diff options
author | rudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2003-10-24 08:34:56 +0000 |
---|---|---|
committer | rudolf <rudolf@d688527b-c9ab-4aba-bd8d-4036d912da1d> | 2003-10-24 08:34:56 +0000 |
commit | dd45e938564249a5e6897bd92dd29808d8990868 (patch) | |
tree | 372d8a4b128cff09262ad09d6a4cf5765d672d61 /id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java | |
parent | 59f78a67d7357fd31de68fc2b623f95b3d654ebc (diff) | |
download | moa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.tar.gz moa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.tar.bz2 moa-id-spss-dd45e938564249a5e6897bd92dd29808d8990868.zip |
MOA-ID version 1.1 (initial)
git-svn-id: https://joinup.ec.europa.eu/svn/moa-idspss/trunk@19 d688527b-c9ab-4aba-bd8d-4036d912da1d
Diffstat (limited to 'id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java')
-rw-r--r-- | id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java | 281 |
1 files changed, 281 insertions, 0 deletions
diff --git a/id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java b/id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java new file mode 100644 index 000000000..b44852346 --- /dev/null +++ b/id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java @@ -0,0 +1,281 @@ +package test.abnahme.A; + +import java.io.OutputStream; +import java.net.URL; +import java.security.Security; +import java.util.Calendar; +import java.util.Vector; + +import javax.xml.namespace.QName; +import javax.xml.rpc.Call; +import javax.xml.rpc.Service; +import javax.xml.rpc.ServiceFactory; + +import org.apache.axis.message.SOAPBodyElement; +import org.w3c.dom.Element; + +import com.sun.net.ssl.HostnameVerifier; +import com.sun.net.ssl.HttpsURLConnection; + +import test.abnahme.AbnahmeTestCase; + +import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.DateTimeUtils; +import at.gv.egovernment.moa.util.StreamUtils; +import at.gv.egovernment.moa.util.URLDecoder; +import at.gv.egovernment.moa.util.URLEncoder; + +/** + * @author Stefan Knirsch + * @version $Id$ + */ + +public class Test600GetAuthenticationDataService extends AbnahmeTestCase { + + private String moaSessionID; + private String samlArtifact; + private static final QName SERVICE_QNAME = new QName("SignatureCreation"); + + public Test600GetAuthenticationDataService(String name) { + super(name); + } + + protected void setUp() throws Exception { + super.setUp(); + Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); + System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore"); + System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); + } + + public void testA601() throws Exception { + try { + + // Anmelden + String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/"); + HttpsURLConnection conn = giveConnection(URL, "GET"); + conn.connect(); + String result = new String(StreamUtils.readStream(conn.getInputStream())); + String MOASessionID = parseSessionIDFromForm(result); + conn.disconnect(); + + URL = parseDataURL(result); + // Verify Identity Link + conn = giveConnection(URL, "POST"); + conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); + String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml"); + OutputStream out = conn.getOutputStream(); + out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes()); + out.flush(); + out.close(); + conn.connect(); + String redirectLoc = conn.getHeaderField("Location"); + conn.disconnect(); + //Verify Auth Block + conn = giveConnection(redirectLoc, "POST"); + String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8"); + out = conn.getOutputStream(); + out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8")); + out.flush(); + out.close(); + conn.connect(); + redirectLoc = conn.getHeaderField("Location"); + samlArtifact = parseSamlArtifact(redirectLoc); + System.out.println("SamlArtifact: " + samlArtifact); + conn.disconnect(); + + assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact=")); + + conn = null; + + SAMLRequestBuilder srb = new SAMLRequestBuilder(); + + Element erg = doCall(srb.build(moaSessionID,URLDecoder.decode(samlArtifact, "UTF-8"))); + result = DOMUtils.serializeNode(erg); + result = killInclusive(result,"IssueInstant=\"","\"",""); + result = killInclusive(result,"AssertionID=\"","\"",""); + result = killInclusive(result,"ResponseID=\"","\"",""); + +// writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8")); + + assertEquals(result,readXmldata("GetAuthenticationDataWebServiceResponse.xml")); + + System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------"); + } + catch (Exception e) { + System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); + throw e; + } + } + + public void testA651() throws Exception { + try { + + // Anmelden + String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/"); + HttpsURLConnection conn = giveConnection(URL, "GET"); + conn.connect(); + String result = new String(StreamUtils.readStream(conn.getInputStream())); + String MOASessionID = parseSessionIDFromForm(result); + conn.disconnect(); + + URL = parseDataURL(result); + // Verify Identity Link + conn = giveConnection(URL, "POST"); + conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); + String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml"); + OutputStream out = conn.getOutputStream(); + out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes()); + out.flush(); + out.close(); + conn.connect(); + String redirectLoc = conn.getHeaderField("Location"); + conn.disconnect(); + //Verify Auth Block + conn = giveConnection(redirectLoc, "POST"); + String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8"); + out = conn.getOutputStream(); + out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8")); + out.flush(); + out.close(); + conn.connect(); + redirectLoc = conn.getHeaderField("Location"); + samlArtifact = "AAGu1JFbyGKqJ+3NAonwMu5bNyUc7kooeMK6bxeXBbnK6NL0DfuVJsGi"; + System.out.println("SamlArtifact: " + samlArtifact); + conn.disconnect(); + + assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact=")); + + conn = null; + + SAMLRequestBuilder srb = new SAMLRequestBuilder(); + Element samlPRequest = srb.build(moaSessionID,samlArtifact); + + assertTrue(DOMUtils.serializeNode(doCall(samlPRequest)).indexOf("unbekanntes SAML-Artifakt")!=-1); + + System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt\n-----------------------"); + } + catch (Exception e) { + System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); + throw e; + } + } + + public void testA652() throws Exception { + try { + + // Anmelden + String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/"); + HttpsURLConnection conn = giveConnection(URL, "GET"); + conn.connect(); + String result = new String(StreamUtils.readStream(conn.getInputStream())); + String MOASessionID = parseSessionIDFromForm(result); + conn.disconnect(); + + URL = parseDataURL(result); + // Verify Identity Link + conn = giveConnection(URL, "POST"); + conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded"); + String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml"); + OutputStream out = conn.getOutputStream(); + out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes()); + out.flush(); + out.close(); + conn.connect(); + String redirectLoc = conn.getHeaderField("Location"); + conn.disconnect(); + //Verify Auth Block + conn = giveConnection(redirectLoc, "POST"); + String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8"); + out = conn.getOutputStream(); + out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8")); + out.flush(); + out.close(); + conn.connect(); + redirectLoc = conn.getHeaderField("Location"); + samlArtifact = parseSamlArtifact(redirectLoc); + System.out.println("SamlArtifact: " + samlArtifact); + conn.disconnect(); + + assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact=")); + + conn = null; + String request = + "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" + + moaSessionID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"" + + DateTimeUtils.buildDateTime(Calendar.getInstance())+"\">" + + "</samlp:Request>"; + + Element samlPRequest = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + + assertTrue(DOMUtils.serializeNode(doCall(samlPRequest)).indexOf("Fehlerhaftes Requestformat")!=-1); +// writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8")); + System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Fehlerhaftes Requestformat\n-----------------------"); } + catch (Exception e) { + System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); + throw e; + } + } + + protected Element doCall(Element request) + throws Exception { + QName serviceName = new QName("GetAuthenticationData"); + String endPoint = "http://localhost:8080/moa-id-auth/services/GetAuthenticationData"; + Service service = ServiceFactory.newInstance().createService(serviceName); + Call call = service.createCall(); + SOAPBodyElement body = + new SOAPBodyElement(request); + SOAPBodyElement[] params = new SOAPBodyElement[] {body}; + Vector responses; + SOAPBodyElement response; + + call.setTargetEndpointAddress(endPoint); + responses = (Vector) call.invoke(params); + response = (SOAPBodyElement) responses.get(0); + + return response.getAsDOM(); + } + + private String parseDataURL(String input) + { + return getSubString(input.substring(input.indexOf("DataURL"),input.length()),"value=\"","\""); + } + private String parseSamlArtifact(String input) + { + return getSubString(input+"@@@","SAMLArtifact=","@@@"); + } + private String getSubString(String input, String startsWith, String endsWith) + { + return input.substring(input.indexOf(startsWith)+startsWith.length(), input.indexOf(endsWith, input.indexOf(startsWith)+startsWith.length())); + } + private String getURL(String authURL, String target, String oaURL) + { + return authURL + "StartAuthentication?Target=" + target + "&OA=" + oaURL; + } + private String parseSessionIDFromForm(String htmlForm) { + String parName = "MOASessionID="; + assertTrue( + "HTML Form enthält keine SessionID", + htmlForm.indexOf(parName) >= 0); + int i1 = htmlForm.indexOf(parName) + parName.length(); + int i2 = htmlForm.indexOf("\"", i1); + assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1); + return htmlForm.substring(i1, i2); + } + private HttpsURLConnection giveConnection(String targetURL, String requestMethod) throws Exception { + HttpsURLConnection conn = (HttpsURLConnection) new URL(targetURL).openConnection(); + conn.setRequestMethod(requestMethod); + conn.setDoInput(true); + conn.setDoOutput(true); + conn.setUseCaches(false); + conn.setAllowUserInteraction(false); + conn.setHostnameVerifier(new HostnameVerifierHack()); + return conn; + } + private class HostnameVerifierHack implements HostnameVerifier { + public boolean verify(String arg0, String arg1) { + return true; + } + } +} |