From d2dec4601c41131c3ca509a8f7907b91af0ba2a6 Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Mon, 19 Dec 2022 15:50:38 +0100
Subject: feat(eidas-connector): support not-notified LoA

 - not-notified LoA is currently used by Ukraine
---
 .../connector/test/FullStartUpAndProcessTest.java  | 151 +++++++++++++++++++--
 1 file changed, 143 insertions(+), 8 deletions(-)

(limited to 'ms_specific_connector/src/test/java/at/asitplus/eidas')

diff --git a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
index e5fea3b3..46079ac5 100644
--- a/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
+++ b/ms_specific_connector/src/test/java/at/asitplus/eidas/specific/connector/test/FullStartUpAndProcessTest.java
@@ -372,7 +372,7 @@ public class FullStartUpAndProcessTest {
     Assert.assertFalse("eidas req. token", eidasNodeReqToken.isEmpty());
 
     //check eIDAS node request and build respose
-    String eidasRespToken = validateEidasNodeRequestAndBuildResponse(eidasNodeReqToken);
+    String eidasRespToken = validateEidasNodeRequestAndBuildResponse(eidasNodeReqToken, EaafConstants.EIDAS_LOA_HIGH);
     Assert.assertFalse("eidas resp. token", eidasRespToken.isEmpty());
 
 
@@ -450,6 +450,142 @@ public class FullStartUpAndProcessTest {
 
   }
 
+  @Test
+  public void fullSuccessProcessNonNotifiedLoa() throws EaafException, Exception {
+    //start authentication process by sending a SAML2 Authn-Request
+    MockHttpServletRequest saml2Req = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    injectSaml2AuthnReq(saml2Req);
+    MockHttpServletResponse selectCountryResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(saml2Req, selectCountryResp));
+
+    // send SAML2 AuthnRequest
+    sProfile.pvpIdpPostRequest(saml2Req, selectCountryResp);
+
+    //check country-selection response
+    Assert.assertEquals("no country-selection page", 200, selectCountryResp.getStatus());
+    Assert.assertEquals("cc-selection page", "text/html;charset=UTF-8", selectCountryResp.getContentType());
+    String selectionPage = selectCountryResp.getContentAsString();
+    Assert.assertNotNull("selectionPage is null", selectionPage);
+    Assert.assertFalse("selectionPage is empty", selectionPage.isEmpty());
+
+    String pendingReqId = extractRequestToken(selectionPage,
+        "<input type=\"hidden\" name=\"pendingid\" value=\"");
+    Assert.assertFalse("PendingReqId", pendingReqId.isEmpty());
+
+
+    //set UA as citizen country-code
+    cc = "UA";
+    pseudonym = RandomStringUtils.randomNumeric(64);
+    personalId = cc + "/AT/" + pseudonym;
+    familyName = RandomStringUtils.randomAlphabetic(10);
+    givenName = RandomStringUtils.randomAlphabetic(10);
+    dateOfBirth = "2015-10-12";
+    
+    
+    // set-up country-selection request
+    MockHttpServletRequest selectCountryReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    selectCountryReq.setParameter("pendingid", pendingReqId);
+    selectCountryReq.setParameter("selectedCountry", cc);
+
+    MockHttpServletResponse forwardEidasNodeResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(selectCountryReq, forwardEidasNodeResp));
+
+    // send country-selection request
+    signal.performGenericAuthenticationProcess(selectCountryReq, forwardEidasNodeResp);
+
+    //check forward to eIDAS node response
+    Assert.assertEquals("forward to eIDAS Node", 200, forwardEidasNodeResp.getStatus());
+    Assert.assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", forwardEidasNodeResp.getContentType());
+    String forwardPage = forwardEidasNodeResp.getContentAsString();
+    Assert.assertNotNull("forward to eIDAS Node is null", forwardPage);
+    Assert.assertFalse("forward to eIDAS Node is empty", forwardPage.isEmpty());
+
+    String eidasNodeReqToken = extractRequestToken(forwardPage,
+        "<input type=\"hidden\" name=\"token\" value=\"");
+    Assert.assertFalse("eidas req. token", eidasNodeReqToken.isEmpty());
+
+    //check eIDAS node request and build respose
+    String eidasRespToken = validateEidasNodeRequestAndBuildResponse(eidasNodeReqToken, 
+        EaafConstants.EIDAS_LOA_NOT_NOTIFIED_PREFIX + "high");
+    Assert.assertFalse("eidas resp. token", eidasRespToken.isEmpty());
+
+
+    // set-up eIDAS-node response
+    MockHttpServletRequest eidasNodeRespReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    eidasNodeRespReq.setParameter("token", eidasRespToken);
+
+    MockHttpServletResponse finalizeResp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(eidasNodeRespReq, finalizeResp));
+
+    // inject ZMR, ERnP and SZR responses for matching
+    injectZmrResponse();
+    injectSzrResponse();    
+    mockWebServer.enqueue(new MockResponse().setResponseCode(200)
+        .setBody("{}") // empty response because we simulate result from ZMR
+        .setHeader("Content-Type", "application/json;charset=utf-8"));
+    
+    //excute eIDAS node response
+    eidasSignal.restoreEidasAuthProcess(eidasNodeRespReq, finalizeResp);
+
+    //validate state
+    Assert.assertEquals("forward to finalization", 302, finalizeResp.getStatus());
+    Assert.assertNotNull("missing redirect header", finalizeResp.getHeader("Location"));
+    Assert.assertTrue("wrong redirect header", finalizeResp.getHeader("Location").startsWith(FINAL_REDIRECT));
+    String finalPendingReqId = finalizeResp.getHeader("Location").substring(FINAL_REDIRECT.length());
+    Assert.assertFalse("final pendingRequestId", finalPendingReqId.isEmpty());
+
+
+    //set-up finalization request
+    MockHttpServletRequest finalizationReq = new MockHttpServletRequest("POST", "https://localhost/ms_connector");
+    finalizationReq.setParameter("pendingid", finalPendingReqId);
+
+    MockHttpServletResponse saml2Resp = new MockHttpServletResponse();
+    RequestContextHolder.resetRequestAttributes();
+    RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(finalizationReq, saml2Resp));
+
+    // exexcute finalization step
+    finalize.finalizeAuthProtocol(finalizationReq, saml2Resp);
+
+    //validate state
+    Assert.assertEquals("forward to finalization", 200, saml2Resp.getStatus());
+    Assert.assertEquals("forward to eIDAS Node page", "text/html;charset=UTF-8", saml2Resp.getContentType());
+    String saml2RespPage = saml2Resp.getContentAsString();
+    Assert.assertNotNull("selectionPage is null", saml2RespPage);
+    Assert.assertFalse("selectionPage is empty", saml2RespPage.isEmpty());
+
+    //validate SAML2 response
+    String saml2RespB64 = extractRequestToken(saml2RespPage,
+        "<input type=\"hidden\" name=\"SAMLResponse\" value=\"");
+    Assert.assertNotNull("SAML2 response", saml2RespB64);
+
+    StatusResponseType saml2 = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        new ByteArrayInputStream(Base64Utils.decodeFromString(saml2RespB64)));
+    Assert.assertEquals("SAML2 status", EidasConstants.SUCCESS_URI, saml2.getStatus().getStatusCode().getValue());
+
+    final AssertionAttributeExtractor extractor = new AssertionAttributeExtractor(saml2);
+
+    Assert.assertEquals("wrong resp attr. size", 7, extractor.getAllIncludeAttributeNames().size());
+    Assert.assertEquals("Wrong attr: LoA ", "http://eidas.europa.eu/NotNotified/LoA/high",
+        extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.108"));
+    Assert.assertEquals("Wrong attr: PVP_VERSION ", "2.2",
+        extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.10"));
+    Assert.assertEquals("Wrong attr: EID_ISSUER_NATION  ", cc,
+        extractor.getSingleAttributeValue("urn:oid:1.2.40.0.10.2.1.1.261.32"));
+    Assert.assertEquals("Wrong attr: eidasBind", eidasBind,
+        extractor.getSingleAttributeValue("urn:eidgvat:attributes.eidbind"));
+    Assert.assertNotNull("Wrong attr:  authBlock",
+        extractor.getSingleAttributeValue("urn:eidgvat:attributes.authblock.signed"));
+    Assert.assertNotNull("Wrong attr: piiTras.Id ",
+        extractor.getSingleAttributeValue("urn:eidgvat:attributes.piiTransactionId"));
+    Assert.assertEquals("Wrong attr:EID_STATUS_LEVEL ", "http://eid.gv.at/eID/status/identity",
+        extractor.getSingleAttributeValue(PvpAttributeDefinitions.EID_IDENTITY_STATUS_LEVEL_NAME));
+
+  }
+  
   private void injectSzrResponse() throws Exception {
     when(szrMock.getStammzahlEncrypted(any(), any())).thenReturn(vsz);
 
@@ -509,7 +645,7 @@ public class FullStartUpAndProcessTest {
   }
 
 
-  private String validateEidasNodeRequestAndBuildResponse(String eidasNodeReqToken)
+  private String validateEidasNodeRequestAndBuildResponse(String eidasNodeReqToken, String loa)
       throws SpecificCommunicationException, URISyntaxException {
     final SpecificCommunicationService springManagedSpecificConnectorCommunicationService =
         (SpecificCommunicationService) wac.getBean(
@@ -521,17 +657,16 @@ public class FullStartUpAndProcessTest {
 
     Assert.assertNotNull("eIDAS Node req", req);
     Assert.assertEquals("Wrong CC", cc, req.getCitizenCountryCode());
-    Assert.assertEquals("Wrong CC", EaafConstants.EIDAS_LOA_HIGH, req.getLevelOfAssurance());
-
-
+    Assert.assertEquals("Wrong CC", loa, req.getLevelsOfAssurance().get(0).getValue());
+    
     //set response from eIDAS node
     BinaryLightToken respoToken = springManagedSpecificConnectorCommunicationService.putResponse(
-        buildDummyAuthResponse(EidasConstants.SUCCESS_URI, req.getId()));
+        buildDummyAuthResponse(EidasConstants.SUCCESS_URI, req.getId(), loa));
     return Base64Utils.encodeToString(respoToken.getTokenBytes());
 
   }
 
-  private AuthenticationResponse buildDummyAuthResponse(String statusCode, String reqId) throws URISyntaxException {
+  private AuthenticationResponse buildDummyAuthResponse(String statusCode, String reqId, String loa) throws URISyntaxException {
     final AttributeDefinition<?> attributeDef = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
         EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first();
     final AttributeDefinition<?> attributeDef2 = attrRegistry.getCoreAttributeRegistry().getByFriendlyName(
@@ -554,7 +689,7 @@ public class FullStartUpAndProcessTest {
         .statusCode(statusCode)
         .inResponseTo(reqId)
         .subjectNameIdFormat("afaf")
-        .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH)
+        .levelOfAssurance(loa)
         .attributes(attributeMap)
         .build();
 
-- 
cgit v1.2.3