1 files changed, 120 insertions, 84 deletions

diff --git a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
index f67b4d93..d08855f2 100644
--- a/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
+++ b/eidas_modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/tasks/CreateIdentityLinkTaskEidNewTest.java
@@ -2,6 +2,9 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks;
 
 import static at.asitplus.eidas.specific.connector.MsEidasNodeConstants.PROP_CONFIG_SP_NEW_EID_MODE;
 import static org.mockito.ArgumentMatchers.any;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.BDDMockito.given;
+import static org.mockito.Mockito.doThrow;
 import static org.powermock.api.mockito.PowerMockito.when;
 
 import java.io.IOException;
@@ -18,14 +21,19 @@ import java.util.Map;
 
 import javax.xml.namespace.QName;
 
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.SzrCommunicationException;
+import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.AuthBlockSigningService;
+import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.jetbrains.annotations.NotNull;
 import org.jose4j.jwa.AlgorithmConstraints;
 import org.jose4j.jwa.AlgorithmConstraints.ConstraintType;
 import org.jose4j.jws.AlgorithmIdentifiers;
+import org.jose4j.lang.JoseException;
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.BeforeClass;
+import org.junit.Ignore;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -67,6 +75,7 @@ import eu.eidas.auth.commons.attribute.PersonType;
 import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse;
 import lombok.val;
 import szrservices.SZR;
+import szrservices.SZRException_Exception;
 import szrservices.SignContentEntry;
 import szrservices.SignContentResponseType;
 
@@ -85,10 +94,13 @@ public class CreateIdentityLinkTaskEidNewTest {
   private IConfiguration basicConfig;
   @Autowired
   protected EidasAttributeRegistry attrRegistry;
-  
+
   @Autowired
   EaafKeyStoreFactory keyStoreFactory;
 
+  @Autowired
+  private AuthBlockSigningService authBlockSigner;
+
   final ExecutionContext executionContext = new ExecutionContextImpl();
   private MockHttpServletRequest httpReq;
   private MockHttpServletResponse httpResp;
@@ -99,13 +111,11 @@ public class CreateIdentityLinkTaskEidNewTest {
   private static final String PW = "f/+saJBc3a}*/T^s";
   private static final String ALIAS = "connectorkeypair";
 
-  private static final List<String> BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(
-      Arrays.asList(
-          AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256,
-          AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512,
-          AlgorithmIdentifiers.RSA_PSS_USING_SHA256,
+  private static final List<String> BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING = Collections.unmodifiableList(Arrays
+      .asList(AlgorithmIdentifiers.ECDSA_USING_P256_CURVE_AND_SHA256,
+          AlgorithmIdentifiers.ECDSA_USING_P521_CURVE_AND_SHA512, AlgorithmIdentifiers.RSA_PSS_USING_SHA256,
           AlgorithmIdentifiers.RSA_PSS_USING_SHA512));
-  
+
   @Rule
   public final SoapServiceRule soap = SoapServiceRule.newInstance();
 
@@ -117,8 +127,7 @@ public class CreateIdentityLinkTaskEidNewTest {
   @BeforeClass
   public static void classInitializer() throws IOException {
     final String current = new java.io.File(".").toURI().toString();
-    System.setProperty("eidas.ms.configuration", current
-        + "src/test/resources/config/junit_config_3.properties");
+    System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_3.properties");
 
   }
 
@@ -155,54 +164,6 @@ public class CreateIdentityLinkTaskEidNewTest {
     szrMock = soap.mock(SZR.class, "http://localhost:1234/demoszr");
   }
 
-  @NotNull
-  private AuthenticationResponse buildDummyAuthResponse() throws URISyntaxException {
-    final AttributeDefinition attributeDef = AttributeDefinition.builder()
-        .friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER)
-        .nameUri(new URI("ad", "sd", "ff"))
-        .personType(PersonType.LEGAL_PERSON)
-        .xmlType(new QName("http://saf", "as", "af"))
-        .attributeValueMarshaller(
-            "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller")
-        .build();
-    final AttributeDefinition attributeDef2 = AttributeDefinition.builder()
-        .friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME)
-        .nameUri(new URI("ad", "sd", "fff"))
-        .personType(PersonType.LEGAL_PERSON)
-        .xmlType(new QName("http://saf", "as", "aff"))
-        .attributeValueMarshaller(
-            "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller")
-        .build();
-    final AttributeDefinition attributeDef3 = AttributeDefinition.builder()
-        .friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME)
-        .nameUri(new URI("ad", "sd", "ffff"))
-        .personType(PersonType.LEGAL_PERSON)
-        .xmlType(new QName("http://saf", "as", "afff"))
-        .attributeValueMarshaller(
-            "eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller")
-        .build();
-    final AttributeDefinition attributeDef4 = AttributeDefinition.builder().friendlyName(
-        Constants.eIDAS_ATTR_DATEOFBIRTH)
-        .nameUri(new URI("ad", "sd", "fffff"))
-        .personType(PersonType.LEGAL_PERSON)
-        .xmlType(new QName("http://saf", "as", "affff"))
-        .attributeValueMarshaller(
-            "eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller")
-        .build();
-
-    final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder().put(attributeDef, "de/st/"
-        + RandomStringUtils
-            .randomNumeric(64)).put(attributeDef2, RandomStringUtils.randomAlphabetic(10)).put(attributeDef3,
-                RandomStringUtils
-                    .randomAlphabetic(10))
-        .put(attributeDef4, "2001-01-01").build();
-
-    val b = new AuthenticationResponse.Builder();
-    return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf")
-        .subjectNameIdFormat("afaf")
-        .attributes(attributeMap).build();
-  }
-
   @Test
   public void successfulProcess() throws Exception {
     //initialize test
@@ -212,54 +173,129 @@ public class CreateIdentityLinkTaskEidNewTest {
     signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
     signContentResp.getOut().add(signContentEntry);
     when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
-    
+
     //perform test
     task.execute(pendingReq, executionContext);
-    
+
     //validate state
     final AuthProcessDataWrapper authProcessData = pendingReq.getSessionData(AuthProcessDataWrapper.class);
     Assert.assertNotNull("AuthProcessData", authProcessData);
     Assert.assertNotNull("eidasBind", authProcessData.getGenericDataFromSession(Constants.EIDAS_BIND, String.class));
-    
+
     String authBlock = authProcessData.getGenericDataFromSession(Constants.SZR_AUTHBLOCK, String.class);
     Assert.assertNotNull("AuthBlock", authBlock);
-                    
+
     //check authblock signature
     final AlgorithmConstraints constraints = new AlgorithmConstraints(ConstraintType.PERMIT,
-        BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING
-            .toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));   
-    Pair<KeyStore, Provider> keyStore = getKeyStore();    
-    X509Certificate[] trustedCerts = EaafKeyStoreUtils.getPrivateKeyAndCertificates(
-        keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond();       
-    JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts) , constraints);
+        BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.toArray(new String[BINDING_AUTH_ALGORITHM_WHITELIST_SIGNING.size()]));
+    Pair<KeyStore, Provider> keyStore = getKeyStore();
+    X509Certificate[] trustedCerts = EaafKeyStoreUtils
+        .getPrivateKeyAndCertificates(keyStore.getFirst(), ALIAS, PW.toCharArray(), true, "junit").getSecond();
+    JwsResult result = JoseUtils.validateSignature(authBlock, Arrays.asList(trustedCerts), constraints);
     Assert.assertTrue("AuthBlock not valid", result.isValid());
-            
+
+  }
+
+  @Test
+  public void getStammzahlEncryptedExceptionTest() throws Exception {
+    try {
+      when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(null);
+      task.execute(pendingReq, executionContext);
+    } catch (TaskExecutionException e) {
+      Assert.assertEquals("Incorrect exception thrown", e.getMessage(),
+          "IdentityLink generation for foreign person " + "FAILED.");
+      Assert.assertEquals("Incorrect exception thrown", ((SzrCommunicationException) e.getCause()).getErrorId(),
+          "ernb.01");
+      Assert.assertTrue("Incorrect exception thrown", e.getCause().getMessage().contains("Stammzahl response empty"));
+    }
+  }
+
+  @Test
+  public void signContentExceptionTest() throws Exception {
+    try {
+      when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
+      when(szrMock, "signContent", any(), any(), any()).thenReturn(null);
+      task.execute(pendingReq, executionContext);
+    } catch (TaskExecutionException e) {
+      Assert.assertEquals("Incorrect exception thrown", e.getMessage(),
+          "IdentityLink generation for foreign person " + "FAILED.");
+      Assert.assertEquals("Incorrect exception thrown", ((SzrCommunicationException) e.getCause()).getErrorId(),
+          "ernb.01");
+      Assert.assertTrue("Incorrect exception thrown", e.getCause().getMessage().contains("BcBind response empty"));
+    }
+  }
+
+  @Ignore
+  @Test
+  public void exceptionTest() throws Exception {
+    try {
+      when(szrMock, "getStammzahlEncrypted", any(), any()).thenReturn(RandomStringUtils.randomNumeric(10));
+      val signContentResp = new SignContentResponseType();
+      final SignContentEntry signContentEntry = new SignContentEntry();
+      signContentEntry.setValue(RandomStringUtils.randomAlphanumeric(10));
+      signContentResp.getOut().add(signContentEntry);
+      when(szrMock, "signContent", any(), any(), any()).thenReturn(signContentResp);
+      doThrow(new EaafException("test")).when(authBlockSigner)
+          .buildSignedAuthBlock(pendingReq.getUniqueTransactionIdentifier());
+
+      task.execute(pendingReq, executionContext);
+    } catch (TaskExecutionException e) {
+      Assert.assertEquals("Incorrect exception thrown", e.getMessage(),
+          "IdentityLink generation for foreign person " + "FAILED.");
+      Assert.assertTrue("Incorrect exception thrown", e.getCause() instanceof EaafException);
+      Assert.assertTrue("Incorrect exception thrown", e.getCause().getMessage().contains("test"));
+    }
+
   }
 
   private Pair<KeyStore, Provider> getKeyStore() throws EaafException {
-    // read Connector wide config data TODO connector wide!   
-    String keyStoreName = basicConfig
-        .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME);
-    String keyStorePw = basicConfig
-        .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PASSWORD);
-    String keyStorePath = basicConfig
-        .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PATH);
-    String keyStoreType = basicConfig
-        .getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_TYPE);
-
-    
+    // read Connector wide config data TODO connector wide!
+    String keyStoreName = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_NAME);
+    String keyStorePw = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PASSWORD);
+    String keyStorePath = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_PATH);
+    String keyStoreType = basicConfig.getBasicConfiguration(MsEidasNodeConstants.PROP_CONFIG_AUTHBLOCK_KEYSTORE_TYPE);
+
+
     //build new KeyStore configuration
     KeyStoreConfiguration keyStoreConfiguration = new KeyStoreConfiguration();
     keyStoreConfiguration.setFriendlyName("jUnit test");
-    
+
     keyStoreConfiguration.setSoftKeyStoreFilePath(keyStorePath);
     keyStoreConfiguration.setSoftKeyStorePassword(keyStorePw);
-    keyStoreConfiguration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.fromString(keyStoreType));    
+    keyStoreConfiguration.setKeyStoreType(KeyStoreConfiguration.KeyStoreType.fromString(keyStoreType));
     keyStoreConfiguration.setKeyStoreName(keyStoreName);
-            
+
     //build new KeyStore based on configuration
-    return  keyStoreFactory.buildNewKeyStore(keyStoreConfiguration);
-    
+    return keyStoreFactory.buildNewKeyStore(keyStoreConfiguration);
+
   }
 
+  @NotNull
+  private AuthenticationResponse buildDummyAuthResponse() throws URISyntaxException {
+    final AttributeDefinition attributeDef = AttributeDefinition.builder()
+        .friendlyName(Constants.eIDAS_ATTR_PERSONALIDENTIFIER).nameUri(new URI("ad", "sd", "ff"))
+        .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "af"))
+        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build();
+    final AttributeDefinition attributeDef2 = AttributeDefinition.builder()
+        .friendlyName(Constants.eIDAS_ATTR_CURRENTFAMILYNAME).nameUri(new URI("ad", "sd", "fff"))
+        .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "aff"))
+        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build();
+    final AttributeDefinition attributeDef3 = AttributeDefinition.builder()
+        .friendlyName(Constants.eIDAS_ATTR_CURRENTGIVENNAME).nameUri(new URI("ad", "sd", "ffff"))
+        .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "afff"))
+        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.LiteralStringAttributeValueMarshaller").build();
+    final AttributeDefinition attributeDef4 = AttributeDefinition.builder()
+        .friendlyName(Constants.eIDAS_ATTR_DATEOFBIRTH).nameUri(new URI("ad", "sd", "fffff"))
+        .personType(PersonType.LEGAL_PERSON).xmlType(new QName("http://saf", "as", "affff"))
+        .attributeValueMarshaller("eu.eidas.auth.commons.attribute.impl.DateTimeAttributeValueMarshaller").build();
+
+    final ImmutableAttributeMap attributeMap = ImmutableAttributeMap.builder()
+        .put(attributeDef, "de/st/" + RandomStringUtils.randomNumeric(64))
+        .put(attributeDef2, RandomStringUtils.randomAlphabetic(10))
+        .put(attributeDef3, RandomStringUtils.randomAlphabetic(10)).put(attributeDef4, "2001-01-01").build();
+
+    val b = new AuthenticationResponse.Builder();
+    return b.id("aasdf").issuer("asd").subject("asf").statusCode("200").inResponseTo("asdf").subjectNameIdFormat("afaf")
+        .attributes(attributeMap).build();
+  }
 }