From 7a62a84f23b3a1a1027ebda31fb790ee072793cc Mon Sep 17 00:00:00 2001
From: Thomas Lenz <thomas.lenz@egiz.gv.at>
Date: Fri, 27 Nov 2020 09:08:10 +0100
Subject: read unique transactionId from AuthnRequest to reuse it for eIDAS
 authentication

---
 .../connector/test/AuthnRequestValidatorTest.java  | 52 ++++++++++++++++++----
 .../resources/config/junit_config_1.properties     |  2 +-
 connector/src/test/resources/data/pvp2_authn_2.xml |  4 ++
 connector/src/test/resources/data/pvp2_authn_3.xml |  3 ++
 4 files changed, 51 insertions(+), 10 deletions(-)

(limited to 'connector/src/test')

diff --git a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java
index e34c8036..389f561e 100644
--- a/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java
+++ b/connector/src/test/java/at/asitplus/eidas/specific/connector/test/AuthnRequestValidatorTest.java
@@ -33,11 +33,14 @@ import org.xml.sax.SAXException;
 import at.asitplus.eidas.specific.connector.MsEidasNodeConstants;
 import at.asitplus.eidas.specific.connector.config.ServiceProviderConfiguration;
 import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants;
-import at.gv.egiz.eaaf.core.api.idp.IConfiguration;
+import at.gv.egiz.eaaf.core.api.idp.IConfigurationWithSP;
 import at.gv.egiz.eaaf.core.exceptions.AuthnRequestValidatorException;
+import at.gv.egiz.eaaf.core.exceptions.EaafException;
+import at.gv.egiz.eaaf.core.impl.idp.controller.protocols.RequestImpl;
 import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
 import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
 import at.gv.egiz.eaaf.modules.pvp2.api.validation.IAuthnRequestPostProcessor;
+import at.gv.egiz.eaaf.modules.pvp2.idp.impl.PvpSProfilePendingRequest;
 import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
 import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
 
@@ -53,12 +56,12 @@ import net.shibboleth.utilities.java.support.component.ComponentInitializationEx
 @DirtiesContext(classMode = ClassMode.BEFORE_CLASS)
 public class AuthnRequestValidatorTest {
 
-  @Autowired private IConfiguration basicConfig;
+  @Autowired private IConfigurationWithSP basicConfig;
   @Autowired protected IAuthnRequestPostProcessor authRequestValidator;
   
   private MockHttpServletRequest httpReq;
   private MockHttpServletResponse httpResp;
-  private TestRequestImpl pendingReq;
+  private PvpSProfilePendingRequest pendingReq;
   
   /**
    * jUnit class initializer.
@@ -76,10 +79,11 @@ public class AuthnRequestValidatorTest {
   
   /**
    * jUnit test set-up.
+   * @throws EaafException 
    * 
    */
   @Before
-  public void initialize() {
+  public void initialize() throws EaafException {
     httpReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
     httpResp = new MockHttpServletResponse();
     RequestContextHolder.resetRequestAttributes();
@@ -88,10 +92,12 @@ public class AuthnRequestValidatorTest {
     Map<String, String> spConfig = new HashMap<>();
     spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphabetic(10));
     
-    pendingReq = new TestRequestImpl();
-    pendingReq.setAuthUrl("https://localhost/ms_connector");
-    pendingReq.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
-    pendingReq.setSpConfig(new ServiceProviderConfiguration(spConfig, basicConfig));
+    pendingReq = new PvpSProfilePendingRequest();
+    pendingReq.initialize(httpReq, basicConfig);
+    pendingReq.setPendingRequestId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReq.setOnlineApplicationConfiguration(new ServiceProviderConfiguration(spConfig, basicConfig));    
+    ((RequestImpl)pendingReq).setUniqueTransactionIdentifier(null);
+    
   }
   
   @Test
@@ -128,6 +134,8 @@ public class AuthnRequestValidatorTest {
     Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+BF", 
         pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
         
+    Assert.assertNull("wrong transactionId", pendingReq.getUniqueTransactionIdentifier());
+    
   }
   
   @Test
@@ -164,6 +172,8 @@ public class AuthnRequestValidatorTest {
     Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+BF", 
         pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
         
+    Assert.assertNull("wrong transactionId", pendingReq.getUniqueTransactionIdentifier());
+    
   }
   
   @Test
@@ -200,6 +210,30 @@ public class AuthnRequestValidatorTest {
     Assert.assertEquals("bPK target not match", "urn:publicid:gv.at:cdid+XX", 
         pendingReq.getServiceProviderConfiguration().getAreaSpecificTargetIdentifier());
         
+    Assert.assertEquals("wrong transactionId", "transId_11223344556677aabbcc", 
+        pendingReq.getUniqueTransactionIdentifier());
+    
+  }
+  
+  @Test
+  public void transactionIdWrongPendingReqType() throws AuthnRequestValidatorException, ParserConfigurationException, 
+      SAXException, IOException, UnmarshallingException {
+    
+    Map<String, String> spConfig = new HashMap<>();
+    spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, RandomStringUtils.randomAlphabetic(10));
+    
+    TestRequestImpl pendingReqLocal = new TestRequestImpl();
+    pendingReqLocal.setPendingReqId(RandomStringUtils.randomAlphanumeric(10));
+    pendingReqLocal.setSpConfig(new ServiceProviderConfiguration(spConfig, basicConfig));    
+    
+    AuthnRequest authReq = getAuthRequest("/data/pvp2_authn_3.xml");
+    
+    //test
+    authRequestValidator.process(httpReq, pendingReqLocal, authReq, null);
+        
+    //validate
+    Assert.assertNull("wrong transactionId", pendingReqLocal.getUniqueTransactionIdentifier());
+    
   }
   
   @Test
@@ -214,7 +248,7 @@ public class AuthnRequestValidatorTest {
       
     } catch (AuthnRequestValidatorException e) {
       Assert.assertEquals("Wrong errorCode", "pvp2.22", e.getErrorId());
-      
+            
     }              
   }
   
diff --git a/connector/src/test/resources/config/junit_config_1.properties b/connector/src/test/resources/config/junit_config_1.properties
index f498cac4..3350f947 100644
--- a/connector/src/test/resources/config/junit_config_1.properties
+++ b/connector/src/test/resources/config/junit_config_1.properties
@@ -1,5 +1,5 @@
 ## Basic service configuration
-eidas.ms.context.url.prefix=
+eidas.ms.context.url.prefix=http://localhost
 eidas.ms.context.url.request.validation=false
 
 eidas.ms.context.use.clustermode=true
diff --git a/connector/src/test/resources/data/pvp2_authn_2.xml b/connector/src/test/resources/data/pvp2_authn_2.xml
index 5f21af05..dbf46622 100644
--- a/connector/src/test/resources/data/pvp2_authn_2.xml
+++ b/connector/src/test/resources/data/pvp2_authn_2.xml
@@ -28,6 +28,10 @@
       <eid:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
         <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+BF</eid:AttributeValue>
       </eid:RequestedAttribute>
+      <eid:RequestedAttribute FriendlyName="transactionId" Name="urn:eidgvat:attributes.transactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">transId_11223344556677aabbcc</eid:AttributeValue>
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">transId_second</eid:AttributeValue>
+      </eid:RequestedAttribute>
     </eid:RequestedAttributes>
   </saml2p:Extensions>
   <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
diff --git a/connector/src/test/resources/data/pvp2_authn_3.xml b/connector/src/test/resources/data/pvp2_authn_3.xml
index bf356da7..35e49b0f 100644
--- a/connector/src/test/resources/data/pvp2_authn_3.xml
+++ b/connector/src/test/resources/data/pvp2_authn_3.xml
@@ -28,6 +28,9 @@
       <eid:RequestedAttribute FriendlyName="EID-SECTOR-FOR-IDENTIFIER" Name="urn:oid:1.2.40.0.10.2.1.1.261.34" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
         <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">urn:publicid:gv.at:cdid+XX</eid:AttributeValue>
       </eid:RequestedAttribute>
+      <eid:RequestedAttribute FriendlyName="transactionId" Name="urn:eidgvat:attributes.transactionId" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" isRequired="true">
+        <eid:AttributeValue xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="xs:string">transId_11223344556677aabbcc</eid:AttributeValue>
+      </eid:RequestedAttribute>
     </eid:RequestedAttributes>
   </saml2p:Extensions>
   <saml2p:NameIDPolicy AllowCreate="true" Format="urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"/>
-- 
cgit v1.2.3