aboutsummaryrefslogtreecommitdiff
path: root/id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java
diff options
context:
space:
mode:
Diffstat (limited to 'id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java')
-rw-r--r--id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java281
1 files changed, 281 insertions, 0 deletions
diff --git a/id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java b/id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java
new file mode 100644
index 000000000..b44852346
--- /dev/null
+++ b/id.server/src/test/abnahme/A/Test600GetAuthenticationDataService.java
@@ -0,0 +1,281 @@
+package test.abnahme.A;
+
+import java.io.OutputStream;
+import java.net.URL;
+import java.security.Security;
+import java.util.Calendar;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.w3c.dom.Element;
+
+import com.sun.net.ssl.HostnameVerifier;
+import com.sun.net.ssl.HttpsURLConnection;
+
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.URLDecoder;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+public class Test600GetAuthenticationDataService extends AbnahmeTestCase {
+
+ private String moaSessionID;
+ private String samlArtifact;
+ private static final QName SERVICE_QNAME = new QName("SignatureCreation");
+
+ public Test600GetAuthenticationDataService(String name) {
+ super(name);
+ }
+
+ protected void setUp() throws Exception {
+ super.setUp();
+ Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+ System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+ System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore");
+ System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+ }
+
+ public void testA601() throws Exception {
+ try {
+
+ // Anmelden
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String MOASessionID = parseSessionIDFromForm(result);
+ conn.disconnect();
+
+ URL = parseDataURL(result);
+ // Verify Identity Link
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ String redirectLoc = conn.getHeaderField("Location");
+ conn.disconnect();
+ //Verify Auth Block
+ conn = giveConnection(redirectLoc, "POST");
+ String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ conn.connect();
+ redirectLoc = conn.getHeaderField("Location");
+ samlArtifact = parseSamlArtifact(redirectLoc);
+ System.out.println("SamlArtifact: " + samlArtifact);
+ conn.disconnect();
+
+ assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+
+ conn = null;
+
+ SAMLRequestBuilder srb = new SAMLRequestBuilder();
+
+ Element erg = doCall(srb.build(moaSessionID,URLDecoder.decode(samlArtifact, "UTF-8")));
+ result = DOMUtils.serializeNode(erg);
+ result = killInclusive(result,"IssueInstant=\"","\"","");
+ result = killInclusive(result,"AssertionID=\"","\"","");
+ result = killInclusive(result,"ResponseID=\"","\"","");
+
+// writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8"));
+
+ assertEquals(result,readXmldata("GetAuthenticationDataWebServiceResponse.xml"));
+
+ System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA651() throws Exception {
+ try {
+
+ // Anmelden
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String MOASessionID = parseSessionIDFromForm(result);
+ conn.disconnect();
+
+ URL = parseDataURL(result);
+ // Verify Identity Link
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ String redirectLoc = conn.getHeaderField("Location");
+ conn.disconnect();
+ //Verify Auth Block
+ conn = giveConnection(redirectLoc, "POST");
+ String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ conn.connect();
+ redirectLoc = conn.getHeaderField("Location");
+ samlArtifact = "AAGu1JFbyGKqJ+3NAonwMu5bNyUc7kooeMK6bxeXBbnK6NL0DfuVJsGi";
+ System.out.println("SamlArtifact: " + samlArtifact);
+ conn.disconnect();
+
+ assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+
+ conn = null;
+
+ SAMLRequestBuilder srb = new SAMLRequestBuilder();
+ Element samlPRequest = srb.build(moaSessionID,samlArtifact);
+
+ assertTrue(DOMUtils.serializeNode(doCall(samlPRequest)).indexOf("unbekanntes SAML-Artifakt")!=-1);
+
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt\n-----------------------");
+ }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ public void testA652() throws Exception {
+ try {
+
+ // Anmelden
+ String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+ HttpsURLConnection conn = giveConnection(URL, "GET");
+ conn.connect();
+ String result = new String(StreamUtils.readStream(conn.getInputStream()));
+ String MOASessionID = parseSessionIDFromForm(result);
+ conn.disconnect();
+
+ URL = parseDataURL(result);
+ // Verify Identity Link
+ conn = giveConnection(URL, "POST");
+ conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+ String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+ OutputStream out = conn.getOutputStream();
+ out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+ out.flush();
+ out.close();
+ conn.connect();
+ String redirectLoc = conn.getHeaderField("Location");
+ conn.disconnect();
+ //Verify Auth Block
+ conn = giveConnection(redirectLoc, "POST");
+ String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+ out = conn.getOutputStream();
+ out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+ out.flush();
+ out.close();
+ conn.connect();
+ redirectLoc = conn.getHeaderField("Location");
+ samlArtifact = parseSamlArtifact(redirectLoc);
+ System.out.println("SamlArtifact: " + samlArtifact);
+ conn.disconnect();
+
+ assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+
+ conn = null;
+ String request =
+ "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" +
+ moaSessionID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"" +
+ DateTimeUtils.buildDateTime(Calendar.getInstance())+"\">" +
+ "</samlp:Request>";
+
+ Element samlPRequest = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+
+ assertTrue(DOMUtils.serializeNode(doCall(samlPRequest)).indexOf("Fehlerhaftes Requestformat")!=-1);
+// writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8"));
+ System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Fehlerhaftes Requestformat\n-----------------------"); }
+ catch (Exception e) {
+ System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+ throw e;
+ }
+ }
+
+ protected Element doCall(Element request)
+ throws Exception {
+ QName serviceName = new QName("GetAuthenticationData");
+ String endPoint = "http://localhost:8080/moa-id-auth/services/GetAuthenticationData";
+ Service service = ServiceFactory.newInstance().createService(serviceName);
+ Call call = service.createCall();
+ SOAPBodyElement body =
+ new SOAPBodyElement(request);
+ SOAPBodyElement[] params = new SOAPBodyElement[] {body};
+ Vector responses;
+ SOAPBodyElement response;
+
+ call.setTargetEndpointAddress(endPoint);
+ responses = (Vector) call.invoke(params);
+ response = (SOAPBodyElement) responses.get(0);
+
+ return response.getAsDOM();
+ }
+
+ private String parseDataURL(String input)
+ {
+ return getSubString(input.substring(input.indexOf("DataURL"),input.length()),"value=\"","\"");
+ }
+ private String parseSamlArtifact(String input)
+ {
+ return getSubString(input+"@@@","SAMLArtifact=","@@@");
+ }
+ private String getSubString(String input, String startsWith, String endsWith)
+ {
+ return input.substring(input.indexOf(startsWith)+startsWith.length(), input.indexOf(endsWith, input.indexOf(startsWith)+startsWith.length()));
+ }
+ private String getURL(String authURL, String target, String oaURL)
+ {
+ return authURL + "StartAuthentication?Target=" + target + "&OA=" + oaURL;
+ }
+ private String parseSessionIDFromForm(String htmlForm) {
+ String parName = "MOASessionID=";
+ assertTrue(
+ "HTML Form enthält keine SessionID",
+ htmlForm.indexOf(parName) >= 0);
+ int i1 = htmlForm.indexOf(parName) + parName.length();
+ int i2 = htmlForm.indexOf("\"", i1);
+ assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1);
+ return htmlForm.substring(i1, i2);
+ }
+ private HttpsURLConnection giveConnection(String targetURL, String requestMethod) throws Exception {
+ HttpsURLConnection conn = (HttpsURLConnection) new URL(targetURL).openConnection();
+ conn.setRequestMethod(requestMethod);
+ conn.setDoInput(true);
+ conn.setDoOutput(true);
+ conn.setUseCaches(false);
+ conn.setAllowUserInteraction(false);
+ conn.setHostnameVerifier(new HostnameVerifierHack());
+ return conn;
+ }
+ private class HostnameVerifierHack implements HostnameVerifier {
+ public boolean verify(String arg0, String arg1) {
+ return true;
+ }
+ }
+}