1 files changed, 305 insertions, 0 deletions
diff --git a/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java b/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java
new file mode 100644
index 000000000..fab258e09
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/abnahme/A/Test600GetAuthenticationDataService.java
@@ -0,0 +1,305 @@
+/*
+ * Copyright 2003 Federal Chancellery Austria
+ * MOA-ID has been developed in a cooperation between BRZ, the Federal
+ * Chancellery Austria - ICT staff unit, and Graz University of Technology.
+ *
+ * Licensed under the EUPL, Version 1.1 or - as soon they will be approved by
+ * the European Commission - subsequent versions of the EUPL (the "Licence");
+ * You may not use this work except in compliance with the Licence.
+ * You may obtain a copy of the Licence at:
+ * http://www.osor.eu/eupl/
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the Licence is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the Licence for the specific language governing permissions and
+ * limitations under the Licence.
+ *
+ * This product combines work with different licenses. See the "NOTICE" text
+ * file for details on the various modules and licenses.
+ * The "NOTICE" text file is part of the distribution. Any derivative works
+ * that you distribute must include a readable copy of the "NOTICE" text file.
+ */
+
+
+package test.abnahme.A;
+
+import java.io.OutputStream;
+import java.net.URL;
+import java.security.Security;
+import java.util.Calendar;
+import java.util.Vector;
+
+import javax.xml.namespace.QName;
+import javax.xml.rpc.Call;
+import javax.xml.rpc.Service;
+import javax.xml.rpc.ServiceFactory;
+
+import org.apache.axis.message.SOAPBodyElement;
+import org.w3c.dom.Element;
+
+import com.sun.net.ssl.HostnameVerifier;
+import com.sun.net.ssl.HttpsURLConnection;
+
+import test.abnahme.AbnahmeTestCase;
+
+import at.gv.egovernment.moa.id.proxy.builder.SAMLRequestBuilder;
+import at.gv.egovernment.moa.util.DOMUtils;
+import at.gv.egovernment.moa.util.DateTimeUtils;
+import at.gv.egovernment.moa.util.StreamUtils;
+import at.gv.egovernment.moa.util.URLDecoder;
+import at.gv.egovernment.moa.util.URLEncoder;
+
+/**
+ * @author Stefan Knirsch
+ * @version $Id$
+ */
+
+public class Test600GetAuthenticationDataService extends AbnahmeTestCase {
+
+  private String moaSessionID;
+  private String samlArtifact;
+  private static final QName SERVICE_QNAME = new QName("SignatureCreation");
+   
+  public Test600GetAuthenticationDataService(String name) {
+    super(name);
+  }
+
+  protected void setUp() throws Exception {
+    super.setUp();
+    Security.addProvider(new com.sun.net.ssl.internal.ssl.Provider());
+    System.setProperty("java.protocol.handler.pkgs", "com.sun.net.ssl.internal.www.protocol");
+    System.setProperty("javax.net.ssl.trustStore", "C:/Programme/ApacheGroup/abnahme/server.keystore");
+    System.setProperty("javax.net.ssl.trustStorePassword", "changeit");
+  }
+
+  public void testA601() throws Exception {
+    try {
+
+      // Anmelden
+      String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+      HttpsURLConnection conn = giveConnection(URL, "GET");
+      conn.connect();
+      String result = new String(StreamUtils.readStream(conn.getInputStream()));
+      String MOASessionID = parseSessionIDFromForm(result);
+      conn.disconnect();
+      
+      URL = parseDataURL(result);
+      // Verify Identity Link
+      conn = giveConnection(URL, "POST");
+      conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+      String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+      OutputStream out = conn.getOutputStream();
+      out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+      out.flush();
+      out.close();
+      conn.connect();
+      String redirectLoc = conn.getHeaderField("Location");
+      conn.disconnect();
+      //Verify Auth Block
+      conn = giveConnection(redirectLoc, "POST");
+      String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+      out = conn.getOutputStream();
+      out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+      out.flush();
+      out.close();
+      conn.connect();
+      redirectLoc = conn.getHeaderField("Location");
+      samlArtifact = parseSamlArtifact(redirectLoc);
+      System.out.println("SamlArtifact: " + samlArtifact);
+      conn.disconnect();
+      
+      assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+
+      conn = null;
+  
+  SAMLRequestBuilder srb = new SAMLRequestBuilder();
+  
+  Element erg = doCall(srb.build(moaSessionID,URLDecoder.decode(samlArtifact, "UTF-8")));
+  result = DOMUtils.serializeNode(erg);
+  result = killInclusive(result,"IssueInstant=\"","\"","");
+  result = killInclusive(result,"AssertionID=\"","\"","");
+  result = killInclusive(result,"ResponseID=\"","\"","");
+
+//  writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8"));
+  
+  assertEquals(result,readXmldata("GetAuthenticationDataWebServiceResponse.xml"));
+
+  System.out.println("-----------------------\nTestfall " + this.getName() + " erfolgreich abgearbeitet! \n-----------------------");
+    }
+    catch (Exception e) {
+      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+      throw e;
+    }
+   }
+
+  public void testA651() throws Exception {
+    try {
+
+      // Anmelden
+      String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+      HttpsURLConnection conn = giveConnection(URL, "GET");
+      conn.connect();
+      String result = new String(StreamUtils.readStream(conn.getInputStream()));
+      String MOASessionID = parseSessionIDFromForm(result);
+      conn.disconnect();
+      
+      URL = parseDataURL(result);
+      // Verify Identity Link
+      conn = giveConnection(URL, "POST");
+      conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+      String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+      OutputStream out = conn.getOutputStream();
+      out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+      out.flush();
+      out.close();
+      conn.connect();
+      String redirectLoc = conn.getHeaderField("Location");
+      conn.disconnect();
+      //Verify Auth Block
+      conn = giveConnection(redirectLoc, "POST");
+      String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+      out = conn.getOutputStream();
+      out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+      out.flush();
+      out.close();
+      conn.connect();
+      redirectLoc = conn.getHeaderField("Location");
+      samlArtifact = "AAGu1JFbyGKqJ+3NAonwMu5bNyUc7kooeMK6bxeXBbnK6NL0DfuVJsGi";
+      System.out.println("SamlArtifact: " + samlArtifact);
+      conn.disconnect();
+      
+      assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+
+      conn = null;
+  
+      SAMLRequestBuilder srb = new SAMLRequestBuilder();
+      Element samlPRequest = srb.build(moaSessionID,samlArtifact);
+    
+      assertTrue(DOMUtils.serializeNode(doCall(samlPRequest)).indexOf("unbekanntes SAML-Artifakt")!=-1);
+
+      System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Fehler beim Abholen der Anmeldedaten, unbekanntes SAML-Artifakt\n-----------------------");
+    }
+    catch (Exception e) {
+      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+      throw e;
+    }
+   }
+   
+ public void testA652() throws Exception {
+    try {
+
+      // Anmelden
+      String URL = getURL("https://localhost:8443/moa-id-auth/", "gb", "https://localhost:9443/");
+      HttpsURLConnection conn = giveConnection(URL, "GET");
+      conn.connect();
+      String result = new String(StreamUtils.readStream(conn.getInputStream()));
+      String MOASessionID = parseSessionIDFromForm(result);
+      conn.disconnect();
+      
+      URL = parseDataURL(result);
+      // Verify Identity Link
+      conn = giveConnection(URL, "POST");
+      conn.setRequestProperty("Content-type", "application/x-www-form-urlencoded");
+      String infoboxReadResponse = readXmldata("InfoboxReadResponse.xml");
+      OutputStream out = conn.getOutputStream();
+      out.write(new String("XMLResponse=" + URLEncoder.encode(infoboxReadResponse, "UTF-8")).getBytes());
+      out.flush();
+      out.close();
+      conn.connect();
+      String redirectLoc = conn.getHeaderField("Location");
+      conn.disconnect();
+      //Verify Auth Block
+      conn = giveConnection(redirectLoc, "POST");
+      String createXMLSignatureResponse = URLEncoder.encode(readXmldata("CreateXMLSignatureResponse.xml"), "UTF-8");
+      out = conn.getOutputStream();
+      out.write(("MOASessionID=" + moaSessionID + "&XMLResponse=" + createXMLSignatureResponse).getBytes("UTF-8"));
+      out.flush();
+      out.close();
+      conn.connect();
+      redirectLoc = conn.getHeaderField("Location");
+      samlArtifact = parseSamlArtifact(redirectLoc);
+      System.out.println("SamlArtifact: " + samlArtifact);
+      conn.disconnect();
+      
+      assertTrue(redirectLoc.startsWith("https://localhost:9443/?Target=gb&SAMLArtifact="));
+
+      conn = null;
+      String request =       
+      "<samlp:Request xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" RequestID=\"" +
+      moaSessionID + "\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"" +
+      DateTimeUtils.buildDateTime(Calendar.getInstance(), false)+"\">" +
+      "</samlp:Request>";
+      
+      Element samlPRequest = DOMUtils.parseDocument(request, false, ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+
+      assertTrue(DOMUtils.serializeNode(doCall(samlPRequest)).indexOf("Fehlerhaftes Requestformat")!=-1);
+//  writeXmldata("GetAuthenticationDataWebServiceResponse.xml", result.getBytes("UTF-8"));
+      System.out.println("-----------------------\nFehler in " + this.getName() + " erfolgreich abgefangen: Fehlerhaftes Requestformat\n-----------------------");    }
+    catch (Exception e) {
+      System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage());
+      throw e;
+    }
+   }
+
+  protected Element doCall(Element request)
+    throws Exception {
+    QName serviceName = new QName("GetAuthenticationData");
+    String endPoint = "http://localhost:8080/moa-id-auth/services/GetAuthenticationData";
+    Service service = ServiceFactory.newInstance().createService(serviceName);
+    Call call = service.createCall();
+    SOAPBodyElement body =
+      new SOAPBodyElement(request);
+    SOAPBodyElement[] params = new SOAPBodyElement[] {body};
+    Vector responses;
+    SOAPBodyElement response;
+    
+    call.setTargetEndpointAddress(endPoint);
+    responses = (Vector) call.invoke(params);
+    response = (SOAPBodyElement) responses.get(0);
+
+    return response.getAsDOM();
+  }
+
+  private String parseDataURL(String input)
+  {   
+    return getSubString(input.substring(input.indexOf("DataURL"),input.length()),"value=\"","\"");        
+  }
+  private String parseSamlArtifact(String input)
+  {
+   return  getSubString(input+"@@@","SAMLArtifact=","@@@");
+  }
+  private String getSubString(String input, String startsWith, String endsWith)
+  {   
+   return input.substring(input.indexOf(startsWith)+startsWith.length(), input.indexOf(endsWith, input.indexOf(startsWith)+startsWith.length()));    
+  }
+  private String getURL(String authURL, String target, String oaURL)
+  {   
+  return authURL + "StartAuthentication?Target=" + target + "&OA=" + oaURL;
+  }
+   private String parseSessionIDFromForm(String htmlForm) {
+    String parName = "MOASessionID=";
+    assertTrue(
+      "HTML Form enth�lt keine SessionID",
+      htmlForm.indexOf(parName) >= 0);
+    int i1 = htmlForm.indexOf(parName) + parName.length();
+    int i2 = htmlForm.indexOf("\"", i1);
+    assertTrue("HTML Form enth�lt keine g�ltige SessionID", i2 > i1);
+    return htmlForm.substring(i1, i2);
+  }
+    private HttpsURLConnection giveConnection(String targetURL, String requestMethod) throws Exception {
+    HttpsURLConnection conn = (HttpsURLConnection) new URL(targetURL).openConnection();
+    conn.setRequestMethod(requestMethod);
+    conn.setDoInput(true);
+    conn.setDoOutput(true);
+    conn.setUseCaches(false);
+    conn.setAllowUserInteraction(false);
+    conn.setHostnameVerifier(new HostnameVerifierHack());
+    return conn;
+  }
+ private class HostnameVerifierHack implements HostnameVerifier {
+    public boolean verify(String arg0, String arg1) {
+      return true;
+    }
+  }
+}