aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java
diff options
context:
space:
mode:
Diffstat (limited to 'id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java')
-rw-r--r--id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java597
1 files changed, 597 insertions, 0 deletions
diff --git a/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java b/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java
new file mode 100644
index 000000000..d9e69eba4
--- /dev/null
+++ b/id.server/src/test/abnahme/A/Test300VerifyAuthBlock.java
@@ -0,0 +1,597 @@
+package test.abnahme.A;
+
+import java.util.Calendar;
+
+import org.w3c.dom.Element;
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.id.AuthenticationException;
+import at.gv.egovernment.moa.id.BuildException;
+import at.gv.egovernment.moa.id.ParseException;
+import at.gv.egovernment.moa.id.auth.AuthenticationServer;
+import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder;
+import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder;
+import at.gv.egovernment.moa.id.auth.builder.VPKBuilder;
+import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder;
+import at.gv.egovernment.moa.id.auth.data.AuthenticationSession;
+import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.data.IdentityLink;
+import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse;
+import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker;
+import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser;
+import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser;
+import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.auth.validator.ValidateException;
+import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator;
+import at.gv.egovernment.moa.id.config.ConfigurationException;
+import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider;
+import at.gv.egovernment.moa.id.config.auth.OAAuthParameter;
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.util.Random;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+
+public class Test300VerifyAuthBlock extends AbnahmeTestCase {
+
+ public Test300VerifyAuthBlock(String name) {
+ super(name);
+ }
+
+ public void testA301() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ //authDataWriter(authData,this.getName()+"new.xml");
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA302() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ //authDataWriter(authData,this.getName()+"new.xml");
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA303() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA304() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA305() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA306() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA307() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA308() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServer(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+
+ }
+
+ public void testA309() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA310() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA311() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID);
+ assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion()));
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA351() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+
+ // nicht existierende Session....
+ try {
+ server.verifyAuthenticationBlock("0", createXMLSignatureResponse);
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA352() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ server.setSecondsSessionTimeOut(-100);
+ server.cleanup();
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+
+ // abgelaufene Session....
+ server.setSecondsSessionTimeOut(1000);
+ try {
+ server.verifyAuthenticationBlock("0", createXMLSignatureResponse);
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA353() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+
+ // Session for VerifyIdentityLink-Aufruf
+ try {
+
+ server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ fail();
+ }
+ //NOCH SEHR UNSCHÖN..... (fliegt raus im AuthenticationServer, Methode buildAuthenticationData
+ // ( IdentityLink identityLink = session.getIdentityLink(); ==> liefert dann NULL...
+ catch (NullPointerException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA354() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ System.out.println(sessionID);
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID());
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+
+ // nicht existierende Session....
+
+ server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ try {
+ server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ fail();
+ }
+ catch (AuthenticationException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA355() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ParseException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA356() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ParseException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA357() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA358() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA359() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA360() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA361() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA362() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA363() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA364() throws Exception {
+ try {
+ String sessionID = startAuthentication();
+ try {
+
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {
+ System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------");
+ }
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ /* public void testA365() throws Exception {
+ String sessionID = startAuthentication();
+ try {
+ // wegen sinnlosigkeit gestrichen
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");}
+ }*/
+
+ public void testA366() throws Exception {
+
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");}
+ }
+ public void testA367() throws Exception {
+ String sessionID = startAuthentication();
+ try {
+ initServer(sessionID);
+ fail();
+ }
+ catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");}
+ }
+
+
+ private AuthenticationData initServer(String sessionID) throws Exception {
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, "TrustProfile1");
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+ // CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(),"gb","https://localhost:9443/");
+ String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse);
+ AuthenticationData authData = server.getAuthenticationData(samlArtifact);
+ return authData;
+ }
+
+ private AuthenticationData initServerWithoutValidateAuthBlock(String sessionID) throws Exception {
+ String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml");
+ server.verifyIdentityLink(sessionID, infoboxReadResponse);
+ InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse);
+ IdentityLink idl = irrp.parseIdentityLink();
+ Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, "TrustProfile1");
+ Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest);
+ new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse);
+ //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames());
+ // System.out.println(createXMLSignatureRequest);
+ String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml");
+ // CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(),"gb","https://localhost:9443/");
+
+ AuthenticationSession session = AuthenticationServer.getSession(sessionID);
+ AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance();
+ // parses <CreateXMLSignatureResponse>
+ CreateXMLSignatureResponse csresp =
+ new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse();
+ // validates <CreateXMLSignatureResponse>
+ new CreateXMLSignatureResponseValidator().validate(csresp, session.getTarget(), session.getPublicOAURLPrefix());
+ // builds a <VerifyXMLSignatureRequest> for a MOA-SPSS call
+ String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs();
+ String tpid = authConf.getMoaSpAuthBlockTrustProfileID();
+ Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid);
+ // invokes the call
+ Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq);
+ // parses the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData();
+ // validates the <VerifyXMLSignatureResponse>
+ VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK);
+ // compares the public keys from the identityLink with the AuthBlock
+
+ // builds authentication data and stores it together with a SAML artifact
+ AuthenticationData authData = buildAuthenticationData(session, vsresp);
+ return authData;
+ }
+ private AuthenticationData buildAuthenticationData(
+ AuthenticationSession session,
+ VerifyXMLSignatureResponse verifyXMLSigResp)
+ throws ConfigurationException, BuildException {
+
+ IdentityLink identityLink = session.getIdentityLink();
+ AuthenticationData authData = new AuthenticationData();
+ authData.setMajorVersion(1);
+ authData.setMinorVersion(0);
+ authData.setAssertionID(Random.nextRandom());
+ authData.setIssuer(session.getAuthURL());
+ authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance()));
+ String vpkBase64 = new VPKBuilder().buildVPK(
+ identityLink.getIdentificationValue(), identityLink.getDateOfBirth(), session.getTarget());
+ authData.setVPK(vpkBase64);
+ authData.setGivenName(identityLink.getGivenName());
+ authData.setFamilyName(identityLink.getFamilyName());
+ authData.setDateOfBirth(identityLink.getDateOfBirth());
+ authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate());
+ authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority());
+ authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode());
+ OAAuthParameter oaParam =
+ AuthConfigurationProvider.getInstance().getOnlineApplicationParameter(
+ session.getPublicOAURLPrefix());
+ String prPerson = new PersonDataBuilder().build(
+ identityLink, oaParam.getProvideZMRZahl());
+
+ try {
+ String ilAssertion =
+ oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : "";
+ String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : "";
+ String samlAssertion = new AuthenticationDataAssertionBuilder().build(
+ authData, prPerson, authBlock, ilAssertion);
+ authData.setSamlAssertion(samlAssertion);
+ return authData;
+ }
+ catch (Throwable ex) {
+ throw new BuildException(
+ "builder.00",
+ new Object[] { "AuthenticationData", ex.getMessage() },
+ ex);
+ }
+ }
+}