqueId) throws EidasSAuthenticationException { - try { - final MessageDigest md = MessageDigest.getInstance("SHA-256"); - final byte[] hash = md.digest(uniqueId.getBytes("UTF-8")); - final String hashBase64 = new String(Base64Utils.encode(hash), "UTF-8").replaceAll("\r\n", ""); - return hashBase64; - - } catch (final Exception ex) { - throw new EidasSAuthenticationException("internal.03", new Object[]{}, ex); - - } + private SimpleEidasData getEidData() { + return SimpleEidasData.builder() + .familyName("Mustermann") + .givenName("Franz") + .dateOfBirth("1989-05-05") + .citizenCountryCode("IS") + .pseudonym("1234sdgsdfg56789ABCDEF") + .build(); } - private PersonInfoType getPersonInfo() throws EidasSAuthenticationException { - final PersonInfoType personInfo = new PersonInfoType(); - final PersonNameType personName = new PersonNameType(); - final PhysicalPersonType naturalPerson = new PhysicalPersonType(); - final TravelDocumentType eDocument = new TravelDocumentType(); - - naturalPerson.setName(personName); - personInfo.setPerson(naturalPerson); - personInfo.setTravelDocument(eDocument); - - // parse some eID attributes - final Triple<String, String, String> eIdentifier = EidasResponseUtils.parseEidasPersonalIdentifier(eIDASeID); - final String uniqueId = createHashFromUniqueId(eIdentifier.getThird()); - final String citizenCountry = eIdentifier.getFirst(); - - // person information - personName.setFamilyName(familyName); - personName.setGivenName(givenName); - naturalPerson.setDateOfBirth(dateOfBirth); - eDocument.setIssuingCountry(citizenCountry); - eDocument.setDocumentNumber(uniqueId); - - // eID document information - eDocument.setDocumentType(basicConfig - .getBasicConfiguration(Constants.CONIG_PROPS_EIDAS_SZRCLIENT_PARAMS_EDOCUMENTTYPE, - Constants.SZR_CONSTANTS_DEFAULT_DOCUMENT_TYPE)); - - return personInfo; - } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/ZmrClientProductionTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/ZmrClientProductionTest.java new file mode 100644 index 00000000..97ea5bfa --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/ZmrClientProductionTest.java @@ -0,0 +1,478 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.clients; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import java.util.List; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.IfProfileValue; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.TestPropertySource; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient.ZmrRegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.LoggingHandler; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasSuchdatenType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; +import at.gv.e_government.reference.namespace.persondata.de._20040201.NatuerlichePersonTyp; +import at.gv.e_government.reference.namespace.persondata.de._20040201.PersonenNameTyp; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import ch.qos.logback.classic.Level; +import ch.qos.logback.classic.Logger; + +@IfProfileValue(name = "spring.profiles.active", value = "devEnvironment") +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_realConfig.xml" }) +@TestPropertySource(locations = { + // "classpath:/application.properties", + "file:/home/tlenz/Projekte/config/ms_connector/default_config.properties", +}) +public class ZmrClientProductionTest { + + @Autowired + ZmrSoapClient client; + @Autowired + IConfiguration basicConfig; + + @BeforeClass + public static void classInitializer() { + final Logger logger1 = (Logger) LoggerFactory.getLogger(LoggingHandler.class); + logger1.setLevel(Level.TRACE); + + final Logger logger2 = (Logger) LoggerFactory.getLogger(ZmrSoapClient.class); + logger2.setLevel(Level.TRACE); + + final Logger rootLogger = (Logger) LoggerFactory.getLogger(org.slf4j.Logger.ROOT_LOGGER_NAME); + rootLogger.setLevel(Level.INFO); + + } + + @Ignore + @Test + public void searchWithMdsOnly() throws EidasSAuthenticationException { + + final ZmrRegisterResult result = client.searchWithMds(null, + "Thomas", "Lenz", "1982-09-06", + "AT"); + + assertNotNull("ZMR response", result); + assertNotNull("ZMR processId", result.getProcessId()); + assertNotNull("ZMR personResult", result.getPersonResult()); + assertEquals("personResult size", 1, result.getPersonResult().size()); + + } + + @Test + public void searchWithMdsOnlyTestIdentity() throws EidasSAuthenticationException { + + final ZmrRegisterResult result = client.searchWithMds(null, + "XXXHildegard", "XXXÖhlinger", "1971-02-18", + "AT"); + + assertNotNull("ZMR response", result); + assertNotNull("ZMR processId", result.getProcessId()); + assertNotNull("ZMR personResult", result.getPersonResult()); + assertEquals("personResult size", 1, result.getPersonResult().size()); + + } + + /* + * Ignore this test because "javier", "Garcia", "1964-12-31", "EE" is used as test-identity + * in test-country on vidp.gv.at. vidp.gv.at uses Test-SZR, but Test-SZR is connected to + * Q-ZMR and Q-ERnP. There is a staging problem because this test uses T-ZMR and T-ERnP. + */ + @Ignore + @Test + public void searchWithMdsOnlyEidasIdentity() throws EidasSAuthenticationException { + + final ZmrRegisterResult result = client.searchWithMds(null, + "javier", "Garcia", "1964-12-31", + "EE"); + + assertNotNull("ZMR response", result); + assertNotNull("ZMR processId", result.getProcessId()); + assertNotNull("ZMR personResult", result.getPersonResult()); + assertEquals("personResult size", 1, result.getPersonResult().size()); + + } + + @Test + public void searchWithCountrySpecificsNoExits() throws EidasSAuthenticationException { + final ZmrRegisterResult result = client.searchCountrySpecific(null, + generateCustomRequest("AT", "Lenz", "Thomas", "1982-09-06", + null, + RandomStringUtils.randomAlphabetic(5), + RandomStringUtils.randomAlphabetic(5)), + "AT"); + + assertNotNull("ZMR response", result); + assertNotNull("ZMR processId", result.getProcessId()); + assertNotNull("ZMR personResult", result.getPersonResult()); + assertEquals("personResult size", 0, result.getPersonResult().size()); + + } + + @Test + public void searchWithCountrySpecificsWithPersonalId() throws EidasSAuthenticationException { + final ZmrRegisterResult result = client.searchCountrySpecific(null, + generateCustomRequest("EE", "Lenz", "Thomas", "1982-09-06", + "7cEYSvKZvon+V4CDVzNT4E7cjkU4Vq", + null, + null), + "EE"); + + assertNotNull("ZMR response", result); + assertNotNull("ZMR processId", result.getProcessId()); + assertNotNull("ZMR personResult", result.getPersonResult()); + assertEquals("personResult size", 1, result.getPersonResult().size()); + + } + + @Test + public void searchWithPersonalIdOnlyNoExisting() throws EidasSAuthenticationException { + + final ZmrRegisterResult result = client.searchWithPersonIdentifier(null, + RandomStringUtils.randomAlphanumeric(25), + "AT"); + + assertNotNull("ZMR response", result); + assertNotNull("ZMR processId", result.getProcessId()); + assertNotNull("ZMR personResult", result.getPersonResult()); + assertEquals("personResult size", 0, result.getPersonResult().size()); + + } + + @Test + public void updateZmrEntry() throws EidasSAuthenticationException { + final String personalIdentifier = "7cEYSvKZvon+V4CDVzNT4E7cjkU4Vq"; + final String cc = "EE"; + + final SimpleEidasData eidasData = SimpleEidasData.builder() + .citizenCountryCode(cc) + .familyName("Lenz") + .givenName("Thomas") + .dateOfBirth("1982-09-06") + .personalIdentifier(cc + "/AT/" + personalIdentifier) + .pseudonym(personalIdentifier) + .build(); + + // get initial result + final ZmrRegisterResult result = client.searchWithMds(null, + eidasData.getGivenName(), + eidasData.getFamilyName(), + eidasData.getDateOfBirth(), + eidasData.getCitizenCountryCode()); + assertNotNull("ZMR response", result); + assertEquals("personResult size", 1, result.getPersonResult().size()); + + // update ZMR entry + final ZmrRegisterResult updateResult = + client.update(result.getProcessId(), + result.getPersonResult().get(0), + eidasData); + + assertNotNull("ZMR response", updateResult); + assertEquals("personResult size", 1, updateResult.getPersonResult().size()); + + final ZmrRegisterResult afterUpdateResult = client.searchWithPersonIdentifier(null, + personalIdentifier, cc); + + assertNotNull("ZMR response", afterUpdateResult); + assertEquals("personResult size", 1, afterUpdateResult.getPersonResult().size()); + + } + + @Ignore + @Test + public void updateZmrEntryTestIdentity() throws EidasSAuthenticationException { + final String personalIdentifier = "7cEYSvKZasdfsafsaf4CDVzNT4E7cjkU4Vq"; + final String cc = "EE"; + + final SimpleEidasData eidasData = SimpleEidasData.builder() + .citizenCountryCode(cc) + .familyName("XXXÖhlinger") + .givenName("XXXHildegard") + .dateOfBirth("1971-02-18") + .personalIdentifier(cc + "/AT/" + personalIdentifier) + .pseudonym(personalIdentifier) + .build(); + + // get initial result + final ZmrRegisterResult result = client.searchWithMds(null, + eidasData.getGivenName(), + eidasData.getFamilyName(), + eidasData.getDateOfBirth(), + eidasData.getCitizenCountryCode()); + assertNotNull("ZMR response", result); + assertEquals("personResult size", 1, result.getPersonResult().size()); + + // update ZMR entry + final ZmrRegisterResult updateResult = + client.update(result.getProcessId(), + result.getPersonResult().get(0), + eidasData); + + assertNotNull("ZMR response", updateResult); + assertEquals("personResult size", 1, updateResult.getPersonResult().size()); + + + final ZmrRegisterResult afterUpdateResultMds = client.searchCountrySpecific(null, + generateCustomRequest("EE", "XXXHildegard", "XXXÖhlinger", "1971-02-18", + "7cEYSvKZasdfsafsaf4CDVzNT4E7cjkU4Vq", + null, + null), + cc); + + assertNotNull("ZMR response", afterUpdateResultMds); + assertNotNull("ZMR processId", afterUpdateResultMds.getProcessId()); + assertNotNull("ZMR personResult", afterUpdateResultMds.getPersonResult()); + assertEquals("personResult size", 1, afterUpdateResultMds.getPersonResult().size()); + + + // check if ZMR entry can be found by PersonalId + final ZmrRegisterResult afterUpdateResult = client.searchWithPersonIdentifier(null, + personalIdentifier, cc); + + assertNotNull("ZMR response", afterUpdateResult); + assertEquals("personResult size", 1, afterUpdateResult.getPersonResult().size()); + + } + + @Test + public void updateZmrEntryDeSpecific() throws EidasSAuthenticationException { + final String personalIdentifierFirst = "7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"; + final String cc = "DE"; + final SimpleEidasData eidasDataFirst = SimpleEidasData.builder() + .citizenCountryCode(cc) + .familyName("XXXvon Brandenburg") + .givenName("XXXClaus - Maria") + .dateOfBirth("1994-12-31") + .personalIdentifier(cc + "/AT/" + personalIdentifierFirst) + .pseudonym(personalIdentifierFirst) + .placeOfBirth("Hintergigritzpotschn") + .birthName("XXXvon Heuburg") + .build(); + + // first login with update + // get initial result + final ZmrRegisterResult result = client.searchWithMds(null, + eidasDataFirst.getGivenName(), + eidasDataFirst.getFamilyName(), + eidasDataFirst.getDateOfBirth(), + eidasDataFirst.getCitizenCountryCode()); + assertNotNull("ZMR response", result); + assertEquals("personResult size", 1, result.getPersonResult().size()); + + // update ZMR entry + final ZmrRegisterResult updateResult = + client.update(result.getProcessId(), + result.getPersonResult().get(0), + eidasDataFirst); + + assertNotNull("ZMR response", updateResult); + assertEquals("personResult size", 1, updateResult.getPersonResult().size()); + + // check if ZMR entry can be found by first PersonalId + final ZmrRegisterResult firstPersonalIdResult = client.searchWithPersonIdentifier(null, + personalIdentifierFirst, cc); + assertNotNull("ZMR response", firstPersonalIdResult); + assertEquals("first personResult size", 1, firstPersonalIdResult.getPersonResult().size()); + + + // check if ZMR entry is not found by valid pseudonym but wrong country + final ZmrRegisterResult wrongPersonalIdResult = client.searchWithPersonIdentifier(null, + personalIdentifierFirst, "ES"); + assertNotNull("ZMR response", wrongPersonalIdResult); + assertEquals("first personResult size", 0, wrongPersonalIdResult.getPersonResult().size()); + + + // search CC-specific with MDS + placeOfBirth + birthName + final ZmrRegisterResult ccSpecificFirstEntry = client.searchCountrySpecific(null, + generateCustomRequest( + eidasDataFirst.getCitizenCountryCode(), + eidasDataFirst.getFamilyName(), + eidasDataFirst.getGivenName(), + eidasDataFirst.getDateOfBirth(), + null, + eidasDataFirst.getPlaceOfBirth(), + eidasDataFirst.getBirthName()), + cc); + + assertNotNull("ZMR response", ccSpecificFirstEntry); + assertNotNull("ZMR processId", ccSpecificFirstEntry.getProcessId()); + assertNotNull("ZMR personResult", ccSpecificFirstEntry.getPersonResult()); + assertEquals("personResult size", 1, ccSpecificFirstEntry.getPersonResult().size()); + + } + + @Test + public void updateZmrEntryTestIdentity2() throws EidasSAuthenticationException { + final String personalIdentifierFirst = "7cEYSvKZasdfsafsaf4CDVzNT4E7cjkU4Vq_first"; + final String personalIdentifierSecond = "7cEYSvKZasdfsafsaf4CDVzNT4E7cjkU4Vq_second"; + final String cc = "EE"; + + final SimpleEidasData eidasDataFirst = SimpleEidasData.builder() + .citizenCountryCode(cc) + .familyName("XXXTüzekçi") + .givenName("XXXŐzgür") + .dateOfBirth("1983-06-04") + .personalIdentifier(cc + "/AT/" + personalIdentifierFirst) + .pseudonym(personalIdentifierFirst) + .build(); + + final SimpleEidasData eidasDataSecond = SimpleEidasData.builder() + .citizenCountryCode(cc) + .familyName("XXXTüzekçi") + .givenName("XXXŐzgür") + .dateOfBirth("1983-06-04") + .personalIdentifier(cc + "/AT/" + personalIdentifierSecond) + .pseudonym(personalIdentifierSecond) + .build(); + + + // first login with update + // get initial result + final ZmrRegisterResult result = client.searchWithMds(null, + eidasDataFirst.getGivenName(), + eidasDataFirst.getFamilyName(), + eidasDataFirst.getDateOfBirth(), + eidasDataFirst.getCitizenCountryCode()); + assertNotNull("ZMR response", result); + assertEquals("personResult size", 1, result.getPersonResult().size()); + + // update ZMR entry + final ZmrRegisterResult updateResult = + client.update(result.getProcessId(), + result.getPersonResult().get(0), + eidasDataFirst); + + assertNotNull("ZMR response", updateResult); + assertEquals("personResult size", 1, updateResult.getPersonResult().size()); + + + // second login with update + // get initial result + final ZmrRegisterResult resultSecond = client.searchWithMds(null, + eidasDataSecond.getGivenName(), + eidasDataSecond.getFamilyName(), + eidasDataSecond.getDateOfBirth(), + eidasDataSecond.getCitizenCountryCode()); + assertNotNull("ZMR response", resultSecond); + assertEquals("personResult size", 1, resultSecond.getPersonResult().size()); + + // update ZMR entry + final ZmrRegisterResult updateResultSecond = + client.update(resultSecond.getProcessId(), + resultSecond.getPersonResult().get(0), + eidasDataSecond); + + assertNotNull("ZMR response", updateResultSecond); + assertEquals("personResult size", 1, updateResultSecond.getPersonResult().size()); + + + // check if ZMR entry can be found by first PersonalId + final ZmrRegisterResult firstPersonalIdResult = client.searchWithPersonIdentifier(null, + personalIdentifierFirst, cc); + assertNotNull("ZMR response", firstPersonalIdResult); + assertEquals("first personResult size", 1, firstPersonalIdResult.getPersonResult().size()); + + // check if ZMR entry can be found by second PersonalId + final ZmrRegisterResult secondPersonalIdResult = client.searchWithPersonIdentifier(null, + personalIdentifierFirst, cc); + assertNotNull("ZMR response", secondPersonalIdResult); + assertEquals("second personResult size", 1, secondPersonalIdResult.getPersonResult().size()); + + + // search CC-specific with first MDS + final ZmrRegisterResult ccSpecificFirstEntry = client.searchCountrySpecific(null, + generateCustomRequest( + eidasDataFirst.getCitizenCountryCode(), + eidasDataFirst.getFamilyName(), + eidasDataFirst.getGivenName(), + eidasDataFirst.getDateOfBirth(), + eidasDataFirst.getPseudonym(), + null, + null), + cc); + + assertNotNull("ZMR response", ccSpecificFirstEntry); + assertNotNull("ZMR processId", ccSpecificFirstEntry.getProcessId()); + assertNotNull("ZMR personResult", ccSpecificFirstEntry.getPersonResult()); + assertEquals("personResult size", 1, ccSpecificFirstEntry.getPersonResult().size()); + + + // search CC-specific with second MDS + final ZmrRegisterResult ccSpecificSecondEntry = client.searchCountrySpecific(null, + generateCustomRequest( + eidasDataSecond.getCitizenCountryCode(), + eidasDataSecond.getFamilyName(), + eidasDataSecond.getGivenName(), + eidasDataSecond.getDateOfBirth(), + eidasDataSecond.getPseudonym(), + null, + null), + cc); + + assertNotNull("ZMR response", ccSpecificSecondEntry); + assertNotNull("ZMR processId", ccSpecificSecondEntry.getProcessId()); + assertNotNull("ZMR personResult", ccSpecificSecondEntry.getPersonResult()); + assertEquals("personResult size", 1, ccSpecificSecondEntry.getPersonResult().size()); + + + } + + + private PersonSuchenRequest generateCustomRequest(String cc, String familyName, String givenName, + String dateOfBirth, String personalId, String placeOfBirth, String birthName) { + final PersonSuchenRequest req = new PersonSuchenRequest(); + + // set basic MDS information + final NatuerlichePersonTyp searchNatPerson = new NatuerlichePersonTyp(); + req.setNatuerlichePerson(searchNatPerson); + final PersonenNameTyp searchNatPersonName = new PersonenNameTyp(); + searchNatPerson.setPersonenName(searchNatPersonName); + searchNatPersonName.setFamilienname(familyName); + searchNatPersonName.setVorname(givenName); + searchNatPerson.setGeburtsdatum(dateOfBirth); + + // add addtional eIDAS attributes if available + addIfAvailable(req.getEidasSuchdaten(), cc, Constants.eIDAS_ATTRURN_PLACEOFBIRTH, placeOfBirth); + addIfAvailable(req.getEidasSuchdaten(), cc, Constants.eIDAS_ATTRURN_BIRTHNAME, birthName); + addIfAvailable(req.getEidasSuchdaten(), cc, Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER, personalId); + + return req; + + } + + private void addIfAvailable(List<EidasSuchdatenType> eidasSuchdaten, + String cc, String attrName, String attrValue) { + if (StringUtils.isNotEmpty(attrValue)) { + eidasSuchdaten.add(buildEidasSuchData(cc, attrName, attrValue)); + + } + } + + private EidasSuchdatenType buildEidasSuchData(String cc, String attrName, String attrValue) { + final EidasSuchdatenType eidasInfos = new EidasSuchdatenType(); + eidasInfos.setStaatscode2(cc); + eidasInfos.setEidasArt(attrName); + eidasInfos.setEidasWert(attrValue); + return eidasInfos; + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/ZmrClientTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/ZmrClientTest.java new file mode 100644 index 00000000..beedfda0 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/clients/ZmrClientTest.java @@ -0,0 +1,1074 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.clients; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; + +import java.math.BigInteger; +import java.util.Arrays; +import java.util.List; +import java.util.Optional; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; + +import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; +import org.apache.cxf.binding.soap.SoapFault; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.ArgumentCaptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.github.skjolber.mockito.soap.SoapServiceRule; + +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient.ZmrRegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; +import at.gv.bmi.namespace.zmr_su.base._20040201.RequestType; +import at.gv.bmi.namespace.zmr_su.base._20040201.ResponseType; +import at.gv.bmi.namespace.zmr_su.base._20040201_.ServicePort; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasIdentitaetAnlageType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasSuchdatenType; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonAendernRequest; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonensucheInfoType; +import at.gv.e_government.reference.namespace.persondata.de._20040201.NatuerlichePersonTyp; +import at.gv.e_government.reference.namespace.persondata.de._20040201.PersonenNameTyp; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import lombok.SneakyThrows; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" }) +@DirtiesContext(classMode = ClassMode.AFTER_CLASS) +public class ZmrClientTest { + + public static final String PROCESS_GENERAL = "GP_EIDAS"; + public static final String PROCESS_TASK_SEARCH = "ZPR_VO_Person_suchen_Meldevorgang"; + public static final String PROCESS_TASK_UPDATE = "ZPR_VO_Person_aendern"; + + @Autowired + MsConnectorDummyConfigMap basicConfig; + @Autowired + ZmrSoapClient client; + + @Rule + public SoapServiceRule soap = SoapServiceRule.newInstance(); + + private ServicePort zmrMock = null; + + private static JAXBContext jaxbContext; + + /** + * Initialize jUnit class. + */ + @BeforeClass + @SneakyThrows + public static void classInitializer() { + jaxbContext = JAXBContext.newInstance( + at.gv.bmi.namespace.zmr_su.zmr._20040201.ObjectFactory.class, + at.gv.bmi.namespace.zmr_su.gis._20070725.ObjectFactory.class, + at.gv.bmi.namespace.zmr_su.base._20040201.ObjectFactory.class); + } + + /** + * Initialize jUnit test. + */ + @Before + public void initializer() { + if (zmrMock == null) { + zmrMock = soap.mock(ServicePort.class, "http://localhost:1234/demozmr"); + } + } + + @Test + @SneakyThrows + public void searchWithMdsEmpty() { + String familyName = RandomStringUtils.randomAlphabetic(10); + String givenName = RandomStringUtils.randomAlphabetic(10); + String dateOfBirth = RandomStringUtils.randomAlphabetic(10); + final String cc = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + BigInteger processId = new BigInteger(RandomStringUtils.randomNumeric(6)); + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())).thenReturn( + loadResponseFromFile("/data/zmr/empty_zmr_result.xml")); + + // execute operation + ZmrRegisterResult resp = client.searchWithMds(processId, + givenName, familyName, dateOfBirth, cc); + + // validate state + assertNotNull("no ZMR response", resp); + assertEquals("wrong processId", "367100000000079", resp.getProcessId().toString()); + assertEquals("wrong resp size", 0, resp.getPersonResult().size()); + + // validate request + assertEquals("wrong number of req.", 1, zmrReq.getAllValues().size()); + assertNotNull("Personensuche req.", zmrReq.getValue().getPersonSuchenRequest()); + + checkBasicRequestParameters(zmrReq.getValue(), PROCESS_TASK_SEARCH, processId, "jUnit123456"); + PersonSuchenRequest pSuche = zmrReq.getValue().getPersonSuchenRequest(); + checkSearchParameters(pSuche.getPersonensucheInfo()); + + assertEquals("eidas Docs. size", 0, pSuche.getEidasSuchdaten().size()); + assertNotNull("mds", pSuche.getNatuerlichePerson()); + + assertEquals("req. givenName", givenName, pSuche.getNatuerlichePerson().getPersonenName().getVorname()); + assertEquals("req. familyName", familyName, pSuche.getNatuerlichePerson().getPersonenName().getFamilienname()); + assertEquals("req. dateOfBirth", dateOfBirth, pSuche.getNatuerlichePerson().getGeburtsdatum()); + + } + + @Test + @SneakyThrows + public void searchWithMdsGetHistoricInfos() { + String familyName = RandomStringUtils.randomAlphabetic(10); + String givenName = RandomStringUtils.randomAlphabetic(10); + String dateOfBirth = RandomStringUtils.randomAlphabetic(10); + final String cc = "EE"; + + BigInteger processId = new BigInteger(RandomStringUtils.randomNumeric(6)); + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())).thenReturn( + loadResponseFromFile("/data/zmr/search_with_personalId_only_resp_historicIncluded.xml")); + + // execute operation + ZmrRegisterResult resp = client.searchWithMds(processId, + givenName, familyName, dateOfBirth, cc); + + // validate state + assertNotNull("no ZMR response", resp); + assertEquals("wrong processId", "367100000000080", resp.getProcessId().toString()); + assertEquals("wrong resp size", 0, resp.getPersonResult().size()); + + } + + @Test + @SneakyThrows + public void searchWithMdsSuccess() { + String familyName = RandomStringUtils.randomAlphabetic(10); + String givenName = RandomStringUtils.randomAlphabetic(10); + String dateOfBirth = RandomStringUtils.randomAlphabetic(10); + final String cc = "EE"; + + BigInteger processId = new BigInteger(RandomStringUtils.randomNumeric(6)); + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())).thenReturn( + loadResponseFromFile("/data/zmr/search_with_personalId_only_resp_moreThanOne_2.xml")); + + // execute operation + ZmrRegisterResult resp = client.searchWithMds(processId, + givenName, familyName, dateOfBirth, cc); + + // validate state + assertNotNull("no ZMR response", resp); + assertEquals("wrong processId", "367100000000080", resp.getProcessId().toString()); + assertEquals("wrong resp size", 2, resp.getPersonResult().size()); + + // check first person + RegisterResult persInfo = resp.getPersonResult().get(0); + assertEquals("bPK", "9/MtsPZgBHQMBpQOD6aOY2TUqcY=", persInfo.getBpk()); + assertEquals("dateOfBirth", "1983-06-04", persInfo.getDateOfBirth()); + assertEquals("familyName", "XXXTüzekçi", persInfo.getFamilyName()); + assertEquals("givenName", "XXXŐzgür", persInfo.getGivenName()); + assertNull("placeOfBirth", persInfo.getPlaceOfBirth()); + assertNull("birthName", persInfo.getBirthName()); + assertEquals("num. stored eIDAS identifiers", 1, persInfo.getPseudonym().size()); + assertEquals("stored eIDAS identifiers", + "aabbcc_should_not_be_included_for_DE", persInfo.getPseudonym().get(0)); + + // check second person + RegisterResult persInfo2 = resp.getPersonResult().get(1); + assertEquals("bPK", "UgeknNsc26lVuB7U/uYGVmWtnnA=", persInfo2.getBpk()); + assertEquals("dateOfBirth", "1983-06-04", persInfo2.getDateOfBirth()); + assertEquals("familyName", "XXXTüzekçi", persInfo2.getFamilyName()); + assertEquals("givenName", "XXXŐzgür", persInfo2.getGivenName()); + assertEquals("num. stored eIDAS identifiers", 1, persInfo2.getPseudonym().size()); + assertEquals("stored eIDAS identifiers", + "7cEYSvKZasdfsafsaf4CDVzNT4E7cjkU4Vq_first", persInfo2.getPseudonym().get(0)); + + // validate request + assertEquals("wrong number of req.", 1, zmrReq.getAllValues().size()); + assertNotNull("Personensuche req.", zmrReq.getValue().getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getValue(), PROCESS_TASK_SEARCH, processId, "jUnit123456"); + PersonSuchenRequest pSuche = zmrReq.getValue().getPersonSuchenRequest(); + checkSearchParameters(pSuche.getPersonensucheInfo()); + + assertEquals("eidas Docs. size", 0, pSuche.getEidasSuchdaten().size()); + assertNotNull("mds", pSuche.getNatuerlichePerson()); + + assertEquals("req. givenName", givenName, pSuche.getNatuerlichePerson().getPersonenName().getVorname()); + assertEquals("req. familyName", familyName, pSuche.getNatuerlichePerson().getPersonenName().getFamilienname()); + assertEquals("req. dateOfBirth", dateOfBirth, pSuche.getNatuerlichePerson().getGeburtsdatum()); + + } + + //TODO: test does not throw the valid exception to catch the error that we like to test. + @Ignore + @Test + @SneakyThrows + public void searchWithPersonalIdentifierZmrError() { + final String personalIdentifierFirst = RandomStringUtils.randomAlphanumeric(10); + final String cc = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + + // inject response + when(zmrMock.service(any(), any())).thenThrow(injectError(false)); + + // execute operation + EidasSAuthenticationException error = assertThrows("wrong Exception", EidasSAuthenticationException.class, + () -> client.searchWithPersonIdentifier(null, personalIdentifierFirst, cc)); + + assertEquals("wrong errorCode", "module.eidasauth.matching.01", error.getErrorId()); + + } + + @Test + @SneakyThrows + public void searchWithPersonalIdentifierZmrGenericError() { + final String personalIdentifierFirst = RandomStringUtils.randomAlphanumeric(10); + final String cc = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + + // inject response + when(zmrMock.service(any(), any())).thenThrow(injectError(true)); + + // execute operation + EidasSAuthenticationException error = assertThrows("wrong Exception", EidasSAuthenticationException.class, + () -> client.searchWithPersonIdentifier(null, personalIdentifierFirst, cc)); + + assertEquals("wrong errorCode", "module.eidasauth.matching.99", error.getErrorId()); + + } + + @Test + @SneakyThrows + public void searchWithPersonalIdentifierGetHistoricInfos() { + final String personalIdentifierFirst = RandomStringUtils.randomAlphanumeric(10); + final String cc = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())).thenReturn( + loadResponseFromFile("/data/zmr/search_with_personalId_only_resp_historicIncluded.xml")); + + // execute operation + EidasSAuthenticationException error = assertThrows("wrong Exception", EidasSAuthenticationException.class, + () -> client.searchWithPersonIdentifier(null, personalIdentifierFirst, cc)); + + assertEquals("wrong errorCode", "module.eidasauth.matching.99", error.getErrorId()); + assertEquals("wrong errorCode", "module.eidasauth.matching.02", ((EaafException) error.getCause()).getErrorId()); + + } + + @Test + @SneakyThrows + public void searchWithPersonalIdentifierEmptyResult() { + final String personalIdentifierFirst = RandomStringUtils.randomAlphanumeric(10); + final String cc = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())).thenReturn( + loadResponseFromFile("/data/zmr/empty_zmr_result.xml")); + + // execute operation + ZmrRegisterResult resp = client.searchWithPersonIdentifier(null, personalIdentifierFirst, cc); + + // validate state + assertNotNull("no ZMR response", resp); + assertEquals("wrong processId", "367100000000079", resp.getProcessId().toString()); + assertEquals("wrong resp size", 0, resp.getPersonResult().size()); + + // validate request + assertEquals("wrong number of req.", 1, zmrReq.getAllValues().size()); + assertNotNull("Personensuche req.", zmrReq.getValue().getPersonSuchenRequest()); + + checkBasicRequestParameters(zmrReq.getValue(), PROCESS_TASK_SEARCH, null, "jUnit123456"); + PersonSuchenRequest pSuche = zmrReq.getValue().getPersonSuchenRequest(); + checkSearchParameters(pSuche.getPersonensucheInfo()); + + assertEquals("eidas Docs. size", 1, pSuche.getEidasSuchdaten().size()); + checkEidasDocumentResult(pSuche.getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", cc, personalIdentifierFirst); + assertNull("mds", pSuche.getNatuerlichePerson()); + + } + + @Test + @SneakyThrows + public void searchWithPersonalIdentifierMoreThanOneResult() { + final String personalIdentifierFirst = RandomStringUtils.randomAlphanumeric(10); + final String cc = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + + // inject response + when(zmrMock.service(any(), any())).thenReturn( + loadResponseFromFile("/data/zmr/search_with_personalId_only_resp_moreThanOne.xml")); + + // execute operation + WorkflowException error = assertThrows("wrong Exception", WorkflowException.class, + () -> client.searchWithPersonIdentifier(null, personalIdentifierFirst, cc)); + + assertEquals("wrong errorCode", "module.eidasauth.matching.03", error.getErrorId()); + assertEquals("wrong param 1", "Searching PersonIdentifier", error.getParams()[0]); + assertEquals("wrong param 2", "Find more-than-one ZMR entry with search criteria that has to be unique", + error.getParams()[1]); + + } + + @Test + @SneakyThrows + public void searchWithPersonalIdentifierSuccess() { + final String personalIdentifierFirst = "7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"; + final String cc = "DE"; + final SimpleEidasData eidasDataFirst = SimpleEidasData.builder() + .citizenCountryCode(cc) + .familyName("XXXvon Brandenburg") + .givenName("XXXClaus - Maria") + .dateOfBirth("1994-12-31") + .personalIdentifier(cc + "/AT/" + personalIdentifierFirst) + .pseudonym(personalIdentifierFirst) + .build(); + + BigInteger processId = new BigInteger(RandomStringUtils.randomNumeric(6)); + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())).thenReturn( + loadResponseFromFile("/data/zmr/search_with_personalId_only_resp.xml")); + + // execute operation + ZmrRegisterResult resp = client.searchWithPersonIdentifier(processId, + eidasDataFirst.getPseudonym(), eidasDataFirst.getCitizenCountryCode()); + + // validate state + assertNotNull("no ZMR response", resp); + assertEquals("wrong processId", "367100000000079", resp.getProcessId().toString()); + assertEquals("wrong resp size", 1, resp.getPersonResult().size()); + + RegisterResult persInfo = resp.getPersonResult().get(0); + assertEquals("bPK", "UgeknNsc26lVuB7U/uYGVmWtnnA=", persInfo.getBpk()); + assertEquals("dateOfBirth", eidasDataFirst.getDateOfBirth(), persInfo.getDateOfBirth()); + assertEquals("familyName", eidasDataFirst.getFamilyName(), persInfo.getFamilyName()); + assertEquals("givenName", eidasDataFirst.getGivenName(), persInfo.getGivenName()); + assertEquals("placeOfBirth", "Hintergigritzpotschn", persInfo.getPlaceOfBirth()); + assertEquals("birthName", "XXXvon Heuburg", persInfo.getBirthName()); + assertEquals("num. stored eIDAS identifiers", 2, persInfo.getPseudonym().size()); + assertEquals("stored eIDAS identifiers", "7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", + persInfo.getPseudonym().get(0)); + assertEquals("stored eIDAS identifiers", + "7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit_second_one", + persInfo.getPseudonym().get(1)); + + // validate request + assertEquals("wrong number of req.", 1, zmrReq.getAllValues().size()); + assertNotNull("Personensuche req.", zmrReq.getValue().getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getValue(), PROCESS_TASK_SEARCH, processId, "jUnit123456"); + PersonSuchenRequest pSuche = zmrReq.getValue().getPersonSuchenRequest(); + checkSearchParameters(pSuche.getPersonensucheInfo()); + + assertEquals("eidas Docs. size", 1, pSuche.getEidasSuchdaten().size()); + checkEidasDocumentResult(pSuche.getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", cc, personalIdentifierFirst); + assertNull("mds", pSuche.getNatuerlichePerson()); + + } + + @Test + @SneakyThrows + public void searchWithPersonalIdentifierNoBpkZP() { + final String personalIdentifierFirst = "7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"; + final String cc = "DE"; + final SimpleEidasData eidasDataFirst = SimpleEidasData.builder() + .citizenCountryCode(cc) + .familyName("XXXvon Brandenburg") + .givenName("XXXClaus - Maria") + .dateOfBirth("1994-12-31") + .personalIdentifier(cc + "/AT/" + personalIdentifierFirst) + .pseudonym(personalIdentifierFirst) + .build(); + + BigInteger processId = new BigInteger(RandomStringUtils.randomNumeric(6)); + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())).thenReturn( + loadResponseFromFile("/data/zmr/no_bpk_zp.xml")); + + // execute operation + ZmrRegisterResult resp = client.searchWithPersonIdentifier(processId, + eidasDataFirst.getPseudonym(), eidasDataFirst.getCitizenCountryCode()); + + // validate state + assertNotNull("no ZMR response", resp); + assertEquals("wrong processId", "367100000000079", resp.getProcessId().toString()); + assertEquals("wrong resp size", 1, resp.getPersonResult().size()); + + RegisterResult persInfo = resp.getPersonResult().get(0); + assertNull("bPK", persInfo.getBpk()); + assertEquals("dateOfBirth", eidasDataFirst.getDateOfBirth(), persInfo.getDateOfBirth()); + assertEquals("familyName", eidasDataFirst.getFamilyName(), persInfo.getFamilyName()); + assertEquals("givenName", eidasDataFirst.getGivenName(), persInfo.getGivenName()); + assertEquals("placeOfBirth", "Hintergigritzpotschn", persInfo.getPlaceOfBirth()); + assertEquals("birthName", "XXXvon Heuburg", persInfo.getBirthName()); + assertEquals("num. stored eIDAS identifiers", 2, persInfo.getPseudonym().size()); + assertEquals("stored eIDAS identifiers", "7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", + persInfo.getPseudonym().get(0)); + assertEquals("stored eIDAS identifiers", + "7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit_second_one", + persInfo.getPseudonym().get(1)); + + // validate request + assertEquals("wrong number of req.", 1, zmrReq.getAllValues().size()); + assertNotNull("Personensuche req.", zmrReq.getValue().getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getValue(), PROCESS_TASK_SEARCH, processId, "jUnit123456"); + PersonSuchenRequest pSuche = zmrReq.getValue().getPersonSuchenRequest(); + checkSearchParameters(pSuche.getPersonensucheInfo()); + + assertEquals("eidas Docs. size", 1, pSuche.getEidasSuchdaten().size()); + checkEidasDocumentResult(pSuche.getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", cc, personalIdentifierFirst); + assertNull("mds", pSuche.getNatuerlichePerson()); + + } + + @Test + @SneakyThrows + public void searchCcSpecificEmpty() { + BigInteger processId = new BigInteger(RandomStringUtils.randomNumeric(6)); + + final String cc = "DE"; + String familyName = RandomStringUtils.randomAlphabetic(10); + String givenName = RandomStringUtils.randomAlphabetic(10); + String dateOfBirth = RandomStringUtils.randomAlphabetic(10); + String personalIdentifier = RandomStringUtils.randomAlphabetic(10); + String placeOfBirth = RandomStringUtils.randomAlphabetic(10); + String birthName = RandomStringUtils.randomAlphabetic(10); + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())).thenReturn( + loadResponseFromFile("/data/zmr/empty_zmr_result.xml")); + + // execute operation + ZmrRegisterResult resp = client.searchCountrySpecific(processId, + generateCustomRequest(cc, familyName, givenName, dateOfBirth, personalIdentifier, placeOfBirth, birthName), + cc); + + // validate state + assertNotNull("no ZMR response", resp); + assertEquals("wrong processId", "367100000000079", resp.getProcessId().toString()); + assertEquals("wrong resp size", 0, resp.getPersonResult().size()); + + } + + @Test + @SneakyThrows + public void searchCcSpecificMoreThanOneResult() { + BigInteger processId = new BigInteger(RandomStringUtils.randomNumeric(6)); + + final String cc = "DE"; + String familyName = RandomStringUtils.randomAlphabetic(10); + String givenName = RandomStringUtils.randomAlphabetic(10); + String dateOfBirth = RandomStringUtils.randomAlphabetic(10); + String personalIdentifier = RandomStringUtils.randomAlphabetic(10); + String placeOfBirth = RandomStringUtils.randomAlphabetic(10); + String birthName = RandomStringUtils.randomAlphabetic(10); + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())).thenReturn( + loadResponseFromFile("/data/zmr/search_with_personalId_only_resp_moreThanOne.xml")); + + // execute operation + WorkflowException error = assertThrows("wrong Exception", WorkflowException.class, + () -> client.searchCountrySpecific(processId, + generateCustomRequest(cc, familyName, givenName, dateOfBirth, personalIdentifier, placeOfBirth, birthName), + cc)); + + assertEquals("wrong errorCode", "module.eidasauth.matching.03", error.getErrorId()); + assertEquals("wrong param 1", "Searching DE specific", error.getParams()[0]); + assertEquals("wrong param 2", "Find more-than-one ZMR entry with search criteria that has to be unique", + error.getParams()[1]); + + } + + @Test + @SneakyThrows + public void searchCcSpecificSuccess() { + final String personalIdentifierFirst = "7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"; + final String cc = "DE"; + final SimpleEidasData eidasDataFirst = SimpleEidasData.builder() + .citizenCountryCode(cc) + .familyName("XXXvon Brandenburg") + .givenName("XXXClaus - Maria") + .dateOfBirth("1994-12-31") + .personalIdentifier(cc + "/AT/" + personalIdentifierFirst) + .pseudonym(personalIdentifierFirst) + .build(); + + BigInteger processId = new BigInteger(RandomStringUtils.randomNumeric(6)); + + String familyName = RandomStringUtils.randomAlphabetic(10); + String givenName = RandomStringUtils.randomAlphabetic(10); + String dateOfBirth = RandomStringUtils.randomAlphabetic(10); + String personalIdentifier = RandomStringUtils.randomAlphabetic(10); + String placeOfBirth = RandomStringUtils.randomAlphabetic(10); + String birthName = RandomStringUtils.randomAlphabetic(10); + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())).thenReturn( + loadResponseFromFile("/data/zmr/search_with_personalId_only_resp.xml")); + + // execute operation + ZmrRegisterResult resp = client.searchCountrySpecific(processId, + generateCustomRequest(cc, familyName, givenName, dateOfBirth, personalIdentifier, placeOfBirth, birthName), + cc); + + // validate state + assertNotNull("no ZMR response", resp); + assertEquals("wrong processId", "367100000000079", resp.getProcessId().toString()); + assertEquals("wrong resp size", 1, resp.getPersonResult().size()); + + RegisterResult persInfo = resp.getPersonResult().get(0); + assertEquals("bPK", "UgeknNsc26lVuB7U/uYGVmWtnnA=", persInfo.getBpk()); + assertEquals("dateOfBirth", eidasDataFirst.getDateOfBirth(), persInfo.getDateOfBirth()); + assertEquals("familyName", eidasDataFirst.getFamilyName(), persInfo.getFamilyName()); + assertEquals("givenName", eidasDataFirst.getGivenName(), persInfo.getGivenName()); + assertEquals("placeOfBirth", "Hintergigritzpotschn", persInfo.getPlaceOfBirth()); + assertEquals("birthName", "XXXvon Heuburg", persInfo.getBirthName()); + assertEquals("num. stored eIDAS identifiers", 2, persInfo.getPseudonym().size()); + assertEquals("stored eIDAS identifiers", "7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", + persInfo.getPseudonym().get(0)); + assertEquals("stored eIDAS identifiers", + "7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit_second_one", + persInfo.getPseudonym().get(1)); + + // validate request + assertEquals("wrong number of req.", 1, zmrReq.getAllValues().size()); + assertNotNull("Personensuche req.", zmrReq.getValue().getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getValue(), PROCESS_TASK_SEARCH, processId, "jUnit123456"); + PersonSuchenRequest pSuche = zmrReq.getValue().getPersonSuchenRequest(); + checkSearchParameters(pSuche.getPersonensucheInfo()); + + assertEquals("eidas Docs. size", 3, pSuche.getEidasSuchdaten().size()); + checkEidasDocumentResult(pSuche.getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", cc, placeOfBirth); + checkEidasDocumentResult(pSuche.getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/BirthName", cc, birthName); + checkEidasDocumentResult(pSuche.getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", cc, personalIdentifier); + + assertNotNull("mds", pSuche.getNatuerlichePerson()); + assertEquals("req. givenName", givenName, pSuche.getNatuerlichePerson().getPersonenName().getVorname()); + assertEquals("req. familyName", familyName, pSuche.getNatuerlichePerson().getPersonenName().getFamilienname()); + assertEquals("req. dateOfBirth", dateOfBirth, pSuche.getNatuerlichePerson().getGeburtsdatum()); + + } + + @Test + @SneakyThrows + public void updateProcessNoLatestVersionResult() { + BigInteger processId = new BigInteger(RandomStringUtils.randomNumeric(6)); + + final String personalIdentifier = "7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"; + final String cc = "DE"; + final SimpleEidasData eidasData = SimpleEidasData.builder() + .citizenCountryCode(cc) + .familyName("XXXvon Brandenburg") + .givenName("XXXClaus - Maria") + .dateOfBirth("1994-12-31") + .personalIdentifier(cc + "/AT/" + personalIdentifier) + .pseudonym(personalIdentifier) + .birthName("XXXvon Heuburg") + .placeOfBirth("Hintergigritzpotschn") + .build(); + + RegisterResult toUpdate = RegisterResult.builder() + .bpk("UgeknNsc26lVuB7U/uYGVmWtnnA=") + .dateOfBirth("1994-12-31") + .familyName("XXXvon Brandenburg") + .givenName("XXXClaus - Maria") + //.birthName("") + //.placeOfBirth("") + //.pseudonym(Arrays.asList("")) + .build(); + + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/empty_zmr_result.xml")) + .thenThrow(new RuntimeException("Request not needed any more")); + + + // execute operation + WorkflowException error = assertThrows("wrong Exception", WorkflowException.class, + () -> client.update(processId, toUpdate, eidasData)); + + assertEquals("wrong errorCode", "module.eidasauth.matching.03", error.getErrorId()); + assertEquals("wrong param 1", "KITT get-latest-version", error.getParams()[0]); + assertEquals("wrong param 2", "Find NO data-set with already matchted eID during ZMR KITT process", + error.getParams()[1]); + + } + + @Test + @SneakyThrows + public void updateProcessMultiLatestVersionResult() { + BigInteger processId = new BigInteger(RandomStringUtils.randomNumeric(6)); + + final String personalIdentifier = "7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"; + final String cc = "DE"; + final SimpleEidasData eidasData = SimpleEidasData.builder() + .citizenCountryCode(cc) + .familyName("XXXvon Brandenburg") + .givenName("XXXClaus - Maria") + .dateOfBirth("1994-12-31") + .personalIdentifier(cc + "/AT/" + personalIdentifier) + .pseudonym(personalIdentifier) + .birthName("XXXvon Heuburg") + .placeOfBirth("Hintergigritzpotschn") + .build(); + + RegisterResult toUpdate = RegisterResult.builder() + .bpk("UgeknNsc26lVuB7U/uYGVmWtnnA=") + .dateOfBirth("1994-12-31") + .familyName("XXXvon Brandenburg") + .givenName("XXXClaus - Maria") + //.birthName("") + //.placeOfBirth("") + //.pseudonym(Arrays.asList("")) + .build(); + + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/search_with_personalId_only_resp_moreThanOne.xml")) + .thenThrow(new RuntimeException("Request not needed any more")); + + + // execute operation + WorkflowException error = assertThrows("wrong Exception", WorkflowException.class, + () -> client.update(processId, toUpdate, eidasData)); + + assertEquals("wrong errorCode", "module.eidasauth.matching.03", error.getErrorId()); + assertEquals("wrong param 1", "KITT get-latest-version", error.getParams()[0]); + assertEquals("wrong param 2", "Find MORE-THAN-ONE data-sets with already matchted eID during ZMR KITT process", + error.getParams()[1]); + + } + + @Test + @SneakyThrows + public void updateProcessRequired() { + BigInteger processId = new BigInteger(RandomStringUtils.randomNumeric(6)); + + final String personalIdentifier = "7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"; + final String cc = "DE"; + final SimpleEidasData eidasData = SimpleEidasData.builder() + .citizenCountryCode(cc) + .familyName("XXXvon Brandenburg") + .givenName("XXXClaus - Maria") + .dateOfBirth("1994-12-31") + .personalIdentifier(cc + "/AT/" + personalIdentifier) + .pseudonym(personalIdentifier) + .birthName("XXXvon Heuburg") + .placeOfBirth("Hintergigritzpotschn") + .build(); + + RegisterResult toUpdate = RegisterResult.builder() + .bpk("UgeknNsc26lVuB7U/uYGVmWtnnA=") + .dateOfBirth("1994-12-31") + .familyName("XXXvon Brandenburg") + .givenName("XXXClaus - Maria") + //.birthName("") + //.placeOfBirth("") + //.pseudonym(Arrays.asList("")) + .build(); + + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/seq_1-4_kitt_get_latest_version_resp.xml")) + .thenReturn(loadResponseFromFile("/data/zmr/seq_1-6_kitt_update_resp.xml")) + .thenThrow(new RuntimeException("Request not needed any more")); + + + // execute operation + ZmrRegisterResult resp = client.update(processId, toUpdate, eidasData); + + // validate request + assertEquals("wrong number of req.", 2, zmrReq.getAllValues().size()); + + // check get laterst version request + RequestType firstReq = zmrReq.getAllValues().get(0); + assertNotNull("1 req.", firstReq.getPersonSuchenRequest()); + checkBasicRequestParameters(firstReq , PROCESS_TASK_SEARCH, processId, "jUnit123456"); + PersonSuchenRequest pSuche = firstReq .getPersonSuchenRequest(); + checkSearchParameters(pSuche.getPersonensucheInfo()); + assertNull("1 req. ZMR Zahl", pSuche.getZMRZahl()); + assertEquals("1 req. identifier size", 1, + pSuche.getNatuerlichePerson().getIdentification().size()); + assertEquals("1 req. givenName", toUpdate.getBpk(), + pSuche.getNatuerlichePerson().getIdentification().get(0).getValue()); + assertEquals("1 req. givenName", "urn:publicid:gv.at:cdid+ZP", + pSuche.getNatuerlichePerson().getIdentification().get(0).getType()); + assertNotNull("1 mds", pSuche.getNatuerlichePerson()); + assertEquals("1 req. givenName", toUpdate.getGivenName(), + pSuche.getNatuerlichePerson().getPersonenName().getVorname()); + assertEquals("1 req. familyName", toUpdate.getFamilyName(), + pSuche.getNatuerlichePerson().getPersonenName().getFamilienname()); + assertEquals("1 req. dateOfBirth", toUpdate.getDateOfBirth(), + pSuche.getNatuerlichePerson().getGeburtsdatum()); + + + // check update request + RequestType secondReq = zmrReq.getAllValues().get(1); + assertNotNull("2 req.", secondReq.getPersonAendernRequest()); + checkBasicRequestParameters(secondReq , PROCESS_TASK_UPDATE, processId, "jUnit123456"); + PersonAendernRequest secondpSuche = secondReq.getPersonAendernRequest(); + + assertEquals("2 req. ZMR Zahl", "000430320173", secondpSuche.getPersonReferenz().getZMRZahl()); + assertEquals("2 req. tech. Ref. value", "44453600000000697", + secondpSuche.getPersonReferenz().getTechnisch().getEntityID()); + assertEquals("2 req. tech. Ref. date", "2020-02-05T13:07:06.311", + secondpSuche.getPersonReferenz().getTechnisch().getLetzteAenderung().toString()); + + assertEquals("eidas Docs. size", 3, secondpSuche.getEidasIdentitaetAnlage().size()); + checkEidasDocumentAdd(secondpSuche.getEidasIdentitaetAnlage(), + "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", cc, eidasData.getPlaceOfBirth()); + checkEidasDocumentAdd(secondpSuche.getEidasIdentitaetAnlage(), + "http://eidas.europa.eu/attributes/naturalperson/BirthName", cc, eidasData.getBirthName()); + checkEidasDocumentAdd(secondpSuche.getEidasIdentitaetAnlage(), + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", cc, eidasData.getPseudonym()); + + + // validate state + assertNotNull("no ZMR response", resp); + assertEquals("wrong processId", "366200000000082", resp.getProcessId().toString()); + assertEquals("wrong resp size", 1, resp.getPersonResult().size()); + + } + + @Test + @SneakyThrows + public void updateProcessNoUpdateRequired() { + BigInteger processId = new BigInteger(RandomStringUtils.randomNumeric(6)); + + final String personalIdentifier = "7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"; + final String cc = "DE"; + final SimpleEidasData eidasData = SimpleEidasData.builder() + .citizenCountryCode(cc) + .familyName("XXXvon Brandenburg") + .givenName("XXXClaus - Maria") + .dateOfBirth("1994-12-31") + .personalIdentifier(cc + "/AT/" + personalIdentifier) + .pseudonym(personalIdentifier) + .birthName("XXXvon Heuburg") + .placeOfBirth("Hintergigritzpotschn") + .build(); + + RegisterResult toUpdate = RegisterResult.builder() + .bpk("UgeknNsc26lVuB7U/uYGVmWtnnA=") + .dateOfBirth("1994-12-31") + .familyName("XXXvon Brandenburg") + .givenName("XXXClaus - Maria") + .birthName("XXXvon Heuburg") + .placeOfBirth("Hintergigritzpotschn") + .pseudonym(Arrays.asList(personalIdentifier)) + .build(); + + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/seq_1-8_search_with_personalId_only_resp.xml")) + .thenThrow(new RuntimeException("Request not needed any more")); + + + // execute operation + ZmrRegisterResult resp = client.update(processId, toUpdate, eidasData); + + // validate request + assertEquals("wrong number of req.", 1, zmrReq.getAllValues().size()); + + // check get laterst version request + RequestType firstReq = zmrReq.getAllValues().get(0); + assertNotNull("1 req.", firstReq.getPersonSuchenRequest()); + checkBasicRequestParameters(firstReq , PROCESS_TASK_SEARCH, processId, "jUnit123456"); + PersonSuchenRequest pSuche = firstReq .getPersonSuchenRequest(); + checkSearchParameters(pSuche.getPersonensucheInfo()); + assertNull("1 req. ZMR Zahl", pSuche.getZMRZahl()); + assertEquals("1 req. identifier size", 1, + pSuche.getNatuerlichePerson().getIdentification().size()); + assertEquals("1 req. givenName", toUpdate.getBpk(), + pSuche.getNatuerlichePerson().getIdentification().get(0).getValue()); + assertEquals("1 req. givenName", "urn:publicid:gv.at:cdid+ZP", + pSuche.getNatuerlichePerson().getIdentification().get(0).getType()); + assertNotNull("1 mds", pSuche.getNatuerlichePerson()); + assertEquals("1 req. givenName", toUpdate.getGivenName(), + pSuche.getNatuerlichePerson().getPersonenName().getVorname()); + assertEquals("1 req. familyName", toUpdate.getFamilyName(), + pSuche.getNatuerlichePerson().getPersonenName().getFamilienname()); + assertEquals("1 req. dateOfBirth", toUpdate.getDateOfBirth(), + pSuche.getNatuerlichePerson().getGeburtsdatum()); + + + // validate state + assertNotNull("no ZMR response", resp); + assertEquals("wrong processId", processId.toString(), resp.getProcessId().toString()); + assertEquals("wrong resp size", 1, resp.getPersonResult().size()); + + } + + @Test + @SneakyThrows + public void updateProcessSomeSpecialCases() { + BigInteger processId = new BigInteger(RandomStringUtils.randomNumeric(6)); + + final String personalIdentifier = RandomStringUtils.randomAlphanumeric(10); + final String cc = "DE"; + final SimpleEidasData eidasData = SimpleEidasData.builder() + .citizenCountryCode(cc) + .familyName("XXXvon Brandenburg") + .givenName("XXXClaus - Maria") + .dateOfBirth("1994-12-31") + .personalIdentifier(cc + "/AT/" + personalIdentifier) + .pseudonym(personalIdentifier) + .birthName("") //empty addr. values should be ignored + .placeOfBirth(RandomStringUtils.randomAlphabetic(10)) //should be ignored because it was already set for DE + .build(); + + RegisterResult toUpdate = RegisterResult.builder() + .bpk("UgeknNsc26lVuB7U/uYGVmWtnnA=") + .dateOfBirth("1994-12-31") + .familyName("XXXvon Brandenburg") + .givenName("XXXClaus - Maria") + .birthName("XXXvon Heuburg") + .placeOfBirth("Hintergigritzpotschn") + .pseudonym(Arrays.asList("7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit")) + .build(); + + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/seq_1-8_search_with_personalId_only_resp.xml")) + .thenReturn(loadResponseFromFile("/data/zmr/seq_1-6_kitt_update_resp.xml")) + .thenThrow(new RuntimeException("Request not needed any more")); + + + // execute operation + ZmrRegisterResult resp = client.update(processId, toUpdate, eidasData); + + // validate request + assertEquals("wrong number of req.", 2, zmrReq.getAllValues().size()); + + // check get latest version request + RequestType firstReq = zmrReq.getAllValues().get(0); + assertNotNull("1 req.", firstReq.getPersonSuchenRequest()); + checkBasicRequestParameters(firstReq , PROCESS_TASK_SEARCH, processId, "jUnit123456"); + PersonSuchenRequest pSuche = firstReq .getPersonSuchenRequest(); + checkSearchParameters(pSuche.getPersonensucheInfo()); + assertNull("1 req. ZMR Zahl", pSuche.getZMRZahl()); + assertEquals("1 req. identifier size", 1, + pSuche.getNatuerlichePerson().getIdentification().size()); + assertEquals("1 req. givenName", toUpdate.getBpk(), + pSuche.getNatuerlichePerson().getIdentification().get(0).getValue()); + assertEquals("1 req. givenName", "urn:publicid:gv.at:cdid+ZP", + pSuche.getNatuerlichePerson().getIdentification().get(0).getType()); + assertNotNull("1 mds", pSuche.getNatuerlichePerson()); + assertEquals("1 req. givenName", toUpdate.getGivenName(), + pSuche.getNatuerlichePerson().getPersonenName().getVorname()); + assertEquals("1 req. familyName", toUpdate.getFamilyName(), + pSuche.getNatuerlichePerson().getPersonenName().getFamilienname()); + assertEquals("1 req. dateOfBirth", toUpdate.getDateOfBirth(), + pSuche.getNatuerlichePerson().getGeburtsdatum()); + + // check update request + RequestType secondReq = zmrReq.getAllValues().get(1); + assertNotNull("2 req.", secondReq.getPersonAendernRequest()); + checkBasicRequestParameters(secondReq , PROCESS_TASK_UPDATE, processId, "jUnit123456"); + PersonAendernRequest secondpSuche = secondReq.getPersonAendernRequest(); + + assertEquals("2 req. ZMR Zahl", "000430320173", secondpSuche.getPersonReferenz().getZMRZahl()); + assertEquals("2 req. tech. Ref. value", "44453600000000697", + secondpSuche.getPersonReferenz().getTechnisch().getEntityID()); + assertEquals("2 req. tech. Ref. date", "2020-02-05T13:07:06.311", + secondpSuche.getPersonReferenz().getTechnisch().getLetzteAenderung().toString()); + + + // only one attribute for update because birthname is empty and placeOfBirth was already set for DE + assertEquals("eidas Docs. size", 1, secondpSuche.getEidasIdentitaetAnlage().size()); + checkEidasDocumentAdd(secondpSuche.getEidasIdentitaetAnlage(), + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", cc, eidasData.getPseudonym()); + + + // validate state + assertNotNull("no ZMR response", resp); + assertEquals("wrong processId", "366200000000082", resp.getProcessId().toString()); + assertEquals("wrong resp size", 1, resp.getPersonResult().size()); + + } + + + private PersonSuchenRequest generateCustomRequest(String cc, String familyName, String givenName, + String dateOfBirth, String personalId, String placeOfBirth, String birthName) { + final PersonSuchenRequest req = new PersonSuchenRequest(); + + // set basic MDS information + final NatuerlichePersonTyp searchNatPerson = new NatuerlichePersonTyp(); + req.setNatuerlichePerson(searchNatPerson); + final PersonenNameTyp searchNatPersonName = new PersonenNameTyp(); + searchNatPerson.setPersonenName(searchNatPersonName); + searchNatPersonName.setFamilienname(familyName); + searchNatPersonName.setVorname(givenName); + searchNatPerson.setGeburtsdatum(dateOfBirth); + + // add addtional eIDAS attributes if available + addIfAvailable(req.getEidasSuchdaten(), cc, Constants.eIDAS_ATTRURN_PLACEOFBIRTH, placeOfBirth); + addIfAvailable(req.getEidasSuchdaten(), cc, Constants.eIDAS_ATTRURN_BIRTHNAME, birthName); + addIfAvailable(req.getEidasSuchdaten(), cc, Constants.eIDAS_ATTRURN_PERSONALIDENTIFIER, personalId); + + return req; + + } + + private void addIfAvailable(List<EidasSuchdatenType> eidasSuchdaten, + String cc, String attrName, String attrValue) { + if (StringUtils.isNotEmpty(attrValue)) { + eidasSuchdaten.add(buildEidasSuchData(cc, attrName, attrValue)); + + } + } + + private EidasSuchdatenType buildEidasSuchData(String cc, String attrName, String attrValue) { + final EidasSuchdatenType eidasInfos = new EidasSuchdatenType(); + eidasInfos.setStaatscode2(cc); + eidasInfos.setEidasArt(attrName); + eidasInfos.setEidasWert(attrValue); + return eidasInfos; + + } + + private void checkSearchParameters(PersonensucheInfoType toCheck) { + assertTrue("searchWithHistory flag", toCheck.getSuchkriterien().isInclusivHistorie()); + assertFalse("withERsB flag", toCheck.getSuchkriterien().isInclusivERnP()); + assertFalse("formalisiert flag", toCheck.getSuchkriterien().isFormalisiert()); + assertFalse("resultWithHistory flag", toCheck.getErgebniskriterien().isInclusivHistorie()); + + } + + private void checkEidasDocumentResult(List<EidasSuchdatenType> list, String type, String cc, String value) { + Optional<EidasSuchdatenType> eidasDoc = list.stream() + .filter(el -> type.equals(el.getEidasArt())) + .findFirst(); + + assertTrue("eidas doc: " + type, eidasDoc.isPresent()); + assertEquals("eIDAS docType", type, eidasDoc.get().getEidasArt()); + assertEquals("eIDAS docValue", value, eidasDoc.get().getEidasWert()); + assertEquals("eIDAS docCC", cc, eidasDoc.get().getStaatscode2()); + + } + + private void checkEidasDocumentAdd(List<EidasIdentitaetAnlageType> list, String type, String cc, + String value) { + Optional<EidasIdentitaetAnlageType> eidasDoc = list.stream() + .filter(el -> type.equals(el.getEidasArt())) + .findFirst(); + + assertTrue("eidas doc: " + type, eidasDoc.isPresent()); + assertEquals("eIDAS docType", type, eidasDoc.get().getEidasArt()); + assertEquals("eIDAS docValue", value, eidasDoc.get().getEidasWert()); + assertEquals("eIDAS docCC", cc, eidasDoc.get().getStaatscode2()); + + } + + private void checkBasicRequestParameters(RequestType requestType, String vorgangName, BigInteger processId, + String behoerdennummer) { + assertNotNull("no workflow infos", requestType.getWorkflowInfoClient()); + assertEquals("processName", PROCESS_GENERAL, requestType.getWorkflowInfoClient().getProzessName()); + assertEquals("vorgangsName", vorgangName, requestType.getWorkflowInfoClient().getVorgangName()); + + if (processId != null) { + assertEquals("processId", processId, requestType.getWorkflowInfoClient().getProzessInstanzID()); + } else { + assertNull("processId", requestType.getWorkflowInfoClient().getProzessInstanzID()); + } + + assertNotNull("no client infos", requestType.getClientInfo()); + assertEquals("behoerdennummer", behoerdennummer, requestType.getClientInfo().getOrganisation() + .getBehoerdenNr()); + } + + private ResponseType loadResponseFromFile(String filepath) throws JAXBException { + final Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); + JAXBElement<?> resp = (JAXBElement<?>) unmarshaller.unmarshal(ZmrClientTest.class.getResourceAsStream( + filepath)); + return (ResponseType) resp.getValue(); + + } + + private Throwable injectError(boolean isGeneric) { + javax.xml.namespace.QName qName; + if (isGeneric) { + qName = new javax.xml.namespace.QName("urn:SZRServices", "F455", "p344"); + + } else { + qName = new javax.xml.namespace.QName("http://bmi.gv.at/namespace/zmr-su/base/20040201#", "ServiceFault", "zmr"); + + } + final SoapFault fault = new SoapFault( + "The travel document you sent to insert a person already exists for another person. " + "Either check the document or have the person altered accordingly", + qName); + fault.setRole("zmr:ServiceFault"); + return fault; + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/config/EidasConnectorMessageSourceTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/config/EidasConnectorMessageSourceTest.java new file mode 100644 index 00000000..1f96b25c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/config/EidasConnectorMessageSourceTest.java @@ -0,0 +1,43 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.config; + +import java.util.List; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml"}) +@DirtiesContext +public class EidasConnectorMessageSourceTest { + + @Autowired + private ResourceLoader loader; + @Autowired(required = false) + private List<IMessageSourceLocation> messageSources; + + @Test + public void checkMessageSources() { + Assert.assertNotNull("No messageSource", messageSources); + + for (final IMessageSourceLocation messageSource : messageSources) { + Assert.assertNotNull("No sourcePath", messageSource.getMessageSourceLocation()); + + for (final String el : messageSource.getMessageSourceLocation()) { + final Resource messages = loader.getResource(el + ".properties"); + Assert.assertTrue("Source not exist", messages.exists()); + + } + } + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyAuthConfigMap.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyAuthConfigMap.java new file mode 100644 index 00000000..ba531029 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyAuthConfigMap.java @@ -0,0 +1,144 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy; + +import java.io.IOException; +import java.io.InputStream; +import java.net.URI; +import java.net.URL; +import java.util.HashMap; +import java.util.Map; +import java.util.Properties; + +import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +import org.apache.commons.lang3.StringUtils; + +/** + * Dummy Application-configuration implementation for jUnit tests. + * + * @author tlenz + * + */ +public class DummyAuthConfigMap implements IConfigurationWithSP { + + private Map<String, String> config = new HashMap<>(); + + /** + * Empty Dummy Application-configuration. + * + */ + public DummyAuthConfigMap() { + + } + + /** + * Dummy Application-configuration. + * + * @param configIs Property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final InputStream configIs) throws IOException { + + final Properties props = new Properties(); + props.load(configIs); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + /** + * Dummy Application-configuration. + * + * @param path Path to property based configuration + * @throws IOException In case of an configuration read error + */ + public DummyAuthConfigMap(final String path) throws IOException { + + final Properties props = new Properties(); + props.load(this.getClass().getResourceAsStream(path)); + + config = KeyValueUtils.convertPropertiesToMap(props); + + } + + + @Override + public String getBasicConfiguration(final String key) { + return config.get(key); + + } + + @Override + public String getBasicConfiguration(final String key, final String defaultValue) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return defaultValue; + } else { + return value; + } + + } + + @Override + public boolean getBasicConfigurationBoolean(final String key) { + final String value = getBasicConfiguration(key); + if (StringUtils.isEmpty(value)) { + return false; + } else { + return Boolean.valueOf(value); + } + } + + @Override + public boolean getBasicConfigurationBoolean(final String key, final boolean defaultValue) { + return Boolean.parseBoolean(getBasicConfiguration(key, String.valueOf(defaultValue))); + + } + + @Override + public Map<String, String> getBasicConfigurationWithPrefix(final String prefix) { + return KeyValueUtils.getSubSetWithPrefix(config, prefix); + + } + + @Override + public ISpConfiguration getServiceProviderConfiguration(final String uniqueID) + throws EaafConfigurationException { + return null; + } + + @Override + public <T> T getServiceProviderConfiguration(final String spIdentifier, final Class<T> decorator) + throws EaafConfigurationException { + return null; + } + + @Override + public URI getConfigurationRootDirectory() { + return new java.io.File(".").toURI(); + + } + + @Override + public String validateIdpUrl(final URL authReqUrl) throws EaafException { + return authReqUrl.toString(); + } + + public void putConfigValue(final String key, final String value) { + config.put(key, value); + } + + public void removeConfigValue(final String key) { + config.remove(key); + + } + + public void removeAll() { + config.clear(); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyOA.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyOA.java new file mode 100644 index 00000000..074dd0bb --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyOA.java @@ -0,0 +1,304 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Set; + +import org.apache.commons.lang3.StringUtils; + +import at.gv.egiz.eaaf.core.impl.builder.BpkBuilder; +import at.gv.egiz.eaaf.core.impl.data.Pair; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import lombok.Getter; +import lombok.Setter; + +public class DummyOA implements IAhSpConfiguration { + + private static final long serialVersionUID = 1L; + private String uniqueAppId = null; + private String targetIdentifier = null; + private String friendlyName = null; + private String cc = "AT"; + private final Map<String, String> config = new HashMap<>(); + private final List<Pair<String, String>> reqAttributes = new ArrayList<>(); + + private boolean mandateEnabled = false; + private boolean onlyMandateEnabled = false; + private String mandateProfilesCsv; + + private boolean eidasEnabled = false; + + private boolean testCredentialEnabled = true; + private String additionalBpkTargetCsv; + private List<Pair<String, String>> additionalEncBpkTargets; + + @Setter + private boolean restricted = true; + + @Setter + private long latestVdaAuthentication = 60 * 365 * 5; + + @Getter + @Setter + private boolean publicServiceProvider; + + @Getter + @Setter + private boolean multiMandateEnabled; + + @Setter + private String bmiUniqueIdentifier; + + @Override + public Map<String, String> getFullConfiguration() { + return this.config; + } + + @Override + public String getConfigurationValue(final String key) { + return this.config.get(key); + } + + @Override + public String getConfigurationValue(final String key, final String defaultValue) { + if (StringUtils.isNotEmpty(getConfigurationValue(key))) { + return getConfigurationValue(key); + } else { + return defaultValue; + } + } + + @Override + public boolean isConfigurationValue(final String key) { + if (StringUtils.isNotEmpty(getConfigurationValue(key))) { + return Boolean.parseBoolean(getConfigurationValue(key)); + } else { + return false; + } + + } + + @Override + public boolean isConfigurationValue(final String key, final boolean defaultValue) { + return Boolean.parseBoolean(getConfigurationValue(key, String.valueOf(defaultValue))); + + } + + @Override + public boolean containsConfigurationKey(final String key) { + return this.config.containsKey(key); + } + + @Override + public String getUniqueIdentifier() { + return this.uniqueAppId; + } + + @Override + public String getUniqueApplicationRegisterIdentifier() { + return this.bmiUniqueIdentifier; + + } + + @Override + public String getFriendlyName() { + return this.friendlyName; + } + + @Override + public boolean hasBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return false; + } + + @Override + public boolean hasBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return false; + } + + @Override + public Set<String> getTargetsWithNoBaseIdInternalProcessingRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public Set<String> getTargetsWithNoBaseIdTransferRestriction() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<String> getRequiredLoA() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getLoAMatchingMode() { + // TODO Auto-generated method stub + return null; + } + + @Override + public String getAreaSpecificTargetIdentifier() { + return this.targetIdentifier; + } + + @Override + public boolean isTestCredentialEnabled() { + return this.testCredentialEnabled; + } + + @Override + public List<String> getTestCredentialOids() { + // TODO Auto-generated method stub + return null; + } + + @Override + public List<Pair<String, String>> getRequiredAttributes() { + return this.reqAttributes; + + } + + public void setUniqueAppId(final String uniqueAppId) { + this.uniqueAppId = uniqueAppId; + } + + @Override + public String getCountryCode() { + return cc; + } + + @Override + public void setCountryCode(final String cc) { + this.cc = cc; + + } + + public void setTargetIdentifier(final String targetIdentifier) { + this.targetIdentifier = BpkBuilder.normalizeBpkTargetIdentifierToCommonFormat(targetIdentifier); + + } + + public void setFriendlyName(final String friendlyName) { + this.friendlyName = friendlyName; + } + + public void putGenericConfigurationKey(final String key, final String value) { + this.config.put(key, value); + + } + + public void addRequiredAttribute(final String attrUri) { + this.reqAttributes.add(Pair.newInstance(attrUri, null)); + + } + + public void removeRequiredAttribute(final String attrUri) { + for (final Pair<String, String> el : reqAttributes) { + if (el.getFirst().equals(attrUri)) { + reqAttributes.remove(el); + break; + + } + + + } + } + + public void addRequiredAttribute(final String attrUri, String param) { + this.reqAttributes.add(Pair.newInstance(attrUri, param)); + + } + + @Override + public boolean isMandateEnabled() { + return this.mandateEnabled; + } + + @Override + public boolean isOnlyMandateEnabled() { + return this.onlyMandateEnabled; + + } + + @Override + public List<String> getMandateProfiles() { + return KeyValueUtils.getListOfCsvValues(mandateProfilesCsv); + } + + @Override + public List<String> getAdditionalBpkTargets() { + return KeyValueUtils.getListOfCsvValues(additionalBpkTargetCsv); + + } + + @Override + public List<Pair<String, String>> getAdditionalForeignBpkTargets() { + if (additionalEncBpkTargets == null) { + return Collections.emptyList(); + + } else { + return additionalEncBpkTargets; + + } + } + + @Override + public long lastVdaAuthenticationDelay() { + return latestVdaAuthentication; + + } + + @Override + public boolean isRestrictedServiceProvider() { + return this.restricted; + } + + + public void setMandateEnabled(final boolean mandateEnabled) { + this.mandateEnabled = mandateEnabled; + } + + public void setOnlyMandateEnabled(final boolean onlyMandateEnabled) { + this.onlyMandateEnabled = onlyMandateEnabled; + } + + public void setMandateProfilesCsv(final String mandateProfilesCsv) { + this.mandateProfilesCsv = mandateProfilesCsv; + } + + public void setTestCredentialEnabled(final boolean testCredentialEnabled) { + this.testCredentialEnabled = testCredentialEnabled; + } + + public void setAdditionalBpkTargetCsv(String additionalBpkTargetCsv) { + this.additionalBpkTargetCsv = additionalBpkTargetCsv; + } + + public void setAdditionalEncBpkTargets(List<Pair<String, String>> additionalEncBpkTargets) { + this.additionalEncBpkTargets = additionalEncBpkTargets; + } + + @Override + public boolean isEnabled() { + return true; + } + + @Override + public boolean isEidasEnabled() { + return this.eidasEnabled; + + } + + public void setEidasEnabled(boolean eidasEnabled) { + this.eidasEnabled = eidasEnabled; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyPendingRequest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyPendingRequest.java new file mode 100644 index 00000000..9a91ecbd --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/DummyPendingRequest.java @@ -0,0 +1,8 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy; + +import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl; + +public class DummyPendingRequest extends RequestImpl { + private static final long serialVersionUID = 8136280395622411505L; +} + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/IAhSpConfiguration.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/IAhSpConfiguration.java new file mode 100644 index 00000000..13d61f15 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/dummy/IAhSpConfiguration.java @@ -0,0 +1,152 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy; + +import java.util.List; + +import javax.annotation.Nonnull; +import javax.annotation.Nullable; + +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.impl.data.Pair; + +public interface IAhSpConfiguration extends ISpConfiguration { + + + /** + * Flag if this Service Provider is enabled. + * + * @return true if the SP is enabled, otherwise false + */ + boolean isEnabled(); + + /** + * Get unique identifier that is used in Application-Register from BM.I. + * + * <p>If no BM.I specific identifier is available then this method returns + * the same identifier as <code>getUniqueIdentifier()</code></p> + * + * @return unique identifier from BM.I AppReg, or generic uniqueId of no specific exists + */ + String getUniqueApplicationRegisterIdentifier(); + + /** + * Flag that marks this Service-Provider as <i>public</i> or <i>private</i>. + * + * <p><b>Default:</b> If it is not set or has an unknown value, its <i>private</i> by default</p> + * + * @return <code>true</code> if it is from <i>public</i>, otherwise <code>false</code> + */ + boolean isPublicServiceProvider(); + + /** + * Enable test identities for this Service Provider. + * + * @return true if test identities are allowed, otherwise false + */ + boolean isTestCredentialEnabled(); + + /** + * Get a List of OID's that refine the set of allowed test identities. + * + * @return @link {@link List} of test-identity OID's + */ + @Nullable + List<String> getTestCredentialOids(); + + + /** + * Get a List of unique attribute URI's that are required by this SP. + * + * @return {@link List} of attribute URI's / parameter {@link Pair}s + */ + List<Pair<String, String>> getRequiredAttributes(); + + + /** + * Get the CountryCode for this service. <br> + * <br> + * <b>Default:</b> AT + * + * @return + */ + String getCountryCode(); + + /** + * Set the CountryCode for this service. If not countryCode is set, AT is used as default. + * + * @param cc Service-Provider country-code + */ + void setCountryCode(String cc); + + /** + * Enable mandates for this service provider. + * + * @return <code>true</code> if mandates are enabled, otherwise <code>false</code> + */ + boolean isMandateEnabled(); + + /** + * Enables multi-mandates for this service-provider. + * + * @return <code>true</code> if multi-mandates are enabled, otherwise <code>false</code> + */ + boolean isMultiMandateEnabled(); + + /** + * Only mandates are allowed for this service provider. + * + * @return <code>true</code> if only mandates are allowed, otherwise <code>false</code> + */ + boolean isOnlyMandateEnabled(); + + /** + * Get a {@link List} of mandate profiles that are supported by this Service provider. + * + * @return + */ + @Nonnull List<String> getMandateProfiles(); + + + /** + * eIDAS authentication allowed flag. + * + * @return <code>true</code> if eIDAS authentication is enabled, otherwise <code>false</code> + */ + boolean isEidasEnabled(); + + /** + * Get a List of targets for additional bPKs that are required by this service provider. + * + * @return List of prefixed bPK targets + */ + @Nonnull List<String> getAdditionalBpkTargets(); + + /** + * Get a list of foreign bPK targets that are required by this service provider. + * + * @return List of pairs with prefixed bPK targets as first element and VKZ as second element + */ + @Nonnull List<Pair<String, String>> getAdditionalForeignBpkTargets(); + + /** + * Flag that indicates that service-provider as restricted or unrestricted. + * + * <p>A restricted service-provider can only used by test-identities that contains a + * valid application-restriction in User-Certificate Pinning</p> + * + * <p><b>Default:</b> true</p> + * + * @return <code>true</code> if it is restricted, otherwise <code>false</code> + */ + boolean isRestrictedServiceProvider(); + + +/** + * Defines the time in minutes how long the last VDA registration h@Override + ave passed as maximum. + * + * @return time in minutes + */ +long lastVdaAuthenticationDelay(); + +} + diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/handler/DeSpecificDetailSearchProcessorTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/handler/DeSpecificDetailSearchProcessorTest.java new file mode 100644 index 00000000..21c9fd80 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/handler/DeSpecificDetailSearchProcessorTest.java @@ -0,0 +1,105 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.handler; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.DeSpecificDetailSearchProcessor; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; + +@RunWith(BlockJUnit4ClassRunner.class) +public class DeSpecificDetailSearchProcessorTest { + + private DeSpecificDetailSearchProcessor handler = new DeSpecificDetailSearchProcessor(); + + @Test + public void checkName() { + assertEquals("wrong handler name", "DeSpecificDetailSearchProcessor", handler.getName()); + + } + + @Test + public void canHandlerCheck_1() { + SimpleEidasData eidData = SimpleEidasData.builder() + .birthName(RandomStringUtils.randomAlphabetic(5)) + .placeOfBirth(RandomStringUtils.randomAlphabetic(5)) + .build(); + assertFalse("wrong 'canHandle' flag", handler.canHandle("XX", eidData)); + + } + + @Test + public void canHandlerCheck_2() { + SimpleEidasData eidData = SimpleEidasData.builder() + .birthName(RandomStringUtils.randomAlphabetic(5)) + .placeOfBirth(RandomStringUtils.randomAlphabetic(5)) + .build(); + assertTrue("wrong 'canHandle' flag", handler.canHandle("DE", eidData)); + + } + + @Test + public void canHandlerCheck_3() { + SimpleEidasData eidData = SimpleEidasData.builder() + .birthName(RandomStringUtils.randomAlphabetic(5)) + .placeOfBirth(RandomStringUtils.randomAlphabetic(5)) + .build(); + assertTrue("wrong 'canHandle' flag", handler.canHandle("de", eidData)); + + } + + @Test + public void canHandlerCheck_4() { + SimpleEidasData eidData = SimpleEidasData.builder() + .birthName(null) + .placeOfBirth(RandomStringUtils.randomAlphabetic(5)) + .build(); + assertFalse("wrong 'canHandle' flag", handler.canHandle("DE", eidData)); + + } + + @Test + public void canHandlerCheck_5() { + SimpleEidasData eidData = SimpleEidasData.builder() + .birthName(RandomStringUtils.randomAlphabetic(5)) + .placeOfBirth(null) + .build(); + assertFalse("wrong 'canHandle' flag", handler.canHandle("DE", eidData)); + + } + + @Test + public void generateZmrSearchRequest() { + SimpleEidasData eidData = SimpleEidasData.builder() + .citizenCountryCode("DE") + .givenName(RandomStringUtils.randomAlphabetic(5)) + .familyName(RandomStringUtils.randomAlphabetic(5)) + .dateOfBirth(RandomStringUtils.randomAlphabetic(5)) + .birthName(RandomStringUtils.randomAlphabetic(5)) + .placeOfBirth(RandomStringUtils.randomAlphabetic(5)) + .build(); + + // perform operation + PersonSuchenRequest req = handler.generateSearchRequest(eidData); + + //validate response + assertNotNull("no search request", req); + assertNotNull("no MDS", req.getNatuerlichePerson()); + assertNotNull("no MDS PersonName", req.getNatuerlichePerson().getPersonenName()); + assertEquals("familyName", eidData.getFamilyName(), req.getNatuerlichePerson().getPersonenName().getFamilienname()); + assertEquals("givenName", eidData.getGivenName(), req.getNatuerlichePerson().getPersonenName().getVorname()); + assertEquals("birthday", eidData.getDateOfBirth(), req.getNatuerlichePerson().getGeburtsdatum()); + + assertNotNull("no eIDAS documenst", req.getEidasSuchdaten()); + //TODO: add validation if we can add more than one eIDAS document + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/handler/ItSpecificDetailSearchProcessorTes.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/handler/ItSpecificDetailSearchProcessorTes.java new file mode 100644 index 00000000..9b638ee5 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/handler/ItSpecificDetailSearchProcessorTes.java @@ -0,0 +1,84 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.handler; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.ItSpecificDetailSearchProcessor; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; + +@RunWith(BlockJUnit4ClassRunner.class) +public class ItSpecificDetailSearchProcessorTes { + + private ItSpecificDetailSearchProcessor handler = new ItSpecificDetailSearchProcessor(); + + @Test + public void checkName() { + assertEquals("wrong handler name", "ItSpecificDetailSearchProcessor", handler.getName()); + + } + + @Test + public void canHandlerCheck_1() { + SimpleEidasData eidData = SimpleEidasData.builder() + .taxNumber(RandomStringUtils.randomAlphabetic(5)) + .build(); + assertFalse("wrong 'canHandle' flag", handler.canHandle("XX", eidData)); + + } + + @Test + public void canHandlerCheck_2() { + SimpleEidasData eidData = SimpleEidasData.builder() + .taxNumber(RandomStringUtils.randomAlphabetic(5)) + .build(); + assertTrue("wrong 'canHandle' flag", handler.canHandle("IT", eidData)); + + } + + @Test + public void canHandlerCheck_3() { + SimpleEidasData eidData = SimpleEidasData.builder() + .taxNumber(RandomStringUtils.randomAlphabetic(5)) + .build(); + assertTrue("wrong 'canHandle' flag", handler.canHandle("it", eidData)); + + } + + @Test + public void canHandlerCheck_4() { + SimpleEidasData eidData = SimpleEidasData.builder() + .taxNumber("") + .build(); + assertFalse("wrong 'canHandle' flag", handler.canHandle("IT", eidData)); + + } + + @Test + public void generateZmrSearchRequest() { + SimpleEidasData eidData = SimpleEidasData.builder() + .citizenCountryCode("IT") + .givenName(RandomStringUtils.randomAlphabetic(5)) + .familyName(RandomStringUtils.randomAlphabetic(5)) + .dateOfBirth(RandomStringUtils.randomAlphabetic(5)) + .taxNumber(RandomStringUtils.randomAlphabetic(5)) + .build(); + + // perform operation + PersonSuchenRequest req = handler.generateSearchRequest(eidData); + + //validate response + assertNotNull("no search request", req); + + //TODO: add validation if we can add more information about taxNumber from Italy + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaAuthSignalControllerTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaAuthSignalControllerTest.java new file mode 100644 index 00000000..cddcd11c --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaAuthSignalControllerTest.java @@ -0,0 +1,197 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.SerializationUtils; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller.IdAustriaClientAuthSignalController; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyProtocolAuthService; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.spring.test.DummyTransactionStorage.DummyDbEntry; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +public class IdAustriaAuthSignalControllerTest { + + @Autowired(required = true) + private IdAustriaClientAuthSignalController controller; + @Autowired(required = true) + private ITransactionStorage cache; + @Autowired(required = true) + private IPendingRequestIdGenerationStrategy pendingReqGeneration; + @Autowired(required = true) + private IRequestStorage reqStorage; + @Autowired(required = true) + private IConfiguration basicConfig; + @Autowired private ITransactionStorage transactionStorage; + + @Autowired private DummyProtocolAuthService protAuthService; + + @Test + public void noRelayState() throws IOException, EaafException { + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/authhandler"); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performAuthentication(httpReq, httpResp); + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + + } + + @Test + public void validRelayStateNoPendingReqId() throws EaafException, IOException { + final String pendingReqId = pendingReqGeneration.generateExternalPendingRequestId(); + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.addParameter(IdAustriaClientAuthSignalController.HTTP_PARAM_RELAYSTATE, pendingReqId); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performAuthentication(httpReq, httpResp); + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + //TODO: + Assert.assertEquals("ErrorCode not match", "auth.26", + ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId()); + + } + + @Test + public void validRelayStateSuspectPendingReqId() throws EaafException, IOException { + String relayState = RandomStringUtils.randomAlphanumeric(10); + transactionStorage.put(relayState, false, -1); + + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.addParameter(IdAustriaClientAuthSignalController.HTTP_PARAM_RELAYSTATE, relayState); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performAuthentication(httpReq, httpResp); + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + //TODO: + Assert.assertEquals("ErrorCode not match", "auth.26", + ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId()); + + Assert.assertNull("RelayState was not removed", transactionStorage.get(relayState)); + + } + + @Test + public void validRelayStateNoPendingReq() throws EaafException, IOException { + final String pendingReqId = pendingReqGeneration.generateExternalPendingRequestId(); + String relayState = RandomStringUtils.randomAlphanumeric(10); + transactionStorage.put(relayState, pendingReqId, -1); + + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.addParameter(IdAustriaClientAuthSignalController.HTTP_PARAM_RELAYSTATE, relayState); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performAuthentication(httpReq, httpResp); + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + Assert.assertEquals("ErrorCode not match", "auth.28", + ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId()); + + Assert.assertNull("RelayState was not removed", transactionStorage.get(relayState)); + + } + + @Test + public void validRelayStateWithPendingReq() throws EaafException, IOException { + final String pendingReqId = pendingReqGeneration.generateExternalPendingRequestId(); + + String relayState = RandomStringUtils.randomAlphanumeric(10); + transactionStorage.put(relayState, pendingReqId, -1); + + final TestRequestImpl pendingReq = new TestRequestImpl(); + pendingReq.setPendingReqId(pendingReqId); + pendingReq.setAuthUrl("http://localhost/idp"); + final Map<String, String> spConfigMap = new HashMap<>(); + spConfigMap.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "http://test.sp"); + final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, basicConfig); + pendingReq.setSpConfig(spConfig); + reqStorage.storePendingRequest(pendingReq); + + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.addParameter(IdAustriaClientAuthSignalController.HTTP_PARAM_RELAYSTATE, relayState); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performAuthentication(httpReq, httpResp); + + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + Assert.assertEquals("ErrorCode not match", + "PendingRequest object is not of type 'RequestImpl.class'", + ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId()); + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java new file mode 100644 index 00000000..90e1b169 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthHealthCheckTest.java @@ -0,0 +1,130 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; + +import java.time.Instant; +import java.time.temporal.ChronoUnit; + +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.actuate.health.Health; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.w3c.dom.Element; + +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthHealthCheck; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import net.shibboleth.utilities.java.support.resolver.ResolverException; +import net.shibboleth.utilities.java.support.xml.SerializeSupport; +import net.shibboleth.utilities.java.support.xml.XMLParserException; +import okhttp3.HttpUrl; +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +public class IdAustriaClientAuthHealthCheckTest { + + @Autowired private IdAustriaClientAuthHealthCheck toCheck; + @Autowired protected MsConnectorDummyConfigMap config; + @Autowired private IPvp2CredentialProvider credentialProvider; + @Autowired IdAustriaClientAuthMetadataProvider provider; + + private static MockWebServer mockWebServer; + private static HttpUrl mockServerUrl; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void classInitializer() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/metadata"); + + } + + @Test + public void notActive() { + //set-up test + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + null); + + //perform check + Health status = toCheck.health(); + + //evaluate status + Assert.assertEquals("wrong status", Health.unknown().build().getStatus(), status.getStatus()); + + } + + @Test + public void success() throws SamlSigningException, CredentialsNotAvailableException, + XMLParserException, UnmarshallingException, MarshallingException { + + //set-up test + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + mockServerUrl.url().toString()); + injectValidHttpMetadata(mockServerUrl.url().toString()); + + //perform check + Health status = toCheck.health(); + + //evaluate status + Assert.assertEquals("wrong status", Health.up().build().getStatus(), status.getStatus()); + + } + + @Test + public void invalid() throws SamlSigningException, CredentialsNotAvailableException, + XMLParserException, UnmarshallingException, MarshallingException, ResolverException { + //set-up test + provider.clear(); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + "http://localhost:1234/junit/metadata"); + + //perform check + Health status = toCheck.health(); + + //evaluate status + Assert.assertEquals("wrong status", Health.outOfService().build().getStatus(), status.getStatus()); + + } + + private String injectValidHttpMetadata(String dynEntityId) throws XMLParserException, + UnmarshallingException, MarshallingException, SamlSigningException, CredentialsNotAvailableException { + final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + IdAustriaClientAuthHealthCheckTest.class.getResourceAsStream("/data/idp_metadata_no_sig.xml")); + metadata.setValidUntil(Instant.now().plus(1, ChronoUnit.DAYS)); + metadata.setSignature(null); + metadata.setEntityID(dynEntityId); + Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); + final Element metadataElement = XMLObjectSupport.marshall(metadata); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(SerializeSupport.nodeToString(metadataElement)) + .setHeader("Content-Type", "text/html;charset=utf-8")); + return dynEntityId; + +} + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java new file mode 100644 index 00000000..095a020a --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataControllerTest.java @@ -0,0 +1,136 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.UnsupportedEncodingException; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.metadata.resolver.filter.FilterException; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilterContext; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml.saml2.metadata.SPSSODescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.controller.IdAustriaClientAuthMetadataController; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; +import net.shibboleth.utilities.java.support.xml.XMLParserException; + + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +@DirtiesContext(classMode = DirtiesContext.ClassMode.AFTER_CLASS) +public class IdAustriaClientAuthMetadataControllerTest { + + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + + @Autowired private IdAustriaClientAuthMetadataController controller; + @Autowired private IdAustriaClientAuthCredentialProvider credProvider; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void initialize() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * Single jUnit-test set-up. + */ + @Before + public void testSetup() { + httpReq = new MockHttpServletRequest("GET", "http://localhost/authhandler"); + httpReq.setContextPath("/authhandler"); + httpResp = new MockHttpServletResponse(); + + } + + @Test + public void buildMetadataValidInEidMode() throws IOException, EaafException, + XMLParserException, UnmarshallingException, FilterException { + + //build metdata + controller.getSpMetadata(httpReq, httpResp); + + //check result + validateResponse(7); + + } + + private void validateResponse(int numberOfRequestedAttributes) throws UnsupportedEncodingException, + XMLParserException, UnmarshallingException, FilterException, CredentialsNotAvailableException { + Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus()); + Assert.assertEquals("ContentType", "text/xml; charset=utf-8", httpResp.getContentType()); + Assert.assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding()); + + final String metadataXml = httpResp.getContentAsString(); + Assert.assertNotNull("XML Metadata", metadataXml); + + final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(metadataXml.getBytes("UTF-8"))); + + Assert.assertEquals("EntityId", + "http://localhost/authhandler" + IdAustriaClientAuthConstants.ENDPOINT_METADATA, + metadata.getEntityID()); + + MetadataFilterContext filterContext = new MetadataFilterContext(); + + //check XML scheme + final SchemaValidationFilter schemaFilter = new SchemaValidationFilter(); + schemaFilter.filter(metadata, filterContext); + + //check signature + final SimpleMetadataSignatureVerificationFilter sigFilter = + new SimpleMetadataSignatureVerificationFilter(credProvider.getKeyStore().getFirst(), + metadata.getEntityID()); + sigFilter.filter(metadata, filterContext); + + //check content + final SPSSODescriptor spSsoDesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + Assert.assertNotNull("SPSSODescr.", spSsoDesc); + + Assert.assertFalse("AssertionConsumerServices", + spSsoDesc.getAssertionConsumerServices().isEmpty()); + + Assert.assertFalse("KeyDescriptors", + spSsoDesc.getKeyDescriptors().isEmpty()); + Assert.assertEquals("#KeyDescriptors", 2, spSsoDesc.getKeyDescriptors().size()); + + Assert.assertFalse("NameIDFormats", + spSsoDesc.getNameIDFormats().isEmpty()); + Assert.assertEquals("wrong NameIDFormats", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + spSsoDesc.getNameIDFormats().get(0).getURI()); + + Assert.assertFalse("AttributeConsumingServices", + spSsoDesc.getAttributeConsumingServices().isEmpty()); + Assert.assertEquals("#RequestAttributes", numberOfRequestedAttributes, + spSsoDesc.getAttributeConsumingServices().get(0).getRequestedAttributes().size()); + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java new file mode 100644 index 00000000..c4dd5d2e --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderFirstTest.java @@ -0,0 +1,239 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; + +import java.io.IOException; +import java.time.Instant; +import java.time.temporal.ChronoUnit; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.criterion.EntityIdCriterion; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.w3c.dom.Element; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest; +import net.shibboleth.utilities.java.support.resolver.CriteriaSet; +import net.shibboleth.utilities.java.support.resolver.ResolverException; +import net.shibboleth.utilities.java.support.xml.SerializeSupport; +import net.shibboleth.utilities.java.support.xml.XMLParserException; +import okhttp3.HttpUrl; +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +public class IdAustriaClientAuthMetadataProviderFirstTest { + + @Autowired + IPvp2CredentialProvider credentialProvider; + @Autowired + IdAustriaClientAuthMetadataProvider provider; + @Autowired + PvpMetadataResolverFactory resolverFactory; + + private static MockWebServer mockWebServer; + private static HttpUrl mockServerUrl; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void classInitializer() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/metadata"); + + } + + /** + * jUnit test set-up. + * + * @throws ResolverException + * + */ + @Before + public void testSetup() { + provider.fullyDestroy(); + + } + + @Test + public void simpleManuelAddingTest() throws Pvp2MetadataException, ResolverException { + final IPvp2MetadataProvider resolver1 = resolverFactory.createMetadataProvider( + "classpath:/data/idp_metadata_sig_notvalid.xml", + null, "junit", null); + Assert.assertNotNull("Resolver 1 is null", resolver1); + provider.addMetadataResolverIntoChain(resolver1); + + final IPvp2MetadataProvider resolver2 = resolverFactory.createMetadataProvider( + "classpath:/data/idp_metadata_sig_valid_wrong_alg.xml", + null, "junit", null); + Assert.assertNotNull("Resolver 2 is null", resolver2); + provider.addMetadataResolverIntoChain(resolver2); + + final EntityDescriptor entity1 = provider.getEntityDescriptor("https://localEntity"); + Assert.assertNotNull("Entity 1 not found", entity1); + + final EntityDescriptor entity2 = provider.getEntityDescriptor( + "https://vidp.gv.at/ms_connector/pvp/metadata"); + Assert.assertNotNull("Entity 2 not found", entity2); + + final EntityDescriptor entity3 = provider.getEntityDescriptor("https://egiz.gv.at/abababa"); + Assert.assertNull("Entity 3 found", entity3); + + } + + @Test + public void dynamicLoadingNoValidSignature() throws ResolverException { + final EntityDescriptor entity = provider.getEntityDescriptor("classpath:/data/idp_metadata_no_sig2.xml"); + Assert.assertNull("Entity found", entity); + + } + + @Test + public void dynamicLoadingValidSignature() throws XMLParserException, UnmarshallingException, + SamlSigningException, CredentialsNotAvailableException, MarshallingException, ResolverException { + + final String entityId = injectValidHttpMetadata(); + final EntityDescriptor entity = provider.getEntityDescriptor(entityId); + Assert.assertNotNull("Entity not found", entity); + + } + + @Test + public void reloadNotPossible() throws XMLParserException, UnmarshallingException, + SamlSigningException, CredentialsNotAvailableException, MarshallingException, ResolverException { + + final String entityId = injectValidHttpMetadata(); + final EntityDescriptor entity = provider.getEntityDescriptor(entityId); + Assert.assertNotNull("Entity not found", entity); + Assert.assertNotNull("Entity not found", + provider.resolveSingle(generateEntityIdCreteria(entityId))); + + Assert.assertFalse("Refresh should not be possible", + provider.refreshMetadataProvider(entityId)); + + final EntityDescriptor entity2 = provider.getEntityDescriptor(entityId); + Assert.assertNull("Entity not found", entity2); + Assert.assertNull("Entity not found", + provider.resolveSingle(generateEntityIdCreteria(entityId))); + + Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess()); + + } + + @Test + public void refeshTest() throws Pvp2MetadataException, ResolverException { + Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess()); + Assert.assertNull("LastRefresh", provider.getLastRefresh()); + Assert.assertNull("LastSuccessfulRefresh", provider.getLastSuccessfulRefresh()); + Assert.assertNull("LastUpdate", provider.getLastUpdate()); + + final IPvp2MetadataProvider resolver1 = resolverFactory.createMetadataProvider( + "classpath:/data/idp_metadata_sig_notvalid.xml", + null, "junit", null); + Assert.assertNotNull("Resolver 1 is null", resolver1); + provider.addMetadataResolverIntoChain(resolver1); + + final IPvp2MetadataProvider resolver2 = resolverFactory.createMetadataProvider( + "classpath:/data/idp_metadata_sig_valid_wrong_alg.xml", + null, "junit", null); + Assert.assertNotNull("Resolver 2 is null", resolver2); + provider.addMetadataResolverIntoChain(resolver2); + + provider.refresh(); + + Assert.assertTrue("Last refresh", provider.wasLastRefreshSuccess()); + Assert.assertNotNull("LastRefresh", provider.getLastRefresh()); + Assert.assertNotNull("LastSuccessfulRefresh", provider.getLastSuccessfulRefresh()); + Assert.assertNotNull("LastUpdate", provider.getLastUpdate()); + + } + + @Test + public void reloadPossible() throws XMLParserException, UnmarshallingException, + SamlSigningException, CredentialsNotAvailableException, MarshallingException, ResolverException, + IOException { + + mockWebServer.shutdown(); + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/metadata"); + + final String entityId = injectValidHttpMetadata(); + final EntityDescriptor entity = provider.getEntityDescriptor(entityId); + Assert.assertNotNull("Entity not found", entity); + Assert.assertNotNull("Entity not found", + provider.resolveSingle(generateEntityIdCreteria(entityId))); + + Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess()); + + injectValidHttpMetadata(entityId); + Assert.assertTrue("Refresh should not be possible", + provider.refreshMetadataProvider(entityId)); + + final EntityDescriptor entity2 = provider.getEntityDescriptor(entityId); + Assert.assertNotNull("Entity not found", entity2); + Assert.assertNotNull("Entity not found", + provider.resolveSingle(generateEntityIdCreteria(entityId))); + + Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess()); + + } + + private String injectValidHttpMetadata() throws SamlSigningException, CredentialsNotAvailableException, + XMLParserException, UnmarshallingException, MarshallingException { + return injectValidHttpMetadata(mockServerUrl.url().toString() + + "/" + RandomStringUtils.randomAlphabetic(5)); + } + + private String injectValidHttpMetadata(String dynEntityId) throws XMLParserException, + UnmarshallingException, + MarshallingException, SamlSigningException, CredentialsNotAvailableException { + final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + MetadataResolverTest.class.getResourceAsStream("/data/idp_metadata_no_sig.xml")); + metadata.setValidUntil(Instant.now().plus(1, ChronoUnit.DAYS)); + metadata.setSignature(null); + metadata.setEntityID(dynEntityId); + Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); + final Element metadataElement = XMLObjectSupport.marshall(metadata); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(SerializeSupport.nodeToString(metadataElement)) + .setHeader("Content-Type", "text/html;charset=utf-8")); + + return dynEntityId; + + } + + private CriteriaSet generateEntityIdCreteria(String entityId) { + final CriteriaSet result = new CriteriaSet(); + result.add(new EntityIdCriterion(entityId)); + return result; + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderSecondTest.java new file mode 100644 index 00000000..3ee6ddcd --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientAuthMetadataProviderSecondTest.java @@ -0,0 +1,66 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import net.shibboleth.utilities.java.support.resolver.ResolverException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +public class IdAustriaClientAuthMetadataProviderSecondTest { + + @Autowired + IdAustriaClientAuthMetadataProvider provider; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void classInitializer() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * jUnit test set-up. + * + * @throws ResolverException + * + */ + @Before + public void testSetup() { + provider.fullyDestroy(); + + } + + @Test + public void notTrustedX509CertsInTrustStore() throws ResolverException { + final EntityDescriptor entity = provider.getEntityDescriptor("classpath:/data/idp_metadata_no_sig2.xml"); + Assert.assertNull("Entity found", entity); + + } + + @Test + public void readStaticInfos() { + Assert.assertEquals("wrong providerId", + IdAustriaClientAuthMetadataProvider.PROVIDER_ID, provider.getId()); + + provider.runGarbageCollector(); + + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientCredentialProviderTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientCredentialProviderTest.java new file mode 100644 index 00000000..3e37e1a6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/idaustriaclient/IdAustriaClientCredentialProviderTest.java @@ -0,0 +1,414 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.idaustriaclient; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.common.base.Optional; +import com.google.common.base.Predicates; +import com.google.common.base.Throwables; +import com.google.common.collect.FluentIterable; + +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_basic_lazy.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +@DirtiesContext +public class IdAustriaClientCredentialProviderTest { + + private static final String PATH_JKS = "../keystore/junit_test.jks"; + private static final String ALIAS_METADATA = "meta"; + private static final String ALIAS_SIGN = "sig"; + private static final String ALIAS_ENC = "enc"; + private static final String PASSWORD = "password"; + + @Autowired + private ApplicationContext context; + @Autowired(required = true) + protected MsConnectorDummyConfigMap config; + + /** + * jUnit test initializer. + */ + @Before + public void initialize() { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH, PATH_JKS); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD, PASSWORD); + + config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS); + config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD); + + config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS); + config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD); + + config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS); + config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD); + + } + + @Test + @DirtiesContext + public void noKeyStoreUrl() { + config.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH); + try { + context.getBean(IdAustriaClientAuthCredentialProvider.class); + Assert.fail("No KeyStore not detected"); + + } catch (final BeansException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, + e.getCause(), "Wrong exception"); + } + + } + + @Test + @DirtiesContext + public void noKeyStore() { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH, + "src/test/resources/config/notExist.p12"); + try { + context.getBean(IdAustriaClientAuthCredentialProvider.class); + Assert.fail("No KeyStore not detected"); + + } catch (final BeansException e) { + final Optional<Throwable> eaafException = FluentIterable.from( + Throwables.getCausalChain(e)).filter( + Predicates.instanceOf(EaafConfigurationException.class)).first(); + Assert.assertTrue("Wrong exception", eaafException.isPresent()); + Assert.assertEquals("Wrong errorId", "internal.keystore.06", + ((EaafException) eaafException.get()).getErrorId()); + + } + + } + + @Test + @DirtiesContext + public void noWrongKeyStorePassword() { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PASSWORD, "test"); + try { + context.getBean(IdAustriaClientAuthCredentialProvider.class); + Assert.fail("No KeyStore not detected"); + + } catch (final BeansException e) { + final Optional<Throwable> eaafException = FluentIterable.from( + Throwables.getCausalChain(e)).filter( + Predicates.instanceOf(EaafFactoryException.class)).first(); + Assert.assertTrue("Wrong exception", eaafException.isPresent()); + Assert.assertEquals("Wrong errorId", "internal.keystore.06", + ((EaafException) eaafException.get()).getErrorId()); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationWrongAlias() { + final IdAustriaClientAuthCredentialProvider credential = context.getBean( + IdAustriaClientAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageEncryptionCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationWrongPassword() { + final IdAustriaClientAuthCredentialProvider credential = context.getBean( + IdAustriaClientAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageSigningCredential(); + Assert.fail("No message signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); + Assert.assertNull("No encryption signing credentials not detected", encCred); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationValidAliasWrongPassword() { + final IdAustriaClientAuthCredentialProvider credential = context.getBean( + IdAustriaClientAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS, + ALIAS_METADATA); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, + ALIAS_SIGN); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS, + ALIAS_ENC); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageEncryptionCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + } + + @Test + @DirtiesContext + public void notKeyConfigurationWrongAliasValidPassword() { + final IdAustriaClientAuthCredentialProvider credential = context.getBean( + IdAustriaClientAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD, + PASSWORD); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD, + PASSWORD); + credential.getMessageSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD, + PASSWORD); + credential.getMessageEncryptionCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + } + + @Test + @DirtiesContext + public void validonfiguration() throws CredentialsNotAvailableException { + final IdAustriaClientAuthCredentialProvider credential = context.getBean( + IdAustriaClientAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS, + ALIAS_METADATA); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD, + PASSWORD); + credential.getMetaDataSigningCredential(); + + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, + ALIAS_SIGN); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD, + PASSWORD); + credential.getMessageSigningCredential(); + + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS, + ALIAS_ENC); + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD, + PASSWORD); + credential.getMessageEncryptionCredential(); + + } + + @Test + @DirtiesContext + public void notKeyConfiguration() { + final IdAustriaClientAuthCredentialProvider credential = context.getBean( + IdAustriaClientAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + credential.getMessageSigningCredential(); + Assert.fail("No message signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); + Assert.assertNull("No encryption signing credentials not detected", encCred); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationPkcs12() { + config.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_KEYSTORE_PATH, + "../keystore/pvp.p12"); + final IdAustriaClientAuthCredentialProvider credential = context.getBean( + IdAustriaClientAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + credential.getMessageSigningCredential(); + Assert.fail("No message signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); + Assert.assertNull("No encryption signing credentials not detected", encCred); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java new file mode 100644 index 00000000..63266cf6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/AlternativeSearchTaskWithRegisterTest.java @@ -0,0 +1,975 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; + +import java.math.BigInteger; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import java.util.Map; +import java.util.Optional; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import javax.xml.namespace.QName; + +import org.apache.commons.lang3.RandomStringUtils; +import org.jetbrains.annotations.NotNull; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.ArgumentCaptor; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import com.github.skjolber.mockito.soap.SoapServiceRule; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.IZmrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient.ZmrRegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.AlternativeSearchTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.clients.ZmrClientTest; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; +import at.gv.bmi.namespace.zmr_su.base._20040201.RequestType; +import at.gv.bmi.namespace.zmr_su.base._20040201.ResponseType; +import at.gv.bmi.namespace.zmr_su.base._20040201_.ServicePort; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.EidasSuchdatenType; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.attribute.PersonType; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; +import lombok.SneakyThrows; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml", + "/SpringTest-context_ccSearchProcessor_test.xml" +}) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class AlternativeSearchTaskWithRegisterTest { + + @Rule + public SoapServiceRule soap = SoapServiceRule.newInstance(); + + @Mock private IErnpClient ernpClient; + + @Autowired private IZmrClient zmrClient; + @Autowired private List<CountrySpecificDetailSearchProcessor> handlers; + private RegisterSearchService registerSearchService; + + private ServicePort zmrMock = null; + + private final ICcSpecificEidProcessingService eidPostProcessor = createEidPostProcessor(); + private AlternativeSearchTask task; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private TestRequestImpl pendingReq; + private static JAXBContext jaxbContext; + + + /** + * Initialize jUnit class. + */ + @BeforeClass + @SneakyThrows + public static void classInitializer() { + jaxbContext = JAXBContext.newInstance( + at.gv.bmi.namespace.zmr_su.zmr._20040201.ObjectFactory.class, + at.gv.bmi.namespace.zmr_su.gis._20070725.ObjectFactory.class, + at.gv.bmi.namespace.zmr_su.base._20040201.ObjectFactory.class); + } + + + /** + * jUnit test set-up. + */ + @Before + public void setUp() throws URISyntaxException, EaafStorageException { + if (zmrMock == null) { + zmrMock = soap.mock(ServicePort.class, "http://localhost:1234/demozmr"); + + } + + registerSearchService = new RegisterSearchService(handlers, zmrClient, ernpClient); + task = new AlternativeSearchTask(registerSearchService, eidPostProcessor); + + MockHttpServletRequest httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + MockHttpServletResponse httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + pendingReq = new TestRequestImpl(); + + } + + + @Test + @SneakyThrows + public void missingStateInfoFirstEidasData() { + // inject matching intermediate state + RegisterStatusResults matchingState = new RegisterStatusResults(null, + Arrays.asList(RegisterResult.builder() + .bpk("") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .pseudonym(Arrays.asList("7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit")) + .build()), + Collections.emptyList()); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, matchingState ); + + //inject alternative eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, + buildDummyAuthResponse("XXXKlaus - Maria", "XXXvon Brandenburg", + "DE/AT/7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", "1994-12-31")); + + + // execute task + TaskExecutionException exception = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + // validate state + assertTrue("Wrong exception", (exception.getOriginalException() instanceof WorkflowException)); + assertEquals("wrong errorparam 1", "step11", ((EaafException) exception.getOriginalException()).getParams()[0]); + assertTrue("Wrong flag 'step11'", + ((WorkflowException) exception.getOriginalException()).isRequiresManualFix()); + assertEquals("wrong errorparam 1", "No initial eIDAS authn data", + ((EaafException) exception.getOriginalException()).getParams()[1]); + + + } + + @Test + @SneakyThrows + public void missingStateInfoIntermediateMatchingState() { + //inject initial eIDAS data + MatchingTaskUtils.storeInitialEidasData(pendingReq, SimpleEidasData.builder() + .personalIdentifier("DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .pseudonym("cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .build()); + + //inject alternative eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, + buildDummyAuthResponse("XXXKlaus - Maria", "XXXvon Brandenburg", + "DE/AT/7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", "1994-12-31")); + + + // execute task + TaskExecutionException exception = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + // validate state + assertTrue("Wrong exception", (exception.getOriginalException() instanceof WorkflowException)); + assertEquals("wrong errorparam 1", "step11", ((EaafException) exception.getOriginalException()).getParams()[0]); + assertTrue("Wrong flag 'step11'", + ((WorkflowException) exception.getOriginalException()).isRequiresManualFix()); + assertEquals("wrong errorparam 1", "No intermediate matching-state", + ((EaafException) exception.getOriginalException()).getParams()[1]); + + } + + @Test + @SneakyThrows + public void countryCodeNotMatch() { + //inject initial eIDAS data + MatchingTaskUtils.storeInitialEidasData(pendingReq, SimpleEidasData.builder() + .personalIdentifier("DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .pseudonym("cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .citizenCountryCode("DE") + .build()); + + // inject matching intermediate state + RegisterStatusResults matchingState = new RegisterStatusResults(null, + Arrays.asList(RegisterResult.builder() + .bpk("") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .pseudonym(Arrays.asList("7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit")) + .build()), + Collections.emptyList()); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, matchingState ); + + //inject alternative eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, + buildDummyAuthResponse("XXXKlaus - Maria", "XXXvon Brandenburg", + "EE/AT/7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", "1994-12-31")); + + + // execute task + TaskExecutionException exception = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + // validate state + assertTrue("Wrong exception", (exception.getOriginalException() instanceof WorkflowException)); + assertEquals("wrong errorparam 1", "step11", ((EaafException) exception.getOriginalException()).getParams()[0]); + assertTrue("Wrong flag 'step11'", + ((WorkflowException) exception.getOriginalException()).isRequiresManualFix()); + assertEquals("wrong errorparam 1", "Country Code of alternative eIDAS authn not matching", + ((EaafException) exception.getOriginalException()).getParams()[1]); + + } + + @Test + @SneakyThrows + public void mdsNoMatch() { + //inject initial eIDAS data + MatchingTaskUtils.storeInitialEidasData(pendingReq, SimpleEidasData.builder() + .personalIdentifier("DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .pseudonym("cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .citizenCountryCode("DE") + .build()); + + // inject matching intermediate state + RegisterStatusResults matchingState = new RegisterStatusResults(null, + Arrays.asList(RegisterResult.builder() + .bpk("") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .pseudonym(Arrays.asList("7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit")) + .build()), + Collections.emptyList()); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, matchingState ); + + //inject alternative eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, + buildDummyAuthResponse("XXXClaus - Maria", "XXXvon Brandenburg", + "DE/AT/7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", "1995-12-31")); + + + // execute task + TaskExecutionException exception = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + // validate state + assertTrue("Wrong exception", (exception.getOriginalException() instanceof WorkflowException)); + assertEquals("wrong errorparam 1", "step11", ((EaafException) exception.getOriginalException()).getParams()[0]); + assertTrue("Wrong flag 'step11'", + ((WorkflowException) exception.getOriginalException()).isRequiresManualFix()); + assertEquals("wrong errorparam 1", "MDS of alternative eIDAS authn does not match initial authn", + ((EaafException) exception.getOriginalException()).getParams()[1]); + + } + + @Test + @SneakyThrows + public void seachPersonalIdMoreThanOneResult() { + //inject initial eIDAS data + MatchingTaskUtils.storeInitialEidasData(pendingReq, SimpleEidasData.builder() + .personalIdentifier("DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .pseudonym("cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .citizenCountryCode("DE") + .build()); + + // inject matching intermediate state + RegisterStatusResults matchingState = new RegisterStatusResults( + new RegisterOperationStatus(new BigInteger(RandomStringUtils.randomNumeric(5))), + Arrays.asList(RegisterResult.builder() + .bpk("") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .pseudonym(Arrays.asList("7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit")) + .build()), + Collections.emptyList()); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, matchingState); + + //inject alternative eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, + buildDummyAuthResponse("XXXKlaus - Maria", "XXXvon Brandenburg", + "DE/AT/7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", "1994-12-31")); + + // inject response + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/search_with_personalId_only_resp_moreThanOne.xml")) + .thenThrow(new RuntimeException("This request is not needed any more")); + + // execute task + TaskExecutionException exception = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + // validate state + assertTrue("Wrong exception", (exception.getOriginalException() instanceof WorkflowException)); + assertEquals("wrong errorparam 1", "searchWithPersonalIdentifier", ((EaafException) exception.getOriginalException()).getParams()[0]); + assertTrue("Wrong flag 'step11'", + ((WorkflowException) exception.getOriginalException()).isRequiresManualFix()); + + // validate request + assertEquals("wrong number of req.", 1, zmrReq.getAllValues().size()); + checkBasicRequestParameters(zmrReq.getValue(), ZmrClientTest.PROCESS_TASK_SEARCH, + matchingState.getOperationStatus().getZmrProcessId(), "jUnit123456"); + assertNotNull("Personensuche req.", zmrReq.getValue().getPersonSuchenRequest()); + checkEidasDocumentResult(zmrReq.getValue().getPersonSuchenRequest().getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", + "DE", "7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"); + + } + + @Test + @SneakyThrows + public void seachPersonalIdNoBpkMatchWithIntermediateResults() { + //inject initial eIDAS data + MatchingTaskUtils.storeInitialEidasData(pendingReq, SimpleEidasData.builder() + .personalIdentifier("DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .pseudonym("cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .citizenCountryCode("DE") + .build()); + + // inject matching intermediate state + RegisterStatusResults matchingState = new RegisterStatusResults(null, + Arrays.asList(RegisterResult.builder() + .bpk("notExists") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .pseudonym(Arrays.asList("7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit")) + .build()), + Collections.emptyList()); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, matchingState ); + + //inject alternative eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, + buildDummyAuthResponse("XXXKlaus - Maria", "XXXvon Brandenburg", + "DE/AT/7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", "1994-12-31")); + + // inject response + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/seq_1-8_search_with_personalId_only_resp.xml")) + .thenThrow(new RuntimeException("This request is not needed any more")); + + // execute task + TaskExecutionException exception = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + // validate state + assertTrue("Wrong exception", (exception.getOriginalException() instanceof WorkflowException)); + assertEquals("wrong errorparam 1", "step7bKittProcess", ((EaafException) exception.getOriginalException()).getParams()[0]); + assertFalse("Wrong flag 'step11'", + ((WorkflowException) exception.getOriginalException()).isRequiresManualFix()); + assertEquals("wrong errorparam 1", "Register result from alternativ authentication does not fit into intermediate state", + ((EaafException) exception.getOriginalException()).getParams()[1]); + + // validate request + assertEquals("wrong number of req.", 1, zmrReq.getAllValues().size()); + assertNotNull("Personensuche req.", zmrReq.getValue().getPersonSuchenRequest()); + checkEidasDocumentResult(zmrReq.getValue().getPersonSuchenRequest().getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", + "DE", "7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"); + + } + + @Test + @SneakyThrows + public void seachPersonalIdSuccess() { + //inject initial eIDAS data + MatchingTaskUtils.storeInitialEidasData(pendingReq, SimpleEidasData.builder() + .personalIdentifier("DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .pseudonym("cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .citizenCountryCode("DE") + .build()); + + // inject matching intermediate state + RegisterStatusResults matchingState = new RegisterStatusResults( + new RegisterOperationStatus(new BigInteger(RandomStringUtils.randomNumeric(5))), + Arrays.asList(RegisterResult.builder() + .bpk("UgeknNsc26lVuB7U/uYGVmWtnnA=") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .pseudonym(Arrays.asList("7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit")) + .build()), + Collections.emptyList()); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, matchingState ); + + //inject alternative eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, + buildDummyAuthResponse("XXXKlaus - Maria", "XXXvon Brandenburg", + "DE/AT/7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", "1994-12-31")); + + // inject response + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/seq_1-8_search_with_personalId_only_resp.xml")) + .thenReturn(loadResponseFromFile("/data/zmr/seq_3-4_kitt_get_latest_version_resp.xml")) + .thenReturn(loadResponseFromFile("/data/zmr/seq_3-6_kitt_update_resp.xml")) + .thenReturn(loadResponseFromFile("/data/zmr/seq_3-8_kitt_get_latest_version_resp.xml")) + .thenThrow(new RuntimeException("This request is not needed any more")); + + // execute task + task.execute(pendingReq, executionContext); + + // validate state + //INFO: has to be the old givenName because ZMR allows no update of MDS information + checkMatchingSuccessState(pendingReq, "UgeknNsc26lVuB7U/uYGVmWtnnA=", "XXXvon Brandenburg", + "XXXClaus - Maria", "1994-12-31", "DE"); + assertNull("wrong executionContextFlag 'alternative eIDAS result'", + executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK)); + + + // validate request + assertEquals("wrong number of req.", 4, zmrReq.getAllValues().size()); + assertNotNull("Personensuche req.", zmrReq.getAllValues().get(0).getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(0), ZmrClientTest.PROCESS_TASK_SEARCH, + matchingState.getOperationStatus().getZmrProcessId(), "jUnit123456"); + checkEidasDocumentResult(zmrReq.getAllValues().get(0).getPersonSuchenRequest().getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", + "DE", "7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"); + + + assertNotNull("Personensuche KITT req.", zmrReq.getAllValues().get(1).getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(1), ZmrClientTest.PROCESS_TASK_SEARCH, + new BigInteger("367100000000079"), "jUnit123456"); + + assertNotNull("PersonAender KITT req.", zmrReq.getAllValues().get(2).getPersonAendernRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(2), ZmrClientTest.PROCESS_TASK_UPDATE, + new BigInteger("367100000000079"), "jUnit123456"); + + assertNotNull("Personensuche KITT req.", zmrReq.getAllValues().get(3).getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(3), ZmrClientTest.PROCESS_TASK_SEARCH, + new BigInteger("367100000000079"), "jUnit123456"); + + } + + @Test + @SneakyThrows + public void seachCcSpecificSuccess() { + //inject initial eIDAS data + MatchingTaskUtils.storeInitialEidasData(pendingReq, SimpleEidasData.builder() + .personalIdentifier("DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .pseudonym("cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .citizenCountryCode("DE") + .build()); + + // inject matching intermediate state + RegisterStatusResults matchingState = new RegisterStatusResults( + new RegisterOperationStatus(new BigInteger(RandomStringUtils.randomNumeric(5))), + Arrays.asList(RegisterResult.builder() + .bpk("UgeknNsc26lVuB7U/uYGVmWtnnA=") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .pseudonym(Arrays.asList("7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit")) + .build()), + Collections.emptyList()); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, matchingState ); + + //inject alternative eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, + buildDummyAuthResponse("XXXKlaus - Maria", "XXXvon Brandenburg", + "DE/AT/7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", "1994-12-31", + null, "Hintergigritzpotschn", "XXXvon Heuburg")); + + // inject response + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/empty_zmr_result.xml")) + .thenReturn(loadResponseFromFile("/data/zmr/seq_1-8_search_with_personalId_only_resp.xml")) + .thenReturn(loadResponseFromFile("/data/zmr/seq_3-4_kitt_get_latest_version_resp.xml")) + .thenReturn(loadResponseFromFile("/data/zmr/seq_3-6_kitt_update_resp.xml")) + .thenReturn(loadResponseFromFile("/data/zmr/seq_3-8_kitt_get_latest_version_resp.xml")) + .thenReturn(loadResponseFromFile("/data/zmr/seq_3-10_kitt_update_resp.xml")) + .thenThrow(new RuntimeException("This request is not needed any more")); + + // execute task + task.execute(pendingReq, executionContext); + + // validate state + //INFO: has to be the old givenName because ZMR allows no update of MDS information + checkMatchingSuccessState(pendingReq, "UgeknNsc26lVuB7U/uYGVmWtnnA=", "XXXvon Brandenburg", + "XXXClaus - Maria", "1994-12-31", "DE"); + assertNull("wrong executionContextFlag 'alternative eIDAS result'", + executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK)); + + + // validate request + assertEquals("wrong number of req.", 6, zmrReq.getAllValues().size()); + assertNotNull("Personensuche req.", zmrReq.getAllValues().get(0).getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(0), ZmrClientTest.PROCESS_TASK_SEARCH, + matchingState.getOperationStatus().getZmrProcessId(), "jUnit123456"); + checkEidasDocumentResult(zmrReq.getAllValues().get(0).getPersonSuchenRequest().getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", + "DE", "7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"); + + assertNotNull("Personensuche CC-specific req.", zmrReq.getAllValues().get(0).getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(1), ZmrClientTest.PROCESS_TASK_SEARCH, + new BigInteger("367100000000079"), "jUnit123456"); + checkEidasDocumentResult(zmrReq.getAllValues().get(1).getPersonSuchenRequest().getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", + "DE", "Hintergigritzpotschn"); + checkEidasDocumentResult(zmrReq.getAllValues().get(1).getPersonSuchenRequest().getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/BirthName", + "DE", "XXXvon Heuburg"); + + + assertNotNull("Personensuche KITT req.", zmrReq.getAllValues().get(2).getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(2), ZmrClientTest.PROCESS_TASK_SEARCH, + new BigInteger("367100000000079"), "jUnit123456"); + + assertNotNull("PersonAender KITT req.", zmrReq.getAllValues().get(3).getPersonAendernRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(3), ZmrClientTest.PROCESS_TASK_UPDATE, + new BigInteger("367100000000079"), "jUnit123456"); + + assertNotNull("Personensuche KITT req.", zmrReq.getAllValues().get(4).getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(4), ZmrClientTest.PROCESS_TASK_SEARCH, + new BigInteger("367100000000079"), "jUnit123456"); + + assertNotNull("PersonAender KITT req.", zmrReq.getAllValues().get(5).getPersonAendernRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(5), ZmrClientTest.PROCESS_TASK_UPDATE, + new BigInteger("367100000000079"), "jUnit123456"); + } + + @Test + @SneakyThrows + public void seachCcSpecificNotPossible() { + //inject initial eIDAS data + MatchingTaskUtils.storeInitialEidasData(pendingReq, SimpleEidasData.builder() + .personalIdentifier("DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .pseudonym("cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .citizenCountryCode("EE") + .build()); + + // inject matching intermediate state + RegisterStatusResults matchingState = new RegisterStatusResults( + new RegisterOperationStatus(new BigInteger(RandomStringUtils.randomNumeric(5))), + Arrays.asList(RegisterResult.builder() + .bpk("UgeknNsc26lVuB7U/uYGVmWtnnA=") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .pseudonym(Arrays.asList("7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit")) + .build()), + Collections.emptyList()); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, matchingState ); + + //inject alternative eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, + buildDummyAuthResponse("XXXKlaus - Maria", "XXXvon Brandenburg", + "EE/AT/7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", "1994-12-31", + null, "Hintergigritzpotschn", "XXXvon Heuburg")); + + // inject response + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/empty_zmr_result.xml")) + .thenThrow(new RuntimeException("This request is not needed any more")); + + // execute task + task.execute(pendingReq, executionContext); + + // validate state + assertNotNull("find no eIDAS inbut data", MatchingTaskUtils.getInitialEidasData(pendingReq)); + assertNull("final matching result", MatchingTaskUtils.getFinalMatchingResult(pendingReq)); + assertEquals("wrong executionContextFlag 'alternative eIDAS result'", true, + executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK)); + + + // validate request + assertEquals("wrong number of req.", 1, zmrReq.getAllValues().size()); + assertNotNull("Personensuche req.", zmrReq.getAllValues().get(0).getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(0), ZmrClientTest.PROCESS_TASK_SEARCH, + matchingState.getOperationStatus().getZmrProcessId(), "jUnit123456"); + checkEidasDocumentResult(zmrReq.getAllValues().get(0).getPersonSuchenRequest().getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", + "EE", "7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"); + + } + + @Test + @SneakyThrows + public void seachCcSpecificMoreThanOneResult() { + //inject initial eIDAS data + MatchingTaskUtils.storeInitialEidasData(pendingReq, SimpleEidasData.builder() + .personalIdentifier("DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .pseudonym("cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .citizenCountryCode("DE") + .build()); + + // inject matching intermediate state + RegisterStatusResults matchingState = new RegisterStatusResults( + new RegisterOperationStatus(new BigInteger(RandomStringUtils.randomNumeric(5))), + Arrays.asList(RegisterResult.builder() + .bpk("UgeknNsc26lVuB7U/uYGVmWtnnA=") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .pseudonym(Arrays.asList("7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit")) + .build()), + Collections.emptyList()); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, matchingState ); + + //inject alternative eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, + buildDummyAuthResponse("XXXKlaus - Maria", "XXXvon Brandenburg", + "DE/AT/7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", "1994-12-31", + null, "Hintergigritzpotschn", "XXXvon Heuburg")); + + // inject response + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/empty_zmr_result.xml")) + .thenReturn(loadResponseFromFile("/data/zmr/search_with_personalId_only_resp_moreThanOne.xml")) + .thenThrow(new RuntimeException("This request is not needed any more")); + + // execute task + TaskExecutionException exception = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + // validate state + assertTrue("Wrong exception", (exception.getOriginalException() instanceof WorkflowException)); + assertEquals("wrong errorparam 1", "searchWithCountrySpecifics", ((EaafException) exception.getOriginalException()).getParams()[0]); + assertTrue("Wrong flag 'step11'", + ((WorkflowException) exception.getOriginalException()).isRequiresManualFix()); + + + // validate request + assertEquals("wrong number of req.", 2, zmrReq.getAllValues().size()); + assertNotNull("Personensuche req.", zmrReq.getAllValues().get(0).getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(0), ZmrClientTest.PROCESS_TASK_SEARCH, + matchingState.getOperationStatus().getZmrProcessId(), "jUnit123456"); + checkEidasDocumentResult(zmrReq.getAllValues().get(0).getPersonSuchenRequest().getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", + "DE", "7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"); + + assertNotNull("Personensuche CC-specific req.", zmrReq.getAllValues().get(0).getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(1), ZmrClientTest.PROCESS_TASK_SEARCH, + new BigInteger("367100000000079"), "jUnit123456"); + checkEidasDocumentResult(zmrReq.getAllValues().get(1).getPersonSuchenRequest().getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", + "DE", "Hintergigritzpotschn"); + checkEidasDocumentResult(zmrReq.getAllValues().get(1).getPersonSuchenRequest().getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/BirthName", + "DE", "XXXvon Heuburg"); + + } + + @Test + @SneakyThrows + public void seachCcSpecificEmptyResult() { + //inject initial eIDAS data + MatchingTaskUtils.storeInitialEidasData(pendingReq, SimpleEidasData.builder() + .personalIdentifier("DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .pseudonym("cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .citizenCountryCode("DE") + .build()); + + // inject matching intermediate state + RegisterStatusResults matchingState = new RegisterStatusResults( + new RegisterOperationStatus(new BigInteger(RandomStringUtils.randomNumeric(5))), + Arrays.asList(RegisterResult.builder() + .bpk("UgeknNsc26lVuB7U/uYGVmWtnnA=") + .givenName("XXXKlaus - Maria") + .familyName("XXXvon Brandenburg") + .dateOfBirth("1994-12-31") + .pseudonym(Arrays.asList("7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit")) + .build()), + Collections.emptyList()); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, matchingState ); + + //inject alternative eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE_ALTERNATIVE, + buildDummyAuthResponse("XXXKlaus - Maria", "XXXvon Brandenburg", + "DE/AT/7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", "1994-12-31", + null, "Hintergigritzpotschn", "XXXvon Heuburg")); + + // inject response + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/empty_zmr_result.xml")) + .thenReturn(loadResponseFromFile("/data/zmr/empty_zmr_result.xml")) + .thenThrow(new RuntimeException("This request is not needed any more")); + + // execute task + task.execute(pendingReq, executionContext); + + // validate state + assertNotNull("find no eIDAS inbut data", MatchingTaskUtils.getInitialEidasData(pendingReq)); + assertNull("final matching result", MatchingTaskUtils.getFinalMatchingResult(pendingReq)); + assertEquals("wrong executionContextFlag 'alternative eIDAS result'", true, + executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK)); + + + // validate request + assertEquals("wrong number of req.", 2, zmrReq.getAllValues().size()); + assertNotNull("Personensuche req.", zmrReq.getAllValues().get(0).getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(0), ZmrClientTest.PROCESS_TASK_SEARCH, + matchingState.getOperationStatus().getZmrProcessId(), "jUnit123456"); + checkEidasDocumentResult(zmrReq.getAllValues().get(0).getPersonSuchenRequest().getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PersonIdentifier", + "DE", "7cEYasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit"); + + assertNotNull("Personensuche CC-specific req.", zmrReq.getAllValues().get(0).getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getAllValues().get(1), ZmrClientTest.PROCESS_TASK_SEARCH, + new BigInteger("367100000000079"), "jUnit123456"); + checkEidasDocumentResult(zmrReq.getAllValues().get(1).getPersonSuchenRequest().getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/PlaceOfBirth", + "DE", "Hintergigritzpotschn"); + checkEidasDocumentResult(zmrReq.getAllValues().get(1).getPersonSuchenRequest().getEidasSuchdaten(), + "http://eidas.europa.eu/attributes/naturalperson/BirthName", + "DE", "XXXvon Heuburg"); + + } + + @NotNull + private ICcSpecificEidProcessingService createEidPostProcessor() { + return new ICcSpecificEidProcessingService() { + + private final GenericEidProcessor genericEidProcessor = new GenericEidProcessor(); + + @Override + public SimpleEidasData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, EidasAttributeException { + return genericEidProcessor.postProcess(eidasAttrMap); + } + + @Override + public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) { + genericEidProcessor.preProcess(pendingReq, authnRequestBuilder); + } + }; + } + + @NotNull + private ZmrRegisterResult zmrRegisterResult(RegisterResult registerResult, BigInteger processId) { + return new ZmrRegisterResult(Collections.singletonList(registerResult), processId); + } + + @NotNull + private ZmrRegisterResult zmrRegisterResult(RegisterResult registerResult) { + return zmrRegisterResult(registerResult, generateRandomProcessId()); + } + + + private BigInteger generateRandomProcessId() { + return new BigInteger(RandomStringUtils.randomNumeric(10)); + + } + + private void checkMatchingSuccessState(IRequest pendingReq, String bpk, String familyName, String givenName, + String birhday, String countryCode) { + assertNull("Find intermediate matching data but matching should be finished", + MatchingTaskUtils.getIntermediateMatchingResult(pendingReq)); + assertNotNull("find no eIDAS inbut data", MatchingTaskUtils.getInitialEidasData(pendingReq)); + + MatchedPersonResult personInfo = MatchingTaskUtils.getFinalMatchingResult(pendingReq); + assertNotNull("no final matching result", personInfo); + assertEquals("wrong bpk", bpk, personInfo.getBpk()); + assertEquals("wrong givenName", givenName, personInfo.getGivenName()); + assertEquals("wrong familyName", familyName, personInfo.getFamilyName()); + assertEquals("wrong dateOfBirth", birhday, personInfo.getDateOfBirth()); + assertEquals("wrong countryCode", countryCode, personInfo.getCountryCode()); + + } + + private void checkIntermediateResult(int resultSize) { + Boolean transitionGUI = (Boolean) executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK); + Assert.assertTrue("Wrong transition", transitionGUI); + Boolean transitionErnb = (Boolean) executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK); + Assert.assertNull("Wrong transition", transitionErnb); + + assertNotNull("find no eIDAS inbut data", MatchingTaskUtils.getInitialEidasData(pendingReq)); + assertNull("Find final matching data but no match sould be found", + MatchingTaskUtils.getFinalMatchingResult(pendingReq)); + + RegisterStatusResults result = MatchingTaskUtils.getIntermediateMatchingResult(pendingReq); + assertNotNull("Find no intermediate matching data", result); + assertEquals("wrong intermediate result size", resultSize, result.getResultCount()); + + } + + @NotNull + private AuthenticationResponse buildDummyAuthResponse(String givenName, String familyName, String identifier, + String dateOfBirth) throws URISyntaxException { + return buildDummyAuthResponse(givenName, familyName, identifier, dateOfBirth, null, null, null); + } + + @NotNull + private AuthenticationResponse buildDummyAuthResponseDE(String givenName, String familyName, String identifier, + String dateOfBirth, String placeOfBirth, + String birthName) throws URISyntaxException { + return buildDummyAuthResponse(givenName, familyName, identifier, dateOfBirth, null, placeOfBirth, birthName); + } + + @NotNull + private AuthenticationResponse buildDummyAuthResponse(String givenName, String familyName, String identifier, + String dateOfBirth, String taxNumber, String placeOfBirth, + String birthName) throws URISyntaxException { + ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder() + .put(generateStringAttribute(Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + randomAlphabetic(2), randomAlphabetic(2)), identifier) + .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTFAMILYNAME, + randomAlphabetic(3), randomAlphabetic(3)), familyName) + .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTGIVENNAME, + randomAlphabetic(4), randomAlphabetic(4)), givenName) + .put(generateDateTimeAttribute(Constants.eIDAS_ATTR_DATEOFBIRTH, + randomAlphabetic(5), randomAlphabetic(5)), dateOfBirth); + if (taxNumber != null) { + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_TAXREFERENCE, + randomAlphabetic(6), randomAlphabetic(6)), taxNumber); + } + if (birthName != null) { + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_BIRTHNAME, + randomAlphabetic(7), randomAlphabetic(7)), birthName); + } + if (placeOfBirth != null) { + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_PLACEOFBIRTH, + randomAlphabetic(8), randomAlphabetic(8)), placeOfBirth); + } + final ImmutableAttributeMap attributeMap = builder.build(); + + return new AuthenticationResponse.Builder().id(randomAlphabetic(5)) + .issuer(randomAlphabetic(5)).subject(randomAlphabetic(5)).statusCode("200") + .inResponseTo(randomAlphabetic(5)).subjectNameIdFormat(randomAlphabetic(5)) + .attributes(attributeMap).build(); + } + + private AttributeDefinition<Object> generateStringAttribute(String friendlyName, String fragment, String prefix) + throws URISyntaxException { + return generateAttribute(friendlyName, fragment, prefix, "eu.eidas.auth.commons.attribute.impl" + + ".LiteralStringAttributeValueMarshaller"); + } + + @SuppressWarnings("SameParameterValue") + private AttributeDefinition<Object> generateDateTimeAttribute(String friendlyName, String fragment, String prefix) + throws URISyntaxException { + return generateAttribute(friendlyName, fragment, prefix, "eu.eidas.auth.commons.attribute.impl" + + ".DateTimeAttributeValueMarshaller"); + } + + private AttributeDefinition<Object> generateAttribute(String friendlyName, String fragment, String prefix, + String marshaller) throws URISyntaxException { + return AttributeDefinition.builder() + .friendlyName(friendlyName).nameUri(new URI("ad", "sd", fragment)) + .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", prefix)) + .attributeValueMarshaller(marshaller).build(); + } + + private ResponseType loadResponseFromFile(String filepath) throws JAXBException { + final Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); + JAXBElement<?> resp = (JAXBElement<?>) unmarshaller.unmarshal(ZmrClientTest.class.getResourceAsStream( + filepath)); + return (ResponseType) resp.getValue(); + + } + + private void checkBasicRequestParameters(RequestType requestType, String vorgangName, BigInteger processId, + String behoerdennummer) { + assertNotNull("no workflow infos", requestType.getWorkflowInfoClient()); + assertEquals("processName", ZmrClientTest.PROCESS_GENERAL, requestType.getWorkflowInfoClient().getProzessName()); + assertEquals("vorgangsName", vorgangName, requestType.getWorkflowInfoClient().getVorgangName()); + + if (processId != null) { + assertEquals("processId", processId, requestType.getWorkflowInfoClient().getProzessInstanzID()); + } else { + assertNull("processId", requestType.getWorkflowInfoClient().getProzessInstanzID()); + } + + assertNotNull("no client infos", requestType.getClientInfo()); + assertEquals("behoerdennummer", behoerdennummer, requestType.getClientInfo().getOrganisation() + .getBehoerdenNr()); + } + + private void checkEidasDocumentResult(List<EidasSuchdatenType> list, String type, String cc, String value) { + Optional<EidasSuchdatenType> eidasDoc = list.stream() + .filter(el -> type.equals(el.getEidasArt())) + .findFirst(); + + assertTrue("eidas doc: " + type, eidasDoc.isPresent()); + assertEquals("eIDAS docType", type, eidasDoc.get().getEidasArt()); + assertEquals("eIDAS docValue", value, eidasDoc.get().getEidasWert()); + assertEquals("eIDAS docCC", cc, eidasDoc.get().getStaatscode2()); + + } + + + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java index 175f95e6..e3757c0d 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java @@ -4,7 +4,7 @@ import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CON import static org.mockito.ArgumentMatchers.any; import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; -import static org.powermock.api.mockito.PowerMockito.when; +import static org.mockito.Mockito.when; import java.net.URISyntaxException; import java.security.KeyStore; @@ -18,7 +18,9 @@ import java.util.List; import java.util.Map; import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; import org.jetbrains.annotations.NotNull; +import org.joda.time.DateTime; import org.jose4j.jwa.AlgorithmConstraints; import org.jose4j.jwa.AlgorithmConstraints.ConstraintType; import org.jose4j.jws.AlgorithmIdentifiers; @@ -28,7 +30,6 @@ import org.junit.Rule; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.ArgumentCaptor; -import org.powermock.core.classloader.annotations.PrepareForTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; @@ -41,15 +42,24 @@ import org.springframework.web.context.request.ServletRequestAttributes; import com.fasterxml.jackson.databind.JsonNode; import com.fasterxml.jackson.databind.ObjectMapper; import com.github.skjolber.mockito.soap.SoapServiceRule; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils.JwsResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; @@ -69,8 +79,10 @@ import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; import at.gv.egiz.eaaf.core.impl.utils.Random; import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; import lombok.val; import szrservices.JwsHeaderParam; @@ -80,7 +92,6 @@ import szrservices.SignContentEntry; import szrservices.SignContentResponseType; @RunWith(SpringJUnit4ClassRunner.class) -@PrepareForTest(CreateIdentityLinkTask.class) @DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) @ContextConfiguration(locations = { "/SpringTest-context_tasks_test.xml", @@ -99,6 +110,9 @@ public class CreateIdentityLinkTaskEidNewTest { EaafKeyStoreFactory keyStoreFactory; @Autowired + ICcSpecificEidProcessingService eidPostProcessor; + + @Autowired private IRequestStorage requestStorage; final ExecutionContext executionContext = new ExecutionContextImpl(); @@ -117,25 +131,27 @@ public class CreateIdentityLinkTaskEidNewTest { AlgorithmIdentifiers.RSA_PSS_USING_SHA512)); private static ObjectMapper mapper = new ObjectMapper(); - + private AuthenticationResponse response; - + @Rule public final SoapServiceRule soap = SoapServiceRule.newInstance(); /** * jUnit test set-up. + * @throws EidasAttributeException + * @throws EidPostProcessingException */ @Before - public void setUp() throws EaafStorageException, URISyntaxException { + public void setUp() throws EaafStorageException, URISyntaxException, EidPostProcessingException, EidasAttributeException { httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); httpResp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); - + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); - + final Map<String, String> spConfig = new HashMap<>(); spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); @@ -146,14 +162,20 @@ public class CreateIdentityLinkTaskEidNewTest { response = buildDummyAuthResponse(false); pendingReq.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); - + + final Map<String, Object> eidasAttributes = convertEidasAttrToSimpleMap( + response.getAttributes().getAttributeMap()); + final SimpleEidasData eidData = eidPostProcessor.postProcess(eidasAttributes); + MatchingTaskUtils.storeInitialEidasData(pendingReq, eidData); + + MatchingTaskUtils.storeFinalMatchingResult(pendingReq, null); pendingReq.setSpConfig(oaParam); pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); pendingReq.setAuthUrl("http://test.com/"); pendingReq.setTransactionId("avaasbav"); pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); - + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "XX"); executionContext.put(EaafConstants.PROCESS_ENGINE_REQUIRES_NO_POSTAUTH_REDIRECT, true); @@ -165,27 +187,29 @@ public class CreateIdentityLinkTaskEidNewTest { //initialize test response = buildDummyAuthResponse(true); pendingReq.getSessionData(AuthProcessDataWrapper.class) - .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); + .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); + MatchingTaskUtils.storeInitialEidasData(pendingReq, eidPostProcessor.postProcess( + convertEidasAttrToSimpleMap(response.getAttributes().getAttributeMap()))); String vsz = RandomStringUtils.randomNumeric(10); - when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(vsz); + when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(vsz); val signContentResp = new SignContentResponseType(); final SignContentEntry signContentEntry = new SignContentEntry(); signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10)); signContentResp.getOut().add(signContentEntry); - when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp); + when(szrMock.signContent(any(), any(), any())).thenReturn(signContentResp); String randomTestSp = RandomStringUtils.randomAlphabetic(10); pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); - + //perform test task.execute(pendingReq, executionContext); - //validate state + //validate state // check if pendingRequest was stored IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); Assert.assertNotNull("pendingReq not stored", storedPendingReq); - + //check data in session final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertNotNull("AuthProcessData", authProcessData); @@ -193,16 +217,12 @@ public class CreateIdentityLinkTaskEidNewTest { String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); Assert.assertNotNull("AuthBlock", authBlock); - + Assert.assertTrue("EID process", authProcessData.isEidProcess()); Assert.assertTrue("foreigner process", authProcessData.isForeigner()); - Assert.assertEquals("EID-ISSUING_NATION", "LU", + Assert.assertEquals("EID-ISSUING_NATION", "LU", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); - Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel()); - Assert.assertEquals("LoA", response.getLevelOfAssurance(), - authProcessData.getQaaLevel()); - - + // check authblock signature final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT, BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()])); @@ -210,60 +230,61 @@ public class CreateIdentityLinkTaskEidNewTest { X509Certificate[] trustedCerts = EaafKeyStoreUtils .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond(); JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints); - Assert.assertTrue("AuthBlock not valid", result.isValid()); - JsonNode authBlockJson = mapper.readTree(result.getPayLoad()); + Assert.assertTrue("AuthBlock not valid", result.isValid()); + JsonNode authBlockJson = mapper.readTree(result.getPayLoad()); Assert.assertNotNull("deserialized AuthBlock", authBlockJson); - - Assert.assertNotNull("no piiTransactionId in pendingRequesdt", + + Assert.assertNotNull("no piiTransactionId in pendingRequesdt", storedPendingReq.getUniquePiiTransactionIdentifier()); - Assert.assertEquals("piiTransactionId", storedPendingReq.getUniquePiiTransactionIdentifier(), + Assert.assertEquals("piiTransactionId", storedPendingReq.getUniquePiiTransactionIdentifier(), authBlockJson.get("piiTransactionId").asText()); - Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText()); + Assert.assertEquals("appId", randomTestSp, authBlockJson.get("appId").asText()); Assert.assertFalse("'challenge' is null", authBlockJson.get("challenge").asText().isEmpty()); Assert.assertFalse("'timestamp' is null", authBlockJson.get("timestamp").asText().isEmpty()); Assert.assertFalse("binding pubKey", authBlockJson.has("bindingPublicKey")); + // check vsz request ArgumentCaptor<PersonInfoType> argument4 = ArgumentCaptor.forClass(PersonInfoType.class); - ArgumentCaptor<Boolean> argument5 = ArgumentCaptor.forClass(Boolean.class); + ArgumentCaptor<Boolean> argument5 = ArgumentCaptor.forClass(Boolean.class); verify(szrMock, times(1)).getStammzahlEncrypted(argument4.capture(), argument5.capture()); - + Boolean param5 = argument5.getValue(); - Assert.assertTrue("insertERnP flag", param5); + Assert.assertTrue("insertERnP flag", param5); PersonInfoType person = argument4.getValue(); - Assert.assertEquals("FamilyName", + Assert.assertEquals("FamilyName", response.getAttributes().getAttributeValuesByFriendlyName("FamilyName").getFirstValue( - response.getAttributes().getDefinitionsByFriendlyName("FamilyName").iterator().next()), + response.getAttributes().getDefinitionsByFriendlyName("FamilyName").iterator().next()), person.getPerson().getName().getFamilyName()); - Assert.assertEquals("GivenName", + Assert.assertEquals("GivenName", response.getAttributes().getAttributeValuesByFriendlyName("FirstName").getFirstValue( - response.getAttributes().getDefinitionsByFriendlyName("FirstName").iterator().next()), + response.getAttributes().getDefinitionsByFriendlyName("FirstName").iterator().next()), person.getPerson().getName().getGivenName()); - Assert.assertEquals("DateOfBirth", + Assert.assertEquals("DateOfBirth", response.getAttributes().getAttributeValuesByFriendlyName("DateOfBirth").getFirstValue( response.getAttributes().getDefinitionsByFriendlyName("DateOfBirth").iterator().next()) - .toString().split("T")[0], + .toString().split("T")[0], person.getPerson().getDateOfBirth()); - - Assert.assertEquals("PlaceOfBirth", + + Assert.assertEquals("PlaceOfBirth", response.getAttributes().getAttributeValuesByFriendlyName("PlaceOfBirth").getFirstValue( - response.getAttributes().getDefinitionsByFriendlyName("PlaceOfBirth").iterator().next()), - person.getPerson().getPlaceOfBirth()); - Assert.assertEquals("BirthName", + response.getAttributes().getDefinitionsByFriendlyName("PlaceOfBirth").iterator().next()), + person.getPerson().getPlaceOfBirth()); + Assert.assertEquals("BirthName", response.getAttributes().getAttributeValuesByFriendlyName("BirthName").getFirstValue( - response.getAttributes().getDefinitionsByFriendlyName("BirthName").iterator().next()), + response.getAttributes().getDefinitionsByFriendlyName("BirthName").iterator().next()), person.getPerson().getAlternativeName().getFamilyName()); - + Assert.assertEquals("CitizenCountry", "LU", person.getTravelDocument().getIssuingCountry()); Assert.assertEquals("DocumentType", "ELEKTR_DOKUMENT", person.getTravelDocument().getDocumentType()); - - Assert.assertEquals("Identifier", + + Assert.assertEquals("Identifier", response.getAttributes().getAttributeValuesByFriendlyName("PersonIdentifier").getFirstValue( response.getAttributes().getDefinitionsByFriendlyName("PersonIdentifier").iterator().next()) - .toString().split("/")[2], + .toString().split("/")[2], person.getTravelDocument().getDocumentNumber()); - + // check bcBind singing request ArgumentCaptor<Boolean> argument1 = ArgumentCaptor.forClass(Boolean.class); ArgumentCaptor<List<JwsHeaderParam>> argument2 = ArgumentCaptor.forClass(List.class); @@ -271,62 +292,76 @@ public class CreateIdentityLinkTaskEidNewTest { verify(szrMock, times(1)).signContent(argument1.capture(), argument2.capture(), argument3.capture()); Boolean param1 = argument1.getValue(); Assert.assertFalse("addCert flag", param1); - + List<JwsHeaderParam> param2 = argument2.getValue(); - Assert.assertNotNull("JWS Headers", param2); + Assert.assertNotNull("JWS Headers", param2); Assert.assertFalse("JWS Headers empty", param2.isEmpty()); Assert.assertEquals("Wrong JWS header size", 1, param2.size()); Assert.assertEquals("Missing JWS header key", "urn:at.gv.eid:bindtype", param2.get(0).getKey()); Assert.assertEquals("Missing JWS header value", "urn:at.gv.eid:eidasBind", param2.get(0).getValue()); - + List<SignContentEntry> param3 = argument3.getValue(); Assert.assertNotNull("sign Payload", param3); - Assert.assertEquals("wrong sign-payload size", 1, param3.size()); - Assert.assertNotNull("payload", param3.get(0).getValue().getBytes()); + Assert.assertEquals("wrong sign-payload size", 1, param3.size()); + Assert.assertNotNull("payload", param3.get(0).getValue().getBytes()); JsonNode bcBind = mapper.readTree(param3.get(0).getValue().getBytes()); Assert.assertNotNull("bcbind req", bcBind); - + Assert.assertEquals("vsz", vsz, bcBind.get("urn:eidgvat:attributes.vsz.value").asText()); - Assert.assertEquals("eid status", "urn:eidgvat:eid.status.eidas", + Assert.assertEquals("eid status", "urn:eidgvat:eid.status.eidas", bcBind.get("urn:eidgvat:attributes.eid.status").asText()); Assert.assertTrue("pubKeys", bcBind.has("urn:eidgvat:attributes.user.pubkeys")); - Assert.assertTrue("pubKeys", bcBind.get("urn:eidgvat:attributes.user.pubkeys").isArray()); + Assert.assertTrue("pubKeys", bcBind.get("urn:eidgvat:attributes.user.pubkeys").isArray()); Iterator<JsonNode> pubKeys = bcBind.get("urn:eidgvat:attributes.user.pubkeys").elements(); Assert.assertTrue("No PubKey", pubKeys.hasNext()); - Assert.assertEquals("Wrong pubKey", + Assert.assertEquals("Wrong pubKey", "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAmxcB5jnrAwGn7xjgVFv1UBUv1pluwDRFQx7x5O6rSn7pblYfwaWeKa8y" + "jS5BDDaZ00mhhnSlm2XByNrkg5yBGetTgBGtQVAxV5apfuAWN8TS3uSXgdZol7Khd6kraUITtnulvLe8tNaboom5P0zN6UxbJN" + "NVLishVp80HiRXiDbplCTUk8b5cYtmivdb0+5JBTa7L5N/anRVnHHoJCXgNPTouO8daUHZbG1mPk0HgqD8rhZ+OBzE+APKH9No" - + "agedSrGRDLdIgZxkrg0mxmfsZQIi2wdJSi3y0PAjEps/s4j0nmw9bPRgCMNLBqqjxtN5JKC8E1yyLm7YefXv/nPaMwIDAQAB", + + "agedSrGRDLdIgZxkrg0mxmfsZQIi2wdJSi3y0PAjEps/s4j0nmw9bPRgCMNLBqqjxtN5JKC8E1yyLm7YefXv/nPaMwIDAQAB", pubKeys.next().asText()); Assert.assertFalse("More than one PubKey", pubKeys.hasNext()); - + } @Test - public void successfulProcessWithStandardInfos() throws Exception { - //initialize test + public void successfulProcessWithDataFromMatching() throws Exception { + //initialize test String vsz = RandomStringUtils.randomNumeric(10); - when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(vsz); + when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(vsz); val signContentResp = new SignContentResponseType(); final SignContentEntry signContentEntry = new SignContentEntry(); signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10)); signContentResp.getOut().add(signContentEntry); - when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp); - + + when(szrMock.signContent(any(), any(), any())).thenReturn(signContentResp); + + String randomTestSp = RandomStringUtils.randomAlphabetic(10); String bindingPubKey = RandomStringUtils.randomAlphabetic(10); pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); + + MatchedPersonResult matchingInfos = MatchedPersonResult.builder() + .bpk(RandomStringUtils.randomAlphabetic(5)) + .givenName(RandomStringUtils.randomAlphabetic(5)) + .familyName(RandomStringUtils.randomAlphabetic(5)) + .dateOfBirth(RandomStringUtils.randomAlphabetic(5)) + .countryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .build(); + MatchingTaskUtils.storeFinalMatchingResult(pendingReq, matchingInfos); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.EID_BINDING_PUBLIC_KEY_NAME, bindingPubKey); + //perform test task.execute(pendingReq, executionContext); - - //validate state + + + //validate state // check if pendingRequest was stored IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); Assert.assertNotNull("pendingReq not stored", storedPendingReq); - + //check data in session final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertNotNull("AuthProcessData", authProcessData); @@ -335,6 +370,7 @@ public class CreateIdentityLinkTaskEidNewTest { // check authblock signature String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); Assert.assertNotNull("AuthBlock", authBlock); + final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT, BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()])); Pair<KeyStore, Provider> keyStore = getKeyStore(); @@ -357,53 +393,115 @@ public class CreateIdentityLinkTaskEidNewTest { Assert.assertTrue("EID process", authProcessData.isEidProcess()); Assert.assertTrue("foreigner process", authProcessData.isForeigner()); - Assert.assertEquals("EID-ISSUING_NATION", "LU", + Assert.assertEquals("EID-ISSUING_NATION", "LU", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); - Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel()); - Assert.assertEquals("LoA", response.getLevelOfAssurance(), - authProcessData.getQaaLevel()); - + // check vsz request ArgumentCaptor<PersonInfoType> argument4 = ArgumentCaptor.forClass(PersonInfoType.class); - ArgumentCaptor<Boolean> argument5 = ArgumentCaptor.forClass(Boolean.class); + ArgumentCaptor<Boolean> argument5 = ArgumentCaptor.forClass(Boolean.class); verify(szrMock, times(1)).getStammzahlEncrypted(argument4.capture(), argument5.capture()); + + Boolean param5 = argument5.getValue(); + Assert.assertFalse("insertERnP flag", param5); + PersonInfoType person = argument4.getValue(); + Assert.assertEquals("FamilyName", + matchingInfos.getFamilyName(), + person.getPerson().getName().getFamilyName()); + Assert.assertEquals("GivenName", + matchingInfos.getGivenName(), + person.getPerson().getName().getGivenName()); + Assert.assertEquals("DateOfBirth", + matchingInfos.getDateOfBirth(), + person.getPerson().getDateOfBirth()); + Assert.assertEquals("bPK", + matchingInfos.getBpk(), + person.getPerson().getIdentification().getValue()); + Assert.assertEquals("bPKType", + EaafConstants.URN_PREFIX_CDID + "ZP", + person.getPerson().getIdentification().getType()); + + Assert.assertNull("PlaceOfBirth", person.getPerson().getPlaceOfBirth()); + Assert.assertNull("BirthName", person.getPerson().getAlternativeName()); + + } + + @Test + public void successfulProcessWithStandardInfos() throws Exception { + //initialize test + String vsz = RandomStringUtils.randomNumeric(10); + when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(vsz); + val signContentResp = new SignContentResponseType(); + final SignContentEntry signContentEntry = new SignContentEntry(); + signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10)); + signContentResp.getOut().add(signContentEntry); + when(szrMock.signContent(any(), any(), any())).thenReturn(signContentResp); + + String randomTestSp = RandomStringUtils.randomAlphabetic(10); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); + + //perform test + task.execute(pendingReq, executionContext); + + //validate state + // check if pendingRequest was stored + IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedPendingReq); + + //check data in session + final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertNotNull("AuthProcessData", authProcessData); + Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class)); + + String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); + Assert.assertNotNull("AuthBlock", authBlock); + + Assert.assertTrue("EID process", authProcessData.isEidProcess()); + Assert.assertTrue("foreigner process", authProcessData.isForeigner()); + Assert.assertEquals("EID-ISSUING_NATION", "LU", + authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); + + // check vsz request + ArgumentCaptor<PersonInfoType> argument4 = ArgumentCaptor.forClass(PersonInfoType.class); + ArgumentCaptor<Boolean> argument5 = ArgumentCaptor.forClass(Boolean.class); + verify(szrMock, times(1)).getStammzahlEncrypted(argument4.capture(), argument5.capture()); + Boolean param5 = argument5.getValue(); - Assert.assertTrue("insertERnP flag", param5); + Assert.assertTrue("insertERnP flag", param5); PersonInfoType person = argument4.getValue(); - Assert.assertEquals("FamilyName", + Assert.assertEquals("FamilyName", response.getAttributes().getAttributeValuesByFriendlyName("FamilyName").getFirstValue( - response.getAttributes().getDefinitionsByFriendlyName("FamilyName").iterator().next()), + response.getAttributes().getDefinitionsByFriendlyName("FamilyName").iterator().next()), person.getPerson().getName().getFamilyName()); - Assert.assertEquals("GivenName", + Assert.assertEquals("GivenName", response.getAttributes().getAttributeValuesByFriendlyName("FirstName").getFirstValue( - response.getAttributes().getDefinitionsByFriendlyName("FirstName").iterator().next()), + response.getAttributes().getDefinitionsByFriendlyName("FirstName").iterator().next()), person.getPerson().getName().getGivenName()); - Assert.assertEquals("DateOfBirth", + Assert.assertEquals("DateOfBirth", response.getAttributes().getAttributeValuesByFriendlyName("DateOfBirth").getFirstValue( response.getAttributes().getDefinitionsByFriendlyName("DateOfBirth").iterator().next()) - .toString().split("T")[0], + .toString().split("T")[0], person.getPerson().getDateOfBirth()); - - Assert.assertNull("PlaceOfBirth", person.getPerson().getPlaceOfBirth()); + + Assert.assertNull("PlaceOfBirth", person.getPerson().getPlaceOfBirth()); Assert.assertNull("BirthName", person.getPerson().getAlternativeName()); - + Assert.assertEquals("CitizenCountry", "LU", person.getTravelDocument().getIssuingCountry()); Assert.assertEquals("DocumentType", "ELEKTR_DOKUMENT", person.getTravelDocument().getDocumentType()); - - Assert.assertEquals("Identifier", + + Assert.assertEquals("Identifier", response.getAttributes().getAttributeValuesByFriendlyName("PersonIdentifier").getFirstValue( response.getAttributes().getDefinitionsByFriendlyName("PersonIdentifier").iterator().next()) - .toString().split("/")[2], + .toString().split("/")[2], person.getTravelDocument().getDocumentNumber()); - - + + } - + @Test public void getStammzahlEncryptedExceptionTest() throws Exception { try { - when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(null); + when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(null); task.execute(pendingReq, executionContext); } catch (TaskExecutionException e) { Assert.assertEquals("Incorrect exception thrown", e.getMessage(), @@ -417,8 +515,8 @@ public class CreateIdentityLinkTaskEidNewTest { @Test public void signContentExceptionTest() throws Exception { try { - when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10)); - when(szrMock, "signContent", any(), any(), any()).thenReturn(null); + when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(RandomStringUtils.randomNumeric(10)); + when(szrMock.signContent(any(), any(), any())).thenReturn(null); task.execute(pendingReq, executionContext); } catch (TaskExecutionException e) { Assert.assertEquals("Incorrect exception thrown", e.getMessage(), @@ -465,7 +563,7 @@ public class CreateIdentityLinkTaskEidNewTest { Constants.eIDAS_ATTR_PLACEOFBIRTH).first(); final AttributeDefinition attributeDef6 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( Constants.eIDAS_ATTR_BIRTHNAME).first(); - + final Builder attributeMap = ImmutableAttributeMap.builder(); attributeMap.put(attributeDef, "LU/AT/" + RandomStringUtils.randomNumeric(64)); attributeMap.put(attributeDef2, RandomStringUtils.randomAlphabetic(10)); @@ -474,7 +572,7 @@ public class CreateIdentityLinkTaskEidNewTest { if (withAll) { attributeMap.put(attributeDef5, RandomStringUtils.randomAlphabetic(10)); attributeMap.put(attributeDef6, RandomStringUtils.randomAlphabetic(10)); - + } val b = new AuthenticationResponse.Builder(); @@ -488,4 +586,53 @@ public class CreateIdentityLinkTaskEidNewTest { .attributes(attributeMap.build()) .build(); } + + private Map<String, Object> convertEidasAttrToSimpleMap( + ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap) { + final Map<String, Object> result = new HashMap<>(); + for (final AttributeDefinition<?> el : attributeMap.keySet()) { + final Class<?> parameterizedType = el.getParameterizedType(); + if (DateTime.class.equals(parameterizedType)) { + convertDateTime(attributeMap, result, el); + } else if (PostalAddress.class.equals(parameterizedType)) { + convertPostalAddress(attributeMap, result, el); + } else { + convertString(attributeMap, result, el); + } + } + return result; + } + + private void convertString(ImmutableMap<AttributeDefinition<?>, + ImmutableSet<? extends AttributeValue<?>>> attributeMap, + Map<String, Object> result, AttributeDefinition<?> el) { + final List<String> natPersonIdObj = EidasResponseUtils + .translateStringListAttribute(el, attributeMap.get(el)); + final String stringAttr = natPersonIdObj.get(0); + if (StringUtils.isNotEmpty(stringAttr)) { + result.put(el.getFriendlyName(), stringAttr); + + } + } + + private void convertPostalAddress(ImmutableMap<AttributeDefinition<?>, + ImmutableSet<? extends AttributeValue<?>>> attributeMap, + Map<String, Object> result, AttributeDefinition<?> el) { + final PostalAddress addressAttribute = EidasResponseUtils + .translateAddressAttribute(el, attributeMap.get(el).asList()); + if (addressAttribute != null) { + result.put(el.getFriendlyName(), addressAttribute); + + } + } + + private void convertDateTime(ImmutableMap<AttributeDefinition<?>, + ImmutableSet<? extends AttributeValue<?>>> attributeMap, + Map<String, Object> result, AttributeDefinition<?> el) { + final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList()); + if (attribute != null) { + result.put(el.getFriendlyName(), attribute); + + } + } } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java index e880178f..7513501e 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskTest.java @@ -5,6 +5,7 @@ import static org.mockito.ArgumentMatchers.any; import java.net.URISyntaxException; import java.util.HashMap; +import java.util.List; import java.util.Map; import javax.xml.bind.JAXBContext; @@ -12,13 +13,14 @@ import javax.xml.bind.JAXBException; import javax.xml.bind.Unmarshaller; import org.apache.commons.lang3.RandomStringUtils; +import org.apache.commons.lang3.StringUtils; import org.jetbrains.annotations.NotNull; +import org.joda.time.DateTime; import org.junit.Assert; import org.junit.Before; import org.junit.Rule; import org.junit.Test; import org.junit.runner.RunWith; -import org.powermock.core.classloader.annotations.PrepareForTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; @@ -29,12 +31,21 @@ import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import com.github.skjolber.mockito.soap.SoapServiceRule; +import com.google.common.collect.ImmutableMap; +import com.google.common.collect.ImmutableSet; import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.EidasResponseUtils; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; @@ -51,7 +62,9 @@ import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; import at.gv.egiz.eaaf.core.impl.utils.Random; import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.AttributeValue; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.protocol.eidas.impl.PostalAddress; import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; import lombok.val; import szrservices.GetBPK; @@ -62,7 +75,6 @@ import szrservices.SZR; import szrservices.SZRException_Exception; @RunWith(SpringJUnit4ClassRunner.class) -@PrepareForTest(CreateIdentityLinkTask.class) @DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) @ContextConfiguration(locations = { "/SpringTest-context_tasks_test.xml", @@ -81,7 +93,10 @@ public class CreateIdentityLinkTaskTest { EaafKeyStoreFactory keyStoreFactory; @Autowired - private IRequestStorage requestStorage; + ICcSpecificEidProcessingService eidPostProcessor; + + @Autowired + IRequestStorage requestStorage; final ExecutionContext executionContext = new ExecutionContextImpl(); private MockHttpServletRequest httpReq; @@ -89,18 +104,20 @@ public class CreateIdentityLinkTaskTest { private TestRequestImpl pendingReq; private DummySpConfiguration oaParam; private SZR szrMock; - + private AuthenticationResponse response; private Map<String, String> spConfig; - + @Rule public final SoapServiceRule soap = SoapServiceRule.newInstance(); /** * jUnit test set-up. + * @throws EidasAttributeException + * @throws EidPostProcessingException */ @Before - public void setUp() throws EaafStorageException, URISyntaxException { + public void setUp() throws EaafStorageException, URISyntaxException, EidPostProcessingException, EidasAttributeException { httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); httpResp = new MockHttpServletResponse(); @@ -110,7 +127,7 @@ public class CreateIdentityLinkTaskTest { basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.revisionlog.eidmapping.active", "false"); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation", "false"); - + spConfig = new HashMap<>(); spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); @@ -119,42 +136,48 @@ public class CreateIdentityLinkTaskTest { pendingReq = new TestRequestImpl(); response = buildDummyAuthResponse(); - + final Map<String, Object> eidasAttributes = convertEidasAttrToSimpleMap( + response.getAttributes().getAttributeMap()); + final SimpleEidasData eidData = eidPostProcessor.postProcess(eidasAttributes); + MatchingTaskUtils.storeInitialEidasData(pendingReq, eidData); pendingReq.getSessionData(AuthProcessDataWrapper.class) .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); + + MatchingTaskUtils.storeFinalMatchingResult(pendingReq, null); + pendingReq.setSpConfig(oaParam); pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); pendingReq.setAuthUrl("http://test.com/"); pendingReq.setTransactionId("avaasbav"); pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); - + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "XX"); executionContext.put(EaafConstants.PROCESS_ENGINE_REQUIRES_NO_POSTAUTH_REDIRECT, true); szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr"); } - + @Test public void buildIdentityLink() throws Exception { - //initialize test + //initialize test setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml"); - + String randomTestSp = RandomStringUtils.randomAlphabetic(10); pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); - + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); - - + + //perform test task.execute(pendingReq, executionContext); - - //validate state + + //validate state // check if pendingRequest was stored IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); Assert.assertNotNull("pendingReq not stored", storedPendingReq); - + //check data in session final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertNotNull("AuthProcessData", authProcessData); @@ -162,15 +185,12 @@ public class CreateIdentityLinkTaskTest { String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); Assert.assertNull("AuthBlock", authBlock); - + Assert.assertFalse("EID process", authProcessData.isEidProcess()); Assert.assertTrue("foreigner process", authProcessData.isForeigner()); - Assert.assertEquals("EID-ISSUING_NATION", "LU", + Assert.assertEquals("EID-ISSUING_NATION", "LU", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); - Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel()); - Assert.assertEquals("LoA", response.getLevelOfAssurance(), - authProcessData.getQaaLevel()); - + Assert.assertNotNull("IDL", authProcessData.getIdentityLink()); checkElement("Mustermann", authProcessData.getIdentityLink().getFamilyName()); checkElement("Hans", authProcessData.getIdentityLink().getGivenName()); @@ -178,12 +198,69 @@ public class CreateIdentityLinkTaskTest { checkElement("urn:publicid:gv.at:baseid", authProcessData.getIdentityLink().getIdentificationType()); checkElement("k+zDM1BVpN1WJO4x7ZQ3ng==", authProcessData.getIdentityLink().getIdentificationValue()); Assert.assertNotNull(authProcessData.getIdentityLink().getSerializedSamlAssertion()); - Assert.assertNotNull(authProcessData.getIdentityLink().getSamlAssertion()); - + Assert.assertNotNull(authProcessData.getIdentityLink().getSamlAssertion()); + Assert.assertNotNull("no bPK", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); - Assert.assertEquals("wrong bPK", "XX:FkXtOaSSeR3elyL9KLLvijIYDMU=", + Assert.assertEquals("wrong bPK", "XX:FkXtOaSSeR3elyL9KLLvijIYDMU=", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); + + } + + @Test + public void successfulProcessWithDataFromMatching() throws Exception { + //initialize test + setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml"); + + String randomTestSp = RandomStringUtils.randomAlphabetic(10); + pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); + + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); + + MatchedPersonResult matchingInfos = MatchedPersonResult.builder() + .bpk(RandomStringUtils.randomAlphabetic(5)) + .givenName(RandomStringUtils.randomAlphabetic(5)) + .familyName(RandomStringUtils.randomAlphabetic(5)) + .dateOfBirth(RandomStringUtils.randomAlphabetic(5)) + .countryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .build(); + + MatchingTaskUtils.storeFinalMatchingResult(pendingReq, matchingInfos); + + //perform test + task.execute(pendingReq, executionContext); + + //validate state + // check if pendingRequest was stored + IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedPendingReq); + + //check data in session + final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertNotNull("AuthProcessData", authProcessData); + Assert.assertNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class)); + + String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); + Assert.assertNull("AuthBlock", authBlock); + + Assert.assertFalse("EID process", authProcessData.isEidProcess()); + Assert.assertTrue("foreigner process", authProcessData.isForeigner()); + Assert.assertEquals("EID-ISSUING_NATION", "LU", + authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); + + Assert.assertNotNull("IDL", authProcessData.getIdentityLink()); + checkElement("Mustermann", authProcessData.getIdentityLink().getFamilyName()); + checkElement("Hans", authProcessData.getIdentityLink().getGivenName()); + checkElement("1989-05-05", authProcessData.getIdentityLink().getDateOfBirth()); + checkElement("urn:publicid:gv.at:baseid", authProcessData.getIdentityLink().getIdentificationType()); + checkElement("k+zDM1BVpN1WJO4x7ZQ3ng==", authProcessData.getIdentityLink().getIdentificationValue()); + Assert.assertNotNull(authProcessData.getIdentityLink().getSerializedSamlAssertion()); + Assert.assertNotNull(authProcessData.getIdentityLink().getSamlAssertion()); + + Assert.assertNotNull("no bPK", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); + Assert.assertEquals("wrong bPK", "XX:FkXtOaSSeR3elyL9KLLvijIYDMU=", + authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); + } @Test @@ -191,22 +268,22 @@ public class CreateIdentityLinkTaskTest { //initialize test setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml"); spConfig.put("target", EaafConstants.URN_PREFIX_WBPK + "FN+123456i"); - + String randomTestSp = RandomStringUtils.randomAlphabetic(10); pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); - + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.revisionlog.eidmapping.active", "true"); - + //perform test task.execute(pendingReq, executionContext); - - //validate state + + //validate state // check if pendingRequest was stored IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); Assert.assertNotNull("pendingReq not stored", storedPendingReq); - + //check data in session final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertNotNull("AuthProcessData", authProcessData); @@ -214,42 +291,39 @@ public class CreateIdentityLinkTaskTest { String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); Assert.assertNull("AuthBlock", authBlock); - + Assert.assertFalse("EID process", authProcessData.isEidProcess()); Assert.assertTrue("foreigner process", authProcessData.isForeigner()); - Assert.assertEquals("EID-ISSUING_NATION", "LU", + Assert.assertEquals("EID-ISSUING_NATION", "LU", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); - Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel()); - Assert.assertEquals("LoA", response.getLevelOfAssurance(), - authProcessData.getQaaLevel()); - + Assert.assertNotNull("no bPK", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); - Assert.assertEquals("wrong bPK", "FN+123456i:D26vJncPS2W790RH/LP04V+vNOQ=", + Assert.assertEquals("wrong bPK", "FN+123456i:D26vJncPS2W790RH/LP04V+vNOQ=", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); - + } - + @Test public void buildIdentityLinkWithEidasBpk() throws Exception { //initialize test setSzrResponseIdentityLink("/data/szr/szr_resp_valid_2.xml"); spConfig.put("target", EaafConstants.URN_PREFIX_EIDAS + "AT+EU"); - + String randomTestSp = RandomStringUtils.randomAlphabetic(10); pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); - + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.revisionlog.eidmapping.active", "true"); - + //perform test task.execute(pendingReq, executionContext); - - //validate state + + //validate state // check if pendingRequest was stored IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); Assert.assertNotNull("pendingReq not stored", storedPendingReq); - + //check data in session final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertNotNull("AuthProcessData", authProcessData); @@ -257,80 +331,77 @@ public class CreateIdentityLinkTaskTest { String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); Assert.assertNull("AuthBlock", authBlock); - + Assert.assertFalse("EID process", authProcessData.isEidProcess()); Assert.assertTrue("foreigner process", authProcessData.isForeigner()); - Assert.assertEquals("EID-ISSUING_NATION", "LU", + Assert.assertEquals("EID-ISSUING_NATION", "LU", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); - Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel()); - Assert.assertEquals("LoA", response.getLevelOfAssurance(), - authProcessData.getQaaLevel()); - + Assert.assertNotNull("IDL", authProcessData.getIdentityLink()); checkElement("Musterfrau", authProcessData.getIdentityLink().getFamilyName()); checkElement("Martina", authProcessData.getIdentityLink().getGivenName()); checkElement("1991-04-15", authProcessData.getIdentityLink().getDateOfBirth()); checkElement("urn:publicid:gv.at:baseid", authProcessData.getIdentityLink().getIdentificationType()); checkElement("k+zDM1BV1312312332x7ZQ3ng==", authProcessData.getIdentityLink().getIdentificationValue()); - + Assert.assertNotNull("no bPK", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); - Assert.assertEquals("wrong bPK", "AT+EU:AT/EU/1+wqDl059/02Ptny0g+LyuLDJV0=", + Assert.assertEquals("wrong bPK", "AT+EU:AT/EU/1+wqDl059/02Ptny0g+LyuLDJV0=", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); - + } - + @Test public void buildIdentityLinkWithUnknownBpk() throws Exception { //initialize test setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml"); spConfig.put("target", "urn:notextis:1234"); - + String randomTestSp = RandomStringUtils.randomAlphabetic(10); pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); - + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.revisionlog.eidmapping.active", "true"); - + try { task.execute(pendingReq, executionContext); Assert.fail("unknown bPKType not detected"); - + } catch (TaskExecutionException e) { - Assert.assertEquals("ErrorId", "builder.33", + Assert.assertEquals("ErrorId", "builder.33", ((EaafException) e.getOriginalException()).getErrorId()); Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException()) .getParams().length); - } + } } - + @Test public void noBpkResult() throws Exception { //initialize test setSzrResponseIdentityLink("/data/szr/szr_resp_valid_1.xml"); GetBPKResponse getBpkResp = new GetBPKResponse(); org.mockito.Mockito.when(szrMock.getBPK(any(GetBPK.class))).thenReturn(getBpkResp ); - + spConfig.put("target", "urn:notextis:1234"); - + String randomTestSp = RandomStringUtils.randomAlphabetic(10); pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); - + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.revisionlog.eidmapping.active", "true"); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation", "true"); - + try { task.execute(pendingReq, executionContext); Assert.fail("unknown bPKType not detected"); - + } catch (TaskExecutionException e) { - Assert.assertEquals("ErrorId", "ernb.01", + Assert.assertEquals("ErrorId", "ernb.01", ((EaafException) e.getOriginalException()).getErrorId()); - - } + + } } - + @Test public void bPKFromSzr() throws Exception { //initialize test @@ -339,25 +410,25 @@ public class CreateIdentityLinkTaskTest { GetBPKResponse getBpkResp = new GetBPKResponse(); getBpkResp.getGetBPKReturn().add(bpk); org.mockito.Mockito.when(szrMock.getBPK(any(GetBPK.class))).thenReturn(getBpkResp ); - + spConfig.put("target", "urn:notextis:1234"); - + String randomTestSp = RandomStringUtils.randomAlphabetic(10); pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); - + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "false"); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.revisionlog.eidmapping.active", "true"); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.params.useSZRForbPKCalculation", "true"); - + //execute test task.execute(pendingReq, executionContext); - - - //validate state + + + //validate state // check if pendingRequest was stored IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); Assert.assertNotNull("pendingReq not stored", storedPendingReq); - + //check data in session final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertNotNull("AuthProcessData", authProcessData); @@ -365,38 +436,35 @@ public class CreateIdentityLinkTaskTest { String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); Assert.assertNull("AuthBlock", authBlock); - + Assert.assertFalse("EID process", authProcessData.isEidProcess()); Assert.assertTrue("foreigner process", authProcessData.isForeigner()); - Assert.assertEquals("EID-ISSUING_NATION", "LU", + Assert.assertEquals("EID-ISSUING_NATION", "LU", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); - Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel()); - Assert.assertEquals("LoA", response.getLevelOfAssurance(), - authProcessData.getQaaLevel()); - + Assert.assertNotNull("no bPK", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); - Assert.assertEquals("wrong bPK", bpk, + Assert.assertEquals("wrong bPK", bpk, authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.BPK_NAME)); } - + @Test public void buildDummyIdl() throws Exception { //initialize test String randomTestSp = RandomStringUtils.randomAlphabetic(10); pendingReq.setRawDataToTransaction(MsEidasNodeConstants.DATA_REQUESTERID, randomTestSp); - + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.szrclient.debug.useDummySolution", "true"); - - + + //perform test task.execute(pendingReq, executionContext); - - //validate state + + //validate state // check if pendingRequest was stored IRequest storedPendingReq = requestStorage.getPendingRequest(pendingReq.getPendingRequestId()); Assert.assertNotNull("pendingReq not stored", storedPendingReq); - + //check data in session final AuthProcessDataWrapper authProcessData = storedPendingReq.getSessionData(AuthProcessDataWrapper.class); Assert.assertNotNull("AuthProcessData", authProcessData); @@ -404,17 +472,14 @@ public class CreateIdentityLinkTaskTest { String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class); Assert.assertNull("AuthBlock", authBlock); - + Assert.assertFalse("EID process", authProcessData.isEidProcess()); Assert.assertTrue("foreigner process", authProcessData.isForeigner()); - Assert.assertEquals("EID-ISSUING_NATION", "LU", + Assert.assertEquals("EID-ISSUING_NATION", "LU", authProcessData.getGenericDataFromSession(PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, String.class)); - Assert.assertNotNull("LoA is null", authProcessData.getQaaLevel()); - Assert.assertEquals("LoA", response.getLevelOfAssurance(), - authProcessData.getQaaLevel()); - + Assert.assertNotNull("IDL", authProcessData.getIdentityLink()); - + } private void setSzrResponseIdentityLink(String responseXmlPath) throws JAXBException, SZRException_Exception { @@ -433,7 +498,7 @@ public class CreateIdentityLinkTaskTest { Assert.assertEquals(expected, value); } - + @NotNull private AuthenticationResponse buildDummyAuthResponse() throws URISyntaxException { final AttributeDefinition attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( @@ -444,7 +509,7 @@ public class CreateIdentityLinkTaskTest { Constants.eIDAS_ATTR_CURRENTGIVENNAME).first(); final AttributeDefinition attributeDef4 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( Constants.eIDAS_ATTR_DATEOFBIRTH).first(); - + final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder() .put(attributeDef, "LU/AT/" + RandomStringUtils.randomNumeric(64)) .put(attributeDef2, RandomStringUtils.randomAlphabetic(10)) @@ -461,4 +526,54 @@ public class CreateIdentityLinkTaskTest { .attributes(attributeMap) .build(); } + + private Map<String, Object> convertEidasAttrToSimpleMap( + ImmutableMap<AttributeDefinition<?>, ImmutableSet<? extends AttributeValue<?>>> attributeMap) { + final Map<String, Object> result = new HashMap<>(); + for (final AttributeDefinition<?> el : attributeMap.keySet()) { + final Class<?> parameterizedType = el.getParameterizedType(); + if (DateTime.class.equals(parameterizedType)) { + convertDateTime(attributeMap, result, el); + } else if (PostalAddress.class.equals(parameterizedType)) { + convertPostalAddress(attributeMap, result, el); + } else { + convertString(attributeMap, result, el); + } + } + return result; + } + + private void convertString(ImmutableMap<AttributeDefinition<?>, + ImmutableSet<? extends AttributeValue<?>>> attributeMap, + Map<String, Object> result, AttributeDefinition<?> el) { + final List<String> natPersonIdObj = EidasResponseUtils + .translateStringListAttribute(el, attributeMap.get(el)); + final String stringAttr = natPersonIdObj.get(0); + if (StringUtils.isNotEmpty(stringAttr)) { + result.put(el.getFriendlyName(), stringAttr); + + } + } + + private void convertPostalAddress(ImmutableMap<AttributeDefinition<?>, + ImmutableSet<? extends AttributeValue<?>>> attributeMap, + Map<String, Object> result, AttributeDefinition<?> el) { + final PostalAddress addressAttribute = EidasResponseUtils + .translateAddressAttribute(el, attributeMap.get(el).asList()); + if (addressAttribute != null) { + result.put(el.getFriendlyName(), addressAttribute); + + } + } + + private void convertDateTime(ImmutableMap<AttributeDefinition<?>, + ImmutableSet<? extends AttributeValue<?>>> attributeMap, + Map<String, Object> result, AttributeDefinition<?> el) { + final DateTime attribute = EidasResponseUtils.translateDateAttribute(el, attributeMap.get(el).asList()); + if (attribute != null) { + result.put(el.getFriendlyName(), attribute); + + } + } + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java new file mode 100644 index 00000000..dccbfda6 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateMobilePhoneSignatureRequestTaskTest.java @@ -0,0 +1,286 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; +import static org.springframework.util.Assert.isInstanceOf; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.util.Base64; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.core.AuthnRequest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateMobilePhoneSignatureRequestTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml", + "classpath:/eaaf_pvp_sp.beans.xml" +}) + +public class GenerateMobilePhoneSignatureRequestTaskTest { + + private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml"; + private static final String METADATA_SP_PATH = "classpath:/data/sp_metadata_junit.xml"; + + @Autowired(required = true) + private ApplicationContext context; + @Autowired(required = true) + protected MsConnectorDummyConfigMap authConfig; + @Autowired + private IdAustriaClientAuthMetadataProvider metadataProvider; + @Autowired + private PvpMetadataResolverFactory metadataFactory; + @Autowired + private DummyGuiBuilderConfigurationFactory guiBuilderConfigFactory; + @Autowired + private SamlVerificationEngine samlVerifyEngine; + @Autowired + private ITransactionStorage transactionStorage; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + private DummyOA oaParam; + + private GenerateMobilePhoneSignatureRequestTask task; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void initialize() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * jUnit test set-up. + * + * @throws Exception In case of an set-up error + */ + @Before + public void setUp() throws Exception { + task = (GenerateMobilePhoneSignatureRequestTask) context.getBean( + "GenerateMobilePhoneSignatureRequestTask"); + + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + METADATA_PATH); + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, + "sig"); + + oaParam = new DummyOA(); + oaParam.setUniqueAppId("http://test.com/test"); + oaParam.setBmiUniqueIdentifier(oaParam.getUniqueIdentifier() + "#" + RandomStringUtils.randomAlphanumeric( + 5)); + oaParam.setTargetIdentifier( + EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2)); + oaParam.setEidasEnabled(true); + + pendingReq = new TestRequestImpl(); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(oaParam); + pendingReq.setAuthUrl("https://localhost/authhandler"); + + metadataProvider.fullyDestroy(); + guiBuilderConfigFactory.setVelocityBuilderConfig(createDummyGuiConfig()); + + } + + @Test + public void noMetadataAvailableOnGlobalConfig() { + authConfig.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + assertNotNull(e.getOriginalException()); + isInstanceOf(EaafConfigurationException.class, e.getOriginalException()); + assertEquals("module.eidasauth.00", ((EaafConfigurationException) e.getOriginalException()).getErrorId()); + } + + @Test + public void wrongMetadataAvailableOnGlobalConfig() { + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + "http://wrong.path/" + RandomStringUtils.randomAlphabetic(5)); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + assertNotNull(e.getPendingRequestID()); + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + assertNotNull(e.getOriginalException()); + isInstanceOf(EaafConfigurationException.class, e.getOriginalException()); + assertEquals("module.eidasauth.idaustria.02", + ((EaafConfigurationException) e.getOriginalException()).getErrorId()); + } + + @Test + public void noMetadataSigningKeyStore() throws Pvp2MetadataException { + authConfig.removeConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS); + + metadataProvider.addMetadataResolverIntoChain( + metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null)); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + assertNotNull(e.getPendingRequestID()); + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + assertNotNull(e.getOriginalException()); + isInstanceOf(CredentialsNotAvailableException.class, e.getOriginalException()); + assertEquals("internal.pvp.01", + ((CredentialsNotAvailableException) e.getOriginalException()).getErrorId()); + } + + @Test + public void success() throws Exception { + metadataProvider.addMetadataResolverIntoChain( + metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null)); + pendingReq.setTransactionId(RandomStringUtils.randomAlphanumeric(10)); + + task.execute(pendingReq, executionContext); + + validate(); + + } + + private void validate() throws Exception { + assertEquals("HTTP Statuscode", 200, httpResp.getStatus()); + assertEquals("ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); + assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding()); + + final String html = httpResp.getContentAsString(); + assertNotNull("XML Metadata", html); + + final int startIndex = html.indexOf("SAMLRequest="); + assertTrue("No SAMLRequest in html", startIndex >= 0); + final String authnXml = html.substring(startIndex + "SAMLRequest=".length()); + + // check if relaystate was stored + final int startIndexRelayState = html.indexOf("RelayState="); + assertTrue("wrong RelayState in HTML", + startIndexRelayState >= 0); + final String relayState = html.substring(startIndexRelayState + "RelayState=".length(), startIndex); + final String storedPendingReqId = transactionStorage.get(relayState, String.class); + assertEquals("relayStore not map to pendingRequestId", + pendingReq.getPendingRequestId(), storedPendingReqId); + + final AuthnRequest authnRequest = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream( + Base64.getDecoder().decode(authnXml))); + + assertNotNull("AuthnReq", authnRequest); + assertNotNull("Issuer", authnRequest.getIssuer()); + assertEquals("EntityId", + "https://localhost/authhandler" + IdAustriaClientAuthConstants.ENDPOINT_METADATA, + authnRequest.getIssuer().getValue()); + + // check XML scheme + Saml2Utils.schemeValidation(authnRequest); + + // check signature + final PvpSProfileRequest msg = new PvpSProfileRequest( + authnRequest, + SAMLConstants.SAML2_POST_BINDING_URI); + msg.setEntityID(authnRequest.getIssuer().getValue()); + metadataProvider.addMetadataResolverIntoChain( + metadataFactory.createMetadataProvider(METADATA_SP_PATH, null, "jUnit SP", null)); + samlVerifyEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + + assertNotNull("RequestedAuthnContext", authnRequest.getRequestedAuthnContext()); + assertNotNull("AuthnContextClassRef", authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs()); + assertEquals("#AuthnContextClassRef", 1, + authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().size()); + assertEquals("LoA", "http://eidas.europa.eu/LoA/high", + authnRequest.getRequestedAuthnContext().getAuthnContextClassRefs().get(0).getAuthnContextClassRef()); + + } + + private IVelocityGuiBuilderConfiguration createDummyGuiConfig() { + return new IVelocityGuiBuilderConfiguration() { + + @Override + public Map<String, Object> getViewParameters() { + return null; + } + + @Override + public String getViewName() { + return "SAML2 Post-Binding"; + } + + @Override + public String getDefaultContentType() { + return null; + } + + @Override + public InputStream getTemplate(String viewName) { + return GenerateMobilePhoneSignatureRequestTaskTest.class.getResourceAsStream( + "/data/pvp_postbinding_template.html"); + } + + @Override + public String getClasspathTemplateDir() { + return null; + + } + + @Override + public boolean isWriteAsynch() { + return false; + + } + }; + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java new file mode 100644 index 00000000..7c4f8a41 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/GenerateOtherLoginMethodGuiTaskTest.java @@ -0,0 +1,201 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import java.io.UnsupportedEncodingException; +import java.text.MessageFormat; +import java.util.Locale; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.i18n.LocaleContextHolder; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.web.WebAppConfiguration; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import com.fasterxml.jackson.databind.JsonNode; +import com.fasterxml.jackson.databind.ObjectMapper; +import com.fasterxml.jackson.databind.json.JsonMapper; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateOtherLoginMethodGuiTask; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import lombok.SneakyThrows; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml", + "/common_gui.beans.xml" +}) +@WebAppConfiguration +public class GenerateOtherLoginMethodGuiTaskTest { + + private static final String TEST_PATTER_REQ_PARAM = + "<input type=\"hidden\" name=\"loginSelection\" value=\"{0}\">"; + + private static ObjectMapper mapper = new ObjectMapper(); + + @Autowired GenerateOtherLoginMethodGuiTask task; + + private ExecutionContextImpl executionContext = new ExecutionContextImpl(); + private TestRequestImpl pendingReq; + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + + @BeforeClass + public static void classInitializer() { + Locale.setDefault(Locale.ENGLISH); + + } + + /** + * jUnit test set-up. + * + */ + @Before + public void initialize() { + httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + pendingReq = new TestRequestImpl(); + pendingReq.setAuthUrl("https://localhost/ms_connector"); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + + LocaleContextHolder.resetLocaleContext(); + } + + + @Test + @SneakyThrows + public void jsonResponse() throws TaskExecutionException, UnsupportedEncodingException { + + executionContext.put(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true); + httpReq.addHeader("Accept", "application/json"); + + task.execute(pendingReq, executionContext); + + //result validation + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + Assert.assertEquals("http ContentType", "application/json;charset=UTF-8", httpResp.getContentType()); + final String content = httpResp.getContentAsString(); + assertNotNull("response body is null", content); + Assert.assertFalse("response body is empty", content.isEmpty()); + final JsonNode json = new JsonMapper().readTree(content); + assertNotNull("response body is null", json); + assertNotNull("advancedMatchFailed", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED)); + assertTrue("advancedMatchFailed", json.get(Constants.HTML_FORM_ADVANCED_MATCHING_FAILED).asBoolean()); + + } + + @Test + public void advancedMatchingFailedMsg() throws TaskExecutionException, UnsupportedEncodingException { + + executionContext.put(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true); + + task.execute(pendingReq, executionContext); + + //result validation + String html = doBasicValidation(); + + Assert.assertTrue("No english text", + html.contains("Matching of further information failed")); + + } + + @Test + public void validHtmlResponseWithOutLocale() throws TaskExecutionException, UnsupportedEncodingException { + + task.execute(pendingReq, executionContext); + + //result validation + String html = doBasicValidation(); + + Assert.assertTrue("No english text", + html.contains("Information on Logins with European eIDs")); + Assert.assertFalse("No english text", + html.contains("Matching of further information failed")); + + } + + @Test + public void validHtmlResponseWithDE() throws TaskExecutionException, UnsupportedEncodingException { + LocaleContextHolder.setLocale(Locale.GERMAN); + httpReq.addHeader("Accept-Language", "de"); + + task.execute(pendingReq, executionContext); + + //result validation + String html = doBasicValidation(); + + Assert.assertTrue("No english text", + html.contains("Information zur Anmeldung über Europäische eIDs")); + + } + + @Test + public void validHtmlResponseWithEN() throws TaskExecutionException, UnsupportedEncodingException { + LocaleContextHolder.setLocale(Locale.ENGLISH); + + task.execute(pendingReq, executionContext); + + //result validation + String html = doBasicValidation(); + + Assert.assertTrue("No english text", + html.contains("Information on Logins with European eIDs")); + + } + + @Test + public void validHtmlResponseWithFR() throws TaskExecutionException, UnsupportedEncodingException { + LocaleContextHolder.setLocale(Locale.FRANCE); + httpReq.addHeader("Accept-Language", "fr"); + + task.execute(pendingReq, executionContext); + + //result validation + String html = doBasicValidation(); + + Assert.assertTrue("No english text", + html.contains("Information on Logins with European eIDs")); + + } + + private String doBasicValidation() throws UnsupportedEncodingException { + Assert.assertEquals("Wrong http StatusCode", 200, httpResp.getStatus()); + Assert.assertEquals("Wrong http ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); + + String html = httpResp.getContentAsString(); + Assert.assertNotNull("html result is null", html); + Assert.assertFalse("html result is empty", html.isEmpty()); + + Assert.assertTrue("Missing IDA Login", + html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, SelectedLoginMethod.MOBILE_PHONE_SIGNATURE_LOGIN))); + Assert.assertTrue("Missing residence infos", + html.contains(MessageFormat.format(TEST_PATTER_REQ_PARAM, SelectedLoginMethod.NO_OTHER_LOGIN))); + + Assert.assertTrue("No language selector with pendingRequestId", + html.contains("/otherLoginMethod?pendingid=" + pendingReq.getPendingRequestId())); + Assert.assertTrue("No country-selection form", + html.contains("<form class=\"block\" method=\"post\" action=\"/otherLoginMethod\">")); + + return html; + + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java new file mode 100644 index 00000000..e5ba2e07 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskTest.java @@ -0,0 +1,729 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.IZmrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient.ZmrRegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.*; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.InitialSearchTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; +import at.gv.bmi.namespace.zmr_su.zmr._20040201.PersonSuchenRequest; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.attribute.PersonType; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; +import org.apache.commons.lang3.RandomStringUtils; +import org.jetbrains.annotations.NotNull; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mock; +import org.mockito.Mockito; +import org.mockito.MockitoAnnotations; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import javax.xml.namespace.QName; +import java.math.BigInteger; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.*; + +import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic; +import static org.junit.Assert.*; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.ArgumentMatchers.eq; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class InitialSearchTaskTest { + + + private static final String EE = "EE"; + private static final String DE = "DE"; + + private static final String EE_ST = EE + "/ST/"; + private static final String DE_ST = DE + "/ST/"; + + @Mock + private IZmrClient zmrClient; + @Mock + private IErnpClient ernpClient; + + @Autowired + private List<CountrySpecificDetailSearchProcessor> handlers; + private RegisterSearchService registerSearchService; + + private final ICcSpecificEidProcessingService eidPostProcessor = createEidPostProcessor(); + private InitialSearchTask task; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private TestRequestImpl pendingReq; + private final String randomBpk = RandomStringUtils.randomNumeric(6); + private final String randomPseudonym = RandomStringUtils.randomNumeric(10); + private final String randomPersonalIdentifier_DE = DE_ST + randomPseudonym; + private final String randomPersonalIdentifier_EE = EE_ST + randomPseudonym; + private final String randomFamilyName = randomAlphabetic(10); + private final String randomGivenName = randomAlphabetic(10); + private final String randomPlaceOfBirth = randomAlphabetic(10); + private final String randomBirthName = randomAlphabetic(10); + private final String randomBirthDate = "2011-01-" + (10 + new Random().nextInt(18)); + + /** + * jUnit test set-up. + */ + @Before + public void setUp() throws URISyntaxException, EaafStorageException { + registerSearchService = new RegisterSearchService(handlers, zmrClient, ernpClient); + task = new InitialSearchTask(registerSearchService, eidPostProcessor); + + MockHttpServletRequest httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + MockHttpServletResponse httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + final AuthenticationResponse response = buildDummyAuthResponseRandomPerson(); + pendingReq = new TestRequestImpl(); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); + } + + @NotNull + private ICcSpecificEidProcessingService createEidPostProcessor() { + return new ICcSpecificEidProcessingService() { + + private final GenericEidProcessor genericEidProcessor = new GenericEidProcessor(); + + @Override + public SimpleEidasData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, EidasAttributeException { + return genericEidProcessor.postProcess(eidasAttrMap); + } + + @Override + public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) { + genericEidProcessor.preProcess(pendingReq, authnRequestBuilder); + } + }; + } + + /** + * One match, but register update needed + */ + @Test + @DirtiesContext + public void singlePersonalIdMatchUpdateNecessary_Zmr() throws Exception { + String oldGivenName = randomAlphabetic(10); + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPseudonym, DE)) + .thenReturn(zmrRegisterResult(randomRegisterResult(oldGivenName, randomBpk))); + + Mockito.when(zmrClient.searchCountrySpecific(any(), any(), any())) + .thenThrow(new IllegalStateException("CountrySpecific search search should not be neccessary")); + Mockito.when(zmrClient.searchWithMds(any(), any(), any(), any(), any())) + .thenThrow(new IllegalStateException("MDS search should not be neccessary")); + Mockito.when(zmrClient.update(any(), any(), any())) + .thenThrow(new IllegalStateException("ZMR update should not be neccessary")); + + // execute test + task.execute(pendingReq, executionContext); + + // validate state + //INFO: has to be the old givenName because ZMR allows no update of MDS information + checkMatchingSuccessState(pendingReq, randomBpk, randomFamilyName, oldGivenName, randomBirthDate, DE); + + } + + /** + * TODO: include again if ERnP update is implementet. Maybe we can update MDS based on ERnP. + * <p> + * One match, but register update needed. + * + * @throws EidasSAuthenticationException + */ + @Ignore + @Test + @DirtiesContext + public void singlePersonalIdMatchUpdateNecessary_Ernp() throws TaskExecutionException, EidasSAuthenticationException { + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPseudonym, DE)) + .thenReturn(emptyZmrRegisterResult()); + + String oldRandomGivenName = randomAlphabetic(10); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)) + .thenReturn(Collections.singletonList(randomRegisterResult(oldRandomGivenName, randomBpk))); + + // execute test + task.execute(pendingReq, executionContext); + + // validate state + checkMatchingSuccessState(pendingReq, randomBpk, randomFamilyName, randomGivenName, randomBirthDate, DE); + } + + @NotNull + private ZmrSoapClient.ZmrRegisterResult emptyZmrRegisterResult() { + return new ZmrRegisterResult(Collections.emptyList(), generateRandomProcessId()); + } + + /** + * Two matches by PersonalId found in ZMR + * + * @throws EidasSAuthenticationException + */ + @Test + @DirtiesContext + public void multiPersonalIdMatch_Zmr() throws EidasSAuthenticationException { + String newRandomGivenName = randomAlphabetic(10); + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPseudonym, DE)) + .thenReturn(new ZmrRegisterResult(Arrays.asList(randomRegisterResult(), randomRegisterResult(newRandomGivenName, randomBpk)), generateRandomProcessId())); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)) + .thenReturn(Collections.emptyList()); + + // execute task + TaskExecutionException exception = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + + // validate state + assertTrue("Wrong exception", (exception.getOriginalException() instanceof WorkflowException)); + assertTrue("Wrong flag 'manualFixNeeded'", + ((WorkflowException) exception.getOriginalException()).isRequiresManualFix()); + + } + + /** + * Two matches by PersonalId found in ZMR + * + * @throws EidasSAuthenticationException + */ + @Test + @DirtiesContext + public void withErrorFromZmr() throws EidasSAuthenticationException { + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPseudonym, DE)) + .thenThrow(new ZmrCommunicationException("jUnit ZMR error", null)); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)) + .thenReturn(Collections.emptyList()); + + // execute task + TaskExecutionException exception = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + + // validate state + assertTrue("Wrong exception", (exception.getOriginalException() instanceof WorkflowException)); + assertFalse("Wrong flag 'manualFixNeeded'", + ((WorkflowException) exception.getOriginalException()).isRequiresManualFix()); + + } + + /** + * Two matches by PersonalId found in ErnP + * + * @throws EidasSAuthenticationException + */ + @Test + @DirtiesContext + public void multiPersonalIdMatch_Ernp() throws EidasSAuthenticationException { + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPseudonym, DE)) + .thenReturn(emptyZmrRegisterResult()); + String newRandomGivenName = randomAlphabetic(10); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)) + .thenReturn(Arrays.asList(randomRegisterResult(), randomRegisterResult(newRandomGivenName, randomBpk))); + + // execute task + TaskExecutionException exception = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + // validate state + assertTrue("Wrong exception", (exception.getOriginalException() instanceof WorkflowException)); + assertTrue("Wrong flag 'manualFixNeeded'", + ((WorkflowException) exception.getOriginalException()).isRequiresManualFix()); + + } + + /** + * Two matches by PersonalId + * + * @throws EidasSAuthenticationException + */ + @Test + @DirtiesContext + public void multiPersonalIdMatch_ErnpAndZmr() throws EidasSAuthenticationException { + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPseudonym, DE)) + .thenReturn(zmrRegisterResult(randomRegisterResult())); + String newRandomGivenName = randomAlphabetic(10); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)) + .thenReturn(Collections.singletonList(randomRegisterResult())); + + // execute task + TaskExecutionException exception = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + // validate state + assertTrue("Wrong exception", (exception.getOriginalException() instanceof WorkflowException)); + assertTrue("Wrong flag 'manualFixNeeded'", + ((WorkflowException) exception.getOriginalException()).isRequiresManualFix()); + + } + + /** + * One match by PersonalId, no register update needed + */ + @Test + @DirtiesContext + public void singlePersonalIdMatchNoUpdate_Ernp() throws Exception { + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPseudonym, DE)) + .thenReturn(emptyZmrRegisterResult()); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)) + .thenReturn(Collections.singletonList(randomRegisterResult())); + + // execute test + task.execute(pendingReq, executionContext); + + // validate state + checkMatchingSuccessState(pendingReq, randomBpk, randomFamilyName, randomGivenName, randomBirthDate, DE); + } + + /** + * One match by PersonalId, no register update needed + */ + @Test + @DirtiesContext + public void singlePersonalIdMatchNoUpdate_Zmr() throws Exception { + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPseudonym, DE)) + .thenReturn(zmrRegisterResult(randomRegisterResult())); + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)) + .thenReturn(Collections.emptyList()); + Mockito.when(zmrClient.update(any(), any(), any())) + .thenThrow(new IllegalStateException("ZMR update should not be neccessary")); + + // execute test + task.execute(pendingReq, executionContext); + + // validate state + checkMatchingSuccessState(pendingReq, randomBpk, randomFamilyName, randomGivenName, randomBirthDate, DE); + } + + /** + * Find single person in ZMR by country specifics. + */ + @Test + @DirtiesContext + public void singlePersonFindWithCountySpecifics_Zmr() throws Exception { + final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName, + randomPersonalIdentifier_DE, randomBirthDate, randomPlaceOfBirth, randomBirthName); + TestRequestImpl pendingReq1 = new TestRequestImpl(); + pendingReq1.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); + + BigInteger zmrProcessId = generateRandomProcessId(); + RegisterResult zmrResult = RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Collections.singletonList(randomPseudonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .placeOfBirth(randomPlaceOfBirth) + .birthName(randomBirthName) + .build(); + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPseudonym, DE)) + .thenReturn(new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + Mockito.when(zmrClient.searchCountrySpecific(eq(zmrProcessId), any(PersonSuchenRequest.class), eq(DE))) + .thenReturn(zmrRegisterResult(zmrResult, zmrProcessId)); + RegisterResult randomRegisterResult = RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Arrays.asList(randomPseudonym, RandomStringUtils.randomAlphanumeric(10))) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .placeOfBirth(randomPlaceOfBirth) + .birthName(randomBirthName) + .build(); + Mockito.when(zmrClient.update(eq(zmrProcessId), eq(zmrResult), any())) + .thenReturn(zmrRegisterResult(randomRegisterResult, zmrProcessId)); + Mockito.when(zmrClient.searchWithMds(any(), any(), any(), any(), any())) + .thenThrow(new IllegalStateException("MDS search should not be neccessary")); + + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)) + .thenReturn(Collections.emptyList()); + + // execute test + task.execute(pendingReq1, executionContext); + + // validate state + checkMatchingSuccessState(pendingReq1, randomBpk, randomFamilyName, randomGivenName, randomBirthDate, DE); + + } + + /** + * Multiple matches found in ZMR by country specifics. + */ + @Test + @DirtiesContext + public void multiplePersonFindWithCountySpecifics_Zmr() throws Exception { + String newRandomPseudonym = randomPersonalIdentifier_DE + RandomStringUtils.randomNumeric(2); + String newRandomBpk = randomBpk + RandomStringUtils.randomNumeric(6); + final AuthenticationResponse response = buildDummyAuthResponseDE(randomGivenName, randomFamilyName, + randomPersonalIdentifier_DE, + randomBirthDate, randomPlaceOfBirth, randomBirthName); + TestRequestImpl pendingReq1 = new TestRequestImpl(); + pendingReq1.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, response); + + BigInteger zmrProcessId = generateRandomProcessId(); + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPseudonym, DE)) + .thenReturn(new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + RegisterResult randomResult1 = RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Collections.singletonList(randomPseudonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .placeOfBirth(randomPlaceOfBirth) + .birthName(randomBirthName) + .build(); + RegisterResult randomResult2 = RegisterResult.builder() + .bpk(newRandomBpk) + .pseudonym(Collections.singletonList(newRandomPseudonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .placeOfBirth(randomPlaceOfBirth) + .birthName(randomBirthName) + .build(); + Mockito.when(zmrClient.searchCountrySpecific(eq(zmrProcessId), any(PersonSuchenRequest.class), eq(DE))) + .thenReturn(new ZmrRegisterResult(Arrays.asList(randomResult1, randomResult2), zmrProcessId)); + + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)) + .thenReturn(Collections.emptyList()); + + // execute task + TaskExecutionException exception = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq1, executionContext)); + + // validate state + assertTrue("Wrong exception", (exception.getOriginalException() instanceof WorkflowException)); + assertTrue("Wrong flag 'manualFixNeeded'", + ((WorkflowException) exception.getOriginalException()).isRequiresManualFix()); + + } + + /** + * NO match found in ZMR and ErnP with Initial and MDS search + * + * @throws EidasSAuthenticationException + * @throws URISyntaxException + * @throws EaafStorageException + */ + @Test + @DirtiesContext + public void noResultByAnySearch() throws TaskExecutionException, EidasSAuthenticationException, URISyntaxException, EaafStorageException { + BigInteger zmrProcessId = generateRandomProcessId(); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, + buildDummyAuthResponse(randomGivenName, randomFamilyName, randomPersonalIdentifier_EE, randomBirthDate)); + + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPseudonym, EE)) + .thenReturn(new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + Mockito.when(zmrClient.searchWithMds(zmrProcessId, randomGivenName, randomFamilyName, randomBirthDate, EE)) + .thenReturn(new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + Mockito.when(zmrClient.update(any(), any(), any())) + .thenThrow(new IllegalStateException("ZMR update should not be neccessary")); + + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_EE)) + .thenReturn(Collections.emptyList()); + + + // execute task + task.execute(pendingReq, executionContext); + + + // validate state + assertNotNull("find no eIDAS inbut data", MatchingTaskUtils.getInitialEidasData(pendingReq)); + + assertNull("Find intermediate matching data but matching should be finished", + MatchingTaskUtils.getIntermediateMatchingResult(pendingReq)); + assertNull("Find final matching data but no match sould be found", + MatchingTaskUtils.getFinalMatchingResult(pendingReq)); + + Boolean transitionGUI = (Boolean) executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK); + Assert.assertNull("Wrong transition", transitionGUI); + Boolean transitionErnb = (Boolean) executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK); + Assert.assertTrue("Wrong transition", transitionErnb); + + } + + /** + * Find one match with MDS search in ERnP. + */ + @Test + @DirtiesContext + public void resultByMdsSearch_Ernb() throws TaskExecutionException, EidasSAuthenticationException, URISyntaxException, EaafStorageException { + BigInteger zmrProcessId = generateRandomProcessId(); + pendingReq.getSessionData(AuthProcessDataWrapper.class) + .setGenericDataToSession(Constants.DATA_FULL_EIDAS_RESPONSE, + buildDummyAuthResponse(randomGivenName, randomFamilyName, randomPersonalIdentifier_EE, randomBirthDate)); + + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPseudonym, EE)) + .thenReturn(new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + Mockito.when(zmrClient.searchWithMds(zmrProcessId, randomGivenName, randomFamilyName, randomBirthDate, EE)) + .thenReturn(new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_EE)) + .thenReturn(Collections.emptyList()); + Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)) + .thenReturn(Collections.singletonList(randomRegisterResult())); + + // execute test + task.execute(pendingReq, executionContext); + + // validate state + checkIntermediateResult(1); + + } + + /** + * Find one match with MDS search in ZMR. + */ + @Test + @DirtiesContext + public void resultByMdsSearch_Zmr() throws TaskExecutionException, EidasSAuthenticationException { + BigInteger zmrProcessId = generateRandomProcessId(); + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPseudonym, DE)) + .thenReturn(new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + Mockito.when(zmrClient.searchWithMds(zmrProcessId, randomGivenName, randomFamilyName, randomBirthDate, DE)) + .thenReturn(zmrRegisterResult(randomRegisterResult(), zmrProcessId)); + Mockito.when(zmrClient.update(any(), any(), any())) + .thenThrow(new IllegalStateException("ZMR update should not be neccessary")); + + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)).thenReturn(Collections.emptyList()); + + + // execute test + task.execute(pendingReq, executionContext); + + // validate state + checkIntermediateResult(1); + + } + + /** + * resultByMdsSearch + */ + @Test + @DirtiesContext + public void multipleResultsByMdsSearch() throws TaskExecutionException, EidasSAuthenticationException { + BigInteger zmrProcessId = generateRandomProcessId(); + Mockito.when(zmrClient.searchWithPersonIdentifier(null, randomPseudonym, DE)) + .thenReturn(new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + Mockito.when(zmrClient.searchCountrySpecific(eq(zmrProcessId), any(PersonSuchenRequest.class), any(String.class))) + .thenReturn(new ZmrRegisterResult(Collections.emptyList(), zmrProcessId)); + Mockito.when(zmrClient.searchWithMds(zmrProcessId, randomGivenName, randomFamilyName, randomBirthDate, DE)) + .thenReturn(zmrRegisterResult(randomRegisterResult(randomBpk + "2"), zmrProcessId)); + Mockito.when(zmrClient.update(any(), any(), any())) + .thenThrow(new IllegalStateException("ZMR update should not be neccessary")); + + Mockito.when(ernpClient.searchWithPersonIdentifier(randomPersonalIdentifier_DE)) + .thenReturn(Collections.emptyList()); + Mockito.when(ernpClient.searchWithMds(randomGivenName, randomFamilyName, randomBirthDate)) + .thenReturn(Arrays.asList(randomRegisterResult(), randomRegisterResult(randomBpk + "1"))); + + // execute test + task.execute(pendingReq, executionContext); + + // validate state + checkIntermediateResult(3); + + } + + @NotNull + private ZmrRegisterResult zmrRegisterResult(RegisterResult registerResult, BigInteger processId) { + return new ZmrRegisterResult(Collections.singletonList(registerResult), processId); + } + + @NotNull + private ZmrRegisterResult zmrRegisterResult(RegisterResult registerResult) { + return zmrRegisterResult(registerResult, generateRandomProcessId()); + } + + @NotNull + private RegisterResult randomRegisterResult() { + return randomRegisterResult(randomGivenName, randomBpk); + } + + @NotNull + private RegisterResult randomRegisterResult(String randomBpk) { + return randomRegisterResult(randomGivenName, randomBpk); + } + + @NotNull + private RegisterResult randomRegisterResult(String randomGivenName, String randomBpk) { + return RegisterResult.builder() + .bpk(randomBpk) + .pseudonym(Collections.singletonList(randomPseudonym)) + .givenName(randomGivenName) + .familyName(randomFamilyName) + .dateOfBirth(randomBirthDate) + .build(); + } + + @NotNull + private AuthenticationResponse buildDummyAuthResponseRandomPerson() throws URISyntaxException { + return buildDummyAuthResponse(randomGivenName, randomFamilyName, DE_ST + randomPseudonym, randomBirthDate); + } + + private BigInteger generateRandomProcessId() { + return new BigInteger(RandomStringUtils.randomNumeric(10)); + + } + + private void checkMatchingSuccessState(IRequest pendingReq, String bpk, String familyName, String givenName, + String birhday, String countryCode) { + assertNull("Find intermediate matching data but matching should be finished", + MatchingTaskUtils.getIntermediateMatchingResult(pendingReq)); + assertNotNull("find no eIDAS inbut data", MatchingTaskUtils.getInitialEidasData(pendingReq)); + + MatchedPersonResult personInfo = MatchingTaskUtils.getFinalMatchingResult(pendingReq); + assertNotNull("no final matching result", personInfo); + assertEquals("wrong bpk", bpk, personInfo.getBpk()); + assertEquals("wrong givenName", givenName, personInfo.getGivenName()); + assertEquals("wrong familyName", familyName, personInfo.getFamilyName()); + assertEquals("wrong dateOfBirth", birhday, personInfo.getDateOfBirth()); + assertEquals("wrong countryCode", countryCode, personInfo.getCountryCode()); + + } + + private void checkIntermediateResult(int resultSize) { + Boolean transitionGUI = (Boolean) executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK); + Assert.assertTrue("Wrong transition", transitionGUI); + Boolean transitionErnb = (Boolean) executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK); + Assert.assertNull("Wrong transition", transitionErnb); + + assertNotNull("find no eIDAS inbut data", MatchingTaskUtils.getInitialEidasData(pendingReq)); + assertNull("Find final matching data but no match sould be found", + MatchingTaskUtils.getFinalMatchingResult(pendingReq)); + + RegisterStatusResults result = MatchingTaskUtils.getIntermediateMatchingResult(pendingReq); + assertNotNull("Find no intermediate matching data", result); + assertEquals("wrong intermediate result size", resultSize, result.getResultCount()); + + } + + @NotNull + private AuthenticationResponse buildDummyAuthResponse(String givenName, String familyName, String identifier, + String dateOfBirth) throws URISyntaxException { + return buildDummyAuthResponse(givenName, familyName, identifier, dateOfBirth, null, null, null); + } + + @NotNull + private AuthenticationResponse buildDummyAuthResponseDE(String givenName, String familyName, String identifier, + String dateOfBirth, String placeOfBirth, + String birthName) throws URISyntaxException { + return buildDummyAuthResponse(givenName, familyName, identifier, dateOfBirth, null, placeOfBirth, birthName); + } + + @NotNull + private AuthenticationResponse buildDummyAuthResponse(String givenName, String familyName, String identifier, + String dateOfBirth, String taxNumber, String placeOfBirth, + String birthName) throws URISyntaxException { + ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder() + .put(generateStringAttribute(Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + randomAlphabetic(2), randomAlphabetic(2)), identifier) + .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTFAMILYNAME, + randomAlphabetic(3), randomAlphabetic(3)), familyName) + .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTGIVENNAME, + randomAlphabetic(4), randomAlphabetic(4)), givenName) + .put(generateDateTimeAttribute(Constants.eIDAS_ATTR_DATEOFBIRTH, + randomAlphabetic(5), randomAlphabetic(5)), dateOfBirth); + if (taxNumber != null) { + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_TAXREFERENCE, + randomAlphabetic(6), randomAlphabetic(6)), taxNumber); + } + if (birthName != null) { + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_BIRTHNAME, + randomAlphabetic(7), randomAlphabetic(7)), birthName); + } + if (placeOfBirth != null) { + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_PLACEOFBIRTH, + randomAlphabetic(8), randomAlphabetic(8)), placeOfBirth); + } + final ImmutableAttributeMap attributeMap = builder.build(); + + return new AuthenticationResponse.Builder().id(randomAlphabetic(5)) + .issuer(randomAlphabetic(5)).subject(randomAlphabetic(5)).statusCode("200") + .inResponseTo(randomAlphabetic(5)).subjectNameIdFormat(randomAlphabetic(5)) + .attributes(attributeMap).build(); + } + + private AttributeDefinition<Object> generateStringAttribute(String friendlyName, String fragment, String prefix) + throws URISyntaxException { + return generateAttribute(friendlyName, fragment, prefix, "eu.eidas.auth.commons.attribute.impl" + + ".LiteralStringAttributeValueMarshaller"); + } + + @SuppressWarnings("SameParameterValue") + private AttributeDefinition<Object> generateDateTimeAttribute(String friendlyName, String fragment, String prefix) + throws URISyntaxException { + return generateAttribute(friendlyName, fragment, prefix, "eu.eidas.auth.commons.attribute.impl" + + ".DateTimeAttributeValueMarshaller"); + } + + private AttributeDefinition<Object> generateAttribute(String friendlyName, String fragment, String prefix, + String marshaller) throws URISyntaxException { + return AttributeDefinition.builder() + .friendlyName(friendlyName).nameUri(new URI("ad", "sd", fragment)) + .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", prefix)) + .attributeValueMarshaller(marshaller).build(); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java new file mode 100644 index 00000000..14ad3519 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/InitialSearchTaskWithRegistersTest.java @@ -0,0 +1,518 @@ +/* + * Copyright 2020 A-SIT Plus GmbH + * AT-specific eIDAS Connector has been developed in a cooperation between EGIZ, + * A-SIT Plus GmbH, A-SIT, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.2 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "License"); + * You may not use this work except in compliance with the License. + * You may obtain a copy of the License at: + * https://joinup.ec.europa.eu/news/understanding-eupl-v12 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import static org.apache.commons.lang3.RandomStringUtils.randomAlphabetic; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; +import static org.mockito.ArgumentMatchers.any; +import static org.mockito.Mockito.when; + +import java.math.BigInteger; +import java.net.URI; +import java.net.URISyntaxException; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Unmarshaller; +import javax.xml.namespace.QName; + +import org.apache.commons.lang3.RandomStringUtils; +import org.jetbrains.annotations.NotNull; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.ArgumentCaptor; +import org.mockito.Mock; +import org.mockito.MockitoAnnotations; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import com.github.skjolber.mockito.soap.SoapServiceRule; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.IZmrClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.clients.zmr.ZmrSoapClient.ZmrRegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MatchedPersonResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.ernp.IErnpClient; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasAttributeException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.WorkflowException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.CountrySpecificDetailSearchProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.handler.GenericEidProcessor; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.ICcSpecificEidProcessingService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.InitialSearchTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.clients.ZmrClientTest; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; +import at.gv.bmi.namespace.zmr_su.base._20040201.RequestType; +import at.gv.bmi.namespace.zmr_su.base._20040201.ResponseType; +import at.gv.bmi.namespace.zmr_su.base._20040201_.ServicePort; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import eu.eidas.auth.commons.attribute.AttributeDefinition; +import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; +import eu.eidas.auth.commons.attribute.PersonType; +import eu.eidas.auth.commons.light.impl.LightRequest; +import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; +import lombok.SneakyThrows; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml", + "/SpringTest-context_ccSearchProcessor_test.xml" +}) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class InitialSearchTaskWithRegistersTest { + + private static final String EE = "EE"; + private static final String DE = "DE"; + + @Rule + public SoapServiceRule soap = SoapServiceRule.newInstance(); + + @Mock private IErnpClient ernpClient; + + @Autowired private IZmrClient zmrClient; + @Autowired private List<CountrySpecificDetailSearchProcessor> handlers; + private RegisterSearchService registerSearchService; + + private ServicePort zmrMock = null; + + private final ICcSpecificEidProcessingService eidPostProcessor = createEidPostProcessor(); + private InitialSearchTask task; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private TestRequestImpl pendingReq; + private static JAXBContext jaxbContext; + + /** + * Initialize jUnit class. + */ + @BeforeClass + @SneakyThrows + public static void classInitializer() { + jaxbContext = JAXBContext.newInstance( + at.gv.bmi.namespace.zmr_su.zmr._20040201.ObjectFactory.class, + at.gv.bmi.namespace.zmr_su.gis._20070725.ObjectFactory.class, + at.gv.bmi.namespace.zmr_su.base._20040201.ObjectFactory.class); + } + + + /** + * jUnit test set-up. + */ + @Before + public void setUp() throws URISyntaxException, EaafStorageException { + if (zmrMock == null) { + zmrMock = soap.mock(ServicePort.class, "http://localhost:1234/demozmr"); + + } + + registerSearchService = new RegisterSearchService(handlers, zmrClient, ernpClient); + task = new InitialSearchTask(registerSearchService, eidPostProcessor); + + MockHttpServletRequest httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + MockHttpServletResponse httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + pendingReq = new TestRequestImpl(); + + } + + /** + * One match, but register update needed + */ + @Test + @DirtiesContext + public void singlePersonalIdMatchUpdateNecessary_Zmr() throws Exception { + + String oldGivenName = "XXXClaus - Maria"; + + //inject eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE, + buildDummyAuthResponse("XXXKlaus - Maria", "XXXvon Brandenburg", + "DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", "1994-12-31")); + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/seq_1-8_search_with_personalId_only_resp.xml")) + .thenThrow(new RuntimeException("This request is not needed any more")); + + + // execute test + task.execute(pendingReq, executionContext); + + // validate state + //INFO: has to be the old givenName because ZMR allows no update of MDS information + checkMatchingSuccessState(pendingReq, "UgeknNsc26lVuB7U/uYGVmWtnnA=", "XXXvon Brandenburg", + oldGivenName, "1994-12-31", DE); + + // validate request + assertEquals("wrong number of req.", 1, zmrReq.getAllValues().size()); + assertNotNull("Personensuche req.", zmrReq.getValue().getPersonSuchenRequest()); + checkBasicRequestParameters(zmrReq.getValue(), ZmrClientTest.PROCESS_TASK_SEARCH, null, "jUnit123456"); + + } + + + /** + * Two matches by PersonalId found in ZMR + * + * @throws EidasSAuthenticationException + */ + @Test + @DirtiesContext + @SneakyThrows + public void multiPersonalIdMatch_Zmr() throws EidasSAuthenticationException { + //inject eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE, + buildDummyAuthResponse("XXXKlaus - Maria", "XXXvon Brandenburg", + "DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit", "1994-12-31")); + + // inject response + when(zmrMock.service(any(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/search_with_personalId_only_resp_moreThanOne.xml")) + .thenThrow(new RuntimeException("This request is not needed any more")); + + // execute task + TaskExecutionException exception = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + // validate state + assertTrue("Wrong exception", (exception.getOriginalException() instanceof WorkflowException)); + assertTrue("Wrong flag 'manualFixNeeded'", + ((WorkflowException) exception.getOriginalException()).isRequiresManualFix()); + + } + + + /** + * Find single person in ZMR by country specifics. + */ + @Test + @DirtiesContext + public void singlePersonFindWithCountySpecifics_Zmr() throws Exception { + //inject eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE, + buildDummyAuthResponse("XXXClaus - Maria", "XXXvon Brandenburg", + "DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit_with_New_ID", "1994-12-31", + null, "Hintergigritzpotschn", "XXXvon Heuburg")); + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + BigInteger processId = new BigInteger("367100000000079"); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/empty_zmr_result.xml")) //personalId search + .thenReturn(loadResponseFromFile("/data/zmr/seq_1-8_search_with_personalId_only_resp.xml")) //CC specific search + .thenReturn(loadResponseFromFile("/data/zmr/seq_1-4_kitt_get_latest_version_resp.xml")) //KITT latest version + .thenReturn(loadResponseFromFile("/data/zmr/seq_1-6_kitt_update_resp.xml")) //KITT update + .thenThrow(new RuntimeException("This request is not needed any more")); + + // execute test + task.execute(pendingReq, executionContext); + + // validate state + checkMatchingSuccessState(pendingReq, "UgeknNsc26lVuB7U/uYGVmWtnnA=", "XXXvon Brandenburg", + "XXXClaus - Maria", "1994-12-31", DE); + + // validate request + assertEquals("wrong number of req.", 4, zmrReq.getAllValues().size()); + checkBasicRequestParameters(zmrReq.getAllValues().get(0), ZmrClientTest.PROCESS_TASK_SEARCH, null, "jUnit123456"); + checkBasicRequestParameters(zmrReq.getAllValues().get(1), ZmrClientTest.PROCESS_TASK_SEARCH, processId, "jUnit123456"); + checkBasicRequestParameters(zmrReq.getAllValues().get(2), ZmrClientTest.PROCESS_TASK_SEARCH, processId, "jUnit123456"); + checkBasicRequestParameters(zmrReq.getAllValues().get(3), ZmrClientTest.PROCESS_TASK_UPDATE, processId, "jUnit123456"); + + } + + /** + * Find one match with MDS search in ZMR. + */ + @Test + @DirtiesContext + @SneakyThrows + public void resultByMdsSearch_Zmr() throws TaskExecutionException, EidasSAuthenticationException { + //inject eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE, + buildDummyAuthResponse("XXXClaus - Maria", "XXXvon Brandenburg", + "DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit_with_New_ID", "1994-12-31")); + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + BigInteger processId = new BigInteger("367100000000079"); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/empty_zmr_result.xml")) //personalId search + //CC-specific will be ignored because CC is DE but BirthName and PlaceOfBirth is 'null' + .thenReturn(loadResponseFromFile("/data/zmr/seq_1-2_search_with_mds_resp.xml")) //MDS specific search + .thenThrow(new RuntimeException("This request is not needed any more")); + + + // execute test + task.execute(pendingReq, executionContext); + + // validate state + checkIntermediateResult(1); + + // validate request + assertEquals("wrong number of req.", 2, zmrReq.getAllValues().size()); + checkBasicRequestParameters(zmrReq.getAllValues().get(0), ZmrClientTest.PROCESS_TASK_SEARCH, null, "jUnit123456"); + checkBasicRequestParameters(zmrReq.getAllValues().get(1), ZmrClientTest.PROCESS_TASK_SEARCH, processId, "jUnit123456"); + + } + + /** + * Find one match with MDS search in ZMR. + */ + @Test + @DirtiesContext + @SneakyThrows + public void resultByMdsSearch_Zmr_Second() throws TaskExecutionException, EidasSAuthenticationException { + //inject eIDAS data + pendingReq.getSessionData(AuthProcessDataWrapper.class).setGenericDataToSession( + Constants.DATA_FULL_EIDAS_RESPONSE, + buildDummyAuthResponse("XXXClaus - Maria", "XXXvon Brandenburg", + "DE/AT/7cEYWithDEElementsasdfsafsaf4CDVzNT4E7cjkU4VqForjUnit_with_New_ID", "1994-12-31", + null, "Hintergigritzpotschn", "XXXvon Heuburg")); + + final ArgumentCaptor<RequestType> zmrReq = ArgumentCaptor.forClass(RequestType.class); + BigInteger processId = new BigInteger("367100000000079"); + + // inject response + when(zmrMock.service(zmrReq.capture(), any())) + .thenReturn(loadResponseFromFile("/data/zmr/empty_zmr_result.xml")) //personalId search + .thenReturn(loadResponseFromFile("/data/zmr/empty_zmr_result.xml")) //CC-specific search + .thenReturn(loadResponseFromFile("/data/zmr/search_with_personalId_only_resp_moreThanOne.xml")) //MDS specific search + .thenThrow(new RuntimeException("This request is not needed any more")); + + + // execute test + task.execute(pendingReq, executionContext); + + // validate state + checkIntermediateResult(2); + + // validate request + assertEquals("wrong number of req.", 3, zmrReq.getAllValues().size()); + checkBasicRequestParameters(zmrReq.getAllValues().get(0), ZmrClientTest.PROCESS_TASK_SEARCH, null, "jUnit123456"); + checkBasicRequestParameters(zmrReq.getAllValues().get(1), ZmrClientTest.PROCESS_TASK_SEARCH, processId, "jUnit123456"); + checkBasicRequestParameters(zmrReq.getAllValues().get(2), ZmrClientTest.PROCESS_TASK_SEARCH, processId, "jUnit123456"); + + } + + + + @NotNull + private ICcSpecificEidProcessingService createEidPostProcessor() { + return new ICcSpecificEidProcessingService() { + + private final GenericEidProcessor genericEidProcessor = new GenericEidProcessor(); + + @Override + public SimpleEidasData postProcess(Map<String, Object> eidasAttrMap) throws EidPostProcessingException, EidasAttributeException { + return genericEidProcessor.postProcess(eidasAttrMap); + } + + @Override + public void preProcess(String selectedCC, IRequest pendingReq, LightRequest.Builder authnRequestBuilder) { + genericEidProcessor.preProcess(pendingReq, authnRequestBuilder); + } + }; + } + + @NotNull + private ZmrRegisterResult zmrRegisterResult(RegisterResult registerResult, BigInteger processId) { + return new ZmrRegisterResult(Collections.singletonList(registerResult), processId); + } + + @NotNull + private ZmrRegisterResult zmrRegisterResult(RegisterResult registerResult) { + return zmrRegisterResult(registerResult, generateRandomProcessId()); + } + + + private BigInteger generateRandomProcessId() { + return new BigInteger(RandomStringUtils.randomNumeric(10)); + + } + + private void checkMatchingSuccessState(IRequest pendingReq, String bpk, String familyName, String givenName, + String birhday, String countryCode) { + assertNull("Find intermediate matching data but matching should be finished", + MatchingTaskUtils.getIntermediateMatchingResult(pendingReq)); + assertNotNull("find no eIDAS inbut data", MatchingTaskUtils.getInitialEidasData(pendingReq)); + + MatchedPersonResult personInfo = MatchingTaskUtils.getFinalMatchingResult(pendingReq); + assertNotNull("no final matching result", personInfo); + assertEquals("wrong bpk", bpk, personInfo.getBpk()); + assertEquals("wrong givenName", givenName, personInfo.getGivenName()); + assertEquals("wrong familyName", familyName, personInfo.getFamilyName()); + assertEquals("wrong dateOfBirth", birhday, personInfo.getDateOfBirth()); + assertEquals("wrong countryCode", countryCode, personInfo.getCountryCode()); + + } + + private void checkIntermediateResult(int resultSize) { + Boolean transitionGUI = (Boolean) executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK); + Assert.assertTrue("Wrong transition", transitionGUI); + Boolean transitionErnb = (Boolean) executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK); + Assert.assertNull("Wrong transition", transitionErnb); + + assertNotNull("find no eIDAS inbut data", MatchingTaskUtils.getInitialEidasData(pendingReq)); + assertNull("Find final matching data but no match sould be found", + MatchingTaskUtils.getFinalMatchingResult(pendingReq)); + + RegisterStatusResults result = MatchingTaskUtils.getIntermediateMatchingResult(pendingReq); + assertNotNull("Find no intermediate matching data", result); + assertEquals("wrong intermediate result size", resultSize, result.getResultCount()); + + } + + @NotNull + private AuthenticationResponse buildDummyAuthResponse(String givenName, String familyName, String identifier, + String dateOfBirth) throws URISyntaxException { + return buildDummyAuthResponse(givenName, familyName, identifier, dateOfBirth, null, null, null); + } + + @NotNull + private AuthenticationResponse buildDummyAuthResponseDE(String givenName, String familyName, String identifier, + String dateOfBirth, String placeOfBirth, + String birthName) throws URISyntaxException { + return buildDummyAuthResponse(givenName, familyName, identifier, dateOfBirth, null, placeOfBirth, birthName); + } + + @NotNull + private AuthenticationResponse buildDummyAuthResponse(String givenName, String familyName, String identifier, + String dateOfBirth, String taxNumber, String placeOfBirth, + String birthName) throws URISyntaxException { + ImmutableAttributeMap.Builder builder = ImmutableAttributeMap.builder() + .put(generateStringAttribute(Constants.eIDAS_ATTR_PERSONALIDENTIFIER, + randomAlphabetic(2), randomAlphabetic(2)), identifier) + .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTFAMILYNAME, + randomAlphabetic(3), randomAlphabetic(3)), familyName) + .put(generateStringAttribute(Constants.eIDAS_ATTR_CURRENTGIVENNAME, + randomAlphabetic(4), randomAlphabetic(4)), givenName) + .put(generateDateTimeAttribute(Constants.eIDAS_ATTR_DATEOFBIRTH, + randomAlphabetic(5), randomAlphabetic(5)), dateOfBirth); + if (taxNumber != null) { + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_TAXREFERENCE, + randomAlphabetic(6), randomAlphabetic(6)), taxNumber); + } + if (birthName != null) { + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_BIRTHNAME, + randomAlphabetic(7), randomAlphabetic(7)), birthName); + } + if (placeOfBirth != null) { + builder.put(generateStringAttribute(Constants.eIDAS_ATTR_PLACEOFBIRTH, + randomAlphabetic(8), randomAlphabetic(8)), placeOfBirth); + } + final ImmutableAttributeMap attributeMap = builder.build(); + + return new AuthenticationResponse.Builder().id(randomAlphabetic(5)) + .issuer(randomAlphabetic(5)).subject(randomAlphabetic(5)).statusCode("200") + .inResponseTo(randomAlphabetic(5)).subjectNameIdFormat(randomAlphabetic(5)) + .attributes(attributeMap).build(); + } + + private AttributeDefinition<Object> generateStringAttribute(String friendlyName, String fragment, String prefix) + throws URISyntaxException { + return generateAttribute(friendlyName, fragment, prefix, "eu.eidas.auth.commons.attribute.impl" + + ".LiteralStringAttributeValueMarshaller"); + } + + @SuppressWarnings("SameParameterValue") + private AttributeDefinition<Object> generateDateTimeAttribute(String friendlyName, String fragment, String prefix) + throws URISyntaxException { + return generateAttribute(friendlyName, fragment, prefix, "eu.eidas.auth.commons.attribute.impl" + + ".DateTimeAttributeValueMarshaller"); + } + + private AttributeDefinition<Object> generateAttribute(String friendlyName, String fragment, String prefix, + String marshaller) throws URISyntaxException { + return AttributeDefinition.builder() + .friendlyName(friendlyName).nameUri(new URI("ad", "sd", fragment)) + .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", prefix)) + .attributeValueMarshaller(marshaller).build(); + } + + private ResponseType loadResponseFromFile(String filepath) throws JAXBException { + final Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); + JAXBElement<?> resp = (JAXBElement<?>) unmarshaller.unmarshal(ZmrClientTest.class.getResourceAsStream( + filepath)); + return (ResponseType) resp.getValue(); + + } + + private void checkBasicRequestParameters(RequestType requestType, String vorgangName, BigInteger processId, + String behoerdennummer) { + assertNotNull("no workflow infos", requestType.getWorkflowInfoClient()); + assertEquals("processName", ZmrClientTest.PROCESS_GENERAL, requestType.getWorkflowInfoClient().getProzessName()); + assertEquals("vorgangsName", vorgangName, requestType.getWorkflowInfoClient().getVorgangName()); + + if (processId != null) { + assertEquals("processId", processId, requestType.getWorkflowInfoClient().getProzessInstanzID()); + } else { + assertNull("processId", requestType.getWorkflowInfoClient().getProzessInstanzID()); + } + + assertNotNull("no client infos", requestType.getClientInfo()); + assertEquals("behoerdennummer", behoerdennummer, requestType.getClientInfo().getOrganisation() + .getBehoerdenNr()); + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAustrianResidenceGuiResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAustrianResidenceGuiResponseTaskTest.java new file mode 100644 index 00000000..64bb0d48 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAustrianResidenceGuiResponseTaskTest.java @@ -0,0 +1,247 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAustrianResidenceGuiResponseTask.PARAM_CITY; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAustrianResidenceGuiResponseTask.PARAM_FORMER_RESIDENCE_AVAILABLE; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAustrianResidenceGuiResponseTask.PARAM_STREET; +import static at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAustrianResidenceGuiResponseTask.PARAM_ZIPCODE; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThrows; +import static org.mockito.ArgumentMatchers.eq; +import static org.springframework.util.Assert.isInstanceOf; + +import java.math.BigInteger; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; + +import org.apache.commons.lang3.RandomStringUtils; +import org.jetbrains.annotations.NotNull; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.Mockito; +import org.mockito.MockitoAnnotations; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.context.i18n.LocaleContextHolder; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import com.google.common.collect.Lists; + +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAustrianResidenceGuiResponseTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAustrianResidenceGuiResponseTask.UserInput; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +public class ReceiveAustrianResidenceGuiResponseTaskTest { + + @Autowired + protected MsConnectorDummyConfigMap authConfig; + + @MockBean + private RegisterSearchService registerSearchService; + + private ReceiveAustrianResidenceGuiResponseTask task; + + private final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + + /** + * jUnit test set-up. + * + * @throws Exception In case of an set-up error + */ + @Before + public void setUp() throws Exception { + task = new ReceiveAustrianResidenceGuiResponseTask(registerSearchService); + + httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + pendingReq = new TestRequestImpl(); + pendingReq.setAuthUrl("https://localhost/ms_connector"); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + + LocaleContextHolder.resetLocaleContext(); + } + + @Test + public void noRegisterResult() throws Exception { + UserInput userInput = setupUserInput(); + SimpleEidasData eidasData = setupEidasData(); + RegisterStatusResults registerSearchResult = buildEmptyResult(); + mockRegisterSearch(userInput, registerSearchResult, eidasData); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, registerSearchResult); + + task.execute(pendingReq, executionContext); + + assertEquals("Transition To S9", true, executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK)); + } + + @Test + public void exactlyOneRegisterResult_Matching() throws Exception { + UserInput userInput = setupUserInput(); + SimpleEidasData eidasData = setupEidasData(); + RegisterStatusResults registerSearchResult = buildResultWithOneMatch(buildMatchingRegisterResult(eidasData)); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, registerSearchResult); + mockRegisterSearch(userInput, registerSearchResult, eidasData); + + task.execute(pendingReq, executionContext); + + assertNull("Transition To S9", executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK)); + Mockito.verify(registerSearchService).step7aKittProcess(eq(registerSearchResult), eq(eidasData)); + + } + + @Test + public void exactlyOneRegisterResult_NotMatching() throws Exception { + UserInput userInput = setupUserInput(); + SimpleEidasData eidasData = setupEidasData(); + RegisterStatusResults registerSearchResult = buildResultWithOneMatch(buildNotMatchingRegisterResult(eidasData)); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, registerSearchResult); + mockRegisterSearch(userInput, registerSearchResult, eidasData); + + task.execute(pendingReq, executionContext); + + assertEquals("Transition To S9", true, executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK)); + } + + @Test + public void moreThanOneRegisterResult() throws Exception { + UserInput userInput = setupUserInput(); + SimpleEidasData eidasData = setupEidasData(); + RegisterStatusResults registerSearchResult = buildResultWithTwoMatches(); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, registerSearchResult); + mockRegisterSearch(userInput, registerSearchResult, eidasData); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(ManualFixNecessaryException.class, e.getOriginalException()); + assertNull("Transition To S16", executionContext.get(Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK)); + } + + private void mockRegisterSearch(UserInput userInput, RegisterStatusResults registerSearchResult, SimpleEidasData eidasData ) { + Mockito.when(registerSearchService.searchWithResidence(eq(registerSearchResult.getOperationStatus()), eq(eidasData), + eq(userInput.getZipcode()), eq(userInput.getCity()), eq(userInput.getStreet()))).thenReturn(registerSearchResult); + } + + @NotNull + private RegisterStatusResults buildEmptyResult() { + return new RegisterStatusResults(new RegisterOperationStatus(generateRandomProcessId()), + Collections.emptyList(), Collections.emptyList()); + + } + + private BigInteger generateRandomProcessId() { + return new BigInteger(RandomStringUtils.randomNumeric(10)); + + } + + @NotNull + private RegisterStatusResults buildResultWithOneMatch(RegisterResult registerResult) { + return new RegisterStatusResults(new RegisterOperationStatus(generateRandomProcessId()), + Collections.singletonList(registerResult), Collections.emptyList()); + + } + + @NotNull + private RegisterStatusResults buildResultWithTwoMatches() { + List<RegisterResult> results = Lists.newArrayList(buildRandomRegisterResult(), buildRandomRegisterResult()); + return new RegisterStatusResults(new RegisterOperationStatus(generateRandomProcessId()), + results, Collections.emptyList()); + + } + + @NotNull + private RegisterResult buildRandomRegisterResult() { + return RegisterResult.builder() + .pseudonym(Arrays.asList(RandomStringUtils.randomAlphabetic(8))) + .givenName(RandomStringUtils.randomAlphabetic(8)) + .familyName(RandomStringUtils.randomAlphabetic(8)) + .dateOfBirth(RandomStringUtils.randomAlphabetic(8)) + .bpk(RandomStringUtils.randomAlphabetic(8)) + .build(); + + } + + private RegisterResult buildMatchingRegisterResult(SimpleEidasData eidData) { + return RegisterResult.builder() + .pseudonym(Arrays.asList(eidData.getPseudonym())) + .givenName(eidData.getGivenName()) + .familyName(eidData.getFamilyName()) + .dateOfBirth(eidData.getDateOfBirth()) + .bpk(RandomStringUtils.randomAlphabetic(8)) + .build(); + + } + + private RegisterResult buildNotMatchingRegisterResult(SimpleEidasData eidData) { + return RegisterResult.builder() + .pseudonym(Arrays.asList(eidData.getPseudonym() + RandomStringUtils.randomAlphabetic(8))) + .givenName(eidData.getGivenName()) + .familyName(eidData.getFamilyName()) + .dateOfBirth(eidData.getDateOfBirth()) + .bpk(RandomStringUtils.randomAlphabetic(8)) + .build(); + + } + + private void setHttpParameters(UserInput input) { + httpReq.setParameter(PARAM_FORMER_RESIDENCE_AVAILABLE, String.valueOf(input.isFormerResidenceAvailable())); + httpReq.setParameter(PARAM_STREET, input.getStreet()); + httpReq.setParameter(PARAM_CITY, input.getCity()); + httpReq.setParameter(PARAM_ZIPCODE, input.getZipcode()); + } + + @NotNull + private SimpleEidasData setupEidasData() throws EaafStorageException { + SimpleEidasData result = SimpleEidasData.builder() + .pseudonym(RandomStringUtils.randomAlphabetic(8)) + .familyName(RandomStringUtils.randomAlphabetic(8)) + .givenName(RandomStringUtils.randomAlphabetic(8)) + .dateOfBirth("1970-01-01") + .build(); + AuthProcessDataWrapper authProcessDataWrapper = pendingReq.getSessionData(AuthProcessDataWrapper.class); + authProcessDataWrapper.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, result); + return result; + } + + @NotNull + private UserInput setupUserInput() { + UserInput result = new UserInput(true, RandomStringUtils.randomAlphabetic(8), RandomStringUtils.randomAlphabetic(8), RandomStringUtils.randomAlphabetic(8)); + setHttpParameters(result); + return result; + } + + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java index 0e56e2b3..ea2cda4b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveEidasResponseTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveAuthnResponseTaskTest.java @@ -13,7 +13,6 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; -import org.powermock.core.classloader.annotations.PrepareForTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; @@ -28,7 +27,6 @@ import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyCo import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummySpConfiguration; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveAuthnResponseTask; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.api.IRequestStorage; @@ -49,12 +47,11 @@ import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; import lombok.val; @RunWith(SpringJUnit4ClassRunner.class) -@PrepareForTest(CreateIdentityLinkTask.class) @DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) @ContextConfiguration(locations = { "/SpringTest-context_tasks_test.xml", "/SpringTest-context_basic_mapConfig.xml"}) -public class ReceiveEidasResponseTaskTest { +public class ReceiveAuthnResponseTaskTest { @Autowired(required = true) private ReceiveAuthnResponseTask task; @@ -63,15 +60,15 @@ public class ReceiveEidasResponseTaskTest { private MsConnectorDummyConfigMap basicConfig; @Autowired protected EidasAttributeRegistry attrRegistry; - + @Autowired private IRequestStorage storage; - + final ExecutionContext executionContext = new ExecutionContextImpl(); private MockHttpServletRequest httpReq; private MockHttpServletResponse httpResp; private TestRequestImpl pendingReq; private MsConnectorDummySpConfiguration oaParam; - + /** * jUnit test set-up. */ @@ -99,67 +96,67 @@ public class ReceiveEidasResponseTaskTest { pendingReq.setAuthUrl("http://test.com/"); pendingReq.setTransactionId("avaasbav"); pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); - + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); executionContext.put(EaafConstants.PROCESS_ENGINE_REQUIRES_NO_POSTAUTH_REDIRECT, true); } - + @Test - public void missingEidasResponse() { + public void missingEidasResponse() { try { task.execute(pendingReq, executionContext); Assert.fail("No eIDAS response not detected"); - + } catch (TaskExecutionException e) { - Assert.assertEquals("ErrorId", "eidas.01", + Assert.assertEquals("ErrorId", "eidas.01", ((EaafException) e.getOriginalException()).getErrorId()); - - } + + } } - + @Test - public void notSuccessEidasResponse() throws URISyntaxException { + public void notSuccessEidasResponse() throws URISyntaxException { String statusCode = RandomStringUtils.randomAlphabetic(10); - httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, + httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, buildDummyAuthResponse(statusCode)); - - + + try { task.execute(pendingReq, executionContext); Assert.fail("No eIDAS response not detected"); - + } catch (TaskExecutionException e) { - Assert.assertEquals("ErrorId", "eidas.02", + Assert.assertEquals("ErrorId", "eidas.02", ((EaafException) e.getOriginalException()).getErrorId()); Assert.assertEquals("wrong parameter size", 2, ((EaafException) e.getOriginalException()) .getParams().length); Assert.assertEquals("wrong errorMsg", statusCode, ((EaafException) e .getOriginalException()).getParams()[0]); - } + } } - + @Test - public void success() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException { + public void success() throws URISyntaxException, TaskExecutionException, PendingReqIdValidationException { @NotNull AuthenticationResponse eidasResponse = buildDummyAuthResponse(Constants.SUCCESS_URI); httpReq.setAttribute(Constants.DATA_FULL_EIDAS_RESPONSE, eidasResponse); - executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); - + executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); + //execute test task.execute(pendingReq, executionContext); - + //validate state IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); Assert.assertNotNull("pendingReq not stored", storedReq); - final EidAuthProcessDataWrapper authProcessData = storedReq.getSessionData(EidAuthProcessDataWrapper.class); Assert.assertEquals("LoA", eidasResponse.getLevelOfAssurance(), authProcessData.getQaaLevel()); - Assert.assertNotNull("eIDAS response", + Assert.assertNotNull("eIDAS response", authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); - Assert.assertEquals("eIDAS response", eidasResponse, + Assert.assertEquals("eIDAS response", eidasResponse, authProcessData.getGenericDataFromSession(Constants.DATA_FULL_EIDAS_RESPONSE)); + Assert.assertFalse("testIdentity flag", authProcessData.isTestIdentity()); } @@ -202,7 +199,7 @@ public class ReceiveEidasResponseTaskTest { Constants.eIDAS_ATTR_CURRENTGIVENNAME).first(); final AttributeDefinition attributeDef4 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( Constants.eIDAS_ATTR_DATEOFBIRTH).first(); - + final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder() .put(attributeDef, "LU/AT/" + RandomStringUtils.randomNumeric(64)) .put(attributeDef2, RandomStringUtils.randomAlphabetic(10)) @@ -219,5 +216,5 @@ public class ReceiveEidasResponseTaskTest { .attributes(attributeMap) .build(); } - + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java new file mode 100644 index 00000000..d5400695 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java @@ -0,0 +1,473 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThrows; +import static org.springframework.util.Assert.isInstanceOf; + +import java.io.IOException; +import java.io.InputStream; +import java.math.BigInteger; +import java.nio.charset.StandardCharsets; +import java.time.Instant; +import java.util.Arrays; +import java.util.Base64; +import java.util.Collections; +import java.util.List; +import java.util.Objects; + +import javax.xml.transform.TransformerException; + +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang3.RandomStringUtils; +import org.jetbrains.annotations.NotNull; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Ignore; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.saml2.core.Issuer; +import org.opensaml.saml.saml2.core.Response; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.test.mock.mockito.MockBean; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import com.google.common.collect.Lists; + +import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterOperationStatus; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.RegisterSearchService.RegisterStatusResults; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveMobilePhoneSignatureResponseTask; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyOA; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.test.dummy.DummyPendingRequest; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.MatchingTaskUtils; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import net.shibboleth.utilities.java.support.xml.ParserPool; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +public class ReceiveMobilePhoneSignatureResponseTaskTest { + + private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml"; + private static final String BPK_FROM_ID_AUSTRIA = "BF:QVGm48cqcM4UcyhDTNGYmVdrIoY="; + + @Autowired + protected MsConnectorDummyConfigMap authConfig; + @Autowired + private IdAustriaClientAuthMetadataProvider metadataProvider; + @Autowired + private IdAustriaClientAuthCredentialProvider credentialProvider; + @Autowired + private PvpMetadataResolverFactory metadataFactory; + @Autowired + private ReceiveMobilePhoneSignatureResponseTask task; + @MockBean + private RegisterSearchService registerSearchService; + + private final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private DummyPendingRequest pendingReq; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void initialize() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + } + + /** + * jUnit test set-up. + * + * @throws Exception In case of an set-up error + */ + @Before + public void setUp() throws Exception { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpReq.setScheme("https"); + httpReq.setServerPort(443); + httpReq.setContextPath("/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, METADATA_PATH); + + DummyOA oaParam = new DummyOA(); + oaParam.setUniqueAppId("http://test.com/test"); + oaParam.setTargetIdentifier(EaafConstants.URN_PREFIX_CDID + RandomStringUtils.randomAlphabetic(2)); + + pendingReq = new DummyPendingRequest(); + pendingReq.initialize(httpReq, authConfig); + pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setOnlineApplicationConfiguration(oaParam); + + metadataProvider.fullyDestroy(); + } + + @Test + public void unsupportedHttpMethod() { + httpReq = new MockHttpServletRequest("PUT", "https://localhost/authhandler"); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.03", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpGetNoMessage() { + httpReq = new MockHttpServletRequest("GET", "https://localhost/authhandler"); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostNoMessage() { + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostMessageNotSigned() throws IOException { + byte[] bytes = IOUtils.toByteArray(ReceiveMobilePhoneSignatureResponseTask.class + .getResourceAsStream("/data/Response_without_sig_classpath_entityid.xml")); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString(bytes)); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostMessageWrongDestinationEndpoint() throws Exception { + initResponse("/data/Response_with_wrong_destination_endpoint.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostValidSignedNoMetadata() throws Exception { + initResponse("/data/Response_without_sig_classpath_entityid.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.11", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedAssertionOutDated() throws Exception { + setupMetadataResolver(); + initResponse("/data/Response_without_sig_classpath_entityid.xml", false); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedAssertionFromWrongIdp() throws Exception { + authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, + "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5)); + setupMetadataResolver(); + initResponse("/data/Response_without_sig_classpath_entityid.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.08", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedAssertionMissingAttributes() throws Exception { + setupMetadataResolver(); + initResponse("/data/Response_without_sig_classpath_entityid.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.12", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedWithError() throws Exception { + setupMetadataResolver(); + initResponse("/data/Response_without_sig_with_error.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedWitUserStopErrorCode() throws Exception { + setupMetadataResolver(); + initResponse("/data/Response_without_sig_with_error_userstop.xml", true); + + task.execute(pendingReq, executionContext); + + assertEquals("Transition To S16", true, executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK)); + + } + + @Test + public void httpPostValidSignedWithErrorAndNoSubCode() throws Exception { + setupMetadataResolver(); + initResponse("/data/Response_without_sig_with_error_without_subcode.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedWithErrorAndEmptySubCode() throws Exception { + setupMetadataResolver(); + initResponse("/data/Response_without_sig_with_error_empty_subcode.xml", true); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + assertEquals("sp.pvp2.05", ((EaafException) e.getOriginalException()).getErrorId()); + } + + @Test + public void httpPostValidSignedAssertionEidValidButNameMismatch() throws Exception { + setupMetadataResolver(); + initResponse("/data/Response_with_EID.xml", true); + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + SimpleEidasData eidData = createEidasDataMatchingToSamlResponse() + .familyName("notmatching") + .build(); + authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); + + + task.execute(pendingReq, executionContext); + + assertEquals("Next task", true, executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK)); + assertEquals("advancedMatchingError flag", true, executionContext.get(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED)); + } + + //TODO: implement new test that this test makes no sense any more + @Ignore + @Test + public void httpPostValidSignedAssertionEidValid_NoRegisterResult() throws Exception { + setupMetadataResolver(); + initResponse("/data/Response_with_EID.xml", true); + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + SimpleEidasData eidData = createEidasDataMatchingToSamlResponse().build(); + authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); + RegisterStatusResults registerSearchResult = new RegisterStatusResults(new RegisterOperationStatus(generateRandomProcessId()), + Collections.emptyList(), Collections.emptyList()); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, registerSearchResult); + + task.execute(pendingReq, executionContext); + + AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel()); + assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString()); + assertEquals("Transition To S16", true, executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK)); + } + + @Test + public void httpPostValidSignedAssertionEidValid_ExactlyOneRegisterResult() throws Exception { + setupMetadataResolver(); + initResponse("/data/Response_with_EID.xml", true); + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + SimpleEidasData eidData = createEidasDataMatchingToSamlResponse().build(); + authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); + RegisterStatusResults registerSearchResult = buildResultWithOneMatch(); + MatchingTaskUtils.storeIntermediateMatchingResult(pendingReq, registerSearchResult); + + task.execute(pendingReq, executionContext); + + AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel()); + assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString()); + assertNull("Transition To S16", executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK)); + + //TODO: update this check because this task selects one result from MDS search result before and creates a new element + //Mockito.verify(registerSearchService).step7aKittProcess(eq(registerSearchResult), eq(eidData)); + } + + //TODO: implement new test that this test makes no sense any more + @Ignore + @Test + public void httpPostValidSignedAssertionEidValid_MoreThanOneRegisterResult() throws Exception { + setupMetadataResolver(); + initResponse("/data/Response_with_EID.xml", true); + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + SimpleEidasData eidData = createEidasDataMatchingToSamlResponse().build(); + authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + isInstanceOf(ManualFixNecessaryException.class, e.getOriginalException().getCause()); + assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + + AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + assertNull("Transition To S16", executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK)); + } + + @NotNull + private RegisterStatusResults buildResultWithOneMatch() { + return new RegisterStatusResults(new RegisterOperationStatus(generateRandomProcessId()), + Collections.singletonList(RegisterResult.builder() + .bpk(BPK_FROM_ID_AUSTRIA) + .pseudonym(Arrays.asList("bar")) + .givenName("foo") + .familyName("foo") + .dateOfBirth("bar") + .build()), + Collections.emptyList()); + + } + + @NotNull + private RegisterStatusResults buildResultWithTwoMatches() { + List<RegisterResult> results = Lists.newArrayList( + RegisterResult.builder() + .bpk(BPK_FROM_ID_AUSTRIA) + .pseudonym(Arrays.asList("bar")) + .givenName("foo") + .familyName("foo") + .dateOfBirth("bar") + .build(), + RegisterResult.builder() + .bpk("bpk") + .pseudonym(Arrays.asList("pseudonym")) + .givenName("givenName") + .familyName("familyName") + .dateOfBirth("dateOfBirth") + .build()); + + return new RegisterStatusResults(new RegisterOperationStatus(generateRandomProcessId()), + results, Collections.emptyList()); + } + + private BigInteger generateRandomProcessId() { + return new BigInteger(RandomStringUtils.randomNumeric(10)); + + } + + private SimpleEidasData.SimpleEidasDataBuilder createEidasDataMatchingToSamlResponse() { + // data from "/data/Response_with_EID.xml" + return SimpleEidasData.builder() + .familyName("Mustermann") + .givenName("Max") + .dateOfBirth("1940-01-01"); + } + + private void addSamlResponseToHttpReq(Response response) throws TransformerException, IOException, MarshallingException { + String node = DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)); + String base64encoded = Base64.getEncoder().encodeToString(node.getBytes(StandardCharsets.UTF_8)); + httpReq.addParameter("SAMLResponse", base64encoded); + } + + private void initResponse(String responsePath, boolean validConditions) throws Exception { + InputStream inputStream = ReceiveMobilePhoneSignatureResponseTaskTest.class.getResourceAsStream(responsePath); + ParserPool parserPool = Objects.requireNonNull(XMLObjectProviderRegistrySupport.getParserPool()); + Response response = (Response) XMLObjectSupport.unmarshallFromInputStream(parserPool, inputStream); + response.setIssueInstant(Instant.now()); + Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); + issuer.setValue("classpath:/data/idp_metadata_classpath_entity.xml"); + response.setIssuer(issuer); + if (validConditions) { + response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().plusSeconds(5*60)); + } + Response signedResponse = Saml2Utils.signSamlObject(response, credentialProvider.getMessageSigningCredential(), true); + addSamlResponseToHttpReq(signedResponse); + } + + private void setupMetadataResolver() throws Pvp2MetadataException { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + } + +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java new file mode 100644 index 00000000..da8a7497 --- /dev/null +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveOtherLoginMethodGuiResponseTaskTest.java @@ -0,0 +1,148 @@ +package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThrows; +import static org.springframework.util.Assert.isInstanceOf; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.i18n.LocaleContextHolder; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ActiveProfiles; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.web.WebAppConfiguration; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SelectedLoginMethod; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.ReceiveOtherLoginMethodGuiResponseTask; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/SpringTest-context_tasks_test.xml", + "/SpringTest-context_basic_mapConfig.xml" +}) +@ActiveProfiles(profiles = {"deprecatedConfig"}) +@WebAppConfiguration +public class ReceiveOtherLoginMethodGuiResponseTaskTest { + + @Autowired + private ReceiveOtherLoginMethodGuiResponseTask task; + + private final ExecutionContextImpl executionContext = new ExecutionContextImpl(); + private TestRequestImpl pendingReq; + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + + /** + * jUnit class initializer. + */ + @BeforeClass + public static void classInitializer() { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties"); + } + + /** + * jUnit test set-up. + */ + @Before + public void initialize() { + httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + pendingReq = new TestRequestImpl(); + pendingReq.setAuthUrl("https://localhost/ms_connector"); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + + LocaleContextHolder.resetLocaleContext(); + } + + @Test + public void withMobileSignatureSelection() throws TaskExecutionException { + testTransition(SelectedLoginMethod.MOBILE_PHONE_SIGNATURE_LOGIN, Constants.TRANSITION_TO_GENERATE_MOBILE_PHONE_SIGNATURE_REQUEST_TASK); + } + + @Test + public void withEidasSelection() throws TaskExecutionException { + testTransition(SelectedLoginMethod.EIDAS_LOGIN, Constants.TRANSITION_TO_GENERATE_EIDAS_LOGIN); + } + + @Test + public void withNoOtherLoginSelection() throws TaskExecutionException { + testTransition(SelectedLoginMethod.NO_OTHER_LOGIN, Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK); + } + + @Test + public void withAddMeAsNewSelection() throws TaskExecutionException { + testTransition(SelectedLoginMethod.ADD_ME_AS_NEW, Constants.TRANSITION_TO_CREATE_NEW_ERNP_ENTRY_TASK); + } + + public void testTransition(SelectedLoginMethod loginMethod, String expectedTransition) throws TaskExecutionException { + httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, loginMethod.name()); + executionContext.put(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED, true); + + task.execute(pendingReq, executionContext); + + assertFalse("wrong pendingReq auth flag", pendingReq.isAuthenticated()); + assertFalse("wrong process-cancelled flag", executionContext.isProcessCancelled()); + assertNotNull("no login-selection found", executionContext.get(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER)); + assertEquals("Wrong login-selection found", loginMethod, executionContext.get(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER)); + assertEquals("Next task", true, executionContext.get(expectedTransition)); + assertNull("find advancedMatchingError flag", executionContext.get(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED)); + + } + + public void withInvalidSelection() throws TaskExecutionException { + httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, RandomStringUtils.randomAlphabetic(2)); + + task.execute(pendingReq, executionContext); + + assertEquals("Next task", true, executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK)); + assertEquals("advancedMatchingError flag", true, executionContext.get(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED)); + } + + @Test + public void withNullSelection() throws TaskExecutionException { + httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, "null"); + + task.execute(pendingReq, executionContext); + + assertEquals("Next task", true, executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK)); + assertEquals("advancedMatchingError flag", true, executionContext.get(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED)); + } + + @Test + public void withEmptySelection() throws TaskExecutionException { + httpReq.setParameter(Constants.REQ_SELECTED_LOGIN_METHOD_PARAMETER, ""); + + task.execute(pendingReq, executionContext); + + assertEquals("Next task", true, executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK)); + assertEquals("advancedMatchingError flag", true, executionContext.get(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED)); + } + + @Test + public void withoutLoginMethodSelection() throws TaskExecutionException { + + task.execute(pendingReq, executionContext); + + assertEquals("Next task", true, executionContext.get(Constants.TRANSITION_TO_GENERATE_OTHER_LOGIN_METHOD_GUI_TASK)); + assertEquals("advancedMatchingError flag", true, executionContext.get(Constants.CONTEXT_FLAG_ADVANCED_MATCHING_FAILED)); + } +} diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/utils/JoseUtilsTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/utils/JoseUtilsTest.java index ad38e371..4da03622 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/utils/JoseUtilsTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/utils/JoseUtilsTest.java @@ -17,13 +17,11 @@ import org.jose4j.lang.JoseException; import org.junit.Assert; import org.junit.Test; import org.junit.runner.RunWith; -import org.powermock.core.classloader.annotations.PrepareForTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils; import at.asitplus.eidas.specific.modules.auth.eidas.v2.utils.JoseUtils.JwsResult; import at.gv.egiz.eaaf.core.exceptions.EaafException; @@ -34,15 +32,14 @@ import at.gv.egiz.eaaf.core.impl.credential.KeyStoreConfiguration.KeyStoreType; import at.gv.egiz.eaaf.core.impl.data.Pair; @RunWith(SpringJUnit4ClassRunner.class) -@PrepareForTest(CreateIdentityLinkTask.class) @DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) @ContextConfiguration(locations = { "/SpringTest-context_tasks_test.xml", "/SpringTest-context_basic_mapConfig.xml"}) public class JoseUtilsTest { - + @Autowired private EaafKeyStoreFactory keyStoreFactory; - + private static final List<String> AUTH_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList( Arrays.asList( AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256, @@ -50,48 +47,48 @@ public class JoseUtilsTest { AlgorithmIdentifiers.RSA_PSS_USING_SHA256, AlgorithmIdentifiers.RSA_PSS_USING_SHA512)); - + @Test public void missingKey() throws EaafException, JoseException, KeyStoreException, IOException { - + KeyStoreConfiguration config = new KeyStoreConfiguration(); config.setFriendlyName("jUnittest"); config.setKeyStoreType(KeyStoreType.JKS); config.setSoftKeyStoreFilePath("../data/junit.jks"); config.setSoftKeyStorePassword("password"); - + Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(config); String payLoad = RandomStringUtils.randomAlphanumeric(100); - + //check signing try { JoseUtils.createSignature(keyStore, "notExist", "password".toCharArray(), payLoad , true, "jUnitTest"); Assert.fail("missing Key not detected"); - - } catch (EaafException e) { + + } catch (EaafException e) { Assert.assertEquals("ErrorId", "internal.keystore.09", e.getErrorId()); - + } } - + @Test public void createRsaSignature() throws EaafException, JoseException, KeyStoreException, IOException { - + KeyStoreConfiguration config = new KeyStoreConfiguration(); config.setFriendlyName("jUnittest"); config.setKeyStoreType(KeyStoreType.JKS); config.setSoftKeyStoreFilePath("../data/junit.jks"); config.setSoftKeyStorePassword("password"); - + Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(config); String payLoad = RandomStringUtils.randomAlphanumeric(100); - + //check signing String result = JoseUtils.createSignature(keyStore, "meta", "password".toCharArray(), payLoad , true, "jUnitTest"); - + Assert.assertNotNull("signed message", result); Assert.assertFalse("signed msg empty", result.isEmpty()); - + //validate List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore.getFirst()); @@ -99,30 +96,30 @@ public class JoseUtilsTest { AUTH_ALGORITHM_WHITELIST_SIGNING .toArray(new String[AUTH_ALGORITHM_WHITELIST_SIGNING.size()])); JwsResult verify = JoseUtils.validateSignature(result, trustedCerts, constraints); - + Assert.assertTrue("sig. verify", verify.isValid()); Assert.assertEquals("payload", payLoad, verify.getPayLoad()); - + } - + @Test public void createEccSignature() throws EaafException, JoseException, KeyStoreException, IOException { - + KeyStoreConfiguration config = new KeyStoreConfiguration(); config.setFriendlyName("jUnittest"); config.setKeyStoreType(KeyStoreType.JKS); config.setSoftKeyStoreFilePath("../data/junit.jks"); config.setSoftKeyStorePassword("password"); - + Pair<KeyStore, Provider> keyStore = keyStoreFactory.buildNewKeyStore(config); String payLoad = RandomStringUtils.randomAlphanumeric(100); - + //check signing String result = JoseUtils.createSignature(keyStore, "sig", "password".toCharArray(), payLoad , true, "jUnitTest"); - + Assert.assertNotNull("signed message", result); Assert.assertFalse("signed msg empty", result.isEmpty()); - + //validate List<X509Certificate> trustedCerts = EaafKeyStoreUtils.readCertsFromKeyStore(keyStore.getFirst()); @@ -130,10 +127,10 @@ public class JoseUtilsTest { AUTH_ALGORITHM_WHITELIST_SIGNING .toArray(new String[AUTH_ALGORITHM_WHITELIST_SIGNING.size()])); JwsResult verify = JoseUtils.validateSignature(result, trustedCerts, constraints); - + Assert.assertTrue("sig. verify", verify.isValid()); Assert.assertEquals("payload", payLoad, verify.getPayLoad()); - + } - + } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java index 9bb51cd9..0a4ab851 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java @@ -30,7 +30,7 @@ import java.text.SimpleDateFormat; import java.util.HashMap; import java.util.Map; -import org.joda.time.DateTime; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; @@ -41,7 +41,6 @@ import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.ErnbEidData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService; @RunWith(SpringJUnit4ClassRunner.class) @@ -59,7 +58,7 @@ public class EidasAttributePostProcessingTest { "DE/AT/532eaabd9574880dbf76b9b8cc00832c20a6ec113d682299550d7a6e0f345e25"; private static final String P1_GIVENNAME = "Max"; private static final String P1_FAMILYNAME = "Mustermann"; - private static final DateTime P1_DATEOFBIRTH = DateTime.now(); + private static final String P1_DATEOFBIRTH = "2020-01-04"; private static final String P1_PLACEOFBIRTH = "Nirgendwo"; private static final String P1_BIRTHNAME = "Musterkind"; @@ -68,7 +67,7 @@ public class EidasAttributePostProcessingTest { "DE/AT/532eaabd9574880dbf76b9b8cc00832c20A6ec113d682299550d7a6e0f345e25"; private static final String P3_GIVENNAME = "Max"; private static final String P3_FAMILYNAME = "Mustermann"; - private static final DateTime P3_DATEOFBIRTH = DateTime.now(); + private static final String P3_DATEOFBIRTH = "2020-01-03"; private static final String P3_PLACEOFBIRTH = "Nirgendwo"; private static final String P3_BIRTHNAME = "Musterkind"; @@ -77,7 +76,7 @@ public class EidasAttributePostProcessingTest { "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F345E25"; private static final String P4_GIVENNAME = "Max"; private static final String P4_FAMILYNAME = "Mustermann"; - private static final DateTime P4_DATEOFBIRTH = DateTime.now(); + private static final String P4_DATEOFBIRTH = "2020-01-05"; private static final String P4_PLACEOFBIRTH = "Nirgendwo"; private static final String P4_BIRTHNAME = "Musterkind"; @@ -86,7 +85,7 @@ public class EidasAttributePostProcessingTest { "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F345E251"; private static final String P5_GIVENNAME = "Max"; private static final String P5_FAMILYNAME = "Mustermann"; - private static final DateTime P5_DATEOFBIRTH = DateTime.now(); + private static final String P5_DATEOFBIRTH = "2020-01-06"; private static final String P5_PLACEOFBIRTH = "Nirgendwo"; private static final String P5_BIRTHNAME = "Musterkind"; @@ -94,7 +93,7 @@ public class EidasAttributePostProcessingTest { private static final String P6_eIDASID = "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F"; private static final String P6_GIVENNAME = "Max"; private static final String P6_FAMILYNAME = "Mustermann"; - private static final DateTime P6_DATEOFBIRTH = DateTime.now(); + private static final String P6_DATEOFBIRTH = "2020-01-08"; private static final String P6_PLACEOFBIRTH = "Nirgendwo"; private static final String P6_BIRTHNAME = "Musterkind"; @@ -102,7 +101,7 @@ public class EidasAttributePostProcessingTest { private static final String P7_eIDASID = "DE/AT/532EAABD9574880DBF76B9B8CC00832C20A6EC113D682299550D7A6E0F"; private static final String P7_GIVENNAME = "Max"; private static final String P7_FAMILYNAME = "Mustermann"; - private static final DateTime P7_DATEOFBIRTH = DateTime.now(); + private static final String P7_DATEOFBIRTH = "2020-01-09"; private static final String P7_PLACEOFBIRTH = "Nirgendwo"; private static final String P7_BIRTHNAME = "Musterkind"; @@ -110,13 +109,13 @@ public class EidasAttributePostProcessingTest { "EE/AT/asfasfasdfasdfasdfasdfasdfasvafasdfasdfasdfasdfasdfasvascasdfasdfasdfasdfasdfasdfasdfasdfasdfasdfasd"; private static final String P2_GIVENNAME = "Max"; private static final String P2_FAMILYNAME = "Mustermann"; - private static final DateTime P2_DATEOFBIRTH = DateTime.now(); + private static final String P2_DATEOFBIRTH = "2020-01-10"; private static final String P2_PLACEOFBIRTH = "Nirgendwo"; private static final String P2_BIRTHNAME = "Musterkind"; /** * jUnit class initializer. - * + * * @throws IOException In case of an error */ @BeforeClass @@ -129,7 +128,7 @@ public class EidasAttributePostProcessingTest { @Test public void deWithHexLowerCase() throws Exception { try { - final ErnbEidData result = postProcessor.postProcess( + final SimpleEidasData result = postProcessor.postProcess( generateInputData( P1_eIDASID, P1_FAMILYNAME, @@ -156,7 +155,7 @@ public class EidasAttributePostProcessingTest { @Test public void deWithHexMixedCase() throws Exception { try { - final ErnbEidData result = postProcessor.postProcess( + final SimpleEidasData result = postProcessor.postProcess( generateInputData( P3_eIDASID, P3_FAMILYNAME, @@ -183,7 +182,7 @@ public class EidasAttributePostProcessingTest { @Test public void deWithHexUpperCase() throws Exception { try { - final ErnbEidData result = postProcessor.postProcess( + final SimpleEidasData result = postProcessor.postProcess( generateInputData( P4_eIDASID, P4_FAMILYNAME, @@ -270,7 +269,7 @@ public class EidasAttributePostProcessingTest { @Test public void eeTestCase() throws Exception { try { - final ErnbEidData result = postProcessor.postProcess( + final SimpleEidasData result = postProcessor.postProcess( generateInputData( P2_eIDASID, P2_FAMILYNAME, @@ -297,7 +296,7 @@ public class EidasAttributePostProcessingTest { @Test public void eeTestFamilyNameMissingCase() throws Exception { try { - final ErnbEidData result = postProcessor.postProcess( + final SimpleEidasData result = postProcessor.postProcess( generateInputData( P2_eIDASID, null, @@ -326,7 +325,7 @@ public class EidasAttributePostProcessingTest { @Test public void eeTestGivenNameMissingCase() throws Exception { try { - final ErnbEidData result = postProcessor.postProcess( + final SimpleEidasData result = postProcessor.postProcess( generateInputData( P2_eIDASID, P2_FAMILYNAME, @@ -355,7 +354,7 @@ public class EidasAttributePostProcessingTest { @Test public void eeTestDateOfBirthMissingCase() throws Exception { try { - final ErnbEidData result = postProcessor.postProcess( + final SimpleEidasData result = postProcessor.postProcess( generateInputData( P2_eIDASID, P2_FAMILYNAME, @@ -384,7 +383,7 @@ public class EidasAttributePostProcessingTest { @Test public void eeTestIdMissingCase() throws Exception { try { - final ErnbEidData result = postProcessor.postProcess( + final SimpleEidasData result = postProcessor.postProcess( generateInputData( null, P2_FAMILYNAME, @@ -411,7 +410,7 @@ public class EidasAttributePostProcessingTest { } private Map<String, Object> generateInputData(String id, String familyName, String givenName, - DateTime dateOfBirth, String placeOfBirth, String birthName) { + String dateOfBirth, String placeOfBirth, String birthName) { final Map<String, Object> result = new HashMap<>(); result.put(Constants.eIDAS_ATTR_PERSONALIDENTIFIER, id); result.put(Constants.eIDAS_ATTR_CURRENTGIVENNAME, givenName); @@ -423,8 +422,8 @@ public class EidasAttributePostProcessingTest { } - private void validate(ErnbEidData result, String id, String familyName, String givenName, - DateTime dateOfBirth, String placeOfBirth, String birthName) { + private void validate(SimpleEidasData result, String id, String familyName, String givenName, + String dateOfBirth, String placeOfBirth, String birthName) { if (!result.getPseudonym().equals(id)) { fail(result.getPseudonym() + "is not equal to " + id); } @@ -441,12 +440,6 @@ public class EidasAttributePostProcessingTest { fail(result.getDateOfBirth() + "is not equal to " + dateOfBirth); } - if (!result.getFormatedDateOfBirth().equals(new SimpleDateFormat("yyyy-MM-dd").format(dateOfBirth - .toDate()))) { - fail(result.getDateOfBirth() + "is not equal to " + new SimpleDateFormat("yyyy-MM-dd").format( - dateOfBirth.toDate())); - } - if (!result.getPlaceOfBirth().equals(placeOfBirth)) { fail(result.getPlaceOfBirth() + "is not equal to " + placeOfBirth); } diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java index 7ac41500..84da2344 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingFirstTest.java @@ -54,8 +54,11 @@ import eu.eidas.auth.commons.light.impl.LightRequest.Builder; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { "/SpringTest-context_tasks_test.xml", - "/SpringTest-context_basic_realConfig.xml"}) -@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties"}) + "/SpringTest-context_basic_realConfig.xml", + //"/SpringTest-context_basic_mapConfig.xml" + }) +@TestPropertySource(locations = {"classpath:/config/junit_config_de_attributes.properties", "classpath:/config" + + "/junit_config_1_springboot.properties"}) @DirtiesContext(classMode = ClassMode.AFTER_CLASS) public class EidasRequestPreProcessingFirstTest { diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java index 4a03fac1..6fd4f8a5 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java @@ -103,7 +103,7 @@ public class EidasRequestPreProcessingSecondTest { final LightRequest lightReq = authnRequestBuilder.build(); - Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName()); + Assert.assertEquals("ProviderName is not Static", "myNode", lightReq.getProviderName());//Fixme "myNode" Assert.assertEquals("no PublicSP", "public", lightReq.getSpType()); Assert.assertEquals("Requested attribute size not match", 8, lightReq.getRequestedAttributes().size()); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java index e0f15c8c..0b18815b 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java @@ -12,7 +12,6 @@ import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; -import org.powermock.core.classloader.annotations.PrepareForTest; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.context.ContextConfiguration; @@ -25,7 +24,6 @@ import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummySp import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasValidationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.EidasAttributeRegistry; -import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.CreateIdentityLinkTask; import at.asitplus.eidas.specific.modules.auth.eidas.v2.validator.EidasResponseValidator; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; @@ -41,7 +39,6 @@ import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; import lombok.val; @RunWith(SpringJUnit4ClassRunner.class) -@PrepareForTest(CreateIdentityLinkTask.class) @DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS) @ContextConfiguration(locations = { "/SpringTest-context_tasks_test.xml", @@ -50,17 +47,17 @@ public class EidasResponseValidatorTest { @Autowired private MsConnectorDummyConfigMap basicConfig; @Autowired protected EidasAttributeRegistry attrRegistry; - + private TestRequestImpl pendingReq; private MsConnectorDummySpConfiguration oaParam; - - + + /** * jUnit test set-up. */ @Before public void setUp() throws EaafStorageException, URISyntaxException { - + final Map<String, String> spConfig = new HashMap<>(); spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); @@ -74,250 +71,250 @@ public class EidasResponseValidatorTest { pendingReq.setAuthUrl("http://test.com/"); pendingReq.setTransactionId("avaasbav"); pendingReq.setPiiTransactionId(RandomStringUtils.randomAlphanumeric(10)); - + } - - + + @Test public void loaFromResponseToLow() throws URISyntaxException { //set-up - ILightResponse eidasResponse = buildDummyAuthResponse( - "LU/AT/" + RandomStringUtils.randomNumeric(10), + ILightResponse eidasResponse = buildDummyAuthResponse( + "LU/AT/" + RandomStringUtils.randomNumeric(10), EaafConstants.EIDAS_LOA_LOW, false); String spCountry = "AT"; String citizenCountryCode = "XX"; - + //execute test try { EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); Assert.fail("Wrong eIDAS response not detected"); - + } catch (EidasValidationException e) { - Assert.assertEquals("ErrorId", "eidas.06", e.getErrorId()); + Assert.assertEquals("ErrorId", "eidas.06", e.getErrorId()); Assert.assertEquals("wrong parameter size", 1, e.getParams().length); - Assert.assertEquals("wrong errorMsg", "http://eidas.europa.eu/LoA/low", + Assert.assertEquals("wrong errorMsg", "http://eidas.europa.eu/LoA/low", e.getParams()[0]); - - } + + } } - + @Test public void noEidasSpCountry() throws URISyntaxException { //set-up - ILightResponse eidasResponse = buildDummyAuthResponse( - "LU/AT/" + RandomStringUtils.randomNumeric(10), + ILightResponse eidasResponse = buildDummyAuthResponse( + "LU/AT/" + RandomStringUtils.randomNumeric(10), EaafConstants.EIDAS_LOA_SUBSTANTIAL, false); String spCountry = null; String citizenCountryCode = "LU"; - + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, EaafConstants.EIDAS_LOA_SUBSTANTIAL)); - - + + //execute test try { EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); Assert.fail("Wrong eIDAS response not detected"); - + } catch (EidasValidationException e) { - Assert.assertEquals("ErrorId", "eidas.07", e.getErrorId()); + Assert.assertEquals("ErrorId", "eidas.07", e.getErrorId()); Assert.assertEquals("wrong parameter size", 2, e.getParams().length); - Assert.assertEquals("wrong errorMsg", "PersonIdentifier", + Assert.assertEquals("wrong errorMsg", "PersonIdentifier", e.getParams()[0]); - Assert.assertEquals("wrong errorMsg", - "Destination country does not match to SP country", + Assert.assertEquals("wrong errorMsg", + "Destination country does not match to SP country", e.getParams()[1]); - - } + + } } - + @Test public void noEidasResponseCountry() throws URISyntaxException { //set-up - ILightResponse eidasResponse = buildDummyAuthResponse( - "LU/AT/" + RandomStringUtils.randomNumeric(10), + ILightResponse eidasResponse = buildDummyAuthResponse( + "LU/AT/" + RandomStringUtils.randomNumeric(10), EaafConstants.EIDAS_LOA_SUBSTANTIAL, false); String spCountry = "AT"; String citizenCountryCode = null; - + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, EaafConstants.EIDAS_LOA_SUBSTANTIAL)); - - + + //execute test try { EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); Assert.fail("Wrong eIDAS response not detected"); - + } catch (EidasValidationException e) { - Assert.assertEquals("ErrorId", "eidas.07", e.getErrorId()); + Assert.assertEquals("ErrorId", "eidas.07", e.getErrorId()); Assert.assertEquals("wrong parameter size", 2, e.getParams().length); - Assert.assertEquals("wrong errorMsg", "PersonIdentifier", + Assert.assertEquals("wrong errorMsg", "PersonIdentifier", e.getParams()[0]); - Assert.assertEquals("wrong errorMsg", - "Citizen country does not match to eIDAS-node country that generates the response", + Assert.assertEquals("wrong errorMsg", + "Citizen country does not match to eIDAS-node country that generates the response", e.getParams()[1]); - - } + + } } - + @Test public void wrongEidasResponseCountry() throws URISyntaxException { //set-up - ILightResponse eidasResponse = buildDummyAuthResponse( - "LU/AT/" + RandomStringUtils.randomNumeric(10), + ILightResponse eidasResponse = buildDummyAuthResponse( + "LU/AT/" + RandomStringUtils.randomNumeric(10), EaafConstants.EIDAS_LOA_SUBSTANTIAL, false); String spCountry = "AT"; String citizenCountryCode = "XX"; - + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, EaafConstants.EIDAS_LOA_SUBSTANTIAL)); - - + + //execute test try { EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); Assert.fail("Wrong eIDAS response not detected"); - + } catch (EidasValidationException e) { - Assert.assertEquals("ErrorId", "eidas.07", e.getErrorId()); + Assert.assertEquals("ErrorId", "eidas.07", e.getErrorId()); Assert.assertEquals("wrong parameter size", 2, e.getParams().length); - Assert.assertEquals("wrong errorMsg", "PersonIdentifier", + Assert.assertEquals("wrong errorMsg", "PersonIdentifier", e.getParams()[0]); - Assert.assertEquals("wrong errorMsg", - "Citizen country does not match to eIDAS-node country that generates the response", + Assert.assertEquals("wrong errorMsg", + "Citizen country does not match to eIDAS-node country that generates the response", e.getParams()[1]); - - } + + } } - + @Test public void missingPersonalIdentifier() throws URISyntaxException { //set-up - ILightResponse eidasResponse = buildDummyAuthResponse( - null, + ILightResponse eidasResponse = buildDummyAuthResponse( + null, EaafConstants.EIDAS_LOA_SUBSTANTIAL, false); String spCountry = "AT"; String citizenCountryCode = "LU"; - + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, EaafConstants.EIDAS_LOA_SUBSTANTIAL)); - - + + //execute test try { EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); Assert.fail("Wrong eIDAS response not detected"); - + } catch (EidasValidationException e) { - Assert.assertEquals("ErrorId", "eidas.05", e.getErrorId()); + Assert.assertEquals("ErrorId", "eidas.05", e.getErrorId()); Assert.assertEquals("wrong parameter size", 1, e.getParams().length); - Assert.assertEquals("wrong errorMsg", "NO 'PersonalIdentifier' attriubte", + Assert.assertEquals("wrong errorMsg", "NO 'PersonalIdentifier' attriubte", e.getParams()[0]); - - } + + } } - + @Test public void moreThanOnePersonalIdentifier() throws URISyntaxException { //set-up - ILightResponse eidasResponse = buildDummyAuthResponse( - null, + ILightResponse eidasResponse = buildDummyAuthResponse( + null, EaafConstants.EIDAS_LOA_SUBSTANTIAL, true); String spCountry = "AT"; String citizenCountryCode = "LU"; - + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, EaafConstants.EIDAS_LOA_SUBSTANTIAL)); - - + + //execute test try { EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); Assert.fail("Wrong eIDAS response not detected"); - + } catch (EidasValidationException e) { - Assert.assertEquals("ErrorId", "eidas.05", e.getErrorId()); + Assert.assertEquals("ErrorId", "eidas.05", e.getErrorId()); Assert.assertEquals("wrong parameter size", 1, e.getParams().length); - Assert.assertEquals("wrong errorMsg", "NO 'PersonalIdentifier' attriubte", + Assert.assertEquals("wrong errorMsg", "NO 'PersonalIdentifier' attriubte", e.getParams()[0]); - - } + + } } - + @Test public void emptyPersonalIdentifier() throws URISyntaxException { //set-up - ILightResponse eidasResponse = buildDummyAuthResponse( - "", + ILightResponse eidasResponse = buildDummyAuthResponse( + "", EaafConstants.EIDAS_LOA_SUBSTANTIAL, false); String spCountry = "AT"; String citizenCountryCode = "LU"; - + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, EaafConstants.EIDAS_LOA_SUBSTANTIAL)); - - + + //execute test try { EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); Assert.fail("Wrong eIDAS response not detected"); - + } catch (EidasValidationException e) { - Assert.assertEquals("ErrorId", "eidas.07", e.getErrorId()); + Assert.assertEquals("ErrorId", "eidas.07", e.getErrorId()); Assert.assertEquals("wrong parameter size", 2, e.getParams().length); - Assert.assertEquals("wrong errorMsg", "PersonIdentifier", + Assert.assertEquals("wrong errorMsg", "PersonIdentifier", e.getParams()[0]); - Assert.assertEquals("wrong errorMsg", - "Wrong identifier format", + Assert.assertEquals("wrong errorMsg", + "Wrong identifier format", e.getParams()[1]); - - } + + } } - + @Test public void validResponse() throws URISyntaxException, EidasValidationException { //set-up - + String spCountry = RandomStringUtils.randomAlphabetic(2).toUpperCase(); String cCountry = RandomStringUtils.randomAlphabetic(2).toUpperCase(); - - ILightResponse eidasResponse = buildDummyAuthResponse( - cCountry + "/" + spCountry + "/" + RandomStringUtils.randomAlphanumeric(20), + + ILightResponse eidasResponse = buildDummyAuthResponse( + cCountry + "/" + spCountry + "/" + RandomStringUtils.randomAlphanumeric(20), EaafConstants.EIDAS_LOA_SUBSTANTIAL, false); - + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, EaafConstants.EIDAS_LOA_SUBSTANTIAL)); - - + + //execute test EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, cCountry, attrRegistry); - + } - - - private AuthenticationResponse buildDummyAuthResponse(String personalId, String loa, boolean moreThanOnePersonalId) + + + private AuthenticationResponse buildDummyAuthResponse(String personalId, String loa, boolean moreThanOnePersonalId) throws URISyntaxException { - - + + final AttributeDefinition personIdattributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName( Constants.eIDAS_ATTR_PERSONALIDENTIFIER).first(); final Builder attributeMap = ImmutableAttributeMap.builder(); if (personalId != null) { if (moreThanOnePersonalId) { - ImmutableSet values = ImmutableSet.of(new StringAttributeValue(personalId), + ImmutableSet values = ImmutableSet.of(new StringAttributeValue(personalId), new StringAttributeValue("XX/YY/" + RandomStringUtils.randomAlphanumeric(10))); - attributeMap.put(personIdattributeDef, values); - + attributeMap.put(personIdattributeDef, values); + } else { attributeMap.put(personIdattributeDef, personalId); - - } + + } } - + val b = new AuthenticationResponse.Builder(); return b.id("_".concat(Random.nextHexRandom16())) .issuer(RandomStringUtils.randomAlphabetic(10)) |