diff options
author | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-09-14 13:29:32 +0200 |
---|---|---|
committer | Thomas Lenz <tlenz@iaik.tugraz.at> | 2015-09-14 13:29:32 +0200 |
commit | 76bae60e9bda1acb7ee0e3d45ab187749d16bf82 (patch) | |
tree | ba22e87aeee1330e70e702dcfb4612fd951e6c7a /id/server/modules/moa-id-modules-saml1/src/test/java | |
parent | 1131cdf040e608c3f79dd8987ec3b8444fc9bf0d (diff) | |
download | moa-id-spss-76bae60e9bda1acb7ee0e3d45ab187749d16bf82.tar.gz moa-id-spss-76bae60e9bda1acb7ee0e3d45ab187749d16bf82.tar.bz2 moa-id-spss-76bae60e9bda1acb7ee0e3d45ab187749d16bf82.zip |
move citizen-card authentication and validation (Security-layer communication) to discrete module
Diffstat (limited to 'id/server/modules/moa-id-modules-saml1/src/test/java')
2 files changed, 199 insertions, 0 deletions
diff --git a/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java new file mode 100644 index 000000000..ebdec6d22 --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java @@ -0,0 +1,98 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package test.at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; +import at.gv.egovernment.moa.id.auth.exception.BuildException; +import at.gv.egovernment.moa.util.Base64Utils; + +import test.at.gv.egovernment.moa.id.UnitTestCase; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLArtifactBuilderTest extends UnitTestCase { + + private static final String AUTH_URL = "https://moa.gv.at/auth/"; + private static final String SESSION_ID_1 = "123456"; + private static final String SESSION_ID_2 = "123457"; + private static final String SESSION_ID_3 = "1234567"; + + private SAMLArtifactBuilder builder; + private byte[] artifact1; + private byte[] artifact2; + private byte[] artifact3; + + public SAMLArtifactBuilderTest(String name) { + super(name); + } + protected void setUp() throws Exception { + builder = new SAMLArtifactBuilder(); + artifact1 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1, null), false); + artifact2 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_2, null), false); + artifact3 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_3, null), false); + } + + public void testBuildArtifactLength() throws BuildException { + assertEquals(42, artifact1.length); + assertEquals(42, artifact2.length); + assertEquals(42, artifact3.length); + } + public void testBuildSameArtifact() throws Exception { + byte[] artifact1Clone = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1, null), false); + assertEquals(new String(artifact1), new String(artifact1Clone)); + } + public void testBuildDifferentArtifacts() throws BuildException { + String msg = "SAML Artifacts should be different"; + assertFalse(msg, new String(artifact1).equals(new String(artifact2))); + assertFalse(msg, new String(artifact1).equals(new String(artifact3))); + assertFalse(msg, new String(artifact3).equals(new String(artifact2))); + } + + +} diff --git a/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java new file mode 100644 index 000000000..961c8d0b5 --- /dev/null +++ b/id/server/modules/moa-id-modules-saml1/src/test/java/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java @@ -0,0 +1,101 @@ +/******************************************************************************* + * Copyright 2014 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + ******************************************************************************/ +/* + * Copyright 2003 Federal Chancellery Austria + * MOA-ID has been developed in a cooperation between BRZ, the Federal + * Chancellery Austria - ICT staff unit, and Graz University of Technology. + * + * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by + * the European Commission - subsequent versions of the EUPL (the "Licence"); + * You may not use this work except in compliance with the Licence. + * You may obtain a copy of the Licence at: + * http://www.osor.eu/eupl/ + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the Licence is distributed on an "AS IS" basis, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the Licence for the specific language governing permissions and + * limitations under the Licence. + * + * This product combines work with different licenses. See the "NOTICE" text + * file for details on the various modules and licenses. + * The "NOTICE" text file is part of the distribution. Any derivative works + * that you distribute must include a readable copy of the "NOTICE" text file. + */ + + +package test.at.gv.egovernment.moa.id.auth.parser; + +import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; +import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; +import at.gv.egovernment.moa.id.util.Random; +import test.at.gv.egovernment.moa.id.UnitTestCase; + +/* + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLArtifactParserTest extends UnitTestCase { + + private static String URL1 = "http://moa.gv.at/auth"; + private static String URL2 = "https://moa.gv.at/auth"; + + public SAMLArtifactParserTest(String name) { + super(name); + } + + public void testParseTypeCode() throws Exception { + String sessionID = Random.nextRandom(); + String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID, null); + byte[] typeCode = new SAMLArtifactParser(samlArtifact).parseTypeCode(); + assertEquals(typeCode[0], 0); + assertEquals(typeCode[1], 1); + } + public void testParseAssertionHandleSameSessionID() throws Exception { + // SAML artifacts for different authURL's but same sessionID MUST give same assertion handle + String sessionID = Random.nextRandom(); + String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID, null); + String samlArtifact2 = new SAMLArtifactBuilder().build(URL2, sessionID, null); + String assertionHandle1 = new SAMLArtifactParser(samlArtifact1).parseAssertionHandle(); + String assertionHandle2 = new SAMLArtifactParser(samlArtifact2).parseAssertionHandle(); + assertEquals(assertionHandle1, assertionHandle2); + } + public void testParseAssertionHandleSameURL() throws Exception { + // SAML artifacts for same authURL but different sessionID's MUST give different assertion handles + String sessionID1 = Random.nextRandom(); + String sessionID2 = Random.nextRandom(); + String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID1, null); + String samlArtifact2 = new SAMLArtifactBuilder().build(URL1, sessionID2, null); + String assertionHandle1 = new SAMLArtifactParser(samlArtifact1).parseAssertionHandle(); + String assertionHandle2 = new SAMLArtifactParser(samlArtifact2).parseAssertionHandle(); + assertFalse(assertionHandle1.equals(assertionHandle2)); + } + public void testParseAssertionHandleSameSAMLArtifact() throws Exception { + // SAML artifact parsed twice MUST give same assertion handle each time + String sessionID = Random.nextRandom(); + String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID, null); + String assertionHandle1 = new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); + String assertionHandle2 = new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); + assertEquals(assertionHandle1, assertionHandle2); + } +} |