1 files changed, 195 insertions, 0 deletions

diff --git a/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
new file mode 100644
index 000000000..f1de6ab8c
--- /dev/null
+++ b/id/server/idserverlib/src/test/java/test/at/gv/egovernment/moa/id/proxy/parser/SAMLResponseParserTest.java
@@ -0,0 +1,195 @@
+/*
+* Copyright 2003 Federal Chancellery Austria
+*
+* Licensed under the Apache License, Version 2.0 (the "License");
+* you may not use this file except in compliance with the License.
+* You may obtain a copy of the License at
+*
+*     http://www.apache.org/licenses/LICENSE-2.0
+*
+* Unless required by applicable law or agreed to in writing, software
+* distributed under the License is distributed on an "AS IS" BASIS,
+* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+* See the License for the specific language governing permissions and
+* limitations under the License.
+*/
+package test.at.gv.egovernment.moa.id.proxy.parser;
+
+import org.w3c.dom.Element;
+
+import test.at.gv.egovernment.moa.id.UnitTestCase;
+
+import at.gv.egovernment.moa.id.data.AuthenticationData;
+import at.gv.egovernment.moa.id.data.SAMLStatus;
+import at.gv.egovernment.moa.id.proxy.parser.SAMLResponseParser;
+import at.gv.egovernment.moa.util.Constants;
+import at.gv.egovernment.moa.util.DOMUtils;
+
+/*
+ * @author Paul Ivancsics
+ * @version $Id$
+ */
+public class SAMLResponseParserTest extends UnitTestCase {
+
+  public SAMLResponseParserTest(String arg0) {
+    super(arg0);
+  }
+
+  public void testParse() throws Exception {
+    String samlResponse =
+      "<?xml version=\"1.0\" encoding=\"UTF-8\"?>" +
+      "<samlp:Response xmlns:samlp=\"urn:oasis:names:tc:SAML:1.0:protocol\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\"" +
+      " ResponseID=\"\" MajorVersion=\"1\" MinorVersion=\"0\" IssueInstant=\"2003-03-29T06:00:00+02:00\">" +
+      "<samlp:Status>" +
+        "<samlp:StatusCode Value=\"samlp:Success\"><samlp:StatusCode Value=\"samlp:Success\"></samlp:StatusCode></samlp:StatusCode>" +
+        "<samlp:StatusMessage>Ollas leiwand</samlp:StatusMessage>" +
+      "</samlp:Status>" +
+"<saml:Assertion xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xmlns:pr=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" MajorVersion=\"1\" MinorVersion=\"0\" AssertionID=\"-4633313027464114584\" Issuer=\"http://localhost:8080/moa-id-auth/\" IssueInstant=\"2003-04-02T14:55:42+02:00\">" +
+  "<saml:AttributeStatement>" +
+    "<saml:Subject>" +
+      "<saml:NameIdentifier NameQualifier=\"http://reference.e-government.gv.at/names/vpk/20020221#\">MTk2OC0xMC0yMmdi</saml:NameIdentifier>" +
+      "<saml:SubjectConfirmation>" +
+        "<saml:ConfirmationMethod>http://reference.e-government.gv.at/namespace/moa/20020822#cm</saml:ConfirmationMethod>" +
+        "<saml:SubjectConfirmationData>" +
+          "<saml:Assertion xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" MajorVersion=\"1\" MinorVersion=\"0\" AssertionID=\"any\" Issuer=\"Hermann Muster\" IssueInstant=\"2003-04-02T14:55:27+02:00\">" +
+            "<saml:AttributeStatement>" +
+              "<saml:Subject>" +
+                "<saml:NameIdentifier>http://localhost:8080/moa-id-auth/</saml:NameIdentifier>" +
+              "</saml:Subject>" +
+              "<saml:Attribute AttributeName=\"Geschäftsbereich\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" +
+                "<saml:AttributeValue>gb</saml:AttributeValue>" +
+              "</saml:Attribute>" +
+              "<saml:Attribute AttributeName=\"OA\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" +
+                "<saml:AttributeValue>https://localhost:9443/</saml:AttributeValue>" +
+              "</saml:Attribute>" +
+            "</saml:AttributeStatement>" +
+          "</saml:Assertion>" +
+          "<saml:Assertion AssertionID=\"zmr.bmi.gv.at-AssertionID-2003-02-12T20:28:34.474\" IssueInstant=\"2003-02-12T20:28:34.474\" Issuer=\"http://zmr.bmi.gv.at/zmra/names#Issuer\" MajorVersion=\"1\" MinorVersion=\"0\" xmlns:pr=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\" xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">" +
+            "<saml:AttributeStatement>" +
+              "<saml:Subject>" +
+                "<saml:SubjectConfirmation>" +
+                  "<saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:sender-vouches</saml:ConfirmationMethod>" +
+                  "<saml:SubjectConfirmationData>" +
+                    "<pr:Person xsi:type=\"pr:PhysicalPersonType\">" +
+                      "<pr:Identification>" +
+                        "<pr:Value>123456789012</pr:Value>" +
+                        "<pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>" +
+                      "</pr:Identification>" +
+                      "<pr:Name>" +
+                        "<pr:GivenName>Hermann</pr:GivenName>" +
+                        "<pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName>" +
+                      "</pr:Name>" +
+                      "<pr:DateOfBirth>1968-10-22</pr:DateOfBirth>" +
+                    "</pr:Person>" +
+                  "</saml:SubjectConfirmationData>" +
+                "</saml:SubjectConfirmation>" +
+              "</saml:Subject>" +
+              "<saml:Attribute AttributeName=\"CitizenPublicKey\" AttributeNamespace=\"http://www.buergerkarte.at/namespaces/personenbindung/20020506#\">" +
+                "<saml:AttributeValue>" +
+                  "<dsig:RSAKeyValue xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" +
+                    "<dsig:Modulus>0v1Ftf7WXgoexx0Jo/GrlExHOHnQIEQ5FFSjptLRd5BN1mZYRg2S9KfOMbHSCsiPm8AwjAEwE5EM A6P18Z/YyTIuP7fNGzckbB5PYIgNMHL8/TYJhHA8CjamsBrEfYDXivE8iAvALg5I9RMLZADmzL7a f2daYYuO8dycQw3xg6U=</dsig:Modulus>" +
+                    "<dsig:Exponent>AQAB</dsig:Exponent>" +
+                  "</dsig:RSAKeyValue>" +
+                "</saml:AttributeValue>" +
+              "</saml:Attribute>" +
+              "<saml:Attribute AttributeName=\"CitizenPublicKey\" AttributeNamespace=\"http://www.buergerkarte.at/namespaces/personenbindung/20020506#\">" +
+                "<saml:AttributeValue>" +
+                  "<dsig:RSAKeyValue xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" +
+                    "<dsig:Modulus>i2qa56X4fpYeXqFLXAcQljGU3+DWnVgNrAxI9gn2bMeFWtLXE2SFa6qvl9EymUl0noBlFn0q9DWp AsyeLnRhzCAXJeSxiwsUEloOvcQCV0DfW2UVq0Y9bVlJ8KifJ2AS+5BxZ21mkc/VYx5Qz6EYjPrn pIpdAwR9sw5xnIvTySc=</dsig:Modulus>" +
+                    "<dsig:Exponent>AQAB</dsig:Exponent>" +
+                  "</dsig:RSAKeyValue>" +
+                "</saml:AttributeValue>" +
+              "</saml:Attribute>" +
+            "</saml:AttributeStatement>" +
+            "<dsig:Signature xmlns:dsig=\"http://www.w3.org/2000/09/xmldsig#\">" +
+              "<dsig:SignedInfo>" +
+                "<dsig:CanonicalizationMethod Algorithm=\"http://www.w3.org/TR/2001/REC-xml-c14n-20010315\"/>" +
+                "<dsig:SignatureMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#rsa-sha1\"/>" +
+                "<dsig:Reference URI=\"\">" +
+                  "<dsig:Transforms>" +
+                    "<dsig:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">" +
+                      "<dsig:XPath>not(ancestor-or-self::pr:Identification)</dsig:XPath>" +
+                    "</dsig:Transform>" +
+                    "<dsig:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" +
+                  "</dsig:Transforms>" +
+                  "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
+                  "<dsig:DigestValue>s7TfoZrYo36OMdlxGxuIfAw/wr8=</dsig:DigestValue>" +
+                "</dsig:Reference>" +
+                "<dsig:Reference Type=\"http://www.w3.org/2000/09/xmldsig#Manifest\" URI=\"\">" +
+                  "<dsig:Transforms>" +
+                    "<dsig:Transform Algorithm=\"http://www.w3.org/TR/1999/REC-xpath-19991116\">" +
+                      "<dsig:XPath>ancestor-or-self::dsig:Manifest</dsig:XPath>" +
+                    "</dsig:Transform>" +
+                  "</dsig:Transforms>" +
+                  "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
+                  "<dsig:DigestValue>dO+RSn4xLHT3cuq8uopFtZyUBqo=</dsig:DigestValue>" +
+                "</dsig:Reference>" +
+              "</dsig:SignedInfo>" +
+              "<dsig:SignatureValue>MFbZ5wA5cq0UezYFDXted5uqXubWFxxRwZawGh73XEAGxAbJsT/IEQmrTQThPRHNWW5RPGxVlPDz 5BmjberdaWlgJlbyKf3b/WpNNJYptQ7ijrXlsQoCzjfiQy37NEfvHEcxHQOA6sa42C+dFKsKIvmP 3mZkRYWJDxxsVzI7E+Y=</dsig:SignatureValue>" +
+              "<dsig:KeyInfo>" +
+                "<dsig:X509Data>" +
+                  "<dsig:X509Certificate>MIIDaDCCAtWgAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTE5NDRaFw0w MzEyMzEyMjU5MzBaMIGOMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxGzAZBgNVBAMTEk1PQSBU ZXN0IENBIC0gUm9vdDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAjHuFphE3 +UkTe2OcIFWUDLzhPl1j2dH4sMPAhDK09/0i+aWrdtQW9yHktu/7+LTiCiPeevT0 lGMGDcWMSoSm66tYmpxei6YojCFIaVdJFtXZ7x1o7e7jTDVRLMfdZ5lI1sQ7loIY hOE0OmlYOkn4AI6xMtJtsca45rV8wW7qm8kCAwEAAaOB2zCB2DAPBgNVHRMBAf8E BTADAQH/MA4GA1UdDwEB/wQEAwIBBjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAnsB ATBCMEAGCCsGAQUFBwICMDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxy IFRlc3R6d2Vja2UgZ2VlaWduZXQuMB0GA1UdDgQWBBRDC612dCgZetTmAKyV6DII NkOoYTAWBgcqKAAKAQEBBAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZ etTmAKyV6DIINkOoYTAJBgUrDgMCHQUAA4GBAHj0xBNWGYLijaocjOX1AkL+r+G2 fZsX4z3S/2eEvtUp+EUHaOPMLTS0MIP1nwj5f4ZluAIrDLXihqMdi4xRv0W6QYbN aDxICNz3/QbrzMlFPeC8odesdRlT+GGswX0ZGUtVIZm1HVhxRk5ZEW2pr2afo5c0 Btxup/kgjGMnnS7C</dsig:X509Certificate>" +
+                  "<dsig:X509Certificate>MIIDiTCCAvagAwIBAgIBADAJBgUrDgMCHQUAMIGOMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx GzAZBgNVBAMTEk1PQSBUZXN0IENBIC0gUm9vdDAeFw0wMzAyMTExNTI1MTRaFw0w MzEyMzEyMjU5MzBaMIGZMQswCQYDVQQGEwJBVDE9MDsGA1UEChQ0QnVuZGVzbWlu aXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5nIHVuZCBTcG9ydDEjMCEG A1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMxJjAkBgNVBAMTHU1PQSBU ZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB iQKBgQCw7ULOYSNji09Ein7Ar4j3Rjxjq05spBmZDmbSomEZMnGEtVTyIRzKc8ia 2kcXUMz5MEoFaVmvqRim31m20T21uvHFIs86gqzC/prOAz7V7HWok5F+9M/5gR1S BvpdqiEAXYeRXFPiOe8XSmpwhic7+n2jfuoBeYiRBEMGoP1DkwIDAQABo4HxMIHu MBIGA1UdEwEB/wQIMAYBAf8CAQAwDgYDVR0PAQH/BAQDAgHGMBEGCWCGSAGG+EIB AQQEAwIBAjBdBgNVHSAEVjBUMFIGDCsGAQQBlRIBAgMBATBCMEAGCCsGAQUFBwIC MDQaMkRpZXNlcyBaZXJ0aWZpa2F0IGlzdCBudXIgZvxyIFRlc3R6d2Vja2UgZ2Vl aWduZXQuMB0GA1UdDgQWBBSeRWvUfxEjKZSfxImJr/fpBDtMmTAWBgcqKAAKAQEB BAsMCUJNT0xTLUlLVDAfBgNVHSMEGDAWgBRDC612dCgZetTmAKyV6DIINkOoYTAJ BgUrDgMCHQUAA4GBAIMa4C2z3SbkcjEiMNAsHKaKUCJkBbMtNaab6U/cwwYmG6nl ga7xyEmbfY2SKzOqkcIwuv83Tma3rcr1f+OLUeGUaGLHt2Pl1a/s8BZGQZHWvLXv 7hV4RceEUHzVGAfvDD8iBJqBmfq/z/fBPFsgSup4nO1YECkDYfQ+sqCIP4ik</dsig:X509Certificate>" +
+                  "<dsig:X509Certificate>MIIDZzCCAtSgAwIBAgIBADAJBgUrDgMCHQUAMIGZMQswCQYDVQQGEwJBVDE9MDsG A1UEChQ0QnVuZGVzbWluaXN0ZXJpdW0gZvxyIPZmZmVudGxpY2hlIExlaXN0dW5n IHVuZCBTcG9ydDEjMCEGA1UECxMaSUtULVN0YWJzc3RlbGxlIGRlcyBCdW5kZXMx JjAkBgNVBAMTHU1PQSBUZXN0IENBIC0gU2lnbmF0dXJkaWVuc3RlMB4XDTAzMDIx MTE1MzI0NVoXDTAzMDgxMTE0MzI0NVowgYUxCzAJBgNVBAYTAkFUMSYwJAYDVQQK FB1CdW5kZXNtaW5pc3Rlcml1bSBm/HIgSW5uZXJlczEgMB4GA1UECxMXWmVudHJh bGVzIE1lbGRlcmVnaXN0ZXIxLDAqBgNVBAMTI1Rlc3QgU2lnbmF0dXJkaWVuc3Qg UGVyc29uZW5iaW5kdW5nMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDEzkpk QjbGjZwssN1+vMBE/ALMcA8LWFcILI3uxXaTSWGfTiLo9ECfzjuwYJG7FjEaeWrW nPEcp4VfMNocrm3T7Hw/ikpE5/+FsfTzD4MpIwwUPd/CUfA5vDNXK5CiP7qKKR1e vATO2s6lfDul+CS/eEbwzKmUQvZGrJggxg2m5wIDAQABo4HYMIHVMAwGA1UdEwEB /wQCMAAwDgYDVR0PAQH/BAQDAgbAMF0GA1UdIARWMFQwUgYMKwYBBAGVEgECAwEB MEIwQAYIKwYBBQUHAgIwNBoyRGllc2VzIFplcnRpZmlrYXQgaXN0IG51ciBm/HIg VGVzdHp3ZWNrZSBnZWVpZ25ldC4wHQYDVR0OBBYEFIpEyv43H3EtiGr4I7Z34bWj v2z6MBYGByooAAoBAQEECwwJQk1PTFMtSUtUMB8GA1UdIwQYMBaAFJ5Fa9R/ESMp lJ/EiYmv9+kEO0yZMAkGBSsOAwIdBQADgYEAfMBJRy/kp8HQa0lGIBfFrWNpxVPv RsIu+N4IiFrswrsoQoMAh6IqNyzSdq7rJC08xsDkXe5HOwkb+2zGKYoC3aQ/J/zr BGkg6ec4tOaS/VSdEQeTL1L30r2faTffWLUV3GrzL7pM7jN470hB1w8F6Hc3LCI7 kFfp23o/juVtJNw=</dsig:X509Certificate>" +
+                "</dsig:X509Data>" +
+              "</dsig:KeyInfo>" +
+              "<dsig:Object>" +
+                "<dsig:Manifest>" +
+                  "<dsig:Reference URI=\"\">" +
+                    "<dsig:Transforms>" +
+                      "<dsig:Transform Algorithm=\"http://www.w3.org/2000/09/xmldsig#enveloped-signature\"/>" +
+                    "</dsig:Transforms>" +
+                    "<dsig:DigestMethod Algorithm=\"http://www.w3.org/2000/09/xmldsig#sha1\"/>" +
+                    "<dsig:DigestValue>BqzfCB7dNg4G3u4YaxpD1tALdKI=</dsig:DigestValue>" +
+                  "</dsig:Reference>" +
+                "</dsig:Manifest>" +
+              "</dsig:Object>" +
+            "</dsig:Signature>" +
+          "</saml:Assertion>" +
+        "</saml:SubjectConfirmationData>" +
+      "</saml:SubjectConfirmation>" +
+    "</saml:Subject>" +
+    "<saml:Attribute AttributeName=\"PersonData\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/persondata/20020228#\">" +
+      "<saml:AttributeValue>" +
+        "<pr:Person xsi:type=\"pr:PhysicalPersonType\">" +
+          "<pr:Identification>" +
+            "<pr:Value>123456789012</pr:Value>" +
+            "<pr:Type>http://reference.e-government.gv.at/names/persondata/20020228#zmr-zahl</pr:Type>" +
+          "</pr:Identification>" +
+          "<pr:Name>" +
+            "<pr:GivenName>Hermann</pr:GivenName>" +
+            "<pr:FamilyName primary=\"undefined\">Muster</pr:FamilyName>" +
+          "</pr:Name>" +
+          "<pr:DateOfBirth>1968-10-22</pr:DateOfBirth>" +
+        "</pr:Person>" +
+      "</saml:AttributeValue>" +
+    "</saml:Attribute>" +
+    "<saml:Attribute AttributeName=\"isQualifiedCertificate\" AttributeNamespace=\"http://reference.e-government.gv.at/namespace/moa/20020822#\">" +
+      "<saml:AttributeValue>true</saml:AttributeValue>" +
+    "</saml:Attribute>" +
+  "</saml:AttributeStatement>" +
+"</saml:Assertion>" +
+    "</samlp:Response>";    
+    
+    Element samlResponseElem = 
+      DOMUtils.parseDocument(samlResponse, true, Constants.ALL_SCHEMA_LOCATIONS, null).getDocumentElement();
+    SAMLResponseParser parser = new SAMLResponseParser(samlResponseElem);
+    SAMLStatus status = parser.parseStatusCode();
+    assertEquals("samlp:Success", status.getStatusCode());
+    assertEquals("samlp:Success", status.getSubStatusCode());
+    assertEquals("Ollas leiwand", status.getStatusMessage());
+    AuthenticationData authData = parser.parseAuthenticationData();
+    assertEquals(1, authData.getMajorVersion());
+    assertEquals(0, authData.getMinorVersion());
+    assertEquals("-4633313027464114584", authData.getAssertionID());
+    assertEquals("http://localhost:8080/moa-id-auth/", authData.getIssuer());
+    assertEquals("2003-04-02T14:55:42+02:00", authData.getIssueInstant());
+    assertEquals("123456789012", authData.getIdentificationValue());
+    assertEquals("MTk2OC0xMC0yMmdi", authData.getBPK());
+    assertEquals("Hermann", authData.getGivenName());
+    assertEquals("Muster", authData.getFamilyName());
+    assertEquals("1968-10-22", authData.getDateOfBirth());
+    assertTrue(authData.isQualifiedCertificate());
+    assertFalse(authData.isPublicAuthority());
+  }
+}