package at.asitplus.eidas.specific.modules.auth.eidas.v2.test.tasks; import static org.junit.Assert.assertNull; import java.io.UnsupportedEncodingException; import java.util.HashMap; import java.util.Map; import org.apache.commons.lang3.RandomStringUtils; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.test.annotation.DirtiesContext; import org.springframework.test.annotation.DirtiesContext.ClassMode; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import at.asitplus.eidas.specific.core.MsEidasNodeConstants; import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.auth.eidas.v2.Constants; import at.asitplus.eidas.specific.modules.auth.eidas.v2.exception.EidasSAuthenticationException; import at.asitplus.eidas.specific.modules.auth.eidas.v2.tasks.GenerateAuthnRequestTask; import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.asitplus.eidas.specific.modules.core.eidas.test.dummy.DummySpecificCommunicationService; import at.gv.egiz.eaaf.core.api.data.EaafConfigConstants; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.idp.process.ExecutionContext; import at.gv.egiz.eaaf.core.exceptions.EaafConfigurationException; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.exceptions.GuiBuildException; import at.gv.egiz.eaaf.core.exceptions.TaskExecutionException; import at.gv.egiz.eaaf.core.impl.idp.module.test.DummySpConfiguration; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egiz.eaaf.core.impl.idp.process.ExecutionContextImpl; import eu.eidas.auth.commons.light.ILightRequest; import eu.eidas.specificcommunication.exception.SpecificCommunicationException; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { "/SpringTest-context_tasks_test.xml", "/SpringTest-context_basic_mapConfig.xml"}) @DirtiesContext(classMode = ClassMode.BEFORE_CLASS) public class GenerateAuthnRequestTaskTest { @Autowired(required = true) private GenerateAuthnRequestTask task; @Autowired(required = true) private DummySpecificCommunicationService commService; @Autowired(required = true) private MsConnectorDummyConfigMap basicConfig; final ExecutionContext executionContext = new ExecutionContextImpl(); private MockHttpServletRequest httpReq; private MockHttpServletResponse httpResp; private TestRequestImpl pendingReq; private DummySpConfiguration oaParam; private Map spConfig; /** * jUnit test set-up. * */ @Before public void setUp() { httpReq = new MockHttpServletRequest("POST", "https://localhost/authhandler"); httpResp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); spConfig = new HashMap<>(); spConfig.put(EaafConfigConstants.SERVICE_UNIQUEIDENTIFIER, "testSp"); spConfig.put("target", "urn:publicid:gv.at:cdid+XX"); oaParam = new DummySpConfiguration(spConfig, basicConfig); pendingReq = new TestRequestImpl(); pendingReq.setSpConfig(oaParam); pendingReq.setPendingReqId(at.gv.egiz.eaaf.core.impl.utils.Random.nextProcessReferenceValue()); pendingReq.setAuthUrl("http://test.com/"); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "true"); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.entityId", RandomStringUtils.randomAlphabetic(10)); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", "http://test/" + RandomStringUtils.randomAlphabetic(5)); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat"); basicConfig.removeConfigValue(Constants.CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat.de"); } @Test public void missingIssuer() { executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.entityId"); //execute test try { task.execute(pendingReq, executionContext); Assert.fail("Missing Issuer not detected"); } catch (final TaskExecutionException e) { // forward URL is not set in example config org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getOriginalException(), "Wrong exception"); Assert.assertEquals("wrong errorCode", "config.27", ((EaafException) e.getOriginalException()) .getErrorId()); Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException()) .getParams().length); } } @Test public void missingForwardUrl() { executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.forward.endpoint"); //execute test try { task.execute(pendingReq, executionContext); Assert.fail("Missing Forward-URL not detected"); } catch (final TaskExecutionException e) { // forward URL is not set in example config org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getOriginalException(), "Wrong exception"); Assert.assertEquals("wrong errorCode", "config.08", ((EaafException) e.getOriginalException()) .getErrorId()); Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException()) .getParams().length); Assert.assertEquals("wrong errorMsg", EidasConstants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL, ((EaafException) e .getOriginalException()).getParams()[0]); } } @Test public void selectUnknownStage() { executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); String stage = RandomStringUtils.randomAlphabetic(5); executionContext.put("selectedEnvironment", stage); //execute test try { task.execute(pendingReq, executionContext); Assert.fail("Missing Forward-URL not detected"); } catch (final TaskExecutionException e) { // forward URL is not set in example config org.springframework.util.Assert.isInstanceOf(EaafConfigurationException.class, e.getOriginalException(), "Wrong exception"); Assert.assertEquals("wrong errorCode", "config.08", ((EaafException) e.getOriginalException()) .getErrorId()); Assert.assertEquals("wrong parameter size", 1, ((EaafException) e.getOriginalException()) .getParams().length); Assert.assertEquals("wrong errorMsg", EidasConstants.CONIG_PROPS_EIDAS_CONNECTOR_NODE_FORWARD_URL + "." + stage, ((EaafException) e .getOriginalException()).getParams()[0]); } } @Test public void selectQsEndpoint() throws TaskExecutionException, SpecificCommunicationException, EaafStorageException { //set-up test executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); executionContext.put("selectedEnvironment", "qs"); String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.endpoint.qs", dynEndPoint); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); //perform test task.execute(pendingReq, executionContext); //validate state Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); Assert.assertTrue("Wrong redirect endpoint", ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); } @Test public void selectTestEndpoint() throws TaskExecutionException, SpecificCommunicationException, EaafStorageException { //set-up test executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); executionContext.put("selectedEnvironment", "test"); String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.endpoint.test", dynEndPoint); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); //perform test task.execute(pendingReq, executionContext); //validate state Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); Assert.assertTrue("Wrong redirect endpoint", ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); } @Test public void selectDevEndpoint() throws TaskExecutionException, SpecificCommunicationException, EaafStorageException { //set-up test executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); executionContext.put("selectedEnvironment", "dev"); String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.endpoint.dev", dynEndPoint); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); //perform test task.execute(pendingReq, executionContext); //validate state Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); Assert.assertTrue("Wrong redirect endpoint", ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); } @Test public void noCountryCode() { try { task.execute(pendingReq, executionContext); Assert.fail("No countryCode not detected"); } catch (final TaskExecutionException e) { Assert.assertEquals("wrong pendingReqId", pendingReq.getPendingRequestId(), e.getPendingRequestID()); org.springframework.util.Assert.isInstanceOf(EidasSAuthenticationException.class, e .getOriginalException(), "Wrong exception"); Assert.assertEquals("wrong errorCode", "eidas.03", ((EaafException) e.getOriginalException()) .getErrorId()); } } @Test public void withStaticProviderNameForPublicSPs() throws TaskExecutionException, SpecificCommunicationException { executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.publicSectorTargets", ".*"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true"); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs"); //execute test task.execute(pendingReq, executionContext); //validate state final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); Assert.assertEquals("ProviderName is not Static", Constants.DEFAULT_PROPS_EIDAS_NODE_STATIC_PROVIDERNAME_FOR_PUBLIC_SP, eidasReq.getProviderName()); Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); Assert.assertNull("msConnector Staging", pendingReq.getRawData(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, String.class)); } @Test public void withMsConnectorStaging() throws TaskExecutionException, SpecificCommunicationException { executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.publicSectorTargets", ".*"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true"); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs"); String msConnectorStage = RandomStringUtils.randomAlphanumeric(10); basicConfig.putConfigValue(Constants.CONIG_PROPS_EIDAS_WORKAROUND_STAGING_MS_CONNECTOR, msConnectorStage); //execute test task.execute(pendingReq, executionContext); //validate state Assert.assertEquals("msConnector Staging", msConnectorStage, pendingReq.getRawData(MsEidasNodeConstants.EXECCONTEXT_PARAM_MSCONNECTOR_STAGING, String.class)); } @Test public void withCustomStaticProviderNameForPublicSPs() throws TaskExecutionException, SpecificCommunicationException { String cc = RandomStringUtils.randomAlphabetic(2); executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, cc); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.publicSectorTargets", ".*"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderNames", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.staticProviderNameForPublicSPs", "myNode"); //execute test task.execute(pendingReq, executionContext); //validate state final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); Assert.assertEquals("wrong issuer", basicConfig.getBasicConfiguration("eidas.ms.auth.eIDAS.node_v2.entityId"), eidasReq.getIssuer()); Assert.assertEquals("ProviderName is not Static", "myNode", eidasReq.getProviderName()); Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); Assert.assertEquals("wrong CC", cc, eidasReq.getCitizenCountryCode()); assertNull("NameIdPolicy not null", eidasReq.getNameIdFormat()); } @Test public void withDynamicProviderNameForPublicSPs() throws TaskExecutionException, SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException { //set-up test executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); executionContext.put("selectedEnvironment", "prod"); String providerName = RandomStringUtils.randomAlphanumeric(10); pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false"); String nameIdFormat = RandomStringUtils.randomAlphabetic(10); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat", nameIdFormat); String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); //execute test task.execute(pendingReq, executionContext); //validate state Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); Assert.assertTrue("Wrong redirect endpoint", ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); Assert.assertNotNull("ProviderName found", eidasReq.getProviderName()); Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName()); Assert.assertNull("RequesterId found", eidasReq.getRequesterId()); Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, eidasReq.getLevelOfAssurance()); Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size()); Assert.assertEquals("NameIdFormat", nameIdFormat, eidasReq.getNameIdFormat()); } @Test public void publicSpWithCountryLu() throws TaskExecutionException, SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException { //set-up test executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); executionContext.put("selectedEnvironment", "prod"); String providerName = RandomStringUtils.randomAlphanumeric(10); pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); //execute test task.execute(pendingReq, executionContext); //validate state Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); Assert.assertTrue("Wrong redirect endpoint", ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); Assert.assertEquals("PrividerName", "myNode", eidasReq.getProviderName()); Assert.assertEquals("RequesterId found", "myNode", eidasReq.getRequesterId()); Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, eidasReq.getLevelOfAssurance()); Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size()); } @Test public void privateSpWithCountryLu() throws TaskExecutionException, SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException { //set-up test executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "LU"); executionContext.put("selectedEnvironment", "prod"); String providerName = RandomStringUtils.randomAlphanumeric(10); String requesterId = RandomStringUtils.randomAlphanumeric(10); pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId); spConfig.put("target", EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6)); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "true"); String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); //execute test task.execute(pendingReq, executionContext); //validate state Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); Assert.assertTrue("Wrong redirect endpoint", ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); Assert.assertEquals("PrividerName", "Austria", eidasReq.getProviderName()); Assert.assertEquals("RequesterId", "Austria", eidasReq.getRequesterId()); Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType()); Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, eidasReq.getLevelOfAssurance()); Assert.assertEquals("Wrong req. attr. size", 4, eidasReq.getRequestedAttributes().size()); } @Test public void ccSpecificNameIdFormat() throws TaskExecutionException, SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException { // set-up test executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "DE"); executionContext.put("selectedEnvironment", "prod"); String providerName = RandomStringUtils.randomAlphanumeric(10); pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat.de", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"); String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); // execute test task.execute(pendingReq, executionContext); // validate state Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); Assert.assertTrue("Wrong redirect endpoint", ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); Assert.assertEquals("wrong LoA", EaafConstants.EIDAS_LOA_HIGH, eidasReq.getLevelOfAssurance()); Assert.assertEquals("Wrong req. attr. size", 8, eidasReq.getRequestedAttributes().size()); Assert.assertEquals("nameIdFormat", "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", eidasReq.getNameIdFormat()); } @Test public void withEidasNodePostReqNotValidTemplate() throws TaskExecutionException, SpecificCommunicationException, EaafStorageException, UnsupportedEncodingException { //set-up test executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); String providerName = RandomStringUtils.randomAlphanumeric(10); pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false"); String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "POST"); //execute test try { task.execute(pendingReq, executionContext); Assert.fail("Missing template not detected"); } catch (TaskExecutionException e) { Assert.assertEquals("ErrorCode", "Could not resolve view with name 'eidas_node_forward.html' ", ((GuiBuildException) e.getOriginalException()).getMessage()); } } @Test public void withDynamicProviderNameForPrivateSPs() throws TaskExecutionException, SpecificCommunicationException, EaafStorageException { //set-up test executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); spConfig.put("target", EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6)); String providerName = RandomStringUtils.randomAlphanumeric(10); pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, "http://junit.sp"); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false"); String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); //perform test task.execute(pendingReq, executionContext); //validate state Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); Assert.assertTrue("Wrong redirect endpoint", ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName()); Assert.assertEquals("RequesterId", "Wr8LrrVf5SYneblOlZdZNaLQQCCgzklfKQvyeZjBx10=", eidasReq.getRequesterId()); Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType()); Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); } @Test public void privateSPWithoutRequestIdHashing() throws TaskExecutionException, SpecificCommunicationException, EaafStorageException { //set-up test executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); spConfig.put("target", EaafConstants.URN_PREFIX_WBPK_TARGET_WITH_X + "FN+" + RandomStringUtils.randomNumeric(6)); String providerName = RandomStringUtils.randomAlphanumeric(10); String requesterId = RandomStringUtils.randomAlphanumeric(10); pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); pendingReq.setRawDataToTransaction(Constants.DATA_REQUESTERID, requesterId); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "true"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false"); basicConfig.putConfigValue("eidas.ms.auth.eIDAS.node_v2.requesterId.useHashedForm", "false"); String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); //perform test task.execute(pendingReq, executionContext); //validate state Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); Assert.assertNotNull("No redirect header", httpResp.getHeaderValue("Location")); Assert.assertTrue("Wrong redirect endpoint", ((String) httpResp.getHeaderValue("Location")).startsWith(dynEndPoint)); final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); Assert.assertEquals("PrividerName", providerName, eidasReq.getProviderName()); Assert.assertEquals("RequesterId", requesterId, eidasReq.getRequesterId()); Assert.assertEquals("no PublicSP", "private", eidasReq.getSpType()); Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); } @Test public void withoutProviderNameForPublicSPs() throws TaskExecutionException, SpecificCommunicationException, EaafStorageException { //set-up test executionContext.put(MsEidasNodeConstants.REQ_PARAM_SELECTED_COUNTRY, "CC"); String providerName = RandomStringUtils.randomAlphanumeric(10); pendingReq.setRawDataToTransaction(Constants.DATA_PROVIDERNAME, providerName); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.requested.nameIdFormat", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"); basicConfig.removeConfigValue("eidas.ms.auth.eIDAS.node_v2.publicSectorTargets"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.addAlwaysProviderName", "false"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useRequestIdAsTransactionIdentifier", "false"); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.workarounds.useStaticProviderNameForPublicSPs", "false"); String dynEndPoint = "http://test/" + RandomStringUtils.randomAlphabetic(5); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.endpoint", dynEndPoint); basicConfig.putConfigValue( "eidas.ms.auth.eIDAS.node_v2.forward.method", "GET"); //execute test task.execute(pendingReq, executionContext); //validate state Assert.assertEquals("Wrong http statusCode", 302, httpResp.getStatus()); final ILightRequest eidasReq = commService.getAndRemoveRequest(null, null); Assert.assertNull("ProviderName found", eidasReq.getProviderName()); Assert.assertNull("RequesterId found", eidasReq.getRequesterId()); Assert.assertEquals("no PublicSP", "public", eidasReq.getSpType()); Assert.assertEquals("wrong LoA", "http://eidas.europa.eu/LoA/high", eidasReq.getLevelOfAssurance()); Assert.assertEquals("nameIdFormat", "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", eidasReq.getNameIdFormat()); } }