diff options
Diffstat (limited to 'eidas_modules/authmodule-eIDAS-v2/src')
2 files changed, 81 insertions, 22 deletions
diff --git a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java index 0f40b337..8c7815be 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/main/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/tasks/ReceiveMobilePhoneSignatureResponseTask.java @@ -184,7 +184,7 @@ public class ReceiveMobilePhoneSignatureResponseTask extends AbstractAuthServlet throw new TaskExecutionException(pendingReq, ERROR_MSG_02, new AuthnResponseValidationException(ERROR_PVP_10, new Object[]{MODULE_NAME_FOR_LOGGING}, e)); } catch (final Exception e) { - e.printStackTrace(); + // todo catch ManualFixNecessaryException in any other way? log.debug("PVP response validation FAILED. Msg:" + e.getMessage(), e); throw new TaskExecutionException(pendingReq, ERROR_MSG_03, new AuthnResponseValidationException(ERROR_PVP_12, new Object[]{MODULE_NAME_FOR_LOGGING, e.getMessage()}, e)); diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java index c180e6f9..01688214 100644 --- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java +++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/ReceiveMobilePhoneSignatureResponseTaskTest.java @@ -3,8 +3,10 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; import at.asitplus.eidas.specific.connector.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.MergedRegisterSearchResult; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.RegisterResult; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.InvalidUserInputException; +import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.ManualFixNecessaryException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.IdAustriaClientAuthConstants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthCredentialProvider; import at.asitplus.eidas.specific.modules.auth.eidas.v2.idaustriaclient.provider.IdAustriaClientAuthMetadataProvider; @@ -19,10 +21,12 @@ import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import com.google.common.collect.Lists; import net.shibboleth.utilities.java.support.xml.ParserPool; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; @@ -54,9 +58,11 @@ import java.io.InputStream; import java.nio.charset.StandardCharsets; import java.util.Base64; import java.util.Collections; +import java.util.List; import java.util.Objects; import static org.junit.Assert.*; +import static org.mockito.ArgumentMatchers.any; import static org.mockito.ArgumentMatchers.eq; import static org.springframework.util.Assert.isInstanceOf; @@ -68,6 +74,7 @@ import static org.springframework.util.Assert.isInstanceOf; public class ReceiveMobilePhoneSignatureResponseTaskTest { private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml"; + private static final String BPK_FROM_ID_AUSTRIA = "BF:QVGm48cqcM4UcyhDTNGYmVdrIoY="; @Autowired protected MsConnectorDummyConfigMap authConfig; @@ -212,8 +219,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { @Test public void httpPostValidSignedAssertionOutDated() throws Exception { - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); + setupMetadataResolver(); initResponse("/data/Response_without_sig_classpath_entityid.xml", false); TaskExecutionException e = assertThrows(TaskExecutionException.class, @@ -228,8 +234,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { public void httpPostValidSignedAssertionFromWrongIdp() throws Exception { authConfig.putConfigValue(IdAustriaClientAuthConstants.CONFIG_PROPS_ID_AUSTRIA_ENTITYID, "http://wrong.idp/" + RandomStringUtils.randomAlphabetic(5)); - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); + setupMetadataResolver(); initResponse("/data/Response_without_sig_classpath_entityid.xml", true); TaskExecutionException e = assertThrows(TaskExecutionException.class, @@ -242,8 +247,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { @Test public void httpPostValidSignedAssertionMissingAttributes() throws Exception { - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); + setupMetadataResolver(); initResponse("/data/Response_without_sig_classpath_entityid.xml", true); TaskExecutionException e = assertThrows(TaskExecutionException.class, @@ -256,8 +260,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { @Test public void httpPostValidSignedWithError() throws Exception { - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); + setupMetadataResolver(); initResponse("/data/Response_without_sig_with_error.xml", true); TaskExecutionException e = assertThrows(TaskExecutionException.class, @@ -270,8 +273,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { @Test public void httpPostValidSignedWitUserStopErrorCode() throws Exception { - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); + setupMetadataResolver(); initResponse("/data/Response_without_sig_with_error_userstop.xml", true); task.execute(pendingReq, executionContext); @@ -283,8 +285,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { @Test public void httpPostValidSignedWithErrorAndNoSubCode() throws Exception { - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); + setupMetadataResolver(); initResponse("/data/Response_without_sig_with_error_without_subcode.xml", true); TaskExecutionException e = assertThrows(TaskExecutionException.class, @@ -297,8 +298,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { @Test public void httpPostValidSignedWithErrorAndEmptySubCode() throws Exception { - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); + setupMetadataResolver(); initResponse("/data/Response_without_sig_with_error_empty_subcode.xml", true); TaskExecutionException e = assertThrows(TaskExecutionException.class, @@ -311,8 +311,7 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { @Test public void httpPostValidSignedAssertionEidValidButNameMismatch() throws Exception { - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); + setupMetadataResolver(); initResponse("/data/Response_with_EID.xml", true); AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); SimpleEidasData eidData = createEidasDataMatchingToSamlResponse(); @@ -328,22 +327,77 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { } @Test - public void httpPostValidSignedAssertionEidValid() throws Exception { - metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( - METADATA_PATH, null, "jUnit IDP", null)); + public void httpPostValidSignedAssertionEidValid_NoRegisterResult() throws Exception { + setupMetadataResolver(); + initResponse("/data/Response_with_EID.xml", true); + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + SimpleEidasData eidData = createEidasDataMatchingToSamlResponse(); + authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); + MergedRegisterSearchResult registerSearchResult = new MergedRegisterSearchResult(Collections.emptyList(), Collections.emptyList()); + Mockito.when(registerSearchService.searchWithBpkZp(eq(BPK_FROM_ID_AUSTRIA))).thenReturn(registerSearchResult); + + task.execute(pendingReq, executionContext); + + AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel()); + assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString()); + assertNull("Matching BPK", session.getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK)); + assertEquals("Transition To S16", true, executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK)); + } + + @Test + public void httpPostValidSignedAssertionEidValid_ExactlyOneRegisterResult() throws Exception { + setupMetadataResolver(); initResponse("/data/Response_with_EID.xml", true); AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); SimpleEidasData eidData = createEidasDataMatchingToSamlResponse(); authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); - Mockito.when(registerSearchService.searchWithBpkZp(eq("BF:QVGm48cqcM4UcyhDTNGYmVdrIoY="))).thenReturn(new MergedRegisterSearchResult(Collections.emptyList(), Collections.emptyList())); + MergedRegisterSearchResult registerSearchResult = buildResultWithOneMatch(); + Mockito.when(registerSearchService.searchWithBpkZp(eq(BPK_FROM_ID_AUSTRIA))).thenReturn(registerSearchResult); task.execute(pendingReq, executionContext); AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); assertEquals("LoA", "http://eidas.europa.eu/LoA/low", session.getQaaLevel()); assertEquals("IssueInstant", "2014-03-05T06:39:51Z", session.getIssueInstantString()); + assertNull("Matching BPK", session.getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK)); + assertNull("Transition To S16", executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK)); + Mockito.verify(registerSearchService).step7aKittProcess(any(), eq(registerSearchResult), eq(eidData), eq(pendingReq)); + } + + @Test + public void httpPostValidSignedAssertionEidValid_MoreThanOneRegisterResult() throws Exception { + setupMetadataResolver(); + initResponse("/data/Response_with_EID.xml", true); + AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class); + SimpleEidasData eidData = createEidasDataMatchingToSamlResponse(); + authProcessData.setGenericDataToSession(Constants.DATA_SIMPLE_EIDAS, eidData); + MergedRegisterSearchResult registerSearchResult = buildResultWithTwoMatches(); + Mockito.when(registerSearchService.searchWithBpkZp(eq(BPK_FROM_ID_AUSTRIA))).thenReturn(registerSearchResult); + + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); - //TODO this is the good case + assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + isInstanceOf(AuthnResponseValidationException.class, e.getOriginalException()); + isInstanceOf(ManualFixNecessaryException.class, e.getOriginalException().getCause()); + assertEquals("sp.pvp2.12", ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + assertNull("Matching BPK", session.getGenericDataFromSession(Constants.DATA_RESULT_MATCHING_BPK)); + assertNull("Transition To S16", executionContext.get(Constants.TRANSITION_TO_GENERATE_GUI_QUERY_AUSTRIAN_RESIDENCE_TASK)); + } + + @NotNull + private MergedRegisterSearchResult buildResultWithOneMatch() { + return new MergedRegisterSearchResult(Collections.singletonList(new RegisterResult(BPK_FROM_ID_AUSTRIA, "bar", "foo", "foo", "bar")), Collections.emptyList()); + } + + @NotNull + private MergedRegisterSearchResult buildResultWithTwoMatches() { + List<RegisterResult> results = Lists.newArrayList(new RegisterResult(BPK_FROM_ID_AUSTRIA, "bar", "foo", "foo", "bar"), + new RegisterResult("bpk", "pseudonym", "givenName", "familyName", "dateOfBirth")); + return new MergedRegisterSearchResult(results, Collections.emptyList()); } @NotNull @@ -377,4 +431,9 @@ public class ReceiveMobilePhoneSignatureResponseTaskTest { addSamlResponseToHttpReq(signedResponse); } + private void setupMetadataResolver() throws Pvp2MetadataException { + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + } + } |