From 9a1f7840c63b7a6f584a22ea64818fe5f87fc0aa Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Thu, 17 Nov 2022 07:30:50 +0100 Subject: feat(proxyservice): add healthcheck for IDA metadata provider --- .../idaustria/utils/IdAustriaAuthHealthCheck.java | 80 +++++++++++++ .../resources/spring/id_austria_auth.beans.xml | 3 + .../test/utils/IdAustriaAuthHealthCheckTest.java | 130 +++++++++++++++++++++ 3 files changed, 213 insertions(+) create mode 100644 modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/utils/IdAustriaAuthHealthCheck.java create mode 100644 modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthHealthCheckTest.java diff --git a/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/utils/IdAustriaAuthHealthCheck.java b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/utils/IdAustriaAuthHealthCheck.java new file mode 100644 index 00000000..5e1d889e --- /dev/null +++ b/modules/authmodule_id-austria/src/main/java/at/asitplus/eidas/specific/modules/auth/idaustria/utils/IdAustriaAuthHealthCheck.java @@ -0,0 +1,80 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.utils; + +import java.util.concurrent.CompletableFuture; +import java.util.concurrent.ExecutionException; +import java.util.concurrent.Executors; +import java.util.concurrent.TimeUnit; +import java.util.concurrent.TimeoutException; + +import org.apache.commons.lang3.StringUtils; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.actuate.health.Health; +import org.springframework.boot.actuate.health.HealthIndicator; + +import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import lombok.extern.slf4j.Slf4j; +import net.shibboleth.utilities.java.support.resolver.ResolverException; + +/** + * Spring Actuator HealthCheck for ID Austria client that evaluates the current status of + * ID Austria SAML2 metadata that are loaded into MS-ProxyService. + * + * @author tlenz + * + */ +@Slf4j +public class IdAustriaAuthHealthCheck implements HealthIndicator { + + private static final int DEADLINE = 3; + + @Autowired IConfiguration authConfig; + @Autowired IdAustriaAuthMetadataProvider metadataService; + + @Override + public Health health() { + String msNodeEntityID = authConfig.getBasicConfiguration( + IdAustriaAuthConstants.CONFIG_PROPS_IDAUSTRIA_METADATAURL); + + if (StringUtils.isEmpty(msNodeEntityID)) { + log.trace("No ID Austria EntityId in configuration. Skipping tests ... "); + return Health.unknown().build(); + + } + + CompletableFuture asynchTestOperation = new CompletableFuture<>(); + Executors.newCachedThreadPool().submit(() -> runConnectionTest(asynchTestOperation, msNodeEntityID)); + try { + return asynchTestOperation.get(DEADLINE, TimeUnit.SECONDS); + + } catch (InterruptedException | ExecutionException | TimeoutException e) { + log.info("Receive no respose from Health-Check after {} seconds.", DEADLINE); + return Health.outOfService().withException(e).build(); + + } + + + } + + + private void runConnectionTest(CompletableFuture completableFuture, String entityId) { + try { + EntityDescriptor connectorMetadata = + metadataService.getEntityDescriptor(entityId); + if (connectorMetadata != null) { + completableFuture.complete(Health.up().build()); + + } else { + completableFuture.complete(Health.outOfService().withDetail("Reason", "No SAML2 metadata").build()); + + } + + } catch (ResolverException e) { + completableFuture.complete(Health.down(e).build()); + + } + + } + +} diff --git a/modules/authmodule_id-austria/src/main/resources/spring/id_austria_auth.beans.xml b/modules/authmodule_id-austria/src/main/resources/spring/id_austria_auth.beans.xml index d2d16bf9..176e5424 100644 --- a/modules/authmodule_id-austria/src/main/resources/spring/id_austria_auth.beans.xml +++ b/modules/authmodule_id-austria/src/main/resources/spring/id_austria_auth.beans.xml @@ -28,6 +28,9 @@ + + diff --git a/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthHealthCheckTest.java b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthHealthCheckTest.java new file mode 100644 index 00000000..9856ca73 --- /dev/null +++ b/modules/authmodule_id-austria/src/test/java/at/asitplus/eidas/specific/modules/auth/idaustria/test/utils/IdAustriaAuthHealthCheckTest.java @@ -0,0 +1,130 @@ +package at.asitplus.eidas.specific.modules.auth.idaustria.test.utils; + +import java.time.Instant; +import java.time.temporal.ChronoUnit; + +import org.junit.Assert; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; +import org.opensaml.core.xml.io.MarshallingException; +import org.opensaml.core.xml.io.UnmarshallingException; +import org.opensaml.core.xml.util.XMLObjectSupport; +import org.opensaml.saml.saml2.metadata.EntityDescriptor; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.boot.actuate.health.Health; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.w3c.dom.Element; + +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; +import at.asitplus.eidas.specific.modules.auth.idaustria.IdAustriaAuthConstants; +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthHealthCheck; +import at.asitplus.eidas.specific.modules.auth.idaustria.utils.IdAustriaAuthMetadataProvider; +import at.gv.egiz.eaaf.modules.pvp2.api.utils.IPvp2CredentialProvider; +import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; +import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; +import at.gv.egiz.eaaf.modules.pvp2.impl.utils.Saml2Utils; +import net.shibboleth.utilities.java.support.resolver.ResolverException; +import net.shibboleth.utilities.java.support.xml.SerializeSupport; +import net.shibboleth.utilities.java.support.xml.XMLParserException; +import okhttp3.HttpUrl; +import okhttp3.mockwebserver.MockResponse; +import okhttp3.mockwebserver.MockWebServer; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration(locations = { + "/spring/SpringTest-context_basic_test.xml", + "/spring/SpringTest-context_basic_mapConfig.xml" +}) +public class IdAustriaAuthHealthCheckTest { + + @Autowired private IdAustriaAuthHealthCheck toCheck; + @Autowired protected MsConnectorDummyConfigMap config; + @Autowired private IPvp2CredentialProvider credentialProvider; + @Autowired IdAustriaAuthMetadataProvider provider; + + private static MockWebServer mockWebServer; + private static HttpUrl mockServerUrl; + + /** + * JUnit class initializer. + * + * @throws Exception In case of an OpenSAML3 initialization error + */ + @BeforeClass + public static void classInitializer() throws Exception { + EaafOpenSaml3xInitializer.eaafInitialize(); + + mockWebServer = new MockWebServer(); + mockServerUrl = mockWebServer.url("/sp/metadata"); + + } + + @Test + public void notActive() { + //set-up test + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_IDAUSTRIA_METADATAURL, + null); + + //perform check + Health status = toCheck.health(); + + //evaluate status + Assert.assertEquals("wrong status", Health.unknown().build().getStatus(), status.getStatus()); + + } + + @Test + public void success() throws SamlSigningException, CredentialsNotAvailableException, + XMLParserException, UnmarshallingException, MarshallingException { + + //set-up test + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_IDAUSTRIA_METADATAURL, + mockServerUrl.url().toString()); + injectValidHttpMetadata(mockServerUrl.url().toString()); + + //perform check + Health status = toCheck.health(); + + //evaluate status + Assert.assertEquals("wrong status", Health.up().build().getStatus(), status.getStatus()); + + } + + @Test + public void invalid() throws SamlSigningException, CredentialsNotAvailableException, + XMLParserException, UnmarshallingException, MarshallingException, ResolverException { + //set-up test + provider.clear(); + config.putConfigValue(IdAustriaAuthConstants.CONFIG_PROPS_IDAUSTRIA_METADATAURL, + "http://localhost:1234/junit/metadata"); + + //perform check + Health status = toCheck.health(); + + //evaluate status + Assert.assertEquals("wrong status", Health.outOfService().build().getStatus(), status.getStatus()); + + } + + private String injectValidHttpMetadata(String dynEntityId) throws XMLParserException, + UnmarshallingException, MarshallingException, SamlSigningException, CredentialsNotAvailableException { + final EntityDescriptor metadata = (EntityDescriptor) XMLObjectSupport.unmarshallFromInputStream( + XMLObjectProviderRegistrySupport.getParserPool(), + IdAustriaAuthHealthCheckTest.class.getResourceAsStream("/data/idp_metadata_no_sig.xml")); + metadata.setValidUntil(Instant.now().plus(1, ChronoUnit.DAYS)); + metadata.setSignature(null); + metadata.setEntityID(dynEntityId); + Saml2Utils.signSamlObject(metadata, credentialProvider.getMetaDataSigningCredential(), true); + final Element metadataElement = XMLObjectSupport.marshall(metadata); + mockWebServer.enqueue(new MockResponse().setResponseCode(200) + .setBody(SerializeSupport.nodeToString(metadataElement)) + .setHeader("Content-Type", "text/html;charset=utf-8")); + return dynEntityId; + +} + +} -- cgit v1.2.3