package at.asitplus.eidas.specific.modules.msproxyservice.test.protocol; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import java.io.IOException; import java.net.URISyntaxException; import java.net.URLDecoder; import java.text.MessageFormat; import java.util.Arrays; import java.util.List; import java.util.UUID; import org.apache.commons.lang3.RandomStringUtils; import org.apache.commons.lang3.StringUtils; import org.junit.Assert; import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.opensaml.saml.saml2.core.NameIDType; import org.opensaml.saml.saml2.core.StatusCode; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import com.google.common.collect.ImmutableSortedSet; import at.asitplus.eidas.specific.core.config.ServiceProviderConfiguration; import at.asitplus.eidas.specific.core.test.config.dummy.MsConnectorDummyConfigMap; import at.asitplus.eidas.specific.modules.core.eidas.EidasConstants; import at.asitplus.eidas.specific.modules.core.eidas.service.EidasAttributeRegistry; import at.asitplus.eidas.specific.modules.core.eidas.test.dummy.DummySpecificCommunicationService; import at.asitplus.eidas.specific.modules.msproxyservice.MsProxyServiceConstants; import at.asitplus.eidas.specific.modules.msproxyservice.exception.EidasProxyServiceException; import at.asitplus.eidas.specific.modules.msproxyservice.protocol.EidasProxyServiceController; import at.asitplus.eidas.specific.modules.msproxyservice.protocol.ProxyServicePendingRequest; import at.gv.egiz.eaaf.core.api.data.EaafConstants; import at.gv.egiz.eaaf.core.api.data.ExtendedPvpAttributeDefinitions.SpMandateModes; import at.gv.egiz.eaaf.core.exceptions.EaafException; import at.gv.egiz.eaaf.core.exceptions.EaafStorageException; import at.gv.egiz.eaaf.core.impl.idp.module.test.DummyProtocolAuthService; import eu.eidas.auth.commons.EidasParameterKeys; import eu.eidas.auth.commons.attribute.ImmutableAttributeMap; import eu.eidas.auth.commons.light.ILightResponse; import eu.eidas.auth.commons.light.impl.LightRequest; import eu.eidas.specificcommunication.exception.SpecificCommunicationException; import eu.eidas.specificcommunication.protocol.SpecificCommunicationService; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration(locations = { "/spring/SpringTest-context_basic_test.xml", "/spring/SpringTest-context_basic_mapConfig.xml", }) @EnableWebMvc public class EidasProxyServiceControllerTest { @Autowired private EidasProxyServiceController controller; @Autowired private DummySpecificCommunicationService proxyService; @Autowired private DummyProtocolAuthService authService; @Autowired private EidasAttributeRegistry attrRegistry; @Autowired private ApplicationContext context; @Autowired MsConnectorDummyConfigMap config; private MockHttpServletRequest httpReq; private MockHttpServletResponse httpResp; private SpecificCommunicationService springManagedSpecificConnectorCommunicationService; /** * jUnit test set-up. */ @Before public void setUp() throws EaafStorageException, URISyntaxException { httpReq = new MockHttpServletRequest("POST", "http://localhost/ms_connector/eidas/light/idp/redirect"); httpResp = new MockHttpServletResponse(); RequestContextHolder.resetRequestAttributes(); RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(httpReq, httpResp)); proxyService.setiLightRequest(null); proxyService.setError(null); config.putConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.endpoint", "http://eidas.proxy/endpoint"); config.putConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.errors", "true"); springManagedSpecificConnectorCommunicationService = (SpecificCommunicationService) context.getBean( EidasConstants.SPECIFIC_PROXYSERVICE_COMMUNICATION_SERVICE); } @Test public void generateErrorResponseWrongPendingReq() throws Throwable { Assert.assertFalse("wrong statusCode", controller.generateErrorMessage( new EaafException("1000"), httpReq, httpResp, null)); } @Test public void generateErrorResponse() throws Throwable { ProxyServicePendingRequest pendingReq = new ProxyServicePendingRequest(); pendingReq.initialize(httpReq, config); LightRequest.Builder eidasRequestBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(RandomStringUtils.randomAlphabetic(10)) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .spType("public") .requesterId(RandomStringUtils.randomAlphanumeric(10)) .providerName(RandomStringUtils.randomAlphanumeric(10)); pendingReq.setEidasRequest(eidasRequestBuilder.build()); // execute test Assert.assertTrue("wrong statusCode", controller.generateErrorMessage( new EaafException("1000"), httpReq, httpResp, pendingReq)); // validate state assertNotNull("not redirct Header", httpResp.getHeader("Location")); assertTrue("wrong redirect URL", httpResp.getHeader("Location").startsWith("http://eidas.proxy/endpoint?token=")); String token = httpResp.getHeader("Location").substring("http://eidas.proxy/endpoint?token=".length()); ILightResponse resp = springManagedSpecificConnectorCommunicationService.getAndRemoveResponse(URLDecoder.decode(token, "UTF-8"), ImmutableSortedSet.copyOf(attrRegistry.getCoreAttributeRegistry().getAttributes())); assertNotNull("responseId", resp.getId()); assertEquals("inResponseTo", pendingReq.getEidasRequest().getId(), resp.getInResponseToId()); assertEquals("relayState", pendingReq.getEidasRequest().getRelayState(), resp.getRelayState()); assertNotNull("subjectNameId", resp.getSubject()); assertEquals("subjectNameIdFormat", NameIDType.TRANSIENT, resp.getSubjectNameIdFormat()); assertTrue("not attributes", resp.getAttributes().isEmpty()); assertEquals("StatusCode", StatusCode.RESPONDER, resp.getStatus().getStatusCode()); //assertEquals("SubStatusCode", "", resp.getStatus().getSubStatusCode()); //assertEquals("StatusMsg", "", resp.getStatus().getStatusMessage()); } @Test public void generateErrorResponseWithoutForward() throws Throwable { config.putConfigValue("eidas.ms.auth.eIDAS.node_v2.proxy.forward.errors", "false"); ProxyServicePendingRequest pendingReq = new ProxyServicePendingRequest(); pendingReq.initialize(httpReq, config); LightRequest.Builder eidasRequestBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(RandomStringUtils.randomAlphabetic(10)) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .spType("public") .requesterId(RandomStringUtils.randomAlphanumeric(10)) .providerName(RandomStringUtils.randomAlphanumeric(10)); pendingReq.setEidasRequest(eidasRequestBuilder.build()); // execute test Assert.assertFalse("wrong statusCode", controller.generateErrorMessage( new EaafException("1000"), httpReq, httpResp, pendingReq)); } @Test public void missingEidasToken() { EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); Assert.assertEquals("wrong errorCode", "eidas.proxyservice.02", exception.getErrorId()); } @Test public void wrongEidasTokenWithNullpointerException() { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); //validate state EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); Assert.assertEquals("wrong errorCode", "eidas.proxyservice.11", exception.getErrorId()); } @Test public void wrongEidasTokenCacheCommunicationError() { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); proxyService.setError(new SpecificCommunicationException(RandomStringUtils.randomAlphanumeric(10))); //validate state EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); Assert.assertEquals("wrong errorCode", "eidas.proxyservice.03", exception.getErrorId()); Assert.assertTrue("Wrong exception", (exception.getCause() instanceof SpecificCommunicationException)); } @Test public void missingServiceProviderCountry() { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); LightRequest.Builder authnReqBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(RandomStringUtils.randomAlphabetic(10)) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH); proxyService.setiLightRequest(authnReqBuilder.build()); //validate state EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); Assert.assertEquals("wrong errorCode", "eidas.proxyservice.07", exception.getErrorId()); } @Test public void requestingLegalAndNaturalPerson() { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); LightRequest.Builder authnReqBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(RandomStringUtils.randomAlphabetic(10)) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) .build()); proxyService.setiLightRequest(authnReqBuilder.build()); //validate state EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); Assert.assertEquals("wrong errorCode", "eidas.proxyservice.08", exception.getErrorId()); } @Test public void requestLegalPersonButNoMandates() throws IOException, EaafException { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); LightRequest.Builder authnReqBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(RandomStringUtils.randomAlphabetic(10)) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(spCountryCode) .spType("public") .requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build()); proxyService.setiLightRequest(authnReqBuilder.build()); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "false"); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, StringUtils.join(Arrays.asList( RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); //validate state EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); Assert.assertEquals("wrong errorCode", "eidas.proxyservice.09", exception.getErrorId()); } @Test public void validAuthnRequest() throws IOException, EaafException { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); LightRequest.Builder authnReqBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(RandomStringUtils.randomAlphabetic(10)) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(spCountryCode) .spType("public") .requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_BIRTHNAME).first()) .build()); proxyService.setiLightRequest(authnReqBuilder.build()); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "false"); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, StringUtils.join(Arrays.asList( RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); //execute controller.receiveEidasAuthnRequest(httpReq, httpResp); //validate state Assert.assertNotNull("pendingRequest", authService.getPendingReq()); Assert.assertTrue("wrong pendingRequest", authService.getPendingReq() instanceof ProxyServicePendingRequest); ProxyServicePendingRequest pendingReq = (ProxyServicePendingRequest) authService.getPendingReq(); Assert.assertNotNull("missing uniqueSpId", pendingReq.getSpEntityId()); Assert.assertNotNull("missing eidasReq", pendingReq.getEidasRequest()); Assert.assertFalse("isPassive", pendingReq.isPassiv()); Assert.assertTrue("isPassive", pendingReq.forceAuth()); Assert.assertFalse("isPassive", pendingReq.isAuthenticated()); Assert.assertFalse("isPassive", pendingReq.isAbortedByUser()); Assert.assertTrue("isPassive", pendingReq.isNeedAuthentication()); Assert.assertNotNull("missing spConfig", pendingReq.getServiceProviderConfiguration()); ServiceProviderConfiguration spConfig = pendingReq.getServiceProviderConfiguration(ServiceProviderConfiguration.class); Assert.assertNotNull("uniqueId", spConfig.getUniqueIdentifier()); Assert.assertEquals("uniqueId wrong pattern", authnReqBuilder.build().getIssuer(), spConfig.getUniqueIdentifier()); Assert.assertEquals("friendlyName wrong pattern", MessageFormat.format(MsProxyServiceConstants.TEMPLATE_SP_UNIQUE_ID, spCountryCode, "public"), spConfig.getFriendlyName()); Assert.assertEquals("uniqueId not match to pendingReq", pendingReq.getSpEntityId(), spConfig.getUniqueIdentifier()); Assert.assertNotNull("bpkTarget", spConfig.getAreaSpecificTargetIdentifier()); Assert.assertEquals("wrong bPK Target", EaafConstants.URN_PREFIX_EIDAS + "AT+" + spCountryCode, spConfig.getAreaSpecificTargetIdentifier()); assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode()); assertEquals("requested IDA attributes", 4, spConfig.getRequestedAttributes().size()); } @Test public void validAuthnRequestWithMandatesDefaultProfilesNat() throws IOException, EaafException { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); LightRequest.Builder authnReqBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(RandomStringUtils.randomAlphabetic(10)) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(spCountryCode) .spType("public") .requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); proxyService.setiLightRequest(authnReqBuilder.build()); List mandateProfilesNat = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); List mandateProfilesJur = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, StringUtils.join(mandateProfilesNat, ",")); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, StringUtils.join(mandateProfilesJur, ",")); //execute controller.receiveEidasAuthnRequest(httpReq, httpResp); //validate state ServiceProviderConfiguration spConfig = authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); assertEquals("mandateprofile size", mandateProfilesNat.size(), spConfig.getMandateProfiles().size()); spConfig.getMandateProfiles().stream() .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesNat.contains(el))); assertEquals("MandateMode", SpMandateModes.NATURAL, spConfig.getMandateMode()); assertEquals("requested IDA attributes", 6, spConfig.getRequestedAttributes().size()); } @Test public void validAuthnRequestWithMandatesDefaultProfilesJur() throws IOException, EaafException { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); LightRequest.Builder authnReqBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(RandomStringUtils.randomAlphabetic(10)) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(spCountryCode) .spType("public") .requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build()); proxyService.setiLightRequest(authnReqBuilder.build()); List mandateProfilesNat = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); List mandateProfilesJur = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, StringUtils.join(mandateProfilesNat, ",")); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, StringUtils.join(mandateProfilesJur, ",")); //execute controller.receiveEidasAuthnRequest(httpReq, httpResp); //validate state ServiceProviderConfiguration spConfig = authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); assertEquals("mandateprofile size", mandateProfilesJur.size(), spConfig.getMandateProfiles().size()); spConfig.getMandateProfiles().stream() .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesJur.contains(el))); assertEquals("MandateMode", SpMandateModes.LEGAL_FORCE, spConfig.getMandateMode()); assertEquals("requested IDA attributes", 9, spConfig.getRequestedAttributes().size()); } @Test public void validAuthnRequestWithMandatesDefaultNoJurProfiles() throws IOException, EaafException { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); LightRequest.Builder authnReqBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(RandomStringUtils.randomAlphabetic(10)) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(spCountryCode) .spType("public") .requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build()); proxyService.setiLightRequest(authnReqBuilder.build()); List mandateProfilesNat = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, StringUtils.join(mandateProfilesNat, ",")); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, ""); //validate state EidasProxyServiceException exception = assertThrows(EidasProxyServiceException.class, () -> controller.receiveEidasAuthnRequest(httpReq, httpResp)); Assert.assertEquals("wrong errorCode", "eidas.proxyservice.10", exception.getErrorId()); } @Test public void validAuthnRequestWithMandatesDefaultNoNatProfiles() throws IOException, EaafException { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); LightRequest.Builder authnReqBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(RandomStringUtils.randomAlphabetic(10)) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(spCountryCode) .spType("public") .requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); proxyService.setiLightRequest(authnReqBuilder.build()); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, ""); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, ""); //execute controller.receiveEidasAuthnRequest(httpReq, httpResp); //validate state ServiceProviderConfiguration spConfig = authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode()); assertEquals("requested IDA attributes", 3, spConfig.getRequestedAttributes().size()); } @Test public void validAuthnRequestIssueSpecificNoMandates() throws IOException, EaafException { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); String issuer = RandomStringUtils.randomAlphabetic(10); LightRequest.Builder authnReqBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(issuer) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .spType("public") .requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); proxyService.setiLightRequest(authnReqBuilder.build()); // set default mandate configuration config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, StringUtils.join(Arrays.asList( RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, StringUtils.join(Arrays.asList( RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); // set specific mandate configuration String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "false"); List mandateProfiles = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, StringUtils.join(mandateProfiles, ",")); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, StringUtils.join(Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); //execute controller.receiveEidasAuthnRequest(httpReq, httpResp); //validate state ServiceProviderConfiguration spConfig = authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); assertTrue("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); assertEquals("MandateMode", SpMandateModes.NONE, spConfig.getMandateMode()); } @Test public void validAuthnRequestIssueSpecificMandatesNat() throws IOException, EaafException { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); String issuer = "https://apps.egiz.gv.at/EidasNode//ConnectorMetadata"; LightRequest.Builder authnReqBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(issuer) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .spType("public") .requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()).build()); proxyService.setiLightRequest(authnReqBuilder.build()); // set default mandate configuration config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "false"); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, StringUtils.join(Arrays.asList( RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, StringUtils.join(Arrays.asList( RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); // set specific mandate configuration String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "true"); List mandateProfiles = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, StringUtils.join(mandateProfiles, ",")); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, StringUtils.join(Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); //execute controller.receiveEidasAuthnRequest(httpReq, httpResp); //validate state ServiceProviderConfiguration spConfig = authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size()); spConfig.getMandateProfiles().stream() .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfiles.contains(el))); assertEquals("MandateMode", SpMandateModes.NATURAL, spConfig.getMandateMode()); } @Test public void validAuthnRequestIssueSpecificMandatesJur() throws IOException, EaafException { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); String issuer = RandomStringUtils.randomAlphabetic(10); LightRequest.Builder authnReqBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(issuer) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .spType("public") .requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()).build()); proxyService.setiLightRequest(authnReqBuilder.build()); // set default mandate configuration config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, StringUtils.join(Arrays.asList( RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, StringUtils.join(Arrays.asList( RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); // set specific mandate configuration String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "true"); List mandateProfiles = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, StringUtils.join(mandateProfiles, ",")); addConnectorConfig(0, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, StringUtils.join(Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); //execute controller.receiveEidasAuthnRequest(httpReq, httpResp); //validate state ServiceProviderConfiguration spConfig = authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); assertEquals("mandateprofile size", mandateProfiles.size(), spConfig.getMandateProfiles().size()); spConfig.getMandateProfiles().stream() .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfiles.contains(el))); assertEquals("MandateMode", SpMandateModes.LEGAL_FORCE, spConfig.getMandateMode()); } @Test public void validAuthnRequestWithMandatesProfilesBoth() throws IOException, EaafException { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); String issuer = RandomStringUtils.randomAlphabetic(10); LightRequest.Builder authnReqBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(issuer) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(spCountryCode) .spType("public") .requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) .build()); // set default mandate configuration config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, StringUtils.join(Arrays.asList( RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, StringUtils.join(Arrays.asList( RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)), ",")); // add custom SP config to allow both MDS in single request addConnectorConfig(25, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_UNIQUEID, issuer); addConnectorConfig(25, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_COUNTRYCODE, spCountryCode); addConnectorConfig(25, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_ENABLED, "true"); List mandateProfilesNat = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); List mandateProfilesJur = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); addConnectorConfig(25, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_LEGAL, StringUtils.join(mandateProfilesJur, ",")); addConnectorConfig(25, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_MANDATES_PROFILE_NATURAL, StringUtils.join(mandateProfilesNat, ",")); addConnectorConfig(25, MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_VALIDATION_ATTR_MDS, "false"); proxyService.setiLightRequest(authnReqBuilder.build()); //execute controller.receiveEidasAuthnRequest(httpReq, httpResp); //validate state ServiceProviderConfiguration spConfig = authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); assertEquals("mandateprofile size", mandateProfilesNat.size() + mandateProfilesJur.size(), spConfig.getMandateProfiles().size()); spConfig.getMandateProfiles().stream() .forEach(el -> assertTrue("missing mandateProfile: " + el, mandateProfilesNat.contains(el) || mandateProfilesJur.contains(el))); assertEquals("MandateMode", SpMandateModes.BOTH, spConfig.getMandateMode()); assertEquals("requested IDA attributes", 10, spConfig.getRequestedAttributes().size()); } @Test public void validAuthnRequestWithBorisAttributeLegal() throws IOException, EaafException { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); String issuer = RandomStringUtils.randomAlphabetic(10); LightRequest.Builder authnReqBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(issuer) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(spCountryCode) .spType("public") .requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_LEGALNAME).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_LEGALPERSONIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( "eJusticeLegalPersonRole").first()) .build()); proxyService.setiLightRequest(authnReqBuilder.build()); // set default mandate configuration List mandateProfilesNat = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); List mandateProfilesJur = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, StringUtils.join(mandateProfilesNat, ",")); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, StringUtils.join(mandateProfilesJur, ",")); //execute controller.receiveEidasAuthnRequest(httpReq, httpResp); //validate state ServiceProviderConfiguration spConfig = authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size()); assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0)); assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode()); assertEquals("requested IDA attributes", 11, spConfig.getRequestedAttributes().size()); } @Test public void validAuthnRequestWithBorisAttributeNat() throws IOException, EaafException { //initialize state httpReq.addParameter(EidasParameterKeys.TOKEN.toString(), RandomStringUtils.randomAlphanumeric(10)); String spCountryCode = RandomStringUtils.randomAlphabetic(2).toUpperCase(); String issuer = RandomStringUtils.randomAlphabetic(10); LightRequest.Builder authnReqBuilder = LightRequest.builder() .id(UUID.randomUUID().toString()) .issuer(issuer) .citizenCountryCode(RandomStringUtils.randomAlphabetic(2).toUpperCase()) .levelOfAssurance(EaafConstants.EIDAS_LOA_HIGH) .spCountryCode(spCountryCode) .spType("public") .requestedAttributes(ImmutableAttributeMap.builder() .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( EidasConstants.eIDAS_ATTR_PERSONALIDENTIFIER).first()) .put(attrRegistry.getCoreAttributeRegistry().getByFriendlyName( "eJusticeNaturalPersonRole").first()) .build()); proxyService.setiLightRequest(authnReqBuilder.build()); // set default mandate configuration List mandateProfilesNat = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); List mandateProfilesJur = Arrays.asList(RandomStringUtils.randomAlphabetic(5), RandomStringUtils.randomAlphabetic(5)); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_ENABLED, "true"); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_NATURAL, StringUtils.join(mandateProfilesNat, ",")); config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_EIDAS_PROXY_MANDATES_PROFILE_DEFAULT_LEGAL, StringUtils.join(mandateProfilesJur, ",")); //execute controller.receiveEidasAuthnRequest(httpReq, httpResp); //validate state ServiceProviderConfiguration spConfig = authService.getPendingReq().getServiceProviderConfiguration(ServiceProviderConfiguration.class); assertNotNull("mandateprofiles", spConfig.getMandateProfiles()); assertFalse("mandateprofiles not empty", spConfig.getMandateProfiles().isEmpty()); assertEquals("mandateprofile size", 1, spConfig.getMandateProfiles().size()); assertEquals("mandateprofile", "MUST_BE_UPDATED", spConfig.getMandateProfiles().get(0)); assertEquals("MandateMode", SpMandateModes.LEGAL, spConfig.getMandateMode()); assertEquals("requested IDA attributes", 7, spConfig.getRequestedAttributes().size()); assertTrue("missing additional attribute", spConfig.getRequestedAttributes().stream() .filter(el -> el.equals("testAttribute")) .findFirst() .isPresent()); } private void addConnectorConfig(int i, String key, String value) { config.putConfigValue(MsProxyServiceConstants.CONIG_PROPS_CONNECTOR_PREFIX + String.valueOf(i) + "." + key, value); } }