diff options
Diffstat (limited to 'modules/authmodule_id-austria/src/test/java/at')
12 files changed, 2702 insertions, 0 deletions
diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/IdAustriaAuthSpringResourceProviderTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/IdAustriaAuthSpringResourceProviderTest.java new file mode 100644 index 00000000..478a3ad4 --- /dev/null +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/IdAustriaAuthSpringResourceProviderTest.java @@ -0,0 +1,56 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.test; + +import java.io.IOException; +import java.io.InputStream; + +import org.apache.commons.io.IOUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.BlockJUnit4ClassRunner; +import org.springframework.core.io.Resource; + +import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthenticationSpringResourceProvider; +import at.gv.egiz.eaaf.core.test.TestConstants; + + + +@RunWith(BlockJUnit4ClassRunner.class) +public class IdAustriaAuthSpringResourceProviderTest { + + @Test + public void testSpringConfig() { + final IdAustriaAuthenticationSpringResourceProvider test = + new IdAustriaAuthenticationSpringResourceProvider(); + for (final Resource el : test.getResourcesToLoad()) { + try { + IOUtils.toByteArray(el.getInputStream()); + + } catch (final IOException e) { + Assert.fail("Ressouce: " + el.getFilename() + " not found"); + } + + } + + Assert.assertNotNull("no Name", test.getName()); + Assert.assertNull("Find package definitions", test.getPackagesToScan()); + + } + + @Test + public void testSpILoaderConfig() { + final InputStream el = this.getClass().getResourceAsStream(TestConstants.TEST_SPI_LOADER_PATH); + try { + final String spiFile = IOUtils.toString(el, "UTF-8"); + + Assert.assertEquals("Wrong classpath in SPI file", + IdAustriaAuthenticationSpringResourceProvider.class.getName(), spiFile); + + + } catch (final IOException e) { + Assert.fail("Ressouce: " + TestConstants.TEST_SPI_LOADER_PATH + " not found"); + + } + } + +} diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/IdAustriaEidasProxyAuthenticationModulImplTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/IdAustriaEidasProxyAuthenticationModulImplTest.java new file mode 100644 index 00000000..5a4c8b7e --- /dev/null +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/IdAustriaEidasProxyAuthenticationModulImplTest.java @@ -0,0 +1,102 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.test; + +import java.util.HashMap; +import java.util.Map; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.annotation.DirtiesContext.ClassMode; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaEidasProxyAuthenticationModulImpl; +import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.idp.process.ProcessEngine; +import at.gv.egiz.eaaf.core.impl.idp.auth.modules.ModuleRegistration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_test.xml", + "/spring/SpringTest-context_basic_mapConfig.xml"}) +@DirtiesContext(classMode = ClassMode.BEFORE_CLASS) +public class IdAustriaEidasProxyAuthenticationModulImplTest { + + @Autowired ModuleRegistration moduleReg; + @Autowired ResourceLoader loader; + @Autowired ProcessEngine processEngine; + + + private final ExecutionContext executionContext = new ExecutionContextImpl(); + private DummySpConfiguration oaParam; + private IdAustriaEidasProxyAuthenticationModulImpl authProcess = + new IdAustriaEidasProxyAuthenticationModulImpl(); + + + /** + * jUnit test set-up. + * + */ + @Before + public void initialize() { + Map<String, String> configMap = new HashMap<String, String>(); + configMap.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "http://test.com/test"); + IConfiguration basicConfig = new DummyConfiguration(); + oaParam = new DummySpConfiguration(configMap, basicConfig); + + } + + @Test + public void checkProcessDefinition() { + Assert.assertNotNull("AuthModule is null", authProcess); + Assert.assertNotNull("AuthModule process is null", authProcess.getProcessDefinitions()); + + for (String el : authProcess.getProcessDefinitions()) { + Resource res = loader.getResource(el); + Assert.assertTrue("AuthProcess description not extist", res.exists()); + + } + } + + @Test + public void idAustriaAuthSelected() throws Exception { + ProxyServicePendingRequest pendingReq = new ProxyServicePendingRequest(); + pendingReq.setOnlineApplicationConfiguration(oaParam); + + //execute test + final String result = moduleReg.selectProcess(executionContext, pendingReq); + + //validate state + Assert.assertNotNull("Process is null", result); + Assert.assertEquals("Process Id not match", "idAustriaForEidasProxyService", result); + + Assert.assertNotNull("Can not initalize process", processEngine.createProcessInstance(result)); + + } + + @Test + public void wrongPendingRequestType() throws Exception { + TestRequestImpl pendingReq = new TestRequestImpl(); + pendingReq.setSpConfig(oaParam); + + //execute test + final String result = moduleReg.selectProcess(executionContext, pendingReq); + + //validate state + Assert.assertNull("AuthProcessName", result); + + } + +} diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/EidasConnecorUniqueIdAttributeBuilderTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/EidasConnecorUniqueIdAttributeBuilderTest.java new file mode 100644 index 00000000..9f42f5e5 --- /dev/null +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/EidasConnecorUniqueIdAttributeBuilderTest.java @@ -0,0 +1,54 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.test.builder.attributes; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes.EidasConnecorUniqueIdAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.api.idp.ISpConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.auth.attributes.AbstractAttributeBuilderTest; + +/** + * Attribute builder to generate an attribute that holds the unique eIDSA-Connector identifier for this process. + * <br> + * The attribute-value is read from {@link ISpConfiguration} with method <code>getUniqueIdentifier()</code> + * + * @author tlenz + * + */ +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_mapConfig.xml", + "/spring/SpringTest-context_basic_test.xml", +}) +public class EidasConnecorUniqueIdAttributeBuilderTest extends AbstractAttributeBuilderTest { + + private final IAttributeBuilder attrBuilder = new EidasConnecorUniqueIdAttributeBuilder(); + + @Test + public void attributeName() { + Assert.assertEquals("Wrong attribute name", + "urn:eidgvat:attributes.eidas.uniqueId", attrBuilder.getName()); + + } + + @Test + public void checkEmptyAttribute() { + String value = attrBuilder.buildEmpty(gen); + Assert.assertNull("Attr. not null", value); + + } + + + @Test + public void withAttributeValue() throws AttributeBuilderException, Exception { + String value = attrBuilder.build(spConfig, buildAuthData(), gen); + Assert.assertEquals("wrong attributeValue", spConfig.getUniqueIdentifier(), value); + + } + +} diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java new file mode 100644 index 00000000..2fe420df --- /dev/null +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/builder/attributes/SpRequiredAttributersAttributeBuilderTest.java @@ -0,0 +1,72 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.test.builder.attributes; + +import static org.junit.Assert.assertEquals; + +import java.util.List; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.internal.util.collections.Sets; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.modules.auth.idaustria.builder.attributes.SpRequiredAttributersAttributeBuilder; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.IAttributeBuilder; +import at.gv.egiz.eaaf.core.exceptions.AttributeBuilderException; +import at.gv.egiz.eaaf.core.impl.idp.auth.attributes.AbstractAttributeBuilderTest; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyConfiguration; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_mapConfig.xml", + "/spring/SpringTest-context_basic_test.xml", +}) +public class SpRequiredAttributersAttributeBuilderTest extends AbstractAttributeBuilderTest { + +private final IAttributeBuilder attrBuilder = new SpRequiredAttributersAttributeBuilder(); + + @Test + public void attributeName() { + Assert.assertEquals("Wrong attribute name", + "urn:eidgvat:attributes.RequiredAttributes", attrBuilder.getName()); + + } + + @Test + public void checkEmptyAttribute() { + String value = attrBuilder.buildEmpty(gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void withWrongSpConfig() throws AttributeBuilderException, Exception { + String value = attrBuilder.build(spConfig, buildAuthData(), gen); + Assert.assertNull("Attr. not null", value); + + } + + @Test + public void withAttributeValue() throws AttributeBuilderException, Exception { + ServiceProviderConfiguration sp = new ServiceProviderConfiguration(spConfigMap, new DummyConfiguration()); + sp.setRequestedAttributes(Sets.newSet( + "aabbccdd", + RandomStringUtils.randomAlphanumeric(10), + PvpAttributeDefinitions.BIRTHDATE_NAME)); + + + String value = attrBuilder.build(sp, buildAuthData(), gen); + + List<String> elements = KeyValueUtils.getListOfCsvValues(value); + assertEquals("wrong number of attributes", sp.getRequestedAttributes().size(), elements.size()); + sp.getRequestedAttributes().forEach( + el -> elements.contains(el)); + + } + +} diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/config/IdAustriaAuthMessageSourceTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/config/IdAustriaAuthMessageSourceTest.java new file mode 100644 index 00000000..2a92c01e --- /dev/null +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/config/IdAustriaAuthMessageSourceTest.java @@ -0,0 +1,50 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.test.config; + +import java.util.List; + +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.core.io.Resource; +import org.springframework.core.io.ResourceLoader; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.idaustria.config.IdAustriaAuthMessageSource; +import at.gv.egiz.eaaf.core.api.logging.IMessageSourceLocation; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_test.xml", + "/spring/SpringTest-context_basic_mapConfig.xml", + }) +public class IdAustriaAuthMessageSourceTest { + + @Autowired + private ResourceLoader loader; + @Autowired(required = false) + private List<IMessageSourceLocation> messageSources; + + @Test + public void checkMessageSources() { + Assert.assertNotNull("No messageSource", messageSources); + Assert.assertFalse("No message source", messageSources.isEmpty()); + + boolean found = false; + + for (final IMessageSourceLocation messageSource : messageSources) { + found = found ? found : messageSource instanceof IdAustriaAuthMessageSource; + + Assert.assertNotNull("No sourcePath", messageSource.getMessageSourceLocation()); + for (final String el : messageSource.getMessageSourceLocation()) { + final Resource messages = loader.getResource(el + ".properties"); + Assert.assertTrue("Source not exist", messages.exists()); + + } + } + + Assert.assertTrue("Internal messagesource not found", found); + + } +} diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java new file mode 100644 index 00000000..0df74f7b --- /dev/null +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthMetadataControllerFirstTest.java @@ -0,0 +1,186 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.test.controller; + +import java.io.ByteArrayInputStream; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import java.security.cert.X509Certificate; +import java.util.ArrayList; +import java.util.List; +import java.util.Map; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.metadata.resolver.filter.FilterException; +import org.opensaml.saml.metadata.resolver.filter.MetadataFilterContext; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.opensaml.saml.saml2.metadata.SPSSODescriptor; +import org.opensaml.security.x509.BasicX509Credential; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.servlet.config.annotation.EnableWebMvc; + +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; +import at.asitplus.eidas.specific.modules.auth.idaustria.controller.IdAustriaAuthMetadataController; +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SchemaValidationFilter; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.metadata.SimpleMetadataSignatureVerificationFilter; +import net.shibboleth.utilities.java.support.xml.XMLParserException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_mapConfig.xml", + "/spring/SpringTest-context_basic_test.xml" +}) +@EnableWebMvc +public class IdAustriaAuthMetadataControllerFirstTest { + + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + + @Autowired private IdAustriaAuthMetadataController controller; + @Autowired private IdAustriaAuthCredentialProvider credProvider; + @Autowired private MsConnectorDummyConfigMap config; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void initialize() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * Single jUnit-test set-up. + */ + @Before + public void testSetup() { + httpReq = new MockHttpServletRequest("GET", "https://localhost/authhandler"); + httpReq.setContextPath("/authhandler"); + httpResp = new MockHttpServletResponse(); + + //remove additional attributes + Map<String, String> attr = config.getBasicConfigurationWithPrefix( + "eidas.ms.modules.idaustriaauth.required.additional.attributes."); + for (String el : attr.keySet()) { + config.removeConfigValue("eidas.ms.modules.idaustriaauth.required.additional.attributes." + el); + + } + + + } + + @Test + public void buildMetadataValid() throws IOException, EaafException, + XMLParserException, UnmarshallingException, FilterException { + + //build metdata + controller.getSpMetadata(httpReq, httpResp); + + //check result + validateResponse(16); + + } + + @Test + public void buildMetadataValidWithAdditionalAttributes() throws IOException, EaafException, + XMLParserException, UnmarshallingException, FilterException { + config.putConfigValue("eidas.ms.modules.idaustriaauth.required.additional.attributes.1", + PvpAttributeDefinitions.BPK_LIST_NAME + ",true"); + config.putConfigValue("eidas.ms.modules.idaustriaauth.required.additional.attributes.2", + PvpAttributeDefinitions.PVP_VERSION_NAME + ",false"); + config.putConfigValue("eidas.ms.modules.idaustriaauth.required.additional.attributes.7", + PvpAttributeDefinitions.EID_SIGNER_CERTIFICATE_NAME + ",true"); + + config.putConfigValue("eidas.ms.modules.idaustriaauth.required.additional.attributes.3", "bbbbb"); + config.putConfigValue("eidas.ms.modules.idaustriaauth.required.additional.attributes.4", "bbbbb,false,test"); + config.putConfigValue("eidas.ms.modules.idaustriaauth.required.additional.attributes.5", "bbbbb,nichts"); + config.putConfigValue("eidas.ms.modules.idaustriaauth.required.additional.attributes.6", ""); + + //build metdata + controller.getSpMetadata(httpReq, httpResp); + + //check result + validateResponse(17); + + } + + private void validateResponse(int numberOfRequestedAttributes) throws UnsupportedEncodingException, + XMLParserException, UnmarshallingException, FilterException, CredentialsNotAvailableException { + Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus()); + Assert.assertEquals("ContentType", "text/xml; charset=utf-8", httpResp.getContentType()); + Assert.assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding()); + + final String metadataXml = httpResp.getContentAsString(); + Assert.assertNotNull("XML Metadata", metadataXml); + + final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream(metadataXml.getBytes("UTF-8"))); + + Assert.assertEquals("EntityId", + "http://localhost/authhandler" + IdAustriaAuthConstants.ENDPOINT_METADATA, + metadata.getEntityID()); + + MetadataFilterContext filterContext = new MetadataFilterContext(); + + //check XML scheme + final SchemaValidationFilter schemaFilter = new SchemaValidationFilter(); + schemaFilter.filter(metadata, filterContext); + + //check signature + final SimpleMetadataSignatureVerificationFilter sigFilter = + new SimpleMetadataSignatureVerificationFilter(credProvider.getKeyStore().getFirst(), + metadata.getEntityID()); + sigFilter.filter(metadata, filterContext); + + //check content + final SPSSODescriptor spSsoDesc = metadata.getSPSSODescriptor(SAMLConstants.SAML20P_NS); + Assert.assertNotNull("SPSSODescr.", spSsoDesc); + + Assert.assertFalse("AssertionConsumerServices", + spSsoDesc.getAssertionConsumerServices().isEmpty()); + Assert.assertTrue("ContactPersons", metadata.getContactPersons().isEmpty()); + Assert.assertNull("ContactPersons", metadata.getOrganization()); + + Assert.assertFalse("KeyDescriptors", + spSsoDesc.getKeyDescriptors().isEmpty()); + Assert.assertEquals("#KeyDescriptors", 2, spSsoDesc.getKeyDescriptors().size()); + + Assert.assertFalse("NameIDFormats", + spSsoDesc.getNameIDFormats().isEmpty()); + Assert.assertEquals("wrong NameIDFormats", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", + spSsoDesc.getNameIDFormats().get(0).getURI()); + + Assert.assertFalse("AttributeConsumingServices", + spSsoDesc.getAttributeConsumingServices().isEmpty()); + Assert.assertEquals("#RequestAttributes", numberOfRequestedAttributes, + spSsoDesc.getAttributeConsumingServices().get(0).getRequestedAttributes().size()); + + } + + private List<BasicX509Credential> convertX509Certs(List<X509Certificate> certs) { + final List<BasicX509Credential> result = new ArrayList<>(); + for (final X509Certificate cert : certs) { + result.add(new BasicX509Credential(cert)); + + } + return result; + } +} diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthSignalControllerTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthSignalControllerTest.java new file mode 100644 index 00000000..e9ecbc58 --- /dev/null +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/controller/IdAustriaAuthSignalControllerTest.java @@ -0,0 +1,200 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.test.controller; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.util.SerializationUtils; +import org.springframework.web.servlet.config.annotation.EnableWebMvc; + +import at.asitplus.eidas.specific.modules.auth.idaustria.controller.IdAustriaAuthSignalController; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.ExceptionContainer; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.api.utils.IPendingRequestIdGenerationStrategy; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyProtocolAuthService; +import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.idp.process.spring.test.DummyTransactionStorage.DummyDbEntry; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_mapConfig.xml", + "/spring/SpringTest-context_basic_test.xml" +}) +@EnableWebMvc +public class IdAustriaAuthSignalControllerTest { + + @Autowired(required = true) + private IdAustriaAuthSignalController controller; + @Autowired(required = true) + private ITransactionStorage cache; + @Autowired(required = true) + private IPendingRequestIdGenerationStrategy pendingReqGeneration; + @Autowired(required = true) + private IRequestStorage reqStorage; + @Autowired(required = true) + private IConfiguration basicConfig; + @Autowired private ITransactionStorage transactionStorage; + + @Autowired private DummyProtocolAuthService protAuthService; + + @Test + public void noRelayState() throws IOException, EaafException { + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/ms_connectoror"); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performEidasAuthentication(httpReq, httpResp); + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + + } + + @Test + public void validRelayStateNoPendingReqId() throws EaafException, IOException { + final String pendingReqId = pendingReqGeneration.generateExternalPendingRequestId(); + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/ms_connectoror"); + httpReq.addParameter(IdAustriaAuthSignalController.HTTP_PARAM_RELAYSTATE, pendingReqId); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performEidasAuthentication(httpReq, httpResp); + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + //TODO: + Assert.assertEquals("ErrorCode not match", "auth.26", + ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId()); + + } + + @Test + public void validRelayStateSuspectPendingReqId() throws EaafException, IOException { + String relayState = RandomStringUtils.randomAlphanumeric(10); + transactionStorage.put(relayState, false, -1); + + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/ms_connectoror"); + httpReq.addParameter(IdAustriaAuthSignalController.HTTP_PARAM_RELAYSTATE, relayState); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performEidasAuthentication(httpReq, httpResp); + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + //TODO: + Assert.assertEquals("ErrorCode not match", "auth.26", + ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId()); + + Assert.assertNull("RelayState was not removed", transactionStorage.get(relayState)); + + } + + @Test + public void validRelayStateNoPendingReq() throws EaafException, IOException { + final String pendingReqId = pendingReqGeneration.generateExternalPendingRequestId(); + String relayState = RandomStringUtils.randomAlphanumeric(10); + transactionStorage.put(relayState, pendingReqId, -1); + + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/ms_connectoror"); + httpReq.addParameter(IdAustriaAuthSignalController.HTTP_PARAM_RELAYSTATE, relayState); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performEidasAuthentication(httpReq, httpResp); + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + //TODO: + Assert.assertEquals("ErrorCode not match", "auth.28", + ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId()); + + Assert.assertNull("RelayState was not removed", transactionStorage.get(relayState)); + + } + + @Test + public void validRelayStateWithPendingReq() throws EaafException, IOException { + final String pendingReqId = pendingReqGeneration.generateExternalPendingRequestId(); + + String relayState = RandomStringUtils.randomAlphanumeric(10); + transactionStorage.put(relayState, pendingReqId, -1); + + final TestRequestImpl pendingReq = new TestRequestImpl(); + pendingReq.setPendingReqId(pendingReqId); + pendingReq.setAuthUrl("http://localhost/idp"); + final Map<String, String> spConfigMap = new HashMap<>(); + spConfigMap.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "http://test.sp"); + final DummySpConfiguration spConfig = new DummySpConfiguration(spConfigMap, basicConfig); + pendingReq.setSpConfig(spConfig); + reqStorage.storePendingRequest(pendingReq); + + final MockHttpServletRequest httpReq = + new MockHttpServletRequest("POST", "https://localhost/ms_connectoror"); + httpReq.addParameter(IdAustriaAuthSignalController.HTTP_PARAM_RELAYSTATE, relayState); + final MockHttpServletResponse httpResp = new MockHttpServletResponse(); + + controller.performEidasAuthentication(httpReq, httpResp); + + Assert.assertEquals("httpStausCode", 200, httpResp.getStatus()); + + final String errorId = protAuthService.getErrorKey(); + final Object error = cache.get(errorId); + Assert.assertNotNull("Error is null", error); + org.springframework.util.Assert.isInstanceOf(byte[].class, + ((DummyDbEntry) error).getObj()); + final Object errorObj = SerializationUtils.deserialize((byte[]) ((DummyDbEntry) error).getObj()); + org.springframework.util.Assert.isInstanceOf(ExceptionContainer.class, errorObj); + org.springframework.util.Assert.isInstanceOf(EaafException.class, + ((ExceptionContainer) errorObj).getExceptionThrown()); + Assert.assertEquals("ErrorCode not match", + "PendingRequest object is not of type 'RequestImpl.class'", + ((EaafException) ((ExceptionContainer) errorObj).getExceptionThrown()).getErrorId()); + } +} diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java new file mode 100644 index 00000000..c3be6dad --- /dev/null +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/ReceiveAuthnResponseTaskTest.java @@ -0,0 +1,790 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.test.task; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; + +import java.io.IOException; +import java.time.Instant; +import java.util.Arrays; +import java.util.Base64; +import java.util.HashMap; +import java.util.Map; + +import javax.xml.transform.TransformerException; + +import org.apache.commons.io.IOUtils; +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.saml2.core.Issuer; +import org.opensaml.saml.saml2.core.Response; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; +import at.asitplus.eidas.specific.modules.auth.idaustria.tasks.ReceiveFromIdAustriaSystemTask; +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest; +import at.gv.egiz.eaaf.core.api.IRequest; +import at.gv.egiz.eaaf.core.api.IRequestStorage; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.auth.data.AuthProcessDataWrapper; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.sp.exception.AuthnResponseValidationException; +import net.shibboleth.utilities.java.support.xml.XMLParserException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_mapConfig.xml", + "/spring/SpringTest-context_basic_test.xml", +}) +public class ReceiveAuthnResponseTaskTest { + + private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml"; + + @Autowired ApplicationContext context; + @Autowired MsConnectorDummyConfigMap config; + + @Autowired IdAustriaAuthMetadataProvider metadataProvider; + @Autowired IdAustriaAuthCredentialProvider credentialProvider; + @Autowired PvpMetadataResolverFactory metadataFactory; + @Autowired IRequestStorage storage; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + + private ProxyServicePendingRequest pendingReq; + private ServiceProviderConfiguration oaParam; + private Map<String, String> spConfig; + + private ReceiveFromIdAustriaSystemTask task; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void initialize() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * jUnit test set-up. + * + * @throws Exception In case of an set-up error + */ + @Before + public void setUp() throws Exception { + task = (ReceiveFromIdAustriaSystemTask) context.getBean("receiveIdAustriaAuthnResponseTask"); + + httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + httpReq.setScheme("https"); + httpReq.setServerPort(443); + httpReq.setContextPath("/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_IDAUSTRIA_ENTITYID, + "classpath:/data/idp_metadata_classpath_entity.xml"); + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, "sig"); + + spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "http://test.com/test"); + oaParam = new ServiceProviderConfiguration(spConfig, config); + oaParam.setRequiredLoA(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH)); + + pendingReq = new ProxyServicePendingRequest(); + pendingReq.initialize(httpReq, config); + pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setOnlineApplicationConfiguration(oaParam); + + metadataProvider.fullyDestroy(); + + } + + @Test + public void unsupportedHttpMethode() { + httpReq = new MockHttpServletRequest("PUT", "https://localhost/ms_connector"); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.03", + ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpGetNoMessage() { + httpReq = new MockHttpServletRequest("GET", "https://localhost/ms_connector"); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.12", + ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostNoMessage() { + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.12", + ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostMessageNotSigned() throws IOException { + + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + IOUtils.toByteArray(ReceiveAuthnResponseTaskTest.class.getResourceAsStream( + "/data/Response_without_sig_classpath_entityid.xml")))); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.12", + ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostMessageWrongDestinationEndpoint() throws IOException, SamlSigningException, + Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, + TransformerException, MarshallingException { + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_with_wrong_destination_endpoint.xml", + credentialProvider.getMessageSigningCredential(), true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.12", + ((AuthnResponseValidationException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostValidSignedNoMetadata() throws IOException, SamlSigningException, + Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException { + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_without_sig_classpath_entityid.xml", + credentialProvider.getMessageSigningCredential(), true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.11", + ((EaafException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostValidSignedAssertionOutDated() throws IOException, SamlSigningException, + Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException { + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_without_sig_classpath_entityid.xml", + credentialProvider.getMessageSigningCredential(), false); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.12", + ((EaafException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostValidSignedAssertionFromWrongIdp() throws IOException, SamlSigningException, + Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException { + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_IDAUSTRIA_ENTITYID, + RandomStringUtils.randomAlphabetic(10)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_without_sig_classpath_entityid.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.08", + ((EaafException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostValidSignedWitError() throws IOException, SamlSigningException, + Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException { + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_without_sig_with_error.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.05", + ((EaafException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostValidSignedWitUserStopErrorCode() throws IOException, SamlSigningException, + Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException, TaskExecutionException { + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_without_sig_with_error_userstop.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + // perform test + task.execute(pendingReq, executionContext); + + // validate state + Assert.assertTrue("process not cancelled", executionContext.isProcessCancelled()); + Assert.assertTrue("process not stopped by user", pendingReq.isAbortedByUser()); + Assert.assertFalse("should not authenticated", pendingReq.isAuthenticated()); + + } + + @Test + public void httpPostValidSignedWithErrorAndNoSubCode() throws IOException, SamlSigningException, + Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException { + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_without_sig_with_error_without_subcode.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.05", + ((EaafException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostValidSignedWithErrorAndEmptySubCode() throws IOException, SamlSigningException, + Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException { + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_without_sig_with_error_empty_subcode.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.05", + ((EaafException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void httpPostValidSignedAssertionMissingAttributes() throws IOException, SamlSigningException, + Pvp2MetadataException, CredentialsNotAvailableException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException, TaskExecutionException { + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_with_EID_wrong_data.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + // perform task + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.12", + ((EaafException) e.getOriginalException()).getErrorId()); + Assert.assertEquals("sp.pvp2.06", + ((EaafException) ((EaafException) e.getOriginalException()).getCause()).getErrorId()); + + } + + @Test + public void httpPostValidSignedAssertionWrongBpkTarget() throws IOException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException, TaskExecutionException, EaafException { + + oaParam.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_EIDAS + "AT+ZZ"); + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_with_EID.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + // perform task + final TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(AuthnResponseValidationException.class, + e.getOriginalException()); + Assert.assertEquals("sp.pvp2.12", + ((EaafException) e.getOriginalException()).getErrorId()); + Assert.assertEquals("sp.pvp2.06", + ((EaafException) ((EaafException) e.getOriginalException()).getCause()).getErrorId()); + Assert.assertEquals("module.idaustria.06", + ((EaafException) ((EaafException) ((EaafException) e.getOriginalException()) + .getCause()).getCause()).getErrorId()); + + } + + @Test + public void httpPostValidSignedAssertionEidValid() throws IOException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException, TaskExecutionException, EaafException { + + oaParam.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_EIDAS + "AT+XX"); + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_with_EID.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + // perform task + task.execute(pendingReq, executionContext); + + // validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedReq); + final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertFalse("foreigner flag", session.isForeigner()); + assertTrue("eidProcess flag", session.isEidProcess()); + assertFalse("useMandate flag", session.isMandateUsed()); + + checkAttributeInSession(session, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max"); + checkAttributeInSession(session, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann"); + checkAttributeInSession(session, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01"); + checkAttributeInSession(session, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/high"); + checkAttributeInSession(session, PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); + + //pre-generated eIDAS identifer + checkAttributeInSession(session, PvpAttributeDefinitions.BPK_NAME, "AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY="); + + } + + + + @Test + public void httpPostValidSignedAssertionMinimumAttributes() throws IOException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException, TaskExecutionException, EaafException { + + oaParam.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_EIDAS + "AT+CC"); + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_with_EID_minimum.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + // perform task + task.execute(pendingReq, executionContext); + + // validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedReq); + final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertFalse("foreigner flag", session.isForeigner()); + + checkAttributeInSession(session,PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max"); + checkAttributeInSession(session,PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann"); + checkAttributeInSession(session,PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01"); + checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); + + checkAttributeInSession(session,PvpAttributeDefinitions.BPK_NAME, "AT+CC:QVGm48cqcM4UcyhDTNGYmVdrIoY="); + + } + + @Test + public void httpPostValidSignedAssertionEidBpkWithoutPrefix() throws IOException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException, TaskExecutionException, EaafException { + + oaParam.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_EIDAS + "AT+XX"); + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_with_EID_bpk_without_prefix.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + // perform task + task.execute(pendingReq, executionContext); + + // validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedReq); + final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertFalse("foreigner flag", session.isForeigner()); + + checkAttributeInSession(session,PvpAttributeDefinitions.GIVEN_NAME_NAME, "Susi"); + checkAttributeInSession(session,PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Heinz"); + checkAttributeInSession(session,PvpAttributeDefinitions.BIRTHDATE_NAME, "1955-01-01"); + checkAttributeInSession(session,PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/aabbcc"); + checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); + + //pre-generated eIDAS identifer + checkAttributeInSession(session,PvpAttributeDefinitions.BPK_NAME, "QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY="); + + } + + @Test + public void httpPostValidSignedAssertionEidWithEidSectorAttr() throws IOException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException, TaskExecutionException, EaafException { + + oaParam.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_EIDAS + "AT+AB"); + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_with_EID_with_eid_sector_attr.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + // perform task + task.execute(pendingReq, executionContext); + + // validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedReq); + final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertFalse("foreigner flag", session.isForeigner()); + + checkAttributeInSession(session,PvpAttributeDefinitions.GIVEN_NAME_NAME, "Susi"); + checkAttributeInSession(session,PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Heinz"); + checkAttributeInSession(session,PvpAttributeDefinitions.BIRTHDATE_NAME, "1955-01-01"); + checkAttributeInSession(session,PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/aabbcc"); + checkAttributeInSession(session,PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); + + //pre-generated eIDAS identifer + checkAttributeInSession(session,PvpAttributeDefinitions.BPK_NAME, "AT+AB:QVGm48cqcasfasfsafsafdM4UcyhDTNGYmVdrIoY="); + + } + + @Test + public void httpPostValidSignedAssertionEidValidWithJurMandate() throws IOException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException, TaskExecutionException, EaafException { + + oaParam.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_EIDAS + "AT+XX"); + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_with_EID_with_mandate_jur.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + // perform task + task.execute(pendingReq, executionContext); + + // validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedReq); + final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertFalse("foreigner flag", session.isForeigner()); + assertTrue("eidProcess flag", session.isEidProcess()); + assertTrue("useMandate flag", session.isMandateUsed()); + + checkAttributeInSession(session, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max"); + checkAttributeInSession(session, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann"); + checkAttributeInSession(session, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01"); + checkAttributeInSession(session, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/high"); + checkAttributeInSession(session, PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); + + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_TYPE_NAME, "Generalvollmacht"); + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_LEG_PER_FULL_NAME_NAME, "Testfirma"); + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_NAME, "999999m"); + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_LEG_PER_SOURCE_PIN_TYPE_NAME, "urn:publicid:gv.at:baseid+XERSB"); + + //pre-generated eIDAS identifer + checkAttributeInSession(session, PvpAttributeDefinitions.BPK_NAME, "AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY="); + assertNull("find nat. person bpk for mandator", session.getGenericDataFromSession( + PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, String.class)); + + + } + + @Test + public void httpPostValidSignedAssertionEidValidWithNatMandate() throws IOException, XMLParserException, UnmarshallingException, + MarshallingException, TransformerException, TaskExecutionException, EaafException { + + oaParam.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_EIDAS + "AT+XX"); + + metadataProvider.addMetadataResolverIntoChain(metadataFactory.createMetadataProvider( + METADATA_PATH, null, "jUnit IDP", null)); + + final Response response = initializeResponse( + "classpath:/data/idp_metadata_classpath_entity.xml", + "/data/Response_with_EID_with_mandate_nat.xml", + credentialProvider.getMessageSigningCredential(), + true); + httpReq.addParameter("SAMLResponse", Base64.getEncoder().encodeToString( + DomUtils.serializeNode(XMLObjectSupport.getMarshaller(response).marshall(response)).getBytes( + "UTF-8"))); + + // perform task + task.execute(pendingReq, executionContext); + + // validate state + IRequest storedReq = storage.getPendingRequest(pendingReq.getPendingRequestId()); + Assert.assertNotNull("pendingReq not stored", storedReq); + final AuthProcessDataWrapper session = pendingReq.getSessionData(AuthProcessDataWrapper.class); + Assert.assertFalse("foreigner flag", session.isForeigner()); + assertTrue("eidProcess flag", session.isEidProcess()); + assertTrue("useMandate flag", session.isMandateUsed()); + + checkAttributeInSession(session, PvpAttributeDefinitions.GIVEN_NAME_NAME, "Max"); + checkAttributeInSession(session, PvpAttributeDefinitions.PRINCIPAL_NAME_NAME, "Mustermann"); + checkAttributeInSession(session, PvpAttributeDefinitions.BIRTHDATE_NAME, "1940-01-01"); + checkAttributeInSession(session, PvpAttributeDefinitions.EID_CITIZEN_EIDAS_QAA_LEVEL_NAME, "http://eidas.europa.eu/LoA/high"); + checkAttributeInSession(session, PvpAttributeDefinitions.EID_ISSUING_NATION_NAME, "AT"); + + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_TYPE_NAME, "GeneralvollmachtBilateral"); + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_NAT_PER_GIVEN_NAME_NAME, "Gerti"); + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_NAT_PER_FAMILY_NAME_NAME, "Musterfrau"); + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_NAT_PER_BIRTHDATE_NAME, "01-02-1941"); + checkAttributeInSession(session, PvpAttributeDefinitions.MANDATE_NAT_PER_BPK_NAME, "AT+XX:AFSDAFSDFDSFCSDAFASDF="); + + + //pre-generated eIDAS identifer + checkAttributeInSession(session, PvpAttributeDefinitions.BPK_NAME, "AT+XX:QVGm48cqcM4UcyhDTNGYmVdrIoY="); + + + } + + private void checkAttributeInSession(AuthProcessDataWrapper session, String attrName, String expected) { + String value = session.getGenericDataFromSession(attrName, String.class); + Assert.assertEquals("wrong attr. value", expected, value); + + } + + private Response initializeResponse(String idpEntityId, String responsePath, EaafX509Credential credential, + boolean validConditions) throws SamlSigningException, XMLParserException, UnmarshallingException, + Pvp2MetadataException { + + final Response response = (Response) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + ReceiveAuthnResponseTaskTest.class.getResourceAsStream(responsePath)); + response.setIssueInstant(Instant.now()); + final Issuer issuer = Saml2Utils.createSamlObject(Issuer.class); + issuer.setValue(idpEntityId); + response.setIssuer(issuer); + + if (validConditions) { + response.getAssertions().get(0).getConditions().setNotOnOrAfter(Instant.now().plusSeconds(5*60)); + + } + + return Saml2Utils.signSamlObject(response, credential, true); + } +} diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java new file mode 100644 index 00000000..1feb684d --- /dev/null +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/task/RequestIdAustriaSystemTaskTest.java @@ -0,0 +1,478 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.test.task; + +import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.util.Arrays; +import java.util.Base64; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.UUID; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.mockito.internal.util.collections.Sets; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.schema.XSString; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.common.xml.SAMLConstants; +import org.opensaml.saml.saml2.core.AuthnRequest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; + +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; +import at.asitplus.eidas.specific.modules.auth.idaustria.tasks.RequestIdAustriaSystemTask; +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider; +import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.data.EaafConstants; +import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; +import at.gv.egiz.eaaf.core.api.data.PvpAttributeDefinitions; +import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration; +import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; +import at.gv.egiz.eaaf.core.api.storage.ITransactionStorage; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; +import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory; +import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; +import at.gv.egiz.eaaf.core.impl.utils.KeyValueUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.reqattr.EaafRequestedAttributes; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2InternalErrorException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.impl.message.PvpSProfileRequest; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import at.gv.egiz.eaaf.modules.pvp2.impl.validation.TrustEngineFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.verification.SamlVerificationEngine; +import eu.eidas.auth.commons.light.impl.LightRequest; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_mapConfig.xml", + "/spring/SpringTest-context_basic_test.xml", +}) +public class RequestIdAustriaSystemTaskTest { + + private static final String METADATA_PATH = "classpath:/data/idp_metadata_classpath_entity.xml"; + private static final String METADATA_SP_PATH = "classpath:/data/sp_metadata_junit.xml"; + + @Autowired ApplicationContext context; + @Autowired MsConnectorDummyConfigMap config; + @Autowired IdAustriaAuthMetadataProvider metadataProvider; + @Autowired PvpMetadataResolverFactory metadataFactory; + @Autowired DummyGuiBuilderConfigurationFactory guiBuilderConfigFactory; + @Autowired SamlVerificationEngine samlVerifyEngine; + @Autowired ITransactionStorage transactionStorage; + + final ExecutionContext executionContext = new ExecutionContextImpl(); + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private ProxyServicePendingRequest pendingReq; + private ServiceProviderConfiguration oaParam; + private Map<String, String> spConfig; + + private RequestIdAustriaSystemTask task; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void initialize() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * jUnit test set-up. + * + * @throws Exception In case of an set-up error + */ + @Before + public void setUp() throws Exception { + task = (RequestIdAustriaSystemTask) context.getBean("createIdAustriaAuthnRequestTask"); + + httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, "sig"); + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_IDAUSTRIA_ENTITYID, METADATA_PATH); + + spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "http://test.com/test"); + oaParam = new ServiceProviderConfiguration(spConfig, config); + oaParam.setRequiredLoA(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH)); + + String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); + oaParam.setBpkTargetIdentifier(EaafConstants.URN_PREFIX_EIDAS + "AT+" + + spCountryCode); + + pendingReq = new ProxyServicePendingRequest(); + pendingReq.initialize(httpReq, config); + pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setOnlineApplicationConfiguration(oaParam); + + metadataProvider.fullyDestroy(); + guiBuilderConfigFactory.setVelocityBuilderConfig(createDummyGuiConfig()); + + } + + @Test + public void missingIdAustriaSystemEntiryId() { + config.removeConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_IDAUSTRIA_ENTITYID); + + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, + e.getOriginalException()); + Assert.assertEquals("module.idaustria.00", + ((EaafConfigurationException) e.getOriginalException()).getErrorId()); + + + } + + @Test + public void noMetadataAvailableOnGlobalConfig() { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_IDAUSTRIA_ENTITYID, + RandomStringUtils.randomAlphabetic(10)); + + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, + e.getOriginalException()); + Assert.assertEquals("module.idaustria.05", + ((EaafConfigurationException) e.getOriginalException()).getErrorId()); + + + } + + @Test + public void noMetadataSigningKeyStore() throws Pvp2MetadataException { + config.removeConfigValue("eidas.ms.modules.idaustriaauth.request.sign.alias"); + + metadataProvider.addMetadataResolverIntoChain( + metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null)); + + TaskExecutionException e = assertThrows(TaskExecutionException.class, + () -> task.execute(pendingReq, executionContext)); + + Assert.assertNotNull(e.getPendingRequestID()); + Assert.assertEquals(pendingReq.getPendingRequestId(), e.getPendingRequestID()); + Assert.assertNotNull(e.getOriginalException()); + org.springframework.util.Assert.isInstanceOf(CredentialsNotAvailableException.class, + e.getOriginalException()); + Assert.assertEquals("internal.pvp.01", + ((CredentialsNotAvailableException) e.getOriginalException()).getErrorId()); + + } + + @Test + public void successWithoutSpInfos() throws Pvp2InternalErrorException, SecurityException, Exception { + metadataProvider.addMetadataResolverIntoChain( + metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null)); + + LightRequest.Builder eidasRequestBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .spType("public"); + pendingReq.setEidasRequest(eidasRequestBuilder.build()); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + final EaafRequestedAttributes reqAttr = validate(); + Assert.assertEquals("#Req Attribute", 5, reqAttr.getAttributes().size()); + + Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.eidas.uniqueId", + reqAttr.getAttributes().get(0).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(0).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(0).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(0).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + Assert.assertEquals("Req. Attr. Value", pendingReq.getServiceProviderConfiguration().getUniqueIdentifier(), + ((XSString)reqAttr.getAttributes().get(0).getAttributeValues().get(0)).getValue()); + + Assert.assertEquals("Wrong req attr.", "urn:oid:1.2.40.0.10.2.1.1.261.34", + reqAttr.getAttributes().get(1).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(1).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(1).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + Assert.assertEquals("Req. Attr. Value", oaParam.getAreaSpecificTargetIdentifier(), + ((XSString)reqAttr.getAttributes().get(1).getAttributeValues().get(0)).getValue()); + + Assert.assertEquals("Wrong req attr.", "urn:oid:1.2.40.0.10.2.1.1.261.108", + reqAttr.getAttributes().get(2).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(1).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(2).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(2).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + Assert.assertEquals("Req. Attr. Value", "http://eidas.europa.eu/LoA/high", + ((XSString)reqAttr.getAttributes().get(2).getAttributeValues().get(0)).getValue()); + + Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateType", + reqAttr.getAttributes().get(4).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(4).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(4).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(4).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + Assert.assertEquals("Req. Attr. Value", + pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class).getMandateMode().getMode(), + ((XSString)reqAttr.getAttributes().get(4).getAttributeValues().get(0)).getValue()); + + } + + @Test + public void successWithSpInfos() throws Pvp2InternalErrorException, SecurityException, Exception { + metadataProvider.addMetadataResolverIntoChain( + metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null)); + + LightRequest.Builder eidasRequestBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .spType("public") + .requesterId(RandomStringUtils.randomAlphanumeric(10)) + .providerName(RandomStringUtils.randomAlphanumeric(10)); + LightRequest eidasReq = eidasRequestBuilder.build(); + pendingReq.setEidasRequest(eidasReq); + + oaParam.setRequestedAttributes(Sets.newSet( + "aabbccdd", + RandomStringUtils.randomAlphanumeric(10), + PvpAttributeDefinitions.BIRTHDATE_NAME)); + + //execute test + task.execute(pendingReq, executionContext); + + //validate state + final EaafRequestedAttributes reqAttr = validate(); + Assert.assertEquals("#Req Attribute", 7, reqAttr.getAttributes().size()); + + + Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.RequiredAttributes", + reqAttr.getAttributes().get(3).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(3).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(3).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(3).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + + List<String> reqProfiles = KeyValueUtils.getListOfCsvValues( + ((XSString)reqAttr.getAttributes().get(3).getAttributeValues().get(0)).getValue()); + reqProfiles.stream().forEach( + el -> assertTrue("missing IDA attribute: " + el, oaParam.getRequestedAttributes().contains(el))); + + + Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderFriendlyName", + reqAttr.getAttributes().get(4).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(4).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(4).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(4).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + Assert.assertEquals("Req. Attr. Value", eidasReq.getProviderName(), + ((XSString)reqAttr.getAttributes().get(4).getAttributeValues().get(0)).getValue()); + + Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderUniqueId", + reqAttr.getAttributes().get(5).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(5).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(5).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(5).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + Assert.assertEquals("Req. Attr. Value", eidasReq.getRequesterId(), + ((XSString)reqAttr.getAttributes().get(5).getAttributeValues().get(0)).getValue()); + + + + } + + @Test + public void successWithMandates() throws Pvp2InternalErrorException, SecurityException, Exception { + metadataProvider.addMetadataResolverIntoChain( + metadataFactory.createMetadataProvider(METADATA_PATH, null, "jUnitTest", null)); + + LightRequest.Builder eidasRequestBuilder = LightRequest.builder() + .id(UUID.randomUUID().toString()) + .issuer(RandomStringUtils.randomAlphabetic(10)) + .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) + .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) + .spType("public") + .requesterId(RandomStringUtils.randomAlphanumeric(10)) + .providerName(RandomStringUtils.randomAlphanumeric(10)); + LightRequest eidasReq = eidasRequestBuilder.build(); + pendingReq.setEidasRequest(eidasReq); + + List<String> mandateProfiles = Arrays.asList( + RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); + oaParam.setMandateProfiles(mandateProfiles); + oaParam.setMandateMode(SpMandateModes.LEGAL_FORCE); + //execute test + task.execute(pendingReq, executionContext); + + //validate state + final EaafRequestedAttributes reqAttr = validate(); + Assert.assertEquals("#Req Attribute", 8, reqAttr.getAttributes().size()); + + Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateProfiles", + reqAttr.getAttributes().get(6).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(6).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(6).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(6).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + + List<String> reqProfiles = KeyValueUtils.getListOfCsvValues( + ((XSString)reqAttr.getAttributes().get(6).getAttributeValues().get(0)).getValue()); + reqProfiles.stream().forEach(el -> assertTrue("missing profile: " + el, mandateProfiles.contains(el))); + + + Assert.assertEquals("Wrong req attr.", "urn:eidgvat:attributes.ServiceProviderMandateType", + reqAttr.getAttributes().get(7).getName()); + Assert.assertNotNull("Req. Attr value element", reqAttr.getAttributes().get(7).getAttributeValues()); + Assert.assertEquals("#Req. Attr value", 1, + reqAttr.getAttributes().get(7).getAttributeValues().size()); + org.springframework.util.Assert.isInstanceOf(XSString.class, + reqAttr.getAttributes().get(7).getAttributeValues().get(0), "Wrong requested Attributes Value type"); + Assert.assertEquals("Req. Attr. Value", + SpMandateModes.LEGAL_FORCE.getMode(), + ((XSString)reqAttr.getAttributes().get(7).getAttributeValues().get(0)).getValue()); + + } + + private EaafRequestedAttributes validate() throws Pvp2InternalErrorException, SecurityException, Exception { + Assert.assertEquals("HTTP Statuscode", 200, httpResp.getStatus()); + Assert.assertEquals("ContentType", "text/html;charset=UTF-8", httpResp.getContentType()); + Assert.assertEquals("ContentEncoding", "UTF-8", httpResp.getCharacterEncoding()); + + final String html = httpResp.getContentAsString(); + Assert.assertNotNull("XML Metadata", html); + + final int startIndex = html.indexOf("SAMLRequest="); + Assert.assertTrue("No SAMLRequest in html", startIndex >= 0); + final String authnXml = html.substring(startIndex + "SAMLRequest=".length()); + + //check if relaystate was stored + final int startIndexRelayState = html.indexOf("RelayState="); + Assert.assertTrue("wrong RelayState in HTML", + startIndexRelayState >= 0); + String relayState = html.substring(startIndexRelayState + "RelayState=".length(), startIndex); + String storedPendingReqId = transactionStorage.get(relayState, String.class); + Assert.assertEquals("relayStore not map to pendingRequestId", + pendingReq.getPendingRequestId(), storedPendingReqId); + + + final AuthnRequest authnRequest = (AuthnRequest) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), new ByteArrayInputStream( + Base64.getDecoder().decode(authnXml))); + + Assert.assertNotNull("AuthnReq", authnRequest); + Assert.assertNotNull("Issuer", authnRequest.getIssuer()); + Assert.assertEquals("EntityId", + "http://localhost" + IdAustriaAuthConstants.ENDPOINT_METADATA, + authnRequest.getIssuer().getValue()); + + //check XML scheme + Saml2Utils.schemeValidation(authnRequest); + + //check signature + final PvpSProfileRequest msg = new PvpSProfileRequest( + authnRequest, + SAMLConstants.SAML2_POST_BINDING_URI); + msg.setEntityID(authnRequest.getIssuer().getValue()); + metadataProvider.addMetadataResolverIntoChain( + metadataFactory.createMetadataProvider(METADATA_SP_PATH, null, "jUnit SP", null)); + samlVerifyEngine.verify(msg, TrustEngineFactory.getSignatureKnownKeysTrustEngine(metadataProvider)); + + //check other elements + Assert.assertNotNull("Extensions", authnRequest.getExtensions()); + Assert.assertFalse("No Requested attributes", + authnRequest.getExtensions().getUnknownXMLObjects().isEmpty()); + + Assert.assertEquals("#ReqAttributes", 1, authnRequest.getExtensions().getUnknownXMLObjects().size()); + org.springframework.util.Assert.isInstanceOf(EaafRequestedAttributes.class, + authnRequest.getExtensions().getUnknownXMLObjects().get(0), "No Requested Attributes object"); + + return (EaafRequestedAttributes) authnRequest.getExtensions().getUnknownXMLObjects().get(0); + + } + + private IVelocityGuiBuilderConfiguration createDummyGuiConfig() { + return new IVelocityGuiBuilderConfiguration() { + + @Override + public Map<String, Object> getViewParameters() { + return null; + } + + @Override + public String getViewName() { + return "SAML2 Post-Binding"; + } + + @Override + public String getDefaultContentType() { + return null; + } + + @Override + public InputStream getTemplate(String viewName) { + return RequestIdAustriaSystemTaskTest.class.getResourceAsStream("/data/pvp_postbinding_template.html"); + } + + @Override + public String getClasspathTemplateDir() { + return null; + + } + + @Override + public boolean isWriteAsynch() { + return false; + + } + }; + } +} diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthCredentialProviderTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthCredentialProviderTest.java new file mode 100644 index 00000000..a0d6c988 --- /dev/null +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthCredentialProviderTest.java @@ -0,0 +1,413 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.test.utils; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.test.annotation.DirtiesContext; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import com.google.common.base.Optional; +import com.google.common.base.Predicates; +import com.google.common.base.Throwables; +import com.google.common.collect.FluentIterable; + +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthCredentialProvider; +import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; +import at.gv.egiz.eaaf.core.exceptions.EaafException; +import at.gv.egiz.eaaf.core.exceptions.EaafFactoryException; +import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_mapConfig.xml", + "/spring/SpringTest-context_lazy.xml" + }) +@DirtiesContext +public class IdAustriaAuthCredentialProviderTest { + + private static final String PATH_JKS = "pvp.jks"; + private static final String ALIAS_METADATA = "metadata"; + private static final String ALIAS_SIGN = "signing"; + private static final String ALIAS_ENC = "encryption"; + private static final String PASSWORD = "password"; + + @Autowired + private ApplicationContext context; + @Autowired + private MsConnectorDummyConfigMap config; + + /** + * jUnit test initializer. + */ + @Before + public void initialize() { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_KEYSTORE_PATH, PATH_JKS); + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD, PASSWORD); + + config.removeConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS); + config.removeConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD); + + config.removeConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS); + config.removeConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD); + + config.removeConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS); + config.removeConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD); + + } + + @Test + @DirtiesContext + public void noKeyStoreUrl() { + config.removeConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_KEYSTORE_PATH); + try { + context.getBean(IdAustriaAuthCredentialProvider.class); + Assert.fail("No KeyStore not detected"); + + } catch (final BeansException e) { + org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, + e.getCause(), "Wrong exception"); + } + + } + + @Test + @DirtiesContext + public void noKeyStore() { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_KEYSTORE_PATH, + "src/test/resources/config/notExist.p12"); + try { + context.getBean(IdAustriaAuthCredentialProvider.class); + Assert.fail("No KeyStore not detected"); + + } catch (final BeansException e) { + final Optional<Throwable> eaafException = FluentIterable.from( + Throwables.getCausalChain(e)).filter( + Predicates.instanceOf(EaafConfigurationException.class)).first(); + Assert.assertTrue("Wrong exception", eaafException.isPresent()); + Assert.assertEquals("Wrong errorId", "internal.keystore.06", + ((EaafException) eaafException.get()).getErrorId()); + + } + + } + + @Test + @DirtiesContext + public void noWrongKeyStorePassword() { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_KEYSTOREPASSWORD, "test"); + try { + context.getBean(IdAustriaAuthCredentialProvider.class); + Assert.fail("No KeyStore not detected"); + + } catch (final BeansException e) { + final Optional<Throwable> eaafException = FluentIterable.from( + Throwables.getCausalChain(e)).filter( + Predicates.instanceOf(EaafFactoryException.class)).first(); + Assert.assertTrue("Wrong exception", eaafException.isPresent()); + Assert.assertEquals("Wrong errorId", "internal.keystore.06", + ((EaafException) eaafException.get()).getErrorId()); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationWrongAlias() { + final IdAustriaAuthCredentialProvider credential = context.getBean( + IdAustriaAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageEncryptionCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationWrongPassword() { + final IdAustriaAuthCredentialProvider credential = context.getBean( + IdAustriaAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageSigningCredential(); + Assert.fail("No message signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); + Assert.assertNull("No encryption signing credentials not detected", encCred); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationValidAliasWrongPassword() { + final IdAustriaAuthCredentialProvider credential = context.getBean( + IdAustriaAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS, + ALIAS_METADATA); + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, + ALIAS_SIGN); + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS, + ALIAS_ENC); + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD, + RandomStringUtils.randomAlphabetic(5)); + credential.getMessageEncryptionCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + } + + @Test + @DirtiesContext + public void notKeyConfigurationWrongAliasValidPassword() { + final IdAustriaAuthCredentialProvider credential = context.getBean( + IdAustriaAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD, + PASSWORD); + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD, + PASSWORD); + credential.getMessageSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS, + RandomStringUtils.randomAlphabetic(5)); + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD, + PASSWORD); + credential.getMessageEncryptionCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + } + + @Test + @DirtiesContext + public void validonfiguration() throws CredentialsNotAvailableException { + final IdAustriaAuthCredentialProvider credential = context.getBean( + IdAustriaAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_METADATA_ALIAS, + ALIAS_METADATA); + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_METADATA_KEY_PASSWORD, + PASSWORD); + credential.getMetaDataSigningCredential(); + + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_SIGNING_ALIAS, + ALIAS_SIGN); + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_SIGN_SIGNING_KEY_PASSWORD, + PASSWORD); + credential.getMessageSigningCredential(); + + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_ENCRYPTION_ALIAS, + ALIAS_ENC); + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_ENCRYPTION_KEY_PASSWORD, + PASSWORD); + credential.getMessageEncryptionCredential(); + + } + + @Test + @DirtiesContext + public void notKeyConfiguration() { + final IdAustriaAuthCredentialProvider credential = context.getBean( + IdAustriaAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + credential.getMessageSigningCredential(); + Assert.fail("No message signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); + Assert.assertNull("No encryption signing credentials not detected", encCred); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + } + + @Test + @DirtiesContext + public void notKeyConfigurationPkcs12() { + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_KEYSTORE_PATH, "pvp.p12"); + final IdAustriaAuthCredentialProvider credential = context.getBean( + IdAustriaAuthCredentialProvider.class); + + Assert.assertNotNull("Credetialprovider", credential); + Assert.assertNotNull("Friendlyname", credential.getFriendlyName()); + + try { + credential.getMetaDataSigningCredential(); + Assert.fail("No Metadata signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + credential.getMessageSigningCredential(); + Assert.fail("No message signing credentials not detected"); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + + try { + final EaafX509Credential encCred = credential.getMessageEncryptionCredential(); + Assert.assertNull("No encryption signing credentials not detected", encCred); + + } catch (final CredentialsNotAvailableException e) { + Assert.assertTrue("Wrong errorCode", e.getMessage().contains("internal.pvp.01")); + + } + } +} diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthMetadataProviderFirstTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthMetadataProviderFirstTest.java new file mode 100644 index 00000000..d9e73db1 --- /dev/null +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthMetadataProviderFirstTest.java @@ -0,0 +1,236 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.test.utils; + +import java.io.IOException; +import java.time.Instant; +import java.time.temporal.ChronoUnit; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.criterion.EntityIdCriterion; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.w3c.dom.Element; + +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import net.shibboleth.utilities.java.support.resolver.CriteriaSet; +import net.shibboleth.utilities.java.support.resolver.ResolverException; +import net.shibboleth.utilities.java.support.xml.SerializeSupport; +import net.shibboleth.utilities.java.support.xml.XMLParserException; +import okhttp3.HttpUrl; +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_test.xml", + "/spring/SpringTest-context_basic_mapConfig.xml" }) +public class IdAustriaAuthMetadataProviderFirstTest { + + @Autowired IPvp2CredentialProvider credentialProvider; + @Autowired IdAustriaAuthMetadataProvider provider; + @Autowired PvpMetadataResolverFactory resolverFactory; + @Autowired MsConnectorDummyConfigMap config; + + private static MockWebServer mockWebServer; + private static HttpUrl mockServerUrl; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void classInitializer() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/metadata"); + + } + + /** + * jUnit test set-up. + * + * @throws ResolverException + * + */ + @Before + public void testSetup() { + provider.fullyDestroy(); + + } + + @Test + public void simpleManuelAddingTest() throws Pvp2MetadataException, ResolverException { + final IPvp2MetadataProvider resolver1 = resolverFactory.createMetadataProvider( + "classpath:/data/idp_metadata_sig_notvalid.xml", + null, "junit", null); + Assert.assertNotNull("Resolver 1 is null", resolver1); + provider.addMetadataResolverIntoChain(resolver1); + + final IPvp2MetadataProvider resolver2 = resolverFactory.createMetadataProvider( + "classpath:/data/idp_metadata_sig_valid_wrong_alg.xml", + null, "junit", null); + Assert.assertNotNull("Resolver 2 is null", resolver2); + provider.addMetadataResolverIntoChain(resolver2); + + final EntityDescriptor entity1 = provider.getEntityDescriptor("https://localEntity"); + Assert.assertNotNull("Entity 1 not found", entity1); + + final EntityDescriptor entity2 = provider.getEntityDescriptor( + "https://vidp.gv.at/ms_connector/pvp/metadata"); + Assert.assertNotNull("Entity 2 not found", entity2); + + final EntityDescriptor entity3 = provider.getEntityDescriptor("https://egiz.gv.at/abababa"); + Assert.assertNull("Entity 3 found", entity3); + + } + + @Test + public void dynamicLoadingNoValidSignature() throws ResolverException { + final EntityDescriptor entity = provider.getEntityDescriptor("classpath:/data/idp_metadata_no_sig2.xml"); + Assert.assertNull("Entity found", entity); + + } + + @Test + public void dynamicLoadingValidSignature() throws XMLParserException, UnmarshallingException, + SamlSigningException, CredentialsNotAvailableException, MarshallingException, ResolverException { + + final String entityId = injectValidHttpMetadata(); + final EntityDescriptor entity = provider.getEntityDescriptor(entityId); + Assert.assertNotNull("Entity not found", entity); + + } + + @Test + public void reloadNotPossible() throws XMLParserException, UnmarshallingException, + SamlSigningException, CredentialsNotAvailableException, MarshallingException, ResolverException { + + final String entityId = injectValidHttpMetadata(); + final EntityDescriptor entity = provider.getEntityDescriptor(entityId); + Assert.assertNotNull("Entity not found", entity); + Assert.assertNotNull("Entity not found", + provider.resolveSingle(generateEntityIdCreteria(entityId))); + + Assert.assertFalse("Refresh should not be possible", + provider.refreshMetadataProvider(entityId)); + + final EntityDescriptor entity2 = provider.getEntityDescriptor(entityId); + Assert.assertNull("Entity not found", entity2); + Assert.assertNull("Entity not found", + provider.resolveSingle(generateEntityIdCreteria(entityId))); + + Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess()); + + } + + @Test + public void refeshTest() throws Pvp2MetadataException, ResolverException { + Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess()); + Assert.assertNull("LastRefresh", provider.getLastRefresh()); + Assert.assertNull("LastSuccessfulRefresh", provider.getLastSuccessfulRefresh()); + Assert.assertNull("LastUpdate", provider.getLastUpdate()); + + final IPvp2MetadataProvider resolver1 = resolverFactory.createMetadataProvider( + "classpath:/data/idp_metadata_sig_notvalid.xml", + null, "junit", null); + Assert.assertNotNull("Resolver 1 is null", resolver1); + provider.addMetadataResolverIntoChain(resolver1); + + final IPvp2MetadataProvider resolver2 = resolverFactory.createMetadataProvider( + "classpath:/data/idp_metadata_sig_valid_wrong_alg.xml", + null, "junit", null); + Assert.assertNotNull("Resolver 2 is null", resolver2); + provider.addMetadataResolverIntoChain(resolver2); + + provider.refresh(); + + Assert.assertTrue("Last refresh", provider.wasLastRefreshSuccess()); + Assert.assertNotNull("LastRefresh", provider.getLastRefresh()); + Assert.assertNotNull("LastSuccessfulRefresh", provider.getLastSuccessfulRefresh()); + Assert.assertNotNull("LastUpdate", provider.getLastUpdate()); + + } + + @Test + public void reloadPossible() throws XMLParserException, UnmarshallingException, + SamlSigningException, CredentialsNotAvailableException, MarshallingException, ResolverException, + IOException { + + mockWebServer.shutdown(); + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/metadata"); + + final String entityId = injectValidHttpMetadata(); + final EntityDescriptor entity = provider.getEntityDescriptor(entityId); + Assert.assertNotNull("Entity not found", entity); + Assert.assertNotNull("Entity not found", + provider.resolveSingle(generateEntityIdCreteria(entityId))); + + Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess()); + + injectValidHttpMetadata(entityId); + Assert.assertTrue("Refresh should not be possible", + provider.refreshMetadataProvider(entityId)); + + final EntityDescriptor entity2 = provider.getEntityDescriptor(entityId); + Assert.assertNotNull("Entity not found", entity2); + Assert.assertNotNull("Entity not found", + provider.resolveSingle(generateEntityIdCreteria(entityId))); + + Assert.assertFalse("Last refresh", provider.wasLastRefreshSuccess()); + + } + + private String injectValidHttpMetadata() throws SamlSigningException, CredentialsNotAvailableException, + XMLParserException, UnmarshallingException, MarshallingException { + return injectValidHttpMetadata(mockServerUrl.url().toString() + + "/" + RandomStringUtils.randomAlphabetic(5)); + } + + private String injectValidHttpMetadata(String dynEntityId) throws XMLParserException, + UnmarshallingException, + MarshallingException, SamlSigningException, CredentialsNotAvailableException { + final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + IdAustriaAuthMetadataProviderFirstTest.class.getResourceAsStream("/data/idp_metadata_no_sig.xml")); + metadata.setValidUntil(Instant.now().plus(1, ChronoUnit.DAYS)); + metadata.setSignature(null); + metadata.setEntityID(dynEntityId); + Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); + final Element metadataElement = XMLObjectSupport.marshall(metadata); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(SerializeSupport.nodeToString(metadataElement)) + .setHeader("Content-Type", "text/html;charset=utf-8")); + + return dynEntityId; + + } + + private CriteriaSet generateEntityIdCreteria(String entityId) { + final CriteriaSet result = new CriteriaSet(); + result.add(new EntityIdCriterion(entityId)); + return result; + + } +} diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthMetadataProviderSecondTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthMetadataProviderSecondTest.java new file mode 100644 index 00000000..9b3c1a34 --- /dev/null +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthMetadataProviderSecondTest.java @@ -0,0 +1,65 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.test.utils; + +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; + +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import net.shibboleth.utilities.java.support.resolver.ResolverException; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_test.xml", + "/spring/SpringTest-context_basic_mapConfig.xml" }) +public class IdAustriaAuthMetadataProviderSecondTest { + + @Autowired + IdAustriaAuthMetadataProvider provider; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void classInitializer() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + } + + /** + * jUnit test set-up. + * + * @throws ResolverException + * + */ + @Before + public void testSetup() { + provider.fullyDestroy(); + + } + + @Test + public void notTrustedX509CertsInTrustStore() throws ResolverException { + final EntityDescriptor entity = provider.getEntityDescriptor("classpath:/data/idp_metadata_no_sig2.xml"); + Assert.assertNull("Entity found", entity); + + } + + @Test + public void readStaticInfos() { + Assert.assertEquals("wrong providerId", + IdAustriaAuthMetadataProvider.PROVIDER_ID, provider.getId()); + + provider.runGarbageCollector(); + + } + +} |