aboutsummaryrefslogtreecommitdiff
path: root/eidas_modules/authmodule-eIDAS-v2/src
diff options
context:
space:
mode:
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src')
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java2
-rw-r--r--eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java101
2 files changed, 81 insertions, 22 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
index 0f40b337..8c7815be 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java
@@ -184,7 +184,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet
throw new TaskExecutionException(pendingReq, ERROR_MSG_02,
new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e));
} catch (final Exception e) {
- e.printStackTrace();
+ // todo catch ManualFixNecessaryException in any other way?
log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e);
throw new TaskExecutionException(pendingReq, ERROR_MSG_03,
new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e));
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java
index c180e6f9..01688214 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java
@@ -3,8 +3,10 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider;
import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider;
@@ -19,10 +21,12 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper;
import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl;
import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException;
import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory;
import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils;
import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException;
+import com.google.common.collect.Lists;
import net.shibboleth.utilities.java.support.xml.ParserPool;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang3.RandomStringUtils;
@@ -54,9 +58,11 @@ import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
+import java.util.List;
import java.util.Objects;
import static org.junit.Assert.*;
+import static org.mockito.ArgumentMatchers.any;
import static org.mockito.ArgumentMatchers.eq;
import static org.springframework.util.Assert.isInstanceOf;
@@ -68,6 +74,7 @@ import static org.springframework.util.Assert.isInstanceOf;
public class ReceiveMobilePhoneSignatureResponseTaskTest {
private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml";
+ private static final String BPK_FROM_ID_AUSTRIA = "BF:QVGm48cqcM4UcyhDTNGYmVdrIoY=";
@Autowired
protected MsConnectorDummyConfigMap authConfig;
@@ -212,8 +219,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
@Test
public void httpPostValidSignedAssertionOutDated() throws Exception {
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
+ setupMetadataResolver();
initResponse("/data/Response_without_sig_classpath_entityid.xml", false);
TaskExecutionException e = assertThrows(TaskExecutionException.class,
@@ -228,8 +234,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
public void httpPostValidSignedAssertionFromWrongIdp() throws Exception {
authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID,
"http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5));
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
+ setupMetadataResolver();
initResponse("/data/Response_without_sig_classpath_entityid.xml", true);
TaskExecutionException e = assertThrows(TaskExecutionException.class,
@@ -242,8 +247,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
@Test
public void httpPostValidSignedAssertionMissingAttributes() throws Exception {
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
+ setupMetadataResolver();
initResponse("/data/Response_without_sig_classpath_entityid.xml", true);
TaskExecutionException e = assertThrows(TaskExecutionException.class,
@@ -256,8 +260,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
@Test
public void httpPostValidSignedWithError() throws Exception {
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
+ setupMetadataResolver();
initResponse("/data/Response_without_sig_with_error.xml", true);
TaskExecutionException e = assertThrows(TaskExecutionException.class,
@@ -270,8 +273,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
@Test
public void httpPostValidSignedWitUserStopErrorCode() throws Exception {
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
+ setupMetadataResolver();
initResponse("/data/Response_without_sig_with_error_userstop.xml", true);
task.execute(pendingReq, executionContext);
@@ -283,8 +285,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
@Test
public void httpPostValidSignedWithErrorAndNoSubCode() throws Exception {
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
+ setupMetadataResolver();
initResponse("/data/Response_without_sig_with_error_without_subcode.xml", true);
TaskExecutionException e = assertThrows(TaskExecutionException.class,
@@ -297,8 +298,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
@Test
public void httpPostValidSignedWithErrorAndEmptySubCode() throws Exception {
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
+ setupMetadataResolver();
initResponse("/data/Response_without_sig_with_error_empty_subcode.xml", true);
TaskExecutionException e = assertThrows(TaskExecutionException.class,
@@ -311,8 +311,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
@Test
public void httpPostValidSignedAssertionEidValidButNameMismatch() throws Exception {
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
+ setupMetadataResolver();
initResponse("/data/Response_with_EID.xml", true);
AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
SimpleEidasData eidData = createEidasDataMatchingToSamlResponse();
@@ -328,22 +327,77 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
}
@Test
- public void httpPostValidSignedAssertionEidValid() throws Exception {
- metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
- METADATA_PATH, null, "jUnit IDP", null));
+ public void httpPostValidSignedAssertionEidValid_NoRegisterResult() throws Exception {
+ setupMetadataResolver();
+ initResponse("/data/Response_with_EID.xml", true);
+ AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ SimpleEidasData eidData = createEidasDataMatchingToSamlResponse();
+ authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
+ MergedRegisterSearchResult registerSearchResult = new MergedRegisterSearchResult(Collections.emptyList(), Collections.emptyList());
+ Mockito.when(registerSearchService.searchWithBpkZp(eq(BPK_FROM_ID_AUSTRIA))).thenReturn(registerSearchResult);
+
+ task.execute(pendingReq, executionContext);
+
+ AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel());
+ assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
+ assertNull("Matching BPK", session.getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK));
+ assertEquals("Transition To S16", true, executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK));
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionEidValid_ExactlyOneRegisterResult() throws Exception {
+ setupMetadataResolver();
initResponse("/data/Response_with_EID.xml", true);
AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
SimpleEidasData eidData = createEidasDataMatchingToSamlResponse();
authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
- Mockito.when(registerSearchService.searchWithBpkZp(eq("BF:QVGm48cqcM4UcyhDTNGYmVdrIoY="))).thenReturn(new MergedRegisterSearchResult(Collections.emptyList(), Collections.emptyList()));
+ MergedRegisterSearchResult registerSearchResult = buildResultWithOneMatch();
+ Mockito.when(registerSearchService.searchWithBpkZp(eq(BPK_FROM_ID_AUSTRIA))).thenReturn(registerSearchResult);
task.execute(pendingReq, executionContext);
AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel());
assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString());
+ assertNull("Matching BPK", session.getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK));
+ assertNull("Transition To S16", executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK));
+ Mockito.verify(registerSearchService).step7aKittProcess(any(), eq(registerSearchResult), eq(eidData), eq(pendingReq));
+ }
+
+ @Test
+ public void httpPostValidSignedAssertionEidValid_MoreThanOneRegisterResult() throws Exception {
+ setupMetadataResolver();
+ initResponse("/data/Response_with_EID.xml", true);
+ AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ SimpleEidasData eidData = createEidasDataMatchingToSamlResponse();
+ authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData);
+ MergedRegisterSearchResult registerSearchResult = buildResultWithTwoMatches();
+ Mockito.when(registerSearchService.searchWithBpkZp(eq(BPK_FROM_ID_AUSTRIA))).thenReturn(registerSearchResult);
+
+
+ TaskExecutionException e = assertThrows(TaskExecutionException.class,
+ () -> task.execute(pendingReq, executionContext));
- //TODO this is the good case
+ assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID());
+ isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException());
+ isInstanceOf(ManualFixNecessaryException.class, e.getOriginalException().getCause());
+ assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId());
+ AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class);
+ assertNull("Matching BPK", session.getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK));
+ assertNull("Transition To S16", executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK));
+ }
+
+ @NotNull
+ private MergedRegisterSearchResult buildResultWithOneMatch() {
+ return new MergedRegisterSearchResult(Collections.singletonList(new RegisterResult(BPK_FROM_ID_AUSTRIA, "bar", "foo", "foo", "bar")), Collections.emptyList());
+ }
+
+ @NotNull
+ private MergedRegisterSearchResult buildResultWithTwoMatches() {
+ List<RegisterResult> results = Lists.newArrayList(new RegisterResult(BPK_FROM_ID_AUSTRIA, "bar", "foo", "foo", "bar"),
+ new RegisterResult("bpk", "pseudonym", "givenName", "familyName", "dateOfBirth"));
+ return new MergedRegisterSearchResult(results, Collections.emptyList());
}
@NotNull
@@ -377,4 +431,9 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest {
addSamlResponseToHttpReq(signedResponse);
}
+ private void setupMetadataResolver() throws Pvp2MetadataException {
+ metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider(
+ METADATA_PATH, null, "jUnit IDP", null));
+ }
+
}