From 3734d910935f34427632a36206aa3b6b0822c9bf Mon Sep 17 00:00:00 2001 From: Thomas Lenz Date: Wed, 11 Dec 2019 12:45:58 +0100 Subject: fix LoA level validation error in AuthnRequestValidator.java --- .../connector/test/AuthnRequestValidatorTest.java | 211 +++++++++++++++++++++ 1 file changed, 211 insertions(+) create mode 100644 connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java (limited to 'connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java') diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java new file mode 100644 index 00000000..56d257b5 --- /dev/null +++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java @@ -0,0 +1,211 @@ +package at.asitplus.eidas.specific.connector.test; + +import java.io.IOException; +import java.util.HashMap; +import java.util.Map; + +import javax.xml.parsers.ParserConfigurationException; + +import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Assert; +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.opensaml.saml2.core.AuthnRequest; +import org.opensaml.xml.ConfigurationException; +import org.opensaml.xml.io.Unmarshaller; +import org.opensaml.xml.io.UnmarshallerFactory; +import org.opensaml.xml.io.UnmarshallingException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.mock.web.MockHttpServletRequest; +import org.springframework.mock.web.MockHttpServletResponse; +import org.springframework.test.context.ContextConfiguration; +import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import org.springframework.test.context.web.WebAppConfiguration; +import org.springframework.web.context.request.RequestContextHolder; +import org.springframework.web.context.request.ServletRequestAttributes; +import org.w3c.dom.Element; +import org.xml.sax.SAXException; + +import at.asitplus.eidas.specific.connector.MsEidasNodeConstants; +import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration; +import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; +import at.gv.egiz.eaaf.core.api.idp.IConfiguration; +import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException; +import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; +import at.gv.egiz.eaaf.core.impl.utils.DomUtils; +import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestValidator; +import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafDefaultSaml2Bootstrap; + +@RunWith(SpringJUnit4ClassRunner.class) +@ContextConfiguration({ + "/applicationContext.xml", + "/specific_eIDAS_connector.beans.xml", + "/eaaf_core.beans.xml", + "/eaaf_pvp.beans.xml", + "/eaaf_pvp_idp.beans.xml", + "/spring/SpringTest-context_simple_storage.xml" }) +@WebAppConfiguration +public class AuthnRequestValidatorTest { + + @Autowired private IConfiguration basicConfig; + @Autowired protected IAuthnRequestValidator authRequestValidator; + + private MockHttpServletRequest httpReq; + private MockHttpServletResponse httpResp; + private TestRequestImpl pendingReq; + + /** + * jUnit class initializer. + * @throws ConfigurationException In case of an error + * + */ + @BeforeClass + public static void classInitializer() throws ConfigurationException { + final String current = new java.io.File(".").toURI().toString(); + System.setProperty("eidas.ms.configuration", current + "src/test/resources/config/junit_config_1.properties"); + + EaafDefaultSaml2Bootstrap.bootstrap(); + } + + /** + * jUnit test set-up. + * + */ + @Before + public void initialize() { + httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector"); + httpResp = new MockHttpServletResponse(); + RequestContextHolder.resetRequestAttributes(); + RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); + + Map spConfig = new HashMap<>(); + spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphabetic(10)); + + pendingReq = new TestRequestImpl(); + pendingReq.setAuthUrl("https://localhost/ms_connector"); + pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10)); + pendingReq.setSpConfig(new ServiceProviderConfiguration(spConfig, basicConfig)); + } + + @Test + public void loaLowRequested() throws AuthnRequestValidatorException, ParserConfigurationException, + SAXException, IOException, UnmarshallingException { + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_1.xml"); + + //test + authRequestValidator.validate(httpReq, pendingReq, authReq, null); + + //validate + Assert.assertNotNull("spEntityId is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID)); + Assert.assertEquals("SP EntityId not match", + "https://demo.egiz.gv.at/demoportal-openID_demo", + pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID)); + + Assert.assertNotNull("SP ProviderName is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME)); + Assert.assertEquals("SP ProviderName not match", + "OpenID Connect Demo", + pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME)); + + Assert.assertNotNull("Requested SP LoA is null", + pendingReq.getServiceProviderConfiguration().getRequiredLoA()); + Assert.assertFalse("Requested SP LoA is null", + pendingReq.getServiceProviderConfiguration().getRequiredLoA().isEmpty()); + Assert.assertEquals("SP LoA count not match", 1, + pendingReq.getServiceProviderConfiguration().getRequiredLoA().size()); + Assert.assertEquals("SP LoA not match", + "http://eidas.europa.eu/LoA/substantial", + pendingReq.getServiceProviderConfiguration().getRequiredLoA().get(0)); + + Assert.assertNotNull("bPK Target is null", + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+BF", + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + + } + + @Test + public void loaSubstentialRequested() throws AuthnRequestValidatorException, ParserConfigurationException, + SAXException, IOException, UnmarshallingException { + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_2.xml"); + + //test + authRequestValidator.validate(httpReq, pendingReq, authReq, null); + + //validate + Assert.assertNotNull("spEntityId is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID)); + Assert.assertEquals("SP EntityId not match", + "https://demo.egiz.gv.at/demoportal-openID_demo", + pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID)); + + Assert.assertNotNull("SP ProviderName is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME)); + Assert.assertEquals("SP ProviderName not match", + "OpenID Connect Demo", + pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME)); + + Assert.assertNotNull("Requested SP LoA is null", + pendingReq.getServiceProviderConfiguration().getRequiredLoA()); + Assert.assertFalse("Requested SP LoA is null", + pendingReq.getServiceProviderConfiguration().getRequiredLoA().isEmpty()); + Assert.assertEquals("SP LoA count not match", 1, + pendingReq.getServiceProviderConfiguration().getRequiredLoA().size()); + Assert.assertEquals("SP LoA not match", + "http://eidas.europa.eu/LoA/substantial", + pendingReq.getServiceProviderConfiguration().getRequiredLoA().get(0)); + + Assert.assertNotNull("bPK Target is null", + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+BF", + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + + } + + @Test + public void loaHighRequested() throws AuthnRequestValidatorException, ParserConfigurationException, + SAXException, IOException, UnmarshallingException { + AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_3.xml"); + + //test + authRequestValidator.validate(httpReq, pendingReq, authReq, null); + + //validate + Assert.assertNotNull("spEntityId is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID)); + Assert.assertEquals("SP EntityId not match", + "https://demo.egiz.gv.at/demoportal-openID_demo", + pendingReq.getRawData(MsEidasNodeConstants.DATA_REQUESTERID)); + + Assert.assertNotNull("SP ProviderName is null", pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME)); + Assert.assertEquals("SP ProviderName not match", + "OpenID Connect Demo", + pendingReq.getRawData(MsEidasNodeConstants.DATA_PROVIDERNAME)); + + Assert.assertNotNull("Requested SP LoA is null", + pendingReq.getServiceProviderConfiguration().getRequiredLoA()); + Assert.assertFalse("Requested SP LoA is null", + pendingReq.getServiceProviderConfiguration().getRequiredLoA().isEmpty()); + Assert.assertEquals("SP LoA count not match", 1, + pendingReq.getServiceProviderConfiguration().getRequiredLoA().size()); + Assert.assertEquals("SP LoA not match", + "http://eidas.europa.eu/LoA/high", + pendingReq.getServiceProviderConfiguration().getRequiredLoA().get(0)); + + Assert.assertNotNull("bPK Target is null", + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+XX", + pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier()); + + } + + private AuthnRequest getAuthRequest(String resource) throws + ParserConfigurationException, SAXException, IOException, UnmarshallingException { + final Element authBlockDom = + DomUtils.parseXmlValidating(AuthnRequestValidatorTest.class.getResourceAsStream(resource)); + + final UnmarshallerFactory unmarshallerFactory = + org.opensaml.xml.Configuration.getUnmarshallerFactory(); + final Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(authBlockDom); + return (AuthnRequest) unmarshaller.unmarshall(authBlockDom); + + } +} -- cgit v1.2.3