aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/test/abnahme/A/Test500StartAuthenticationServlet.java
diff options
context:
space:
mode:
Diffstat (limited to 'id.server/src/test/abnahme/A/Test500StartAuthenticationServlet.java')
-rw-r--r--id.server/src/test/abnahme/A/Test500StartAuthenticationServlet.java305
1 files changed, 305 insertions, 0 deletions
diff --git a/id.server/src/test/abnahme/A/Test500StartAuthenticationServlet.java b/id.server/src/test/abnahme/A/Test500StartAuthenticationServlet.java
new file mode 100644
index 000000000..f4f37a871
--- /dev/null
+++ b/id.server/src/test/abnahme/A/Test500StartAuthenticationServlet.java
@@ -0,0 +1,305 @@
+package test.abnahme.A;
+
+import java.io.OutputStream;
+import java.net.URL;
+import java.security.Security;
+
+import javax.net.ssl.SSLSocketFactory;
+
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+import com.sun.net.ssl.HostnameVerifier;
+import com.sun.net.ssl.HttpsURLConnection;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ *
+ */
+public class Test500StartAuthenticationServlet extends AbnahmeTestCase {
+
+ private String testdataRoot = TESTDATA_ROOT + "xmldata/standard/";
+ SSLSocketFactory ssf;
+ public Test500StartAuthenticationServlet(String name) {
+ super(name);
+ }
+ protected void setUp() throws Exception {
+ super.setUp();
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore");
+ System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+ }
+
+ public void testA501() throws Exception {
+ //NUR einmal für alle folgenden Testfälle
+ //----------------------------------------
+
+ //----------------------------------------
+
+ try {
+ String targetURL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(targetURL, "GET");
+ conn.connect();
+ int resultCode = conn.getResponseCode();
+ String contentType = conn.getHeaderField("Content-Type");
+ if (resultCode != 200)
+ fail("Wrong HTTP-Code");
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+ System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------");
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA502() throws Exception {
+ try {
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ int resultCode = conn.getResponseCode();
+ String contentType = conn.getHeaderField("Content-Type");
+ if (resultCode != 200)
+ fail("Wrong HTTP-Code: expected '200' and was '" + resultCode + "'");
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+
+ conn.disconnect();
+
+ URL = parseDataURL(result);
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ System.out.println("File gelesen, Daten in Outputstream einpflegen");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+
+ System.out.println("Verbinden zu " + URL);
+ conn.connect();
+ resultCode = conn.getResponseCode();
+ System.out.println("resultCode :" + resultCode);
+ String redirectLoc = conn.getHeaderField("Location");
+ System.out.println("redirectLoc :" + redirectLoc);
+ // Austausch von VerifyIdentityLink in der POST-URL durch VerifyAuthBlock... rest MUSS gleich sein!
+ if (!killInclusive(URL, "VerifyI", "Link", "VerifyAuthBlock").equals(redirectLoc))
+ fail("Wrong Redirect-Location: expected " + URL + " and was " + conn.getHeaderField("Location"));
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/xml"))
+ fail("Wrong contentType: expected text/xml and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA503() throws Exception {
+ try {
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+
+ assertEquals(200,conn.getResponseCode());
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ URL = parseDataURL(result);
+
+ conn.disconnect();
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ String redirectLoc = conn.getHeaderField("Location");
+ // Austausch von VerifyIdentityLink in der POST-URL durch VerifyAuthBlock... rest MUSS gleich sein!
+ if (!killInclusive(URL, "VerifyI", "Link", "VerifyAuthBlock").equals(redirectLoc))
+ fail("Wrong Redirect-Location: expected " + URL + " and was " + conn.getHeaderField("Location"));
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/xml"))
+ fail("Wrong contentType: expected text/xml and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+
+ conn = giveConnection(redirectLoc, "POST");
+ System.out.println("Redirect Location: " + redirectLoc);
+ String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("XMLResponse=" +createXMLSignatureResponse).getBytes());
+ out.flush();
+ out.close();
+
+ System.out.println("Sending Data to " + redirectLoc);
+ conn.connect();
+
+ redirectLoc = conn.getHeaderField("Location");
+ System.out.println("redirectLoc: " + redirectLoc);
+ /* RandomAccessFile raf = new RandomAccessFile("C://503.xml", "rw");
+ raf.write(StreamUtils.readStream(conn.getInputStream()));
+ raf.close();*/
+ conn.disconnect();
+ assertEquals(302, conn.getResponseCode());
+ assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA551() throws Exception {
+ try {
+ String targetURL = getURL("https://localhost:8443/moa-id-auth/", "gb", "");
+ HttpsURLConnection conn = giveConnection(targetURL, "GET");
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ assertTrue(result.indexOf("Die Angabe der Parameter ist unvollständig") >= 0);
+ conn.disconnect();
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Die Angabe der Parameter ist unvollständig.\n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA552() throws Exception {
+ try {
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ int resultCode = conn.getResponseCode();
+ assertEquals(200, resultCode);
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+ URL = "https://localhost:8443/moa-id-auth/" + "VerifyIdentityLink?MOASessionID=0000";
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ assertTrue(result.indexOf("MOASessionID ist unbekannt") >= 0);
+ System.out.println("Fehler in testA552 erfolgreich abgefangen: MOASessionID ist unbekannt");
+ conn.disconnect();
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+ public void testA553() throws Exception {
+ try {
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ int resultCode = conn.getResponseCode();
+ assertEquals(200,resultCode);
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/html"))
+ fail("Wrong contentType: expected text/html and was " + conn.getHeaderField("Content-Type"));
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String MOASessionID = parseSessionIDFromForm(result);
+ URL = parseDataURL(result);
+ conn.disconnect();
+
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String redirectLoc = conn.getHeaderField("Location");
+ // Austausch von VerifyIdentityLink in der POST-URL durch VerifyAuthBlock... rest MUSS gleich sein!
+ if (!killInclusive(URL, "VerifyI", "Link", "VerifyAuthBlock").equals(redirectLoc))
+ fail("Wrong Redirect-Location: expected " + URL + " and was " + conn.getHeaderField("Location"));
+ if (!conn.getHeaderField("Content-Type").equalsIgnoreCase("text/xml"))
+ fail("Wrong contentType: expected text/xml and was " + conn.getHeaderField("Content-Type"));
+ conn.disconnect();
+ conn = giveConnection(redirectLoc + "XXX", "POST");
+ System.out.println("Redirect Location: " + redirectLoc + "XXX");
+ String createXMLSignatureResponse = "XMLResponse=" + URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+
+ out = conn.getOutputStream();
+ out.write(new String("MOASessionID=" + MOASessionID + "&").getBytes());
+ out.write(createXMLSignatureResponse.getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ System.out.println("Sending Data to " + redirectLoc);
+ conn.connect();
+ resultCode = conn.getResponseCode();
+
+ result = new String(StreamUtils.readStream(conn.getInputStream()));
+ conn.disconnect();
+ assertEquals(200, resultCode);
+ assertTrue(result.indexOf("MOASessionID ist unbekannt") >= 0);
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ private String parseDataURL(String input) {
+ String ret = getSubString(input.substring(input.indexOf("DataURL"), input.length()), "value=\"", "\"");
+ return ret;
+ }
+
+ private String getSubString(String input, String startsWith, String endsWith) {
+ return input.substring(input.indexOf(startsWith) + startsWith.length(), input.indexOf(endsWith, input.indexOf(startsWith) + startsWith.length()));
+ }
+ private String getURL(String authURL, String target, String oaURL) {
+ return authURL + "StartAuthentication?Target=" + target + "&OA=" + oaURL;
+ }
+ private String parseSessionIDFromForm(String htmlForm) {
+ String parName = "MOASessionID=";
+ assertTrue("HTML Form enthält keine SessionID", htmlForm.indexOf(parName) >= 0);
+ int i1 = htmlForm.indexOf(parName) + parName.length();
+ int i2 = htmlForm.indexOf("\"", i1);
+ assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1);
+ return htmlForm.substring(i1, i2);
+ }
+
+ private class HostnameVerifierHack implements HostnameVerifier {
+ public boolean verify(String arg0, String arg1) {
+ return true;
+ }
+ }
+ private HttpsURLConnection giveConnection(String targetURL, String requestMethod) throws Exception {
+ URL url = new URL(targetURL);
+ HttpsURLConnection conn = (HttpsURLConnection) url.openConnection();
+ conn.setRequestMethod(requestMethod);
+ conn.setDoInput(true);
+ conn.setDoOutput(true);
+ conn.setUseCaches(false);
+ conn.setAllowUserInteraction(false);
+ conn.setHostnameVerifier(new HostnameVerifierHack());
+ return conn;
+ }
+
+} \ No newline at end of file