diff options
Diffstat (limited to 'id.server/src/test/at/gv/egovernment/moa')
27 files changed, 2254 insertions, 0 deletions
diff --git a/id.server/src/test/at/gv/egovernment/moa/id/AllTests.java b/id.server/src/test/at/gv/egovernment/moa/id/AllTests.java new file mode 100644 index 000000000..69ed3d12b --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/AllTests.java @@ -0,0 +1,41 @@ +package test.at.gv.egovernment.moa.id; + +import test.at.gv.egovernment.moa.id.auth.AuthenticationServerTest; +import test.at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataServiceTest; +import test.at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationTest; +import test.at.gv.egovernment.moa.id.config.auth.MOAIDAuthConfigurationProviderTest; +import test.at.gv.egovernment.moa.id.config.proxy.MOAIDProxyConfigurationProviderTest; + +import junit.awtui.TestRunner; +import junit.framework.Test; +import junit.framework.TestSuite; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class AllTests { + + public static Test suite() { + TestSuite suite = new TestSuite(); + + suite.addTestSuite(AuthenticationServerTest.class); + suite.addTest(test.at.gv.egovernment.moa.id.auth.builder.AllTests.suite()); + suite.addTest(test.at.gv.egovernment.moa.id.auth.parser.AllTests.suite()); + suite.addTestSuite(GetAuthenticationDataServiceTest.class); + suite.addTestSuite(SignatureVerificationTest.class); + suite.addTestSuite(MOAIDAuthConfigurationProviderTest.class); + suite.addTestSuite(MOAIDProxyConfigurationProviderTest.class); + suite.addTest(test.at.gv.egovernment.moa.id.proxy.AllTests.suite()); + + return suite; + } + + public static void main(String[] args) { + try { + TestRunner.run(AllTests.class); + } catch (Exception e) { + e.printStackTrace(); + } + } +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/UnitTestCase.java b/id.server/src/test/at/gv/egovernment/moa/id/UnitTestCase.java new file mode 100644 index 000000000..8309a4f7e --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/UnitTestCase.java @@ -0,0 +1,35 @@ +package test.at.gv.egovernment.moa.id; + +import test.MOAIDTestCase; + +import at.gv.egovernment.moa.id.config.ConfigurationProvider; + +/** + * Base class for MOA ID test cases. + * + * Provides some utility functions. + * + * @author Patrick Peck + * @version $Id$ + */ +public class UnitTestCase extends MOAIDTestCase { + + protected static final String TESTDATA_ROOT = "data/test/"; + + /** + * Constructor for MOATestCase. + * @param arg0 + */ + public UnitTestCase(String name) { + super(name); + } + /** + * Set up a transaction context with a test configuration. + */ + protected void setUp() throws Exception { + System.setProperty( + ConfigurationProvider.CONFIG_PROPERTY_NAME, + TESTDATA_ROOT + "conf/ConfigurationTest.xml"); + } + +}
\ No newline at end of file diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java new file mode 100644 index 000000000..753b2ef12 --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/AuthenticationServerTest.java @@ -0,0 +1,50 @@ +package test.at.gv.egovernment.moa.id.auth; + +import at.gv.egovernment.moa.id.auth.AuthenticationServer; +import at.gv.egovernment.moa.id.data.AuthenticationData; + +import test.at.gv.egovernment.moa.id.UnitTestCase; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationServerTest extends UnitTestCase { + + public AuthenticationServerTest(String name) { + super(name); + } + + public void testStandard() throws Exception { + doTest( + "standard", + "https://localhost:8443/auth", + "gb", + "https://localhost:9443/", + null, + null); + } + public void doTest(String testdataDirectory, String authURL, String target, String oaURL, String bkuURL, String templateURL) throws Exception { + String testdataRoot = TESTDATA_ROOT + "xmldata/" + testdataDirectory + "/"; + AuthenticationServer server = AuthenticationServer.getInstance(); + String htmlForm = server.startAuthentication(authURL, target, oaURL, templateURL, bkuURL, null); + String sessionID = parseSessionIDFromForm(htmlForm); + String infoboxReadResponse = readFile(TESTDATA_ROOT + "xmldata/testperson1/" + "InfoboxReadResponse.xml"); + String createXMLSignatureRequest = server.verifyIdentityLink(sessionID, infoboxReadResponse); + String createXMLSignatureRequestShould = readFile(testdataRoot + "CreateXMLSignatureRequest.xml"); + assertXmlEquals(createXMLSignatureRequestShould, createXMLSignatureRequest); + String createXMLSignatureResponse = readFile(testdataRoot + "CreateXMLSignatureResponse.xml"); + String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); + AuthenticationData authData = server.getAuthenticationData(samlArtifact); + String authDataShould = readFile(testdataRoot + "AuthenticationDataAssertion.xml"); + assertXmlEquals(authDataShould, authData.getSamlAssertion()); + } + private String parseSessionIDFromForm(String htmlForm) { + String parName = "MOASessionID="; + assertTrue("HTML Form enthält keine SessionID", htmlForm.indexOf(parName) >= 0); + int i1 = htmlForm.indexOf(parName) + parName.length(); + int i2 = htmlForm.indexOf("\"", i1); + assertTrue("HTML Form enthält keine gültige SessionID", i2 > i1); + return htmlForm.substring(i1, i2); + } +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java new file mode 100644 index 000000000..afaf4a199 --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/MOAIDAuthInitialiserTest.java @@ -0,0 +1,55 @@ +package test.at.gv.egovernment.moa.id.auth; + +import java.io.ByteArrayInputStream; +import java.security.KeyStore; +import java.util.Enumeration; + +import iaik.pkcs.pkcs12.PKCS12; +import iaik.security.provider.IAIK; + +import at.gv.egovernment.moa.id.auth.MOAIDAuthInitializer; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.util.SSLUtils; +import at.gv.egovernment.moa.util.FileUtils; +import at.gv.egovernment.moa.util.KeyStoreUtils; + +import test.at.gv.egovernment.moa.id.UnitTestCase; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class MOAIDAuthInitialiserTest extends UnitTestCase { + + public MOAIDAuthInitialiserTest(String name) { + super(name); + } + + public void testInit() throws Exception + { +// System.setProperty( +// ConfigurationProvider.CONFIG_PROPERTY_NAME,"C://Programme/ApacheGroup/abnahme/conf/moa-id/SampleMOAIDConfiguration.xml"); +// System.setProperty( +// ConfigurationProvider.CONFIG_PROPERTY_NAME,"D://Daten/_Projects/moa_id_maengel/SampleMOAIDConfiguration.xml"); + SSLUtils.initialize(); + + try { + KeyStore s = KeyStoreUtils.loadKeyStore("pkcs12","file:C:/Programme/ApacheGroup/abnahme/cert/keystore.p12","changeit"); + System.out.println(s.getProvider().getClass().getName()); + Enumeration enum = s.aliases(); + while (enum.hasMoreElements()) { + String element = (String) enum.nextElement(); + System.out.print(element+":"); + System.out.println(s.getCertificate(element).getPublicKey().getAlgorithm()); + System.out.println(s.getCertificate(element).getType()); + } + + + System.out.println(s.getCertificate("pc41408").getPublicKey().getFormat()); + + } + catch (Exception e) {e.printStackTrace();}; + + } + + } diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AllTests.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AllTests.java new file mode 100644 index 000000000..77dff29aa --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AllTests.java @@ -0,0 +1,33 @@ +package test.at.gv.egovernment.moa.id.auth.builder; + +import junit.awtui.TestRunner; +import junit.framework.Test; +import junit.framework.TestSuite; + +/** + * @author patrick + * @version $Id$ + */ +public class AllTests { + + public static Test suite() { + TestSuite suite = new TestSuite(); + + suite.addTestSuite(AuthenticationBlockAssertionBuilderTest.class); + suite.addTestSuite(CreateXMLSignatureBuilderTest.class); + suite.addTestSuite(GetIdentityLinkFormBuilderTest.class); + suite.addTestSuite(InfoboxReadRequestBuilderTest.class); + suite.addTestSuite(PersonDataBuilderTest.class); + suite.addTestSuite(SAMLArtifactBuilderTest.class); + + return suite; + } + + public static void main(String[] args) { + try { + TestRunner.run(AllTests.class); + } catch (Exception e) { + e.printStackTrace(); + } + } +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java new file mode 100644 index 000000000..2717ee8c0 --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/AuthenticationBlockAssertionBuilderTest.java @@ -0,0 +1,46 @@ +package test.at.gv.egovernment.moa.id.auth.builder; + +import test.at.gv.egovernment.moa.id.UnitTestCase; + +import at.gv.egovernment.moa.id.auth.builder.AuthenticationBlockAssertionBuilder; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class AuthenticationBlockAssertionBuilderTest extends UnitTestCase { + private static final String nl = "\n"; + private static final String ISSUER = "Hugo Mustermann"; + private static final String ISSUE_INSTANT = "2003-03-15T22:50:21+01:00"; + private static final String AUTH_URL = "https://auth.moa.gv.at/"; + private static final String TARGET = "Grundbuch"; + private static final String OA_URL = "https://grundbuch.gv.at/"; + + // wird auch von CreateXMLSignatureBuilderTest verwendet ! + public static final String ASSERTION_SHOULD = +"<saml:Assertion xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' MajorVersion='1' MinorVersion='0' AssertionID='any' Issuer='" + ISSUER + "' IssueInstant='" + ISSUE_INSTANT + "'>" + nl + +" <saml:AttributeStatement>" + nl + +" <saml:Subject>" + nl + +" <saml:NameIdentifier>" + AUTH_URL + "</saml:NameIdentifier>" + nl + +" </saml:Subject>" + nl + +" <saml:Attribute AttributeName='Geschäftsbereich' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>" + nl + +" <saml:AttributeValue>" + TARGET + "</saml:AttributeValue>" + nl + +" </saml:Attribute>" + nl + +" <saml:Attribute AttributeName='OA' AttributeNamespace='http://reference.e-government.gv.at/namespace/moa/20020822#'>" + nl + +" <saml:AttributeValue>" + OA_URL + "</saml:AttributeValue>" + nl + +" </saml:Attribute>" + nl + +" </saml:AttributeStatement>" + nl + +"</saml:Assertion>"; + + public AuthenticationBlockAssertionBuilderTest(String name) { + super(name); + } + + public void testBuild() throws Exception { + AuthenticationBlockAssertionBuilder builder = new AuthenticationBlockAssertionBuilder(); + String assertionBuilt = builder.build(ISSUER, ISSUE_INSTANT, AUTH_URL, TARGET, OA_URL); + assertionBuilt = XML_DECL + assertionBuilt; + String assertionShould = XML_DECL + ASSERTION_SHOULD; + assertXmlEquals(assertionShould, assertionBuilt); + } +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureBuilderTest.java new file mode 100644 index 000000000..13f86efee --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/CreateXMLSignatureBuilderTest.java @@ -0,0 +1,58 @@ +package test.at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.id.auth.builder.CreateXMLSignatureRequestBuilder; + +import test.at.gv.egovernment.moa.id.UnitTestCase; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class CreateXMLSignatureBuilderTest extends UnitTestCase { + private static final String nl = "\n"; + public static final String TRANSFORMS_INFO = + " <sl10:TransformsInfo>" + nl + + " <dsig:Transforms>" + nl + + " <dsig:Transform Algorithm='http://www.w3.org/2000/09/xmldsig#enveloped-signature'/>" + nl + + " <dsig:Transform Algorithm='http://www.w3.org/TR/1999/REC-xslt-19991116'>" + nl + +"<xsl:stylesheet version='1.0' xmlns:xsl='http://www.w3.org/1999/XSL/Transform' xmlns:saml='urn:oasis:names:tc:SAML:1.0:assertion' >" + nl + +"<xsl:template match='/'>" + nl + +"<html>" + nl + +"<body>" + nl + +"</body>" + nl + +"</html>" + nl + +"</xsl:template>" + nl + +"</xsl:stylesheet>" + nl + + " </dsig:Transform>" + nl + + " </dsig:Transforms>" + nl + + " <sl10:FinalDataMetaInfo>" + nl + + " <sl10:MimeType>text/html</sl10:MimeType>" + nl + + " </sl10:FinalDataMetaInfo>" + nl + + " </sl10:TransformsInfo>" + nl; + public static final String REQUEST_SHOULD = +"<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + nl + +"<sl11:CreateXMLSignatureRequest xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\" xmlns:sl10=\"http://www.buergerkarte.at/namespaces/securitylayer/20020225#\" xmlns:sl11=\"http://www.buergerkarte.at/namespaces/securitylayer/20020831#\">" + nl + +" <sl11:KeyboxIdentifier>SecureSignatureKeypair</sl11:KeyboxIdentifier>" + nl + +" <sl11:DataObjectInfo Structure=\"detached\">" + nl + +" <sl10:DataObject Reference=\"\"/>" + nl + +TRANSFORMS_INFO + +" </sl11:DataObjectInfo>" + nl + +" <sl11:SignatureInfo>" + nl + +" <sl11:SignatureEnvironment>" + nl + +" <sl10:XMLContent>" + AuthenticationBlockAssertionBuilderTest.ASSERTION_SHOULD + "</sl10:XMLContent>" + nl + +" </sl11:SignatureEnvironment>" + nl + +" <sl11:SignatureLocation Index=\"2\">/saml:Assertion</sl11:SignatureLocation>" + nl + +" </sl11:SignatureInfo>" + nl + +"</sl11:CreateXMLSignatureRequest>"; + + public CreateXMLSignatureBuilderTest(String name) { + super(name); + } + + public void testBuild() throws Exception { + String request = new CreateXMLSignatureRequestBuilder().build( + AuthenticationBlockAssertionBuilderTest.ASSERTION_SHOULD, + new String[] {TRANSFORMS_INFO}); + assertXmlEquals(REQUEST_SHOULD, request); + } +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java new file mode 100644 index 000000000..9142a8e42 --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/GetIdentityLinkFormBuilderTest.java @@ -0,0 +1,73 @@ +package test.at.gv.egovernment.moa.id.auth.builder; + +import java.text.MessageFormat; + +import junit.framework.TestCase; + +import at.gv.egovernment.moa.id.auth.builder.CertInfoVerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.builder.GetIdentityLinkFormBuilder; +import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class GetIdentityLinkFormBuilderTest extends TestCase { + private static String nl = "\n"; + public static String FORM = + "<meta http-equiv=\"content-type\" content=\"text/html; charset=UTF-8\">" + nl + + "<html>" + nl + + "<head>" + nl + + "<title>Auslesen der Personenbindung</title>" + nl + + "</head>" + nl + + "<body>" + nl + + "<form name=\"GetIdentityLinkForm\"" + nl + + " action=\"{0}\"" + nl + + " method=\"post\">" + nl + + " <input type=\"hidden\" " + nl + + " name=\"XMLRequest\"" + nl + + " value=\"{1}\"/>" + nl + + " <input type=\"hidden\" " + nl + + " name=\"DataURL\"" + nl + + " value=\"{2}\"/>" + nl + + " <input type=\"submit\" value=\"Auslesen der Personenbindung\"/>" + nl + + "</form>" + nl + + "<form name=\"CertificateInfoForm\"" + nl + + " action=\"{0}\"" + nl + + " method=\"post\">" + nl + + " <input type=\"hidden\" " + nl + + " name=\"XMLRequest\"" + nl + + " value=\"{3}\"/>" + nl + + " <input type=\"hidden\" " + nl + + " name=\"DataURL\"" + nl + + " value=\"{4}\"/>" + nl + + " <input type=\"submit\" value=\"Information zu Wurzelzertifikaten\"/>" + nl + + "</form>" + nl + + "</body>" + nl + + "</html>"; + public static String BKU = + "http://localhost:3495/http-security-layer-request"; + + public void testBuild() throws Exception { + String xmlRequest = new InfoboxReadRequestBuilder().build(); + String dataURL = "https://1.2.3.4/auth/VerifyIdentityLink?MOASessionID=1234567"; + String infoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(); + String infoDataURL = "https://1.2.3.4/auth/StartAuthentication?Target=gb&OA=https://oa.gv.at/"; + String form = new GetIdentityLinkFormBuilder().build(null, null, xmlRequest, dataURL, infoRequest, infoDataURL); + String formShould = MessageFormat.format( + FORM, new Object[] { BKU, xmlRequest, dataURL, infoRequest, infoDataURL }); + assertEquals(formShould, form); + } + public void testBuildCustomBKU() throws Exception { + String xmlRequest = new InfoboxReadRequestBuilder().build(); + String dataURL = "https://1.2.3.4/auth/AuthServlet/StartAuthentication?MOASessionID=1234567"; + String infoRequest = new CertInfoVerifyXMLSignatureRequestBuilder().build(); + String infoDataURL = "https://1.2.3.4/auth/StartAuthentication?Target=gb&OA=https://oa.gv.at/"; + String bkuURL = "http://bku.at/"; + String form = new GetIdentityLinkFormBuilder().build(null, bkuURL, xmlRequest, dataURL, infoRequest, infoDataURL); + String formShould = MessageFormat.format( + FORM, new Object[] { bkuURL, xmlRequest, dataURL, infoRequest, infoDataURL }); + assertEquals(formShould, form); + } + +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java new file mode 100644 index 000000000..b65fc9ecf --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/InfoboxReadRequestBuilderTest.java @@ -0,0 +1,29 @@ +package test.at.gv.egovernment.moa.id.auth.builder; + +import org.w3c.dom.Document; +import test.at.gv.egovernment.moa.id.UnitTestCase; + +import at.gv.egovernment.moa.id.auth.builder.InfoboxReadRequestBuilder; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class InfoboxReadRequestBuilderTest extends UnitTestCase implements Constants { + + public InfoboxReadRequestBuilderTest(String name) { + super(name); + } + + public void testBuild() throws Exception { + InfoboxReadRequestBuilder builder = new InfoboxReadRequestBuilder(); + String xmlBuilt = builder.build(); + Document docBuilt = DOMUtils.parseDocument(xmlBuilt, false, ALL_SCHEMA_LOCATIONS, null); + String xmlBuiltSerialized = DOMUtils.serializeNode(docBuilt); + // xmlShould was generated by Hot:Sign Tester + String xmlShould = "<?xml version='1.0' encoding='utf-8'?><sl10:InfoboxReadRequest xmlns:sl10='http://www.buergerkarte.at/namespaces/securitylayer/20020225#'><sl10:InfoboxIdentifier>IdentityLink</sl10:InfoboxIdentifier><sl10:BinaryFileParameters ContentIsXMLEntity='true'/></sl10:InfoboxReadRequest>"; + assertXmlEquals(xmlShould, xmlBuiltSerialized); + } +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java new file mode 100644 index 000000000..504679fd5 --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/PersonDataBuilderTest.java @@ -0,0 +1,51 @@ +package test.at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; +import at.gv.egovernment.moa.util.Constants; + +import test.at.gv.egovernment.moa.id.UnitTestCase; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class PersonDataBuilderTest extends UnitTestCase implements Constants { + + /** + * Constructor for PersonDataBuilderTest. + */ + public PersonDataBuilderTest(String arg) { + super(arg); + } + public void testBuild() throws Exception { + String xmlInfoboxReadResponse = readFile("data/test/xmldata/testperson1/InfoboxReadResponse.xml"); + IdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); + String xmlPersonData = new PersonDataBuilder().build(il, true); + String xmlPersonDataShould = "<pr:Person xsi:type=\"pr:PhysicalPersonType\"><pr:Identification><pr:Value>123456789012</pr:Value><pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type></pr:Identification><pr:Name><pr:GivenName>Hermann</pr:GivenName><pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName></pr:Name><pr:DateOfBirth>1968-10-22</pr:DateOfBirth></pr:Person>"; + assertPersonDataEquals(xmlPersonDataShould, xmlPersonData); + } + public void testBuildNoZMRZahl() throws Exception { + String xmlInfoboxReadResponse = readFile("data/test/xmldata/testperson1/InfoboxReadResponse.xml"); + IdentityLink il = new InfoboxReadResponseParser(xmlInfoboxReadResponse).parseIdentityLink(); + String xmlPersonData = new PersonDataBuilder().build(il, false); + String xmlPersonDataShould = XML_DECL + "<pr:Person xsi:type=\"pr:PhysicalPersonType\"><pr:Name><pr:GivenName>Hermann</pr:GivenName><pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName></pr:Name><pr:DateOfBirth>1968-10-22</pr:DateOfBirth></pr:Person>"; + assertPersonDataEquals(xmlPersonDataShould, xmlPersonData); + } + private void assertPersonDataEquals(String s1, String s2) throws Exception { + String ss1 = insertPrNS(s1); + String ss2 = insertPrNS(s2); + assertXmlEquals(ss1, ss2); + } + private String insertPrNS(String xmlPersonData) { + int startNS = xmlPersonData.indexOf("Person") + "Person".length() + 1; + String s = + xmlPersonData.substring(0, startNS) + + "xmlns:pr=\"" + PD_NS_URI + "\" " + + "xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" " + + xmlPersonData.substring(startNS); + return s; + } + +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java new file mode 100644 index 000000000..3ec73ee4c --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/SAMLArtifactBuilderTest.java @@ -0,0 +1,52 @@ +package test.at.gv.egovernment.moa.id.auth.builder; + +import at.gv.egovernment.moa.id.BuildException; +import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; +import at.gv.egovernment.moa.util.Base64Utils; + +import test.at.gv.egovernment.moa.id.UnitTestCase; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLArtifactBuilderTest extends UnitTestCase { + + private static final String AUTH_URL = "https://moa.gv.at/auth/"; + private static final String SESSION_ID_1 = "123456"; + private static final String SESSION_ID_2 = "123457"; + private static final String SESSION_ID_3 = "1234567"; + + private SAMLArtifactBuilder builder; + private byte[] artifact1; + private byte[] artifact2; + private byte[] artifact3; + + public SAMLArtifactBuilderTest(String name) { + super(name); + } + protected void setUp() throws Exception { + builder = new SAMLArtifactBuilder(); + artifact1 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1), false); + artifact2 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_2), false); + artifact3 = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_3), false); + } + + public void testBuildArtifactLength() throws BuildException { + assertEquals(42, artifact1.length); + assertEquals(42, artifact2.length); + assertEquals(42, artifact3.length); + } + public void testBuildSameArtifact() throws Exception { + byte[] artifact1Clone = Base64Utils.decode(builder.build(AUTH_URL, SESSION_ID_1), false); + assertEquals(new String(artifact1), new String(artifact1Clone)); + } + public void testBuildDifferentArtifacts() throws BuildException { + String msg = "SAML Artifacts should be different"; + assertFalse(msg, new String(artifact1).equals(new String(artifact2))); + assertFalse(msg, new String(artifact1).equals(new String(artifact3))); + assertFalse(msg, new String(artifact3).equals(new String(artifact2))); + } + + +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java new file mode 100644 index 000000000..5b3bb5906 --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/builder/VerifyXMLSignatureRequestBuilderTest.java @@ -0,0 +1,93 @@ +package test.at.gv.egovernment.moa.id.auth.builder; + +import java.io.FileInputStream; +import java.io.RandomAccessFile; + +import org.w3c.dom.Element; +import test.at.gv.egovernment.moa.id.auth.invoke.MOASPSSTestCase; + +import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; +import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; + + + +/** + * Test case for the signature verification web service. + * + * This test requires a running SignatureVerification web service. + * + * @author Stefan Knirsch + * @version $Id$ + */ +public class VerifyXMLSignatureRequestBuilderTest extends MOASPSSTestCase { + + + private SignatureVerificationInvoker caller; + + public VerifyXMLSignatureRequestBuilderTest(String name) { + super(name); + } + + public void setUp() { + System.setProperty( + ConfigurationProvider.CONFIG_PROPERTY_NAME, + "data/test/conf/ConfigurationTest.xml"); + caller = new SignatureVerificationInvoker(); + } + + public void testVerifyXMLSignatureRequestBuilderIdentityLink() throws Exception { + + RandomAccessFile infoBox = new RandomAccessFile( + "data/test/xmldata/testperson1/InfoboxReadResponse.xml","r"); + byte[] b = new byte[(int) infoBox.length()]; + infoBox.read(b); + infoBox.close(); + String xmlInfoboxReadResponse = new String(b, "UTF-8"); + + + RandomAccessFile vr = new RandomAccessFile( + "data/test/xmldata/standard/VerifyXMLSignatureRequestIdentityLink.xml","r"); + b = new byte[(int) vr.length()]; + vr.read(b); + vr.close(); + String xmlResponse = new String(b, "UTF-8"); + + InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); + IdentityLink idl = irrp.parseIdentityLink(); + VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder(); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + + Element requestBuild = vsrb.build(idl, authConf.getMoaSpIdentityLinkTrustProfileID()); + + assertXmlEquals(requestBuild, xmlResponse); + + } + + public void testVerifyXMLSignature2() throws Exception { + + RandomAccessFile s = new RandomAccessFile("data/test/xmldata/standard/CreateXMLSignatureResponse.xml","r"); + byte[] b = new byte[(int) s.length()]; + s.read(b); + s.close(); + String xmlCreateXMLSignatureResponse = new String(b, "UTF-8"); + + CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse); + CreateXMLSignatureResponse csr = cXMLsrp.parseResponse(); + + VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder(); + + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + + Element request = vsrb.build(csr, authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(), authConf.getMoaSpIdentityLinkTrustProfileID()); + + // check the result + assertXmlEquals(request, new FileInputStream("data/test/xmldata/standard/VerifyXMLSignatureRequestCreateXML.xml")); + + } + } diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java new file mode 100644 index 000000000..7ae6f70ef --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/MOASPSSTestCase.java @@ -0,0 +1,38 @@ +package test.at.gv.egovernment.moa.id.auth.invoke; + +import java.security.Security; + +import test.at.gv.egovernment.moa.id.UnitTestCase; + +/** + * Base class for end-to-end tests of MOA web-services. + * + * Initializes the test system and provides some properties. + * + * @author Patrick Peck + * @version $Id$ + */ +public class MOASPSSTestCase extends UnitTestCase { + + public MOASPSSTestCase(String name) { + super(name); + } + + + protected void setupSSL() { + System.setProperty("javax.net.debug", "all"); + Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); + System.setProperty( + "java.protocol.handler.pkgs", + "com.sun.net.ssl.internal.www.protocol"); + System.setProperty( + "javax.net.ssl.keyStore", + "data/test/security/client.keystore"); + System.setProperty("javax.net.ssl.keyStorePassword", "changeit"); + System.setProperty( + "javax.net.ssl.trustStore", + "data/test/security/client.keystore"); + System.setProperty("javax.net.ssl.trustStorePassword", "changeit"); + } + +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java new file mode 100644 index 000000000..e56dcde91 --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/invoke/SignatureVerificationTest.java @@ -0,0 +1,166 @@ +package test.at.gv.egovernment.moa.id.auth.invoke; + +import java.io.RandomAccessFile; + +import org.w3c.dom.Element; + +import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; +import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; +import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; +import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; +import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.util.DOMUtils; + + + +/** + * Test case for the signature verification web service. + * + * This test requires a running SignatureVerification web service. + * + * @author Patrick Peck + * @author Fatemeh Philippi + * @version $Id$ + */ +public class SignatureVerificationTest extends MOASPSSTestCase { + + + private SignatureVerificationInvoker caller; + + public SignatureVerificationTest(String name) { + super(name); + } + + public void setUp() { +System.setProperty( + ConfigurationProvider.CONFIG_PROPERTY_NAME, + "data/test/conf/ConfigurationTest.xml"); + caller = new SignatureVerificationInvoker(); + } + +/* public void testVerifyCMSSignature() throws Exception { + Element request = + parseXml("data/test/xml/VCSQ000.xml").getDocumentElement(); + Element result; + + // call the service + result = caller.verifyXMLSignature(request); + + // check the result + assertEquals("VerifyCMSSignatureResponse", result.getTagName()); + }*/ + + public void testVerifyXMLSignature1() throws Exception { + + //Momentan zeigt die Konfiguration als Endpunkt aus localhost:8081 zum + //Protokollieren per TCPMon... der ECHT Endpunkt ist 10.16.46.108:8080 + RandomAccessFile s = + new RandomAccessFile( + "data/test/xmldata/testperson1/InfoboxReadResponse.xml","r"); + byte[] b = new byte[(int) s.length()]; + s.read(b); + String xmlInfoboxReadResponse =new String(b,"UTF8"); + + InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); + IdentityLink idl = irrp.parseIdentityLink(); + VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder(); + + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + + Element request = vsrb.build(idl, authConf.getMoaSpIdentityLinkTrustProfileID()); + s =new RandomAccessFile("D://PatricksVerifyXMLSignatureRequestWithInfoboxReadResponse.xml","rw"); + s.write(DOMUtils.serializeNode(request).getBytes("UTF-8")); + s.close(); +// Element request = DOMUtils.parseDocument(vsrb.build(xmlInfoboxReadResponse,"TrustProfile1"),false,null,null).getDocumentElement(); +// Element request = DOMUtils.parseDocument(xmlInfoboxReadResponse,false,null,null).getDocumentElement(); +// call the service + Element response = caller.verifyXMLSignature(request); + VerifyXMLSignatureResponseParser vParser = new VerifyXMLSignatureResponseParser(response); + VerifyXMLSignatureResponse vData = vParser.parseData(); + VerifyXMLSignatureResponseValidator vValidate = VerifyXMLSignatureResponseValidator.getInstance(); + vValidate.validate(vData, authConf.getIdentityLinkX509SubjectNames(), VerifyXMLSignatureResponseValidator.CHECK_IDENTITY_LINK); + vValidate.validateCertificate(vData,idl); + + // check the result + assertXmlEquals(response, request); + + } + + public void testVerifyXMLSignature2() throws Exception { + // Prüft den 2. Aufruf mit dem CreateXMLSIgnatureResponse als Parameter + //Momentan zeigt die Konfiguration als Endpunkt aus localhost:8081 zum + //Protokollieren per TCPMon... der ECHT Endpunkt ist 10.16.46.108:8080 + RandomAccessFile s = + new RandomAccessFile( + "data/test/xmldata/standard/CreateXMLSignatureResponse.xml","r"); + byte[] b = new byte[(int) s.length()]; + s.read(b); + String xmlCreateXMLSignatureResponse = new String(b, "UTF8"); + + CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse); +// CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse); + CreateXMLSignatureResponse csr = cXMLsrp.parseResponse(); + + VerifyXMLSignatureRequestBuilder vsrb = new VerifyXMLSignatureRequestBuilder(); + + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + + Element request = vsrb.build(csr, authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(), authConf.getMoaSpIdentityLinkTrustProfileID()); + // Element request = DOMUtils.parseDocument(vsrb.build(xmlInfoboxReadResponse,"TrustProfile1"),false,null,null).getDocumentElement(); +// Element request = DOMUtils.parseDocument(xmlInfoboxReadResponse,false,null,null).getDocumentElement(); + Element result; +/*s =new RandomAccessFile("D://PatricksVerifyXMLSignatureRequestWithAuthBlock.xml","rw"); + s.write(DOMUtils.serializeNode(request).getBytes("UTF-8")); + s.close();*/ + // call the service + result = caller.verifyXMLSignature(request); + // check the result + assertEquals("VerifyXMLSignatureResponse", result.getTagName()); + + } + + + public void testParseCreateXMLSignatureResponse() throws Exception { + + //Später soll die Datei direkt vom Server geholt werden... + + RandomAccessFile s = + new RandomAccessFile( + "data/test/xmldata/standard/CreateXMLSignatureResponse.xml", + + "r"); + byte[] b = new byte[(int) s.length()]; + s.read(b); + String xmlCreateXMLSignatureResponse = new String(b, "UTF-8"); + + CreateXMLSignatureResponseParser cXMLsrp = new CreateXMLSignatureResponseParser(xmlCreateXMLSignatureResponse); + CreateXMLSignatureResponse csr = cXMLsrp.parseResponse(); + + } + + public void testParseVerifyXMLSignatureResponse() throws Exception { + + //Später soll die Datei direkt vom Server geholt werden... + + RandomAccessFile s = + new RandomAccessFile( + "data/test/xmldata/standard/VerifyXMLSignaterResponse.xml", + + "r"); + byte[] b = new byte[(int) s.length()]; + s.read(b); + String xmlVerifyXMLSignatureResponse = new String(b, "UTF-8"); + + VerifyXMLSignatureResponseParser vXMLsrp = new VerifyXMLSignatureResponseParser(xmlVerifyXMLSignatureResponse); + VerifyXMLSignatureResponse vsr = vXMLsrp.parseData(); + + } + + + } diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/AllTests.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/AllTests.java new file mode 100644 index 000000000..84f5110b0 --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/AllTests.java @@ -0,0 +1,29 @@ +package test.at.gv.egovernment.moa.id.auth.parser; + +import junit.awtui.TestRunner; +import junit.framework.Test; +import junit.framework.TestSuite; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class AllTests { + + public static Test suite() { + TestSuite suite = new TestSuite(); + + suite.addTestSuite(IdentityLinkAssertionParserTest.class); + suite.addTestSuite(SAMLArtifactParserTest.class); + + return suite; + } + + public static void main(String[] args) { + try { + TestRunner.run(AllTests.class); + } catch (Exception e) { + e.printStackTrace(); + } + } +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java new file mode 100644 index 000000000..77eb360bc --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/IdentityLinkAssertionParserTest.java @@ -0,0 +1,137 @@ +package test.at.gv.egovernment.moa.id.auth.parser; + +import iaik.security.rsa.RSAPublicKey; + +import java.io.FileOutputStream; +import java.io.RandomAccessFile; +import java.security.PublicKey; + +import org.w3c.dom.Document; + +import test.at.gv.egovernment.moa.id.UnitTestCase; + +import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.ECDSAKeyValueConverter; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; +import at.gv.egovernment.moa.id.auth.validator.IdentityLinkValidator; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class IdentityLinkAssertionParserTest extends UnitTestCase { + + IdentityLinkAssertionParser ilap; + + public IdentityLinkAssertionParserTest(String name) { + super(name); + } + + public void setUp() { + try { + RandomAccessFile s = + new RandomAccessFile( + "data/test/xmldata/testperson1/InfoboxReadResponse.xml", + "r"); + byte[] b = new byte[(int) s.length()]; + s.read(b); + String xmlInfoboxReadResponse = new String(b, "UTF-8"); + + InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); + ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion()); + } + catch (Exception e) { + e.printStackTrace(); + } + } + + public void testParseIdentityLink() throws Exception { + IdentityLink idl = ilap.parseIdentityLink(); + System.out.println(idl.getGivenName()); + System.out.println(idl.getFamilyName()); + System.out.println(idl.getDateOfBirth()); + System.out.println(idl.getIdentificationValue()); + + VerifyXMLSignatureRequestBuilder vx = new VerifyXMLSignatureRequestBuilder(); + + // Element zurück bekommen: vx.build(idl.getSamlAssertion()); + + IdentityLinkValidator idVali = IdentityLinkValidator.getInstance(); + idVali.validate(idl); + + } + + public void testParseIdentityLinkECC() throws Exception { + RandomAccessFile s = + new RandomAccessFile( + "data/test/xmldata/IL.ResponseToRequest.01.ECDSA.xml", + "r"); + byte[] b = new byte[(int) s.length()]; + s.read(b); + String xmlInfoboxReadResponse = new String(b); + InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); + String SAML = irrp.parseSAMLAssertion(); + ilap = new IdentityLinkAssertionParser(SAML); + IdentityLink idl = ilap.parseIdentityLink(); + System.out.println(idl.getGivenName()); + System.out.println(idl.getFamilyName()); + System.out.println(idl.getDateOfBirth()); + System.out.println(idl.getIdentificationValue()); + + VerifyXMLSignatureRequestBuilder vx = new VerifyXMLSignatureRequestBuilder(); + + // Element zurück bekommen: vx.build(idl.getSamlAssertion()); + + IdentityLinkValidator idVali = IdentityLinkValidator.getInstance(); + idVali.validate(idl); + + } + + public void testRSAPublicKeys() throws Exception { + if (ilap.getPublicKeys()[0].getClass().getName().equals("iaik.security.rsa.RSAPublicKey")) + { + + for (int i = 0; i < ilap.getPublicKeys().length; i++) { + RSAPublicKey result = (RSAPublicKey)ilap.getPublicKeys()[i]; + System.out.println("RSA Public Key No" + i); + System.out.println("Modulus: " + result.getModulus()); + System.out.println("Exponent: " + result.getPublicExponent()); + } + + } + } + + public void testECDSAPublicKeys() throws Exception { + + RandomAccessFile s = + new RandomAccessFile( + "data/test/xmldata/ECDSAKeyExample.xml", + "r"); + byte[] b = new byte[(int) s.length()]; + s.read(b); + String ecdsaKey = new String(b, "UTF-8"); + Document e = DOMUtils.parseDocument(ecdsaKey,true,Constants.ALL_SCHEMA_LOCATIONS, null); + PublicKey p = ECDSAKeyValueConverter.element2ECDSAPublicKey(e.getDocumentElement()); + + } + + + public void testDsigCertificates() throws Exception { + + String[] result = ilap.getCertificates(); + for (int i = 0; i < result.length; i++) { + + System.out.println("DSIG Certificate Length: " + result[i].length() + " No" + i + "\n" + result[i]); + FileOutputStream raf = new FileOutputStream("data/test/certs/cert" + i + ".cer"); + raf.write(result[i].getBytes()); + raf.flush(); + raf.close(); + } + + } + +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java new file mode 100644 index 000000000..9a878be2c --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/InfoboxReadResponseParserTest.java @@ -0,0 +1,67 @@ +package test.at.gv.egovernment.moa.id.auth.parser; + +import java.io.RandomAccessFile; + +import test.at.gv.egovernment.moa.id.UnitTestCase; + +import at.gv.egovernment.moa.id.auth.data.IdentityLink; +import at.gv.egovernment.moa.id.auth.parser.IdentityLinkAssertionParser; +import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class InfoboxReadResponseParserTest extends UnitTestCase { + + IdentityLinkAssertionParser ilap; + + public InfoboxReadResponseParserTest(String name) { + super(name); + } + + public void setUp() { + } + + public void testParseInfoboxReadResponse() throws Exception { + RandomAccessFile s = + new RandomAccessFile( + "data/test/xmldata/testperson1/InfoboxReadResponse.xml", + "r"); + byte[] b = new byte[(int) s.length()]; + s.read(b); + String xmlInfoboxReadResponse = new String(b, "UTF-8"); + + InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); + ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion()); + + IdentityLink idl = ilap.parseIdentityLink(); + System.out.println(idl.getGivenName()); + System.out.println(idl.getFamilyName()); + System.out.println(idl.getDateOfBirth()); + System.out.println(idl.getIdentificationValue()); + + } + + public void testParseInfoboxReadResponseError() throws Exception { + RandomAccessFile s = + new RandomAccessFile( + "data/test/xmldata/ErrorResponse.xml", + "r"); + byte[] b = new byte[(int) s.length()]; + s.read(b); + String xmlInfoboxReadResponse = new String(b, "UTF-8"); + + InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(xmlInfoboxReadResponse); + ilap = new IdentityLinkAssertionParser(irrp.parseSAMLAssertion()); + + IdentityLink idl = ilap.parseIdentityLink(); + System.out.println(idl.getGivenName()); + System.out.println(idl.getFamilyName()); + System.out.println(idl.getDateOfBirth()); + System.out.println(idl.getIdentificationValue()); + + } + + +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java new file mode 100644 index 000000000..992e799bd --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/parser/SAMLArtifactParserTest.java @@ -0,0 +1,55 @@ +package test.at.gv.egovernment.moa.id.auth.parser; + +import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; +import at.gv.egovernment.moa.id.auth.parser.SAMLArtifactParser; +import at.gv.egovernment.moa.id.util.Random; +import test.at.gv.egovernment.moa.id.UnitTestCase; + +/* + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLArtifactParserTest extends UnitTestCase { + + private static String URL1 = "http://moa.gv.at/auth"; + private static String URL2 = "https://moa.gv.at/auth"; + + public SAMLArtifactParserTest(String name) { + super(name); + } + + public void testParseTypeCode() throws Exception { + String sessionID = Random.nextRandom(); + String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID); + byte[] typeCode = new SAMLArtifactParser(samlArtifact).parseTypeCode(); + assertEquals(typeCode[0], 0); + assertEquals(typeCode[1], 1); + } + public void testParseAssertionHandleSameSessionID() throws Exception { + // SAML artifacts for different authURL's but same sessionID MUST give same assertion handle + String sessionID = Random.nextRandom(); + String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID); + String samlArtifact2 = new SAMLArtifactBuilder().build(URL2, sessionID); + String assertionHandle1 = new SAMLArtifactParser(samlArtifact1).parseAssertionHandle(); + String assertionHandle2 = new SAMLArtifactParser(samlArtifact2).parseAssertionHandle(); + assertEquals(assertionHandle1, assertionHandle2); + } + public void testParseAssertionHandleSameURL() throws Exception { + // SAML artifacts for same authURL but different sessionID's MUST give different assertion handles + String sessionID1 = Random.nextRandom(); + String sessionID2 = Random.nextRandom(); + String samlArtifact1 = new SAMLArtifactBuilder().build(URL1, sessionID1); + String samlArtifact2 = new SAMLArtifactBuilder().build(URL1, sessionID2); + String assertionHandle1 = new SAMLArtifactParser(samlArtifact1).parseAssertionHandle(); + String assertionHandle2 = new SAMLArtifactParser(samlArtifact2).parseAssertionHandle(); + assertFalse(assertionHandle1.equals(assertionHandle2)); + } + public void testParseAssertionHandleSameSAMLArtifact() throws Exception { + // SAML artifact parsed twice MUST give same assertion handle each time + String sessionID = Random.nextRandom(); + String samlArtifact = new SAMLArtifactBuilder().build(URL1, sessionID); + String assertionHandle1 = new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); + String assertionHandle2 = new SAMLArtifactParser(samlArtifact).parseAssertionHandle(); + assertEquals(assertionHandle1, assertionHandle2); + } +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataServiceTest.java b/id.server/src/test/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataServiceTest.java new file mode 100644 index 000000000..c78651fdb --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/auth/servlet/GetAuthenticationDataServiceTest.java @@ -0,0 +1,91 @@ +package test.at.gv.egovernment.moa.id.auth.servlet; + +import org.w3c.dom.Element; + +import test.at.gv.egovernment.moa.id.UnitTestCase; + +import at.gv.egovernment.moa.id.auth.servlet.GetAuthenticationDataService; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; +import at.gv.egovernment.moa.util.XPathUtils; + +/** + * Test case instantiates GetAuthenticationDataService and calls the Request() method. + * It DOES NOT call the web service via Axis. + * + * @author Paul Ivancsics + * @version $Id$ + */ +public class GetAuthenticationDataServiceTest extends UnitTestCase implements Constants { + + private GetAuthenticationDataService service; + + public GetAuthenticationDataServiceTest(String arg0) { + super(arg0); + } + protected void setUp() throws Exception { + service = new GetAuthenticationDataService(); + } + + public void testService2Requests() throws Exception { + String requestString = + "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + + "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" + + "<saml:AssertionIDReference>123</saml:AssertionIDReference>" + + "</samlp:Request>"; + Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + Element response = service.Request(new Element[] {request, request})[0]; + assertStatus(response, "samlp:Requester", "samlp:TooManyResponses"); + } + public void testServiceNoSAMLArtifact() throws Exception { + String requestString = + "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + + "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" + + "<saml:AssertionIDReference>123</saml:AssertionIDReference>" + + "</samlp:Request>"; + Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + Element response = service.Request(new Element[] {request})[0]; + assertStatus(response, "samlp:Requester", null); + } + public void testService2SAMLArtifacts() throws Exception { + String requestString = + "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + + "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" + + "<samlp:AssertionArtifact>123</samlp:AssertionArtifact>" + + "<samlp:AssertionArtifact>456</samlp:AssertionArtifact>" + + "</samlp:Request>"; + Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + Element response = service.Request(new Element[] {request})[0]; + assertStatus(response, "samlp:Requester", "samlp:TooManyResponses"); + } + public void testServiceWrongFormat() throws Exception { + String requestString = + "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + + "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" + + "</samlp:Request>"; + Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + Element response = service.Request(new Element[] {request})[0]; + assertStatus(response, "samlp:Requester", null); + } + public void testServiceWrongSAMLArtifact() throws Exception { + String requestString = + "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>" + + "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" RequestID=\"123456\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-02-13T13:59:00\">" + + "<samlp:AssertionArtifact>WRONGARTIFACT</samlp:AssertionArtifact>" + + "</samlp:Request>"; + Element request = DOMUtils.parseDocument(requestString, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + Element response = service.Request(new Element[] {request})[0]; + assertStatus(response, "samlp:Requester", "samlp:ResourceNotRecognized"); + } + private void assertStatus(Element response, String statusCodeShould, String subStatusCodeShould) throws Exception { + Element statusCodeNode = (Element)XPathUtils.selectSingleNode(response, "//samlp:StatusCode"); + String statusCode = statusCodeNode.getAttribute("Value"); + Element subStatusCodeNode = (Element)XPathUtils.selectSingleNode(statusCodeNode, "//samlp:StatusCode/samlp:StatusCode"); + String subStatusCode = subStatusCodeNode == null ? null : subStatusCodeNode.getAttribute("Value"); + System.out.println(statusCode + subStatusCode); + assertEquals(statusCodeShould, statusCode); + assertEquals(subStatusCodeShould, subStatusCode); + } + + +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/config/auth/MOAIDAuthConfigurationProviderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/config/auth/MOAIDAuthConfigurationProviderTest.java new file mode 100644 index 000000000..7935c5179 --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/config/auth/MOAIDAuthConfigurationProviderTest.java @@ -0,0 +1,112 @@ +package test.at.gv.egovernment.moa.id.config.auth; + +import java.util.Map; + +import test.at.gv.egovernment.moa.id.UnitTestCase; + +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; + +/** + * @author Stefan Knirsch + * @version $Id$ + */ +public class MOAIDAuthConfigurationProviderTest extends UnitTestCase { + private AuthConfigurationProvider provider; + + /** + * Constructor for MOAAuthConfigTest. + * @param name + */ + public MOAIDAuthConfigurationProviderTest(String name) { + super(name); + } + + protected void setUp() throws Exception { + + provider = + new AuthConfigurationProvider(TESTDATA_ROOT + "conf/ConfigurationTest.xml"); + + } + public void testGetTransformsInfoFileNames() { + String[] transformsInfoFileNames; + transformsInfoFileNames = provider.getTransformsInfoFileNames(); +// for (int i = 0; i < transformsInfoFileNames.length; i++) { +// System.out.println( +// "getTransformsInfoFileNames: " + transformsInfoFileNames[i]); + assertEquals(transformsInfoFileNames[0],"http://StringsecLayerTranformsInfo1"); + assertEquals(transformsInfoFileNames[1],"http://StringsecLayerTranformsInfo2"); +// } + + } + + public void testGetMOASPConnectionParameters() { + ConnectionParameter cp; + cp = provider.getMoaSpConnectionParameter(); + assertEquals(cp.getUrl(),"MOA-SP-URL"); + assertEquals(cp.getAcceptedServerCertificates(),"http://AcceptedServerCertificates"); + assertEquals(cp.getClientKeyStorePassword(),"Keystore Pass"); + assertEquals(cp.getClientKeyStore(),"URLtoClientKeystoreAUTH"); +/* System.out.println(); + System.out.println("getMoaSpConnectionParameter :" + cp.getUrl()); + System.out.println( + "getMoaSpConnectionParameter :" + cp.getAcceptedServerCertificates()); + System.out.println( + "getMoaSpConnectionParameter :" + cp.getClientKeyStorePassword()); + System.out.println( + "getMoaSpConnectionParameter :" + cp.getClientKeyStore());*/ + } + public void testGetMoaSpIdentityLinkTrustProfileID() { + + assertEquals(provider.getMoaSpIdentityLinkTrustProfileID(),"StringVerifyIdentiyLinkTrustID"); + + } + public void testGetMoaSpAuthBlockTrustProfileID() { + assertEquals(provider.getMoaSpAuthBlockTrustProfileID(),"StringVerifyAuthBlockTransformID"); + } + + public void testGetMoaSpAuthBlockVerifyTransformsInfoIDs() { + String[] result = provider.getMoaSpAuthBlockVerifyTransformsInfoIDs(); + assertEquals(result[0],"StringVerifyTransformsInfoID1"); + assertEquals(result[1],"StringVerifyTransformsInfoID2"); + + } + + public void testGetOnlineApplicationAuthParameter() { + OAAuthParameter[] result = provider.getOnlineApplicationParameters(); + + assertEquals(result[0].getPublicURLPrefix(),"StringOALoginURL"); + assertEquals(result[0].getProvideZMRZahl(),false); + assertEquals(result[0].getProvideAuthBlock(),false); + assertEquals(result[0].getProvideIdentityLink(),false); + + assertEquals(result[1].getPublicURLPrefix(),"StringOALoginURL2"); + assertEquals(result[1].getProvideZMRZahl(),true); + assertEquals(result[1].getProvideAuthBlock(),true); + assertEquals(result[1].getProvideIdentityLink(),true); + + +/* for (int i = 0; i < result.length; i++) { + System.out.println(); + System.out.println("getOnlineApplicationParameters Url: " + result[i].getUrl()); + System.out.println("getOnlineApplicationParameters ProvideZMRZahl: " + result[i].getProvideZMRZahl()); + System.out.println("getOnlineApplicationParameters ProvideAuthBlock: " + result[i].getProvideAuthBlock()); + System.out.println("getOnlineApplicationParameters ProvideIdentityLink: " + result[i].getProvideIdentityLink()); + }*/ + } + + public void testGetGenericConfiguration() { + Map result = provider.getGenericConfiguration(); + assertEquals(result.containsKey("Generic Name 1"),true); + assertEquals(result.containsKey("Generic Name 2"),true); + assertEquals(result.get("Generic Name 1"),"Value1"); + assertEquals(result.get("Generic Name 2"),"Value2"); + /* for (Iterator iter = result.keySet().iterator(); iter.hasNext();) { + String element = (String) iter.next(); + System.out.println("getGenericConfiguration Key:" + element); + System.out.println("getGenericConfiguration Value:" + result.get(element)); + }*/ + } + +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/config/proxy/MOAIDProxyConfigurationProviderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/config/proxy/MOAIDProxyConfigurationProviderTest.java new file mode 100644 index 000000000..12eddf8c3 --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/config/proxy/MOAIDProxyConfigurationProviderTest.java @@ -0,0 +1,127 @@ +package test.at.gv.egovernment.moa.id.config.proxy; + +import java.util.Map; + +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.proxy.OAConfiguration; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; +import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; + +import test.at.gv.egovernment.moa.id.UnitTestCase; + + + +/** + * @author Stefan Knirsch + * @version $Id$ + */ +public class MOAIDProxyConfigurationProviderTest extends UnitTestCase { + private ProxyConfigurationProvider provider; + + /** + * Constructor for MOAProxyConfigTest. + * @param name + */ + public MOAIDProxyConfigurationProviderTest(String name) { + super(name); + } + + protected void setUp() throws Exception { + + provider = +// new ProxyConfigurationProvider(TESTDATA_ROOT + "conf/ConfigurationTest.xml"); + new ProxyConfigurationProvider("data/deploy/conf/moa-id/ConfigurationTest.xml"); + } + public void testGetAuthComponentConnectionParameter() + { + ConnectionParameter cp; + cp = provider.getAuthComponentConnectionParameter(); + assertEquals(cp.getUrl(),"AuthComponentURL"); + assertEquals( cp.getAcceptedServerCertificates(),"http://www.altova.com"); + assertEquals(cp.getClientKeyStorePassword(),"String"); + assertEquals(cp.getClientKeyStore(),"http://www.altova.com"); + /* System.out.println(); + System.out.println("getProxyComponentConnectionParameter :" + cp.getUrl()); + System.out.println( + "getProxyComponentConnectionParameter :" + cp.getAcceptedServerCertificates()); + System.out.println( + "getProxyComponentConnectionParameter :" + cp.getClientKeyStorePassword()); + System.out.println( + "getProxyComponentConnectionParameter :" + cp.getClientKeyStore());*/ +} + + public void testGetOAProxyParameter() { + OAProxyParameter[] result = provider.getOnlineApplicationParameters(); + + assertEquals("http://localhost:9080/", result[0].getPublicURLPrefix()); + assertEquals("file:data/test/conf/OAConfParamAuth.xml", result[0].getConfigFileURL()); + assertEquals(10, result[0].getSessionTimeOut()); + assertEquals("StringloginParameterResolverImpl1", result[0].getLoginParameterResolverImpl()); + assertEquals("StringconnectionBuilderImpl1", result[0].getConnectionBuilderImpl()); + + assertEquals("ProxyComponentURL", result[0].getConnectionParameter().getUrl()); + assertEquals("url:AcceptedServerCertificates", result[0].getConnectionParameter().getAcceptedServerCertificates()); + assertEquals("URL:toClientKeystoreOA", result[0].getConnectionParameter().getClientKeyStore()); + assertEquals("ClientKeystoreOAPAss", result[0].getConnectionParameter().getClientKeyStorePassword()); + + assertEquals("StringOALoginURL2", result[1].getPublicURLPrefix()); + assertEquals("file:data/test/conf/OAConfHeaderAuth.xml", result[1].getConfigFileURL()); + assertEquals(20, result[1].getSessionTimeOut()); + assertEquals("StringloginParameterResolverImpl2",result[1].getLoginParameterResolverImpl()); + assertEquals("StringconnectionBuilderImpl2", result[1].getConnectionBuilderImpl()); + + assertEquals("ProxyComponentURL2", result[1].getConnectionParameter().getUrl()); + assertEquals("url:AcceptedServerCertificates2", result[1].getConnectionParameter().getAcceptedServerCertificates()); + assertEquals("URL:toClientKeystoreOA2", result[1].getConnectionParameter().getClientKeyStore()); + assertEquals("ClientKeystoreOAPAss2", result[1].getConnectionParameter().getClientKeyStorePassword()); + + assertEquals("StringOALoginURL3", result[2].getPublicURLPrefix()); + assertEquals("file:data/test/conf/OAConfBasicAuth.xml", result[2].getConfigFileURL()); + assertEquals(20, result[2].getSessionTimeOut()); + assertEquals("StringloginParameterResolverImpl3",result[2].getLoginParameterResolverImpl()); + assertEquals("StringconnectionBuilderImpl3", result[2].getConnectionBuilderImpl()); + + assertEquals("ProxyComponentURL3", result[2].getConnectionParameter().getUrl()); + assertEquals("url:AcceptedServerCertificates3", result[2].getConnectionParameter().getAcceptedServerCertificates()); + assertEquals("URL:toClientKeystoreOA3", result[2].getConnectionParameter().getClientKeyStore()); + assertEquals("ClientKeystoreOAPAss3", result[2].getConnectionParameter().getClientKeyStorePassword()); + } + + public void testGetGenericConfiguration() { + Map result = provider.getGenericConfiguration(); + assertEquals(true, result.containsKey("authenticationSessionTimeOut")); + assertEquals(true, result.containsKey("authenticationDataTimeOut")); + assertEquals("600", result.get("authenticationSessionTimeOut")); + assertEquals("120", result.get("authenticationDataTimeOut")); + } + + public void testOAConfigurationProvider() throws Exception + { + OAProxyParameter[] result = provider.getOnlineApplicationParameters(); + // für jeden Parameter müsste theoretisch bereits ein Provider instanziiert worden sein, + // aus diesem Grund braucht man NICHT mehr die File-URL anzugeben, PublicURLPrefix reicht + + // sollte ParamAuth sein + OAConfiguration oac1 = result[0].getOaConfiguration(); + assertEquals(OAConfiguration.PARAM_AUTH, oac1.getAuthType()); + assertEquals("MOADateOfBirth", oac1.getParamAuthMapping().get("Param1")); + assertEquals("MOAVPK", oac1.getParamAuthMapping().get("Param2")); + // sollte HeaderAuth sein + OAConfiguration oac2 = result[1].getOaConfiguration(); + assertEquals(OAConfiguration.HEADER_AUTH, oac2.getAuthType()); + assertEquals("MOAPublicAuthority", oac2.getHeaderAuthMapping().get("Param1")); + assertEquals("MOABKZ", oac2.getHeaderAuthMapping().get("Param2")); + assertEquals("MOAQualifiedCertificate", oac2.getHeaderAuthMapping().get("Param3")); + assertEquals("MOAZMRZahl", oac2.getHeaderAuthMapping().get("Param4")); + assertEquals("MOAIPAddress", oac2.getHeaderAuthMapping().get("Param5")); + + // sollte BasicAuth sein + OAConfiguration oac3 = result[2].getOaConfiguration(); + assertEquals(OAConfiguration.BASIC_AUTH, oac3.getAuthType()); + assertEquals("MOAGivenName", oac3.getBasicAuthUserIDMapping()); + assertEquals("MOAFamilyName", oac3.getBasicAuthPasswordMapping()); + //Fehlerfall: + + + } +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/AllTests.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/AllTests.java new file mode 100644 index 000000000..2dd6cd35e --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/proxy/AllTests.java @@ -0,0 +1,31 @@ +package test.at.gv.egovernment.moa.id.proxy; + +import test.at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilderTest; +import test.at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParserTest; +import junit.awtui.TestRunner; +import junit.framework.Test; +import junit.framework.TestSuite; + +/** + * @author Paul Ivancsics + * @version $Id$ + */ +public class AllTests { + + public static Test suite() { + TestSuite suite = new TestSuite(); + + suite.addTestSuite(SAMLRequestBuilderTest.class); + suite.addTestSuite(SAMLResponseParserTest.class); + + return suite; + } + + public static void main(String[] args) { + try { + TestRunner.run(AllTests.class); + } catch (Exception e) { + e.printStackTrace(); + } + } +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java new file mode 100644 index 000000000..aec14ce1c --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/DOMTreeCompare.java @@ -0,0 +1,462 @@ +package test.at.gv.egovernment.moa.id.proxy.builder; + +import java.io.PrintStream; +import java.util.ArrayList; + +import org.w3c.dom.Element; +import org.w3c.dom.NamedNodeMap; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.w3c.dom.Text; + +import at.gv.egovernment.moa.util.Base64Utils; + +/** + * @author Administrator + * + * To change this generated comment edit the template variable "typecomment": + * Window>Preferences>Java>Templates. + * To enable and disable the creation of type comments go to + * Window>Preferences>Java>Code Generation. + */ +public class DOMTreeCompare { + + boolean debug = true; + + private static PrintStream Log = null; + + static + { + Log = System.out; + } + + public boolean compareElements(Element root1, Element root2) + { + //Log.println("----- Compare Elements:"+root1.getNodeName()+" "+root2.getNodeName()); + filterTree(root1); + filterTree(root2); + return compareNodes(root1,root2,0,"root/",false); + } + + private boolean compareNodes(Node n1, Node n2, int level,String path,boolean attribute) + { + /*try { + Log.println(DOMUtils.serializeNode(n1)); + } + catch(Exception e) + { + e.printStackTrace(); + }*/ + boolean equal = false; + //Log.println("----- Compare Node "+level+":"+n1+" "+n2); + //Log.println("----- Compare Node "+level+":"+n1.getNodeName()+" "+n2.getNodeName()); + //Log.println("----- Checking:"+path+getPathString(n1)); + NodeList nl1 = n1.getChildNodes(); + NodeList nl2 = n2.getChildNodes(); + + int size1 = nl1.getLength(); + int size2 = nl2.getLength(); + + if(debug)display_one(n1); + if(debug)display_one(n2); + + + if(debug) + if(n1.getNodeName().equals("Base64Content") && n2.getNodeName().equals("Base64Content")) + { + try { + Log.println("CONT:"+new String(Base64Utils.decode(strip(n1.getChildNodes().item(0).getNodeValue()),false))); + Log.println("CONT:"+new String(Base64Utils.decode(strip(n2.getChildNodes().item(0).getNodeValue()),false))); + } + catch(Exception e) + { + e.printStackTrace(); + } + } + + if(size1 != size2) + { + Log.println("----- Anzahl der Kinder nicht gleich:"+path+getPathString(n1)+":"+getPathString(n2)); + return false; + } + + equal = compareNodeExact(n1,n2,level,path+getPathString(n1)+"/"); + if(!equal) + { + Log.println("----- Knoten sind nicht identisch:"+path+getPathString(n1)); + return false; + } + + if(n1.hasAttributes() || n2.hasAttributes()) + { + equal = compareNodeAttriubtes(n1,n2,level+1,path+getPathString(n1)+"/(a)"); + if(!equal) + { + Log.println("----- Attribute stimmen nicht überein:"+path+getPathString(n1)); + return false; + } + } + if(size1==0) + { + return true; + } + + for(int counter=0;counter<size1;counter++) + { + boolean found = false; + Node comp_n1 = nl1.item(counter); + + //if(comp_n1==null) return false; + + Node comp_n2 = null; + size2 = nl2.getLength(); + for(int counter2=0;counter2<size2;counter2++) + { + comp_n2 = nl2.item(counter2); + + /*equal = compareNodeExact(comp_n1,comp_n2,level+1); + if(equal) return false;*/ + //Log.println("COMP_N1:"+comp_n1); + //Log.println("COMP_N2:"+comp_n2); + equal = compareNodes(comp_n1,comp_n2,level+1,path+getPathString(comp_n1)+"/",false); + if(equal) + { + n2.removeChild(comp_n2); + counter2=size2; + nl2 = n2.getChildNodes(); + size2 = nl2.getLength(); + } + + } + + if(!equal) + { + Log.println("----- Keine Übereinstimmung gefunden:"+path+getPathString(comp_n1)); + return false; + } + } + return true; + } + + private boolean compareNodeExact(Node n1,Node n2,int level,String path) + { + if(n1.getNodeType() == Node.TEXT_NODE) + { + Text textnode = (Text)n1; + /*Log.println("----- *****"+textnode.getNodeName()); + Log.println("----- *****"+textnode.getParentNode().getNodeName()); + Log.println("----- *****"+textnode.getNodeValue());*/ + } + + //Log.println("----- Checking:"+path); + String n1_name = n1.getNodeName(); + String n2_name = n2.getNodeName(); + /*Log.println("----- !!!!!"+n1.getNodeName()); + Log.println("----- !!!!!"+n1.getNodeValue()); + Log.println("----- !!!!!"+n1.getLocalName()); + Log.println("----- !!!!!"+n1.getPrefix()); + Log.println("----- !!!!!"+n1.getNextSibling()); + Log.println("----- !!!!!"+n1.getPreviousSibling());*/ + + //Log.println("----- Compare Node "+level+":"+n1_name+" "+n2_name); + if(!((n1_name==null && n2_name==null) || + (n1_name!=null && n2_name!=null && n1_name.equals(n2_name)))) + { + Log.println("----- Name stimmt nicht überein:"+path); + return false; + } + + //Log.println("----- Compare Node "+level+":"+n1.getNodeType()+" "+n2.getNodeType()); + if(n1.getNodeType() != n2.getNodeType()) + { + Log.println("----- Knotentyp stimmt nicht überein:"+path); + return false; + } + + String n1_ns = n1.getPrefix(); + String n2_ns = n2.getPrefix(); + //Log.println("----- Compare Node "+level+":"+n1_ns+" "+n2_ns); + if(!((n1_ns==null && n2_ns==null) || + (n1_ns!=null && n2_ns!=null && n1_ns.equals(n2_ns)))) + { + Log.println("----- NameSpace stimmt nicht überein:"+path); + return false; + } + + String n1_value = n1.getNodeValue(); + String n2_value = n2.getNodeValue(); + + boolean special = false; + special = specialValues(n1_value,n2_value,path); + if(special) return true; + + //Log.println("----- Compare Node "+level+":"+n1_value+" "+n2_value); + if(!((n1_value==null && n2_value==null) || + (n1_value!=null && n2_value!=null && n1_value.equals(n2_value)))) + { + Log.println("----- Wert stimmt nicht überein:"+path); + Log.println("----- Value1:\n"+n1_value); + Log.println("----- Value2:\n"+n2_value); + return false; + } + + + return true; + } + + private boolean compareNodeAttriubtesWithoutSize(Node n1, Node n2, int level,String path) + { + return true; + } + + private boolean compareNodeAttriubtes(Node n1, Node n2, int level,String path) + { + //Log.println("----- Compare NodeAttributes "+level+":"+n1.getNodeName()+" "+n2.getNodeName()); + Element n1elem = (Element)n1; + Element n2elem = (Element)n2; + + NamedNodeMap nnm1 = n1.getAttributes(); + NamedNodeMap nnm2 = n2.getAttributes(); + + int size1 = 0; + int size2 = 0; + + boolean specialattrs = specialAttributesSize(path); + + if(!specialattrs) + { + + if(nnm1==null && nnm2==null) return true; + if(nnm1==null || nnm2==null) + { + Log.println("----- Anzahl der Attribute nicht gleich:"+path+":"+getPathString(n1)); + return false; + } + size1 = nnm1.getLength(); + size2 = nnm2.getLength(); + + if(size1 != size2) + { + Log.println("----- Anzahl der Attribute nicht gleich:"+path+":"+getPathString(n1)); + return false; + } + + } + else + { + return compareNodeAttriubtesWithoutSize(n1,n2,level,path); + } + + for(int counter=0;counter<size1;counter++) + { + Node attribute_node1 = nnm1.item(counter); + Node attribute_node2 = nnm2.item(counter); + + String attr1_name = attribute_node1.getNodeName(); + String attr2_name = attribute_node2.getNodeName(); + + String value1 = n1elem.getAttribute(attr1_name); + String value2 = n2elem.getAttribute(attr2_name); + + boolean special = false; + + special = specialAttributes(path,attr1_name,value1,attr2_name,value2); + if(special) + { + return special; + } + + if(!value1.equals(value2)) + { + Log.println("----- Keine Übereinstimmung gefunden:"+path+getPathString(n1)); + return false; + } + } + + return true; + } + + private boolean checkNode(Node base,String name) + { + if(base.getNodeName().equals(name)) + { + return true; + } + + NodeList children = base.getChildNodes(); + int size = children.getLength(); + for(int counter=0;counter<size;counter++) + { + boolean found = checkNode(children.item(counter),name); + if(found) return true; + } + return false; + } + + private void display_one(Node base) + { + int att_size=0; + if(base.getAttributes()!=null) + { + att_size=base.getAttributes().getLength(); + } + if(base.getNodeName().equals("#text")) + Log.println(base.getNodeName()+base.getChildNodes().getLength()+":"+att_size+" ("+base.getNodeValue()+")"); + else + Log.println(base.getNodeName()+base.getChildNodes().getLength()+":"+att_size); + } + + private void display(Node base) + { + display(base,1); + } + + private void display(Node base,int level) + { + String spacer = ""; + for(int counter=0;counter<level;counter++) + { + spacer+=" "; + } + + int att_size=0; + if(base.getAttributes()!=null) + { + att_size=base.getAttributes().getLength(); + } + if(base.getNodeName().equals("#text")) + Log.println(spacer+base.getNodeName()+base.getChildNodes().getLength()+":"+att_size+" ("+base.getNodeValue()+")"); + else + Log.println(spacer+base.getNodeName()+base.getChildNodes().getLength()+":"+att_size); + + NodeList children = base.getChildNodes(); + int size = children.getLength(); + for(int counter=0;counter<size;counter++) + { + display(children.item(counter),level+1); + } + } + + private void filterTree(Node base) + { + ArrayList removeList = new ArrayList(); + + NodeList children = base.getChildNodes(); + int size = children.getLength(); + for(int counter=0;counter<size;counter++) + { + Node child1 = children.item(counter); + if(child1.getNodeType() == Node.TEXT_NODE && child1.getNodeValue().trim().equals("")) + { + removeList.add(child1); + } + } + + size = removeList.size(); + for(int counter=0;counter<size;counter++) + { + base.removeChild((Node)removeList.get(counter)); + } + + children = base.getChildNodes(); + size = children.getLength(); + for(int counter=0;counter<size;counter++) + { + filterTree(children.item(counter)); + } + + } + + private String getPathString(Node n) + { + if(n.getNodeType()==Node.TEXT_NODE) + { + return n.getParentNode().getNodeName()+"(text)"; + } + else + { + return n.getNodeName(); + } + + } + + public boolean specialAttributes(String path,String attr1_name,String value1,String attr2_name,String value2) + { + //if(value1.startsWith("reference-") && value2.startsWith("reference-")) return true; + //if(value1.startsWith("signature-") && value2.startsWith("signature-")) return true; + + return false; + } + + public boolean specialAttributesSize(String path) + { + //if(path.endsWith("/xsl:template/(a)")) return true; + return false; + } + + public boolean specialValues(String value1,String value2,String path) + { + + //Log.println(path); + /*if(ignoreSignatureValue) + { + if(path.endsWith("/dsig:SignatureValue(text)/")) + { + return true; + } + } + else + { + if(path.endsWith("/dsig:SignatureValue(text)/")) + { + String stripped_1 = strip(value1); + String stripped_2 = strip(value2); + return stripped_1.equals(stripped_2); + } + }*/ + + return false; + } + + private String strip(String input) + { + String output = replaceStringAll(input," ",""); + output = replaceStringAll(output,"\n",""); + output = replaceStringAll(output,"\r",""); + return output; + } + + private static String replaceStringAll( + String input, + String oldPart, + String newPart) + { + + String erg = null; + + int pos = input.indexOf(oldPart); + if(pos==-1) return input; + + while(true) + { + + //First Part + pos = input.indexOf(oldPart); + if(pos==-1) break; + erg = input.substring(0, pos); + + //Insert new Part + erg += newPart; + + //insert REST + erg + += input.substring( + input.indexOf(oldPart) + oldPart.length(), + input.length()); + + input = erg; + } + return erg; + } + +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java new file mode 100644 index 000000000..b6eda3c39 --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestBuilderTest.java @@ -0,0 +1,32 @@ +package test.at.gv.egovernment.moa.id.proxy.builder; + +import org.w3c.dom.Element; + +import test.at.gv.egovernment.moa.id.UnitTestCase; +import at.gv.egovernment.moa.id.auth.builder.SAMLArtifactBuilder; +import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder; +import at.gv.egovernment.moa.util.DOMUtils; + +/* + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLRequestBuilderTest extends UnitTestCase { + + public SAMLRequestBuilderTest(String arg0) { + super(arg0); + } + + public void testBuild() throws Exception { + String requestID = "123"; + String samlArtifact = new SAMLArtifactBuilder().build("https://moa.gv.at/auth/", "12345678901234567890"); + String REQUEST_SHOULD = "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" + + requestID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"IGNORE\">" + + "<samlp:AssertionArtifact>" + samlArtifact + "</samlp:AssertionArtifact>" + + "</samlp:Request>"; + Element request = new SAMLRequestBuilder().build(requestID, samlArtifact); + Element requestShould = DOMUtils.parseDocument(REQUEST_SHOULD, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + assertTrue(new SAMLRequestCompare().compareElements(requestShould, request)); + } + +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java new file mode 100644 index 000000000..5685129a1 --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/proxy/builder/SAMLRequestCompare.java @@ -0,0 +1,19 @@ +package test.at.gv.egovernment.moa.id.proxy.builder; + +/* + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLRequestCompare extends test.at.gv.egovernment.moa.id.proxy.builder.DOMTreeCompare { + + + /* + * @see at.gv.egovernment.moa.util.SAMLRequestCompare#specialAttributes(java.lang.String, java.lang.String) + */ + public boolean specialAttributes(String path,String attr1_name,String value1,String attr2_name,String value2) { + if(attr1_name.equals("IssueInstant")) + return true; + return false; + } + +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java b/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java new file mode 100644 index 000000000..39e7240d1 --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java @@ -0,0 +1,180 @@ +package test.at.gv.egovernment.moa.id.proxy.parser; + +import org.w3c.dom.Element; + +import test.at.gv.egovernment.moa.id.UnitTestCase; + +import at.gv.egovernment.moa.id.data.AuthenticationData; +import at.gv.egovernment.moa.id.data.SAMLStatus; +import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser; +import at.gv.egovernment.moa.util.Constants; +import at.gv.egovernment.moa.util.DOMUtils; + +/* + * @author Paul Ivancsics + * @version $Id$ + */ +public class SAMLResponseParserTest extends UnitTestCase { + + public SAMLResponseParserTest(String arg0) { + super(arg0); + } + + public void testParse() throws Exception { + String samlResponse = + "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" + + "<samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"" + + " ResponseID=\"\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-03-29T06:00:00+02:00\">" + + "<samlp:Status>" + + "<samlp:StatusCode Value=\"samlp:Success\"><samlp:StatusCode Value=\"samlp:Success\"></samlp:StatusCode></samlp:StatusCode>" + + "<samlp:StatusMessage>Ollas leiwand</samlp:StatusMessage>" + + "</samlp:Status>" + +"<saml:Assertion xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:pr=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" MajorVersion=\"1\" MinorVersion=\"0\" AssertionID=\"-4633313027464114584\" Issuer=\"http://localhost:8080/moa-id-auth/\" IssueInstant=\"2003-04-02T14:55:42+02:00\">" + + "<saml:AttributeStatement>" + + "<saml:Subject>" + + "<saml:NameIdentifier NameQualifier=\"http://reference.e-government.gv.at/names/vpk/20020221#\">MTk2OC0xMC0yMmdi</saml:NameIdentifier>" + + "<saml:SubjectConfirmation>" + + "<saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>" + + "<saml:SubjectConfirmationData>" + + "<saml:Assertion xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" MajorVersion=\"1\" MinorVersion=\"0\" AssertionID=\"any\" Issuer=\"Hermann Muster\" IssueInstant=\"2003-04-02T14:55:27+02:00\">" + + "<saml:AttributeStatement>" + + "<saml:Subject>" + + "<saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>" + + "</saml:Subject>" + + "<saml:Attribute AttributeName=\"Geschäftsbereich\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" + + "<saml:AttributeValue>gb</saml:AttributeValue>" + + "</saml:Attribute>" + + "<saml:Attribute AttributeName=\"OA\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" + + "<saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>" + + "</saml:Attribute>" + + "</saml:AttributeStatement>" + + "</saml:Assertion>" + + "<saml:Assertion AssertionID=\"zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474\" IssueInstant=\"2003-02-12T20:28:34.474\" Issuer=\"http://zmr.bmi.gv.at/zmra/names#Issuer\" MajorVersion=\"1\" MinorVersion=\"0\" xmlns:pr=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">" + + "<saml:AttributeStatement>" + + "<saml:Subject>" + + "<saml:SubjectConfirmation>" + + "<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>" + + "<saml:SubjectConfirmationData>" + + "<pr:Person xsi:type=\"pr:PhysicalPersonType\">" + + "<pr:Identification>" + + "<pr:Value>123456789012</pr:Value>" + + "<pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>" + + "</pr:Identification>" + + "<pr:Name>" + + "<pr:GivenName>Hermann</pr:GivenName>" + + "<pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName>" + + "</pr:Name>" + + "<pr:DateOfBirth>1968-10-22</pr:DateOfBirth>" + + "</pr:Person>" + + "</saml:SubjectConfirmationData>" + + "</saml:SubjectConfirmation>" + + "</saml:Subject>" + + "<saml:Attribute AttributeName=\"CitizenPublicKey\" AttributeNamespace=\"http://www.buergerkarte.at/namespaces/personenbindung/20020506#\">" + + "<saml:AttributeValue>" + + "<dsig:RSAKeyValue xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" + + "<dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a f2daYYuO8dycQw3xg6U=</dsig:Modulus>" + + "<dsig:Exponent>AQAB</dsig:Exponent>" + + "</dsig:RSAKeyValue>" + + "</saml:AttributeValue>" + + "</saml:Attribute>" + + "<saml:Attribute AttributeName=\"CitizenPublicKey\" AttributeNamespace=\"http://www.buergerkarte.at/namespaces/personenbindung/20020506#\">" + + "<saml:AttributeValue>" + + "<dsig:RSAKeyValue xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" + + "<dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn pIpdAwR9sw5xnIvTySc=</dsig:Modulus>" + + "<dsig:Exponent>AQAB</dsig:Exponent>" + + "</dsig:RSAKeyValue>" + + "</saml:AttributeValue>" + + "</saml:Attribute>" + + "</saml:AttributeStatement>" + + "<dsig:Signature xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" + + "<dsig:SignedInfo>" + + "<dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>" + + "<dsig:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>" + + "<dsig:Reference URI=\"\">" + + "<dsig:Transforms>" + + "<dsig:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">" + + "<dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>" + + "</dsig:Transform>" + + "<dsig:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" + + "</dsig:Transforms>" + + "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" + + "<dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue>" + + "</dsig:Reference>" + + "<dsig:Reference Type=\"http://www.w3.org/2000/09/xmldsig#Manifest\" URI=\"\">" + + "<dsig:Transforms>" + + "<dsig:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">" + + "<dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath>" + + "</dsig:Transform>" + + "</dsig:Transforms>" + + "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" + + "<dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue>" + + "</dsig:Reference>" + + "</dsig:SignedInfo>" + + "<dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz 5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP 3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue>" + + "<dsig:KeyInfo>" + + "<dsig:X509Data>" + + "<dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 +UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 Btxup/kgjGMnnS7C</dsig:X509Certificate>" + + "<dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia 2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv 7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate>" + + "<dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate>" + + "</dsig:X509Data>" + + "</dsig:KeyInfo>" + + "<dsig:Object>" + + "<dsig:Manifest>" + + "<dsig:Reference URI=\"\">" + + "<dsig:Transforms>" + + "<dsig:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" + + "</dsig:Transforms>" + + "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" + + "<dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue>" + + "</dsig:Reference>" + + "</dsig:Manifest>" + + "</dsig:Object>" + + "</dsig:Signature>" + + "</saml:Assertion>" + + "</saml:SubjectConfirmationData>" + + "</saml:SubjectConfirmation>" + + "</saml:Subject>" + + "<saml:Attribute AttributeName=\"PersonData\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\">" + + "<saml:AttributeValue>" + + "<pr:Person xsi:type=\"pr:PhysicalPersonType\">" + + "<pr:Identification>" + + "<pr:Value>123456789012</pr:Value>" + + "<pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>" + + "</pr:Identification>" + + "<pr:Name>" + + "<pr:GivenName>Hermann</pr:GivenName>" + + "<pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName>" + + "</pr:Name>" + + "<pr:DateOfBirth>1968-10-22</pr:DateOfBirth>" + + "</pr:Person>" + + "</saml:AttributeValue>" + + "</saml:Attribute>" + + "<saml:Attribute AttributeName=\"isQualifiedCertificate\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" + + "<saml:AttributeValue>true</saml:AttributeValue>" + + "</saml:Attribute>" + + "</saml:AttributeStatement>" + +"</saml:Assertion>" + + "</samlp:Response>"; + + Element samlResponseElem = + DOMUtils.parseDocument(samlResponse, true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement(); + SAMLResponseParser parser = new SAMLResponseParser(samlResponseElem); + SAMLStatus status = parser.parseStatusCode(); + assertEquals("samlp:Success", status.getStatusCode()); + assertEquals("samlp:Success", status.getSubStatusCode()); + assertEquals("Ollas leiwand", status.getStatusMessage()); + AuthenticationData authData = parser.parseAuthenticationData(); + assertEquals(1, authData.getMajorVersion()); + assertEquals(0, authData.getMinorVersion()); + assertEquals("-4633313027464114584", authData.getAssertionID()); + assertEquals("http://localhost:8080/moa-id-auth/", authData.getIssuer()); + assertEquals("2003-04-02T14:55:42+02:00", authData.getIssueInstant()); + assertEquals("123456789012", authData.getIdentificationValue()); + assertEquals("MTk2OC0xMC0yMmdi", authData.getVPK()); + assertEquals("Hermann", authData.getGivenName()); + assertEquals("Muster", authData.getFamilyName()); + assertEquals("1968-10-22", authData.getDateOfBirth()); + assertTrue(authData.isQualifiedCertificate()); + assertFalse(authData.isPublicAuthority()); + } +} diff --git a/id.server/src/test/at/gv/egovernment/moa/id/util/SSLUtilsTest.java b/id.server/src/test/at/gv/egovernment/moa/id/util/SSLUtilsTest.java new file mode 100644 index 000000000..351ca0bd5 --- /dev/null +++ b/id.server/src/test/at/gv/egovernment/moa/id/util/SSLUtilsTest.java @@ -0,0 +1,92 @@ +package test.at.gv.egovernment.moa.id.util; + +import iaik.pki.jsse.IAIKX509TrustManager; + +import java.net.URL; +import java.security.Security; + +import javax.net.ssl.SSLException; +import javax.net.ssl.SSLSocketFactory; + +import com.sun.net.ssl.HttpsURLConnection; + +import at.gv.egovernment.moa.id.config.ConfigurationProvider; +import at.gv.egovernment.moa.id.config.ConnectionParameter; +import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; +import at.gv.egovernment.moa.id.config.proxy.OAProxyParameter; +import at.gv.egovernment.moa.id.config.proxy.ProxyConfigurationProvider; +import at.gv.egovernment.moa.id.iaik.config.LoggerConfigImpl; +import at.gv.egovernment.moa.id.util.SSLUtils; +import test.at.gv.egovernment.moa.id.UnitTestCase; + +/* + * @author Paul Ivancsics + * @version $Id$ + */ +public class SSLUtilsTest extends UnitTestCase { + + public SSLUtilsTest(String name) { + super(name); + } + + protected void setUp() throws Exception { + //System.setProperty("javax.net.debug", "all"); + Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider()); + System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol"); + IAIKX509TrustManager.initLog(new LoggerConfigImpl("file:" + TESTDATA_ROOT + "conf/log4j.properties")); + System.setProperty("https.cipherSuites", "SSL_DHE_DSS_WITH_DES_CBC_SHA,SSL_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA,SSL_RSA_WITH_DES_CBC_SHA,SSL_RSA_WITH_3DES_EDE_CBC_SHA,SSL_RSA_EXPORT_WITH_RC4_40_MD5"); + } + + public void testVerisignOK() throws Exception { + doTestOA("conf/ConfigurationTest.xml", "http://verisign.moa.gv.at/", true, null); + } + public void testATrustOK() throws Exception { + doTestOA("conf/ConfigurationTest.xml", "http://a-trust.moa.gv.at/", true, null); + } + public void testBaltimoreOK() throws Exception { + doTestOA("conf/ConfigurationTest.xml", "http://baltimore.moa.gv.at/", true, null); + } + public void testCIOOK() throws Exception { + doTestOA("conf/ConfigurationTest.xml", "http://cio.moa.gv.at/", true, null); + } + public void testMOASPOK() throws Exception { + System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME, + TESTDATA_ROOT + "conf/ConfigurationTest.xml"); + ConnectionParameter connParam = AuthConfigurationProvider.getInstance().getMoaSpConnectionParameter(); + doTest(connParam, true, null); + } + private void doTestOA(String configFile, String publicURLPrefix, boolean shouldOK, String exMessageFragment) throws Exception { + System.setProperty(ConfigurationProvider.CONFIG_PROPERTY_NAME, + TESTDATA_ROOT + configFile); + ProxyConfigurationProvider proxyConf = + ProxyConfigurationProvider.getInstance(); + OAProxyParameter oaParam = proxyConf.getOnlineApplicationParameter(publicURLPrefix); + ConnectionParameter connParam = oaParam.getConnectionParameter(); + doTest(connParam, shouldOK, exMessageFragment); + } + private void doTest(ConnectionParameter connParam, boolean shouldOK, String exMessageFragment) throws Exception { + SSLUtils.initialize(); + AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); + SSLSocketFactory ssf = SSLUtils.getSSLSocketFactory(authConf, connParam); + URL url = new URL(connParam.getUrl()); + HttpsURLConnection conn = (HttpsURLConnection)url.openConnection(); + conn.setRequestMethod("GET"); + conn.setDoInput(true); + conn.setDoOutput(true); + conn.setUseCaches(false); + conn.setAllowUserInteraction(false); + conn.setSSLSocketFactory(ssf); + try { + conn.connect(); + assertTrue(shouldOK); + assertEquals(200, conn.getResponseCode()); + conn.disconnect(); + } + catch (SSLException ex) { + ex.printStackTrace(); + assertFalse(shouldOK); + assertTrue(ex.getMessage().indexOf(exMessageFragment) >= 0); + } + } + +} |