From d2dec4601c41131c3ca509a8f7907b91af0ba2a6 Mon Sep 17 00:00:00 2001 From: Thomas <> Date: Mon, 19 Dec 2022 15:50:38 +0100 Subject: feat(eidas-connector): support not-notified LoA - not-notified LoA is currently used by Ukraine --- .../EidasAttributePostProcessingTest.java | 83 +++++++++++++++++++++- .../EidasRequestPreProcessingSecondTest.java | 34 +++++---- .../validation/EidasResponseValidatorTest.java | 44 ++++++++++++ 3 files changed, 148 insertions(+), 13 deletions(-) (limited to 'modules/authmodule-eIDAS-v2/src/test') diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java index b8cb0642..7ae432a7 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasAttributePostProcessingTest.java @@ -31,6 +31,7 @@ import java.util.HashMap; import java.util.Map; import org.apache.commons.lang3.RandomStringUtils; +import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; @@ -40,6 +41,7 @@ import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.dao.SimpleEidasData; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService; @@ -126,6 +128,8 @@ public class EidasAttributePostProcessingTest { private static final String P8_PLACEOFBIRTH = RandomStringUtils.randomAlphabetic(10); private static final String P8_BIRTHNAME = RandomStringUtils.randomAlphabetic(10); + @Autowired + private MsConnectorDummyConfigMap basicConfig; /** * jUnit class initializer. @@ -136,9 +140,19 @@ public class EidasAttributePostProcessingTest { public static void classInitializer() throws IOException { final String current = new java.io.File(".").toURI().toString(); System.setProperty("eidas.ms.configuration", current + "../../basicConfig/default_config.properties"); - + } + /** + * Test initializer. + */ + @Before + public void initialize() { + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.workaround.ua.dateofbirth", "false"); + + } + + @Test @SneakyThrows public void deWithHexLowerCase() { @@ -271,6 +285,73 @@ public class EidasAttributePostProcessingTest { } + @Test + public void uaTestCaseWrongDateOfBirthWorkAround() throws Exception { + basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.workaround.ua.dateofbirth", "true"); + + final SimpleEidasData result = postProcessor.postProcess( + generateInputData( + "UA/AT/asdfsafsdaasfsadf", + "UATestUser", + "mein Vorname", + "2170-05-29", + null, + null)); + + validate(result, + "asdfsafsdaasfsadf", + "UA", + "UATestUser", + "mein Vorname", + "2000-05-29", + null, + null); + + } + + @Test + public void uaTestCaseWrongDateOfBirth() throws Exception { + final SimpleEidasData result = postProcessor.postProcess( + generateInputData( + "UA/AT/asdfsafsdaasfsadf", + "UATestUser", + "mein Vorname", + "2170-05-29", + null, + null)); + + validate(result, + "asdfsafsdaasfsadf", + "UA", + "UATestUser", + "mein Vorname", + "2170-05-29", + null, + null); + + } + + @Test + public void uaTestCaseValidDateOfBirth() throws Exception { + final SimpleEidasData result = postProcessor.postProcess( + generateInputData( + "UA/AT/asdfsafsdaasfsadf", + "UATestUser", + "mein Vorname", + "1970-05-29", + null, + null)); + + validate(result, + "asdfsafsdaasfsadf", + "UA", + "UATestUser", + "mein Vorname", + "1970-05-29", + null, + null); + + } @Test public void eeTestCase() throws Exception { diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java index 7cfd2d5c..6f385789 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasRequestPreProcessingSecondTest.java @@ -25,6 +25,7 @@ package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.validation; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertThrows; +import static org.junit.Assert.assertTrue; import java.util.HashMap; import java.util.Map; @@ -40,13 +41,13 @@ import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; +import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPostProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidPreProcessingException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.service.CcSpecificEidProcessingService; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; -import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import eu.eidas.auth.commons.light.impl.LightRequest; import eu.eidas.auth.commons.light.impl.LightRequest.Builder; @@ -65,7 +66,7 @@ public class EidasRequestPreProcessingSecondTest { private CcSpecificEidProcessingService preProcessor; private TestRequestImpl pendingReq; - private DummySpConfiguration oaParam; + private ServiceProviderConfiguration oaParam; private Builder authnRequestBuilder; @@ -74,13 +75,16 @@ public class EidasRequestPreProcessingSecondTest { * */ @Before + @SneakyThrows public void setUp() { final Map spConfig = new HashMap<>(); spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); - spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); - oaParam = new DummySpConfiguration(spConfig, basicConfig); - + + oaParam = new ServiceProviderConfiguration(spConfig, basicConfig); + oaParam.setBpkTargetIdentifier("urn:publicid:gv.at:cdid+XX"); + + pendingReq = new TestRequestImpl(); pendingReq.setSpConfig(oaParam); pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); @@ -105,9 +109,8 @@ public class EidasRequestPreProcessingSecondTest { public void privateSpAllowed() { basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.proxyservices.privatesp.notsupported", "XX,XY"); - basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); - - oaParam.getFullConfiguration().put("target", "urn:publicid:gv.at:wbpk+XFN+123456a"); + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); + oaParam.setBpkTargetIdentifier("urn:publicid:gv.at:wbpk+XFN+123456a"); final String testCountry = "DE"; authnRequestBuilder.citizenCountryCode(testCountry); @@ -123,10 +126,9 @@ public class EidasRequestPreProcessingSecondTest { public void privateSpNotAllowed() { basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.proxyservices.privatesp.notsupported", "XX,XY"); - basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); - - oaParam.getFullConfiguration().put("target", "urn:publicid:gv.at:wbpk+XFN+123456a"); - + basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); + oaParam.setBpkTargetIdentifier("urn:publicid:gv.at:wbpk+XFN+123456a"); + final String testCountry = "XY"; authnRequestBuilder.citizenCountryCode(testCountry); @@ -225,6 +227,14 @@ public class EidasRequestPreProcessingSecondTest { Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/NotNotified/LoA/high", lightReq.getLevelsOfAssurance().get(0).getValue()); + assertEquals("SP allowed LoA", 2, oaParam.getRequiredLoA().size()); + assertTrue("missing not-notified LoA", oaParam.getRequiredLoA().stream() + .filter(el -> el.equals("http://eidas.europa.eu/NotNotified/LoA/high")).findFirst().isPresent()); + assertEquals("wrong LoA matching-mode", "exact", oaParam.getLoAMatchingMode()); + + + + } } diff --git a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java index 91a50d28..d7831dbd 100644 --- a/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java +++ b/modules/authmodule-eIDAS-v2/src/test/java/at/asitplus/eidas/specific/modules/auth/eidas/v2/test/validation/EidasResponseValidatorTest.java @@ -36,6 +36,7 @@ import eu.eidas.auth.commons.attribute.ImmutableAttributeMap.Builder; import eu.eidas.auth.commons.attribute.impl.StringAttributeValue; import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.protocol.impl.AuthenticationResponse; +import lombok.SneakyThrows; import lombok.val; @RunWith(SpringJUnit4ClassRunner.class) @@ -99,6 +100,49 @@ public class EidasResponseValidatorTest { } } + @Test + public void loaFromResponseNotAllowed() throws URISyntaxException { + //set-up + ILightResponse eidasResponse = buildDummyAuthResponse( + "LU/AT/" + RandomStringUtils.randomNumeric(10), + "http://eidas.europa.eu/NotNotified/LoA/high", + false); + String spCountry = "AT"; + String citizenCountryCode = "XX"; + + //execute test + try { + EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); + Assert.fail("Wrong eIDAS response not detected"); + + } catch (EidasValidationException e) { + Assert.assertEquals("ErrorId", "eidas.06", e.getErrorId()); + Assert.assertEquals("wrong parameter size", 1, e.getParams().length); + Assert.assertEquals("wrong errorMsg", "http://eidas.europa.eu/NotNotified/LoA/high", + e.getParams()[0]); + + } + } + + @Test + @SneakyThrows + public void loaFromResponseNotNotified() throws URISyntaxException { + + //set-up + ILightResponse eidasResponse = buildDummyAuthResponse( + "LU/AT/" + RandomStringUtils.randomNumeric(10), + "http://eidas.europa.eu/NotNotified/LoA/high", + false); + String spCountry = "AT"; + String citizenCountryCode = "LU"; + + oaParam.setLoa(Arrays.asList(EaafConstants.EIDAS_LOA_HIGH, "http://eidas.europa.eu/NotNotified/LoA/high")); + + //execute test + EidasResponseValidator.validateResponse(pendingReq, eidasResponse, spCountry, citizenCountryCode, attrRegistry); + + } + @Test public void noEidasSpCountry() throws URISyntaxException { //set-up -- cgit v1.2.3