add jUnit for user-restrication whitelist-store

6 files changed, 589 insertions, 4 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
index 38bcfa2af..a90d71a18 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/config/auth/data/UserWhitelistStore.java
@@ -43,8 +43,24 @@ public class UserWhitelistStore {
 			try {			
 				InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
 				String whiteListString = IOUtils.toString(new InputStreamReader(is));
-				whitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString));
+				List<String> preWhitelist = KeyValueUtils.getListOfCSVValues(KeyValueUtils.normalizeCSVValueString(whiteListString));
+				
+				//remove prefix if required
+				for (String bPK : preWhitelist) {
+					String[] bPKSplit = bPK.split(":");
+					if (bPKSplit.length == 1)
+						whitelist.add(bPK);
+					
+					else if (bPKSplit.length ==2 )
+						whitelist.add(bPKSplit[1]);
+					
+					else
+						Logger.info("Whitelist entry: " + bPK + " has an unsupported format. Entry will be removed ...");
+						
+				}
+				
 				Logger.info("User whitelist is initialized with " + whitelist.size() + " entries.");
+					
 				 
 			} catch (FileNotFoundException e) {
 				Logger.warn("Do not initialize user whitelist. Reason: CSV file with bPKs NOT found", e);
@@ -62,6 +78,15 @@ public class UserWhitelistStore {
 	}
 	
 	/**
+	 * Get the number of entries of the static whitelist
+	 * 
+	 * @return
+	 */
+	public int getNumberOfEntries() {
+		return whitelist.size();
+	}
+	
+	/**
 	 * Check if bPK is in whitelist
 	 * 
 	 * @param bPK
@@ -76,6 +101,11 @@ public class UserWhitelistStore {
 	}
 	
 	public boolean isUserbPKInWhitelistDynamic(String bPK) {
+		return isUserbPKInWhitelistDynamic(bPK, false);
+		
+	}
+	
+	public boolean isUserbPKInWhitelistDynamic(String bPK, boolean onlyDynamic) {
 		try {
 			if (absWhiteListUrl != null) {
 				InputStream is = new FileInputStream(new File(new URL(absWhiteListUrl).toURI()));
@@ -86,7 +116,8 @@ public class UserWhitelistStore {
 							
 				} else {
 					Logger.debug("Can NOT find user in dynamic loaded user whitelist. Switch to static version ... ");
-					return isUserbPKInWhitelist(bPK);
+					if (!onlyDynamic)
+						return isUserbPKInWhitelist(bPK);
 				}
 			
 			}
@@ -94,8 +125,11 @@ public class UserWhitelistStore {
 			Logger.warn("Dynamic user whitelist check FAILED. Switch to static version ... ", e);
 			
 		}
+		if (!onlyDynamic)
+			return isUserbPKInWhitelist(bPK);
 		
-		return isUserbPKInWhitelist(bPK);
+
+		return false;
 	}
 	
 }
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
new file mode 100644
index 000000000..d72e2f28c
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/DummyAuthConfig.java
@@ -0,0 +1,387 @@
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.io.IOException;
+import java.util.List;
+import java.util.Map;
+import java.util.Properties;
+
+import at.gv.egovernment.moa.id.auth.modules.internal.tasks.UserRestrictionTask;
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
+import at.gv.egovernment.moa.id.commons.api.ConnectionParameterInterface;
+import at.gv.egovernment.moa.id.commons.api.IOAAuthParameters;
+import at.gv.egovernment.moa.id.commons.api.IStorkConfig;
+import at.gv.egovernment.moa.id.commons.api.data.ProtocolAllowed;
+import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
+import at.gv.util.config.EgovUtilPropertiesConfiguration;
+
+public class DummyAuthConfig implements AuthConfiguration {
+
+	@Override
+	public String getRootConfigFileDir() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getDefaultChainingMode() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getTrustedCACertificates() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isTrustmanagerrevoationchecking() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String[] getActiveProfiles() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Properties getGeneralPVP2ProperiesConfig() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Properties getGeneralOAuth20ProperiesConfig() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ProtocolAllowed getAllowedProtocols() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Map<String, String> getConfigurationWithPrefix(String Prefix) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getConfigurationWithKey(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getBasicMOAIDConfiguration(String key) {
+		if (UserRestrictionTask.CONFIG_PROPS_CSV_USER_FILE.equals(key)) {
+			String current;
+			try {
+				current = new java.io.File( "." ).getCanonicalPath();
+				return "file:" + current + "/src/test/resources/BPK-Whitelist_20180607.csv";
+			} catch (IOException e) {
+				e.printStackTrace();
+			}
+		} 
+		
+		return null;
+	}
+
+	@Override
+	public String getBasicMOAIDConfiguration(String key, String defaultValue) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public Map<String, String> getBasicMOAIDConfigurationWithPrefix(String prefix) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public int getTransactionTimeOut() {
+		// TODO Auto-generated method stub
+		return 0;
+	}
+
+	@Override
+	public int getSSOCreatedTimeOut() {
+		// TODO Auto-generated method stub
+		return 0;
+	}
+
+	@Override
+	public int getSSOUpdatedTimeOut() {
+		// TODO Auto-generated method stub
+		return 0;
+	}
+
+	@Override
+	public String getAlternativeSourceID() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getLegacyAllowedProtocols() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public IOAAuthParameters getOnlineApplicationParameter(String oaURL) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMoaSpAuthBlockTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
+		if (useTestTrustStore)
+			return "MOAIDBuergerkarteAuthentisierungsDatenMitTestkarten";
+		else
+			return "MOAIDBuergerkarteAuthentisierungsDaten";
+	}
+
+	@Override
+	public List<String> getMoaSpAuthBlockVerifyTransformsInfoIDs() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ConnectionParameterInterface getMoaSpConnectionParameter() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ConnectionParameterInterface getForeignIDConnectionParameter(IOAAuthParameters oaParameters)
+			throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public ConnectionParameterInterface getOnlineMandatesConnectionParameter(IOAAuthParameters oaParameters)
+			throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMoaSpIdentityLinkTrustProfileID(boolean useTestTrustStore) throws ConfigurationException {
+		if (useTestTrustStore)			
+			return "MOAIDBuergerkartePersonenbindungMitTestkarten";
+		else
+			return "MOAIDBuergerkartePersonenbindung";
+	}
+
+	@Override
+	public List<String> getTransformsInfos() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getIdentityLinkX509SubjectNames() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getSLRequestTemplates() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSLRequestTemplates(String type) throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getDefaultBKUURLs() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getDefaultBKUURL(String type) throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSSOTagetIdentifier() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSSOFriendlyName() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getSSOSpecialText() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMOASessionEncryptionKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMOAConfigurationEncryptionKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isIdentityLinkResigning() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getIdentityLinkResigningKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isMonitoringActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String getMonitoringTestIdentityLinkURL() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getMonitoringMessageSuccess() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isAdvancedLoggingActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<String> getPublicURLPrefix() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isVirtualIDPsEnabled() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isPVP2AssertionEncryptionActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public boolean isCertifiacteQCActive() {
+		return true;
+	}
+
+	@Override
+	public IStorkConfig getStorkConfig() throws ConfigurationException {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public EgovUtilPropertiesConfiguration geteGovUtilsConfig() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getDocumentServiceUrl() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isStorkFakeIdLActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public List<String> getStorkFakeIdLCountries() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<String> getStorkNoSignatureCountries() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public String getStorkFakeIdLResigningKey() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isPVPSchemaValidationActive() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public Map<String, String> getConfigurationWithWildCard(String key) {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public List<Integer> getDefaultRevisionsLogEventCodes() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean isHTTPAuthAllowed() {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+	@Override
+	public String[] getRevocationMethodOrder() {
+		// TODO Auto-generated method stub
+		return null;
+	}
+
+	@Override
+	public boolean getBasicMOAIDConfigurationBoolean(String key, boolean defaultValue) {
+		// TODO Auto-generated method stub
+		return false;
+	}
+
+}
diff --git a/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java
new file mode 100644
index 000000000..71956990e
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/at/gv/egovernment/moa/id/config/auth/data/UserRestrictionWhiteListTest.java
@@ -0,0 +1,136 @@
+package at.gv.egovernment.moa.id.config.auth.data;
+
+import java.io.IOException;
+import java.io.InputStreamReader;
+
+import org.apache.commons.io.IOUtils;
+import org.junit.Before;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.xml.ConfigurationException;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration("/SpringTest-context_basic_user_whitelist.xml")
+public class UserRestrictionWhiteListTest {
+
+	@Autowired(required=true) UserWhitelistStore whitelistStore;
+	
+	private static String bPK_1 = "/7eNkLgqP71U8dBwa0lSI8/2EFY=";
+	private static String bPK_2 = "gr88V4oH5KLlurBCcCAbKJNMF18=";
+	private static String bPK_3 = "0Fq3KqgYTbK8MsxymLe7tbuXhpA=";
+	private static String bPK_4 = "JWiLzwktCITGg+ztRKEAwWloSNM=";
+	
+	private static String bPK_5 = "JWiLzwktCIXXX+ztRKEAwWloSNM=";
+	private static String bPK_6 = "WtHxBxLqOThNU9YF8fzXXXcZLBs=";
+	
+	@Test
+	public void checkNumberOfEntries() throws Exception {
+		if (whitelistStore.getNumberOfEntries() != 12)
+			throw new Exception("Number of entries not valid");
+			
+	}
+	
+	
+	@Test
+	public void checkEntry_1() throws Exception {
+		String bPK = bPK_1;
+		if (!whitelistStore.isUserbPKInWhitelist(bPK))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntryDynamic_1() throws Exception {
+		String bPK = bPK_1;
+		if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+
+	@Test
+	public void checkEntry_2() throws Exception {
+		String bPK = bPK_2;
+		if (!whitelistStore.isUserbPKInWhitelist(bPK))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntryDynamic_2() throws Exception {
+		String bPK = bPK_2;
+		if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	
+	@Test
+	public void checkEntry_3() throws Exception {
+		String bPK = bPK_3;
+		if (!whitelistStore.isUserbPKInWhitelist(bPK))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntryDynamic_3() throws Exception {
+		String bPK = bPK_3;
+		if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntry_4() throws Exception {
+		String bPK = bPK_4;
+		if (!whitelistStore.isUserbPKInWhitelist(bPK))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntryDynamic_4() throws Exception {
+		String bPK = bPK_4;
+		if (!whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntry_5() throws Exception {
+		String bPK = bPK_5;
+		if (whitelistStore.isUserbPKInWhitelist(bPK))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntryDynamic_5() throws Exception {
+		String bPK = bPK_5;
+		if (whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntry_6() throws Exception {
+		String bPK = bPK_6;
+		if (whitelistStore.isUserbPKInWhitelist(bPK))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	@Test
+	public void checkEntryDynamic_6() throws Exception {
+		String bPK = bPK_6;
+		if (whitelistStore.isUserbPKInWhitelistDynamic(bPK, true))
+			throw new Exception("bPK: " + bPK + " is NOT found in whitelist");
+			
+	}
+	
+	
+}
diff --git a/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv
new file mode 100644
index 000000000..099fc0f7e
--- /dev/null
+++ b/id/server/idserverlib/src/test/resources/BPK-Whitelist_20180607.csv
@@ -0,0 +1,10 @@
+/7eNkLgqP71U8dBwa0lSI8/2EFY=,ZP-MH:xm1zT43aGLfTRLnDsxYoFk3XwDU=,ZP-MH:gr88V4oH5KLlurBCcCAbKJNMF18=,

+ZP-MH:LvrdIGoL4MXTjy7EJgPhoz3koL4=,

+ZP-MH:EcILNYQIZ4qfhLlZFzHivCu0Hfc=,

+ZP-MH:WtHxBxLqOThNU9YF8fzyvXcZLBs=,

+ZP-MH:0Fq3KqgYTbK8MsxymLe7tbuXhpA=,

+ZP-MH:DJ6nGg2JgcPH768BhqTNXVsGhOY=,

+JWiLzwktCITGg+ztRKEAwWloSNM=,

+ZP-MH:+cyQbhr1fQ8hLhazL62tFRq47iY=,

+ZP-MH:AFmfywfYPHcl2Lxp138upielmrs=,

+ZP-MH:yPAOTsc9LY5/jnbkWn2MWY6hjg0=

diff --git a/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml
new file mode 100644
index 000000000..85788714a
--- /dev/null
+++ b/id/server/idserverlib/src/test/resources/SpringTest-context_basic_user_whitelist.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:context="http://www.springframework.org/schema/context"
+	xmlns:tx="http://www.springframework.org/schema/tx"
+	xmlns:aop="http://www.springframework.org/schema/aop"
+	xsi:schemaLocation="http://www.springframework.org/schema/aop http://www.springframework.org/schema/aop/spring-aop-3.1.xsd
+		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd
+		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.0.xsd">
+
+			
+	<bean id="UserWhiteList_Store" 
+				class="at.gv.egovernment.moa.id.config.auth.data.UserWhitelistStore"/>
+				
+	<bean id="DummyAuthConfig" 
+				class="at.gv.egovernment.moa.id.config.auth.data.DummyAuthConfig"/>
+</beans>
diff --git a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
index 32d623b88..35a8fd9c6 100644
--- a/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
+++ b/id/server/modules/moa-id-module-sl20_authentication/src/test/java/at/gv/egovernment/moa/id/auth/modules/sl20_auth/eIDDataVerifierTest.java
@@ -41,7 +41,7 @@ public abstract class eIDDataVerifierTest {
 		Logger.info("Loading Java security providers.");
 		//System.setProperty("moa.spss.server.configuration", "F:\\Projekte\\configs\\moa-spss\\MOASPSSConfiguration.xml");
 		String current = new java.io.File( "." ).getCanonicalPath();
-		System.setProperty("moa.spss.server.configuration", current + "\\src\\test\\resources\\moaspss_config\\MOASPSSConfiguration.xml");
+		System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml");
 		
 	    IAIK.addAsProvider();                
 	    ECCelerate.addAsProvider();