package test.abnahme.A; import java.util.Calendar; import org.w3c.dom.Element; import test.abnahme.AbnahmeTestCase; import at.gv.egovernment.moa.id.AuthenticationException; import at.gv.egovernment.moa.id.BuildException; import at.gv.egovernment.moa.id.ParseException; import at.gv.egovernment.moa.id.auth.AuthenticationServer; import at.gv.egovernment.moa.id.auth.builder.AuthenticationDataAssertionBuilder; import at.gv.egovernment.moa.id.auth.builder.PersonDataBuilder; import at.gv.egovernment.moa.id.auth.builder.BPKBuilder; import at.gv.egovernment.moa.id.auth.builder.VerifyXMLSignatureRequestBuilder; import at.gv.egovernment.moa.id.auth.data.AuthenticationSession; import at.gv.egovernment.moa.id.auth.data.CreateXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.data.IdentityLink; import at.gv.egovernment.moa.id.auth.data.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.id.auth.invoke.SignatureVerificationInvoker; import at.gv.egovernment.moa.id.auth.parser.CreateXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.parser.InfoboxReadResponseParser; import at.gv.egovernment.moa.id.auth.parser.VerifyXMLSignatureResponseParser; import at.gv.egovernment.moa.id.auth.validator.CreateXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.auth.validator.ValidateException; import at.gv.egovernment.moa.id.auth.validator.VerifyXMLSignatureResponseValidator; import at.gv.egovernment.moa.id.config.ConfigurationException; import at.gv.egovernment.moa.id.config.auth.AuthConfigurationProvider; import at.gv.egovernment.moa.id.config.auth.OAAuthParameter; import at.gv.egovernment.moa.id.data.AuthenticationData; import at.gv.egovernment.moa.id.util.Random; import at.gv.egovernment.moa.util.DOMUtils; import at.gv.egovernment.moa.util.DateTimeUtils; /** * @author Stefan Knirsch * @version $Id$ * */ public class Test300VerifyAuthBlock extends AbnahmeTestCase { public Test300VerifyAuthBlock(String name) { super(name); } public void testA301() throws Exception { try { String sessionID = startAuthentication(); AuthenticationData authData = initServer(sessionID); //authDataWriter(authData,this.getName()+"new.xml"); assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA302() throws Exception { try { String sessionID = startAuthentication(); AuthenticationData authData = initServer(sessionID); //authDataWriter(authData,this.getName()+"new.xml"); assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA303() throws Exception { try { String sessionID = startAuthentication(); AuthenticationData authData = initServer(sessionID); assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA304() throws Exception { try { String sessionID = startAuthentication(); AuthenticationData authData = initServer(sessionID); assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA305() throws Exception { try { String sessionID = startAuthentication(); AuthenticationData authData = initServer(sessionID); assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA306() throws Exception { try { String sessionID = startAuthentication(); AuthenticationData authData = initServer(sessionID); assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA307() throws Exception { try { String sessionID = startAuthentication(); AuthenticationData authData = initServer(sessionID); assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA308() throws Exception { try { String sessionID = startAuthentication(); AuthenticationData authData = initServer(sessionID); assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA309() throws Exception { try { String sessionID = startAuthentication(); AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID); assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA310() throws Exception { try { String sessionID = startAuthentication(); AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID); assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA311() throws Exception { try { String sessionID = startAuthentication(); AuthenticationData authData = initServerWithoutValidateAuthBlock(sessionID); assertXmlEquals(readXmldata("AuthenticationData.xml"), clearSamlAssertion(authData.getSamlAssertion())); System.out.println("-----------------------Testfall " + this.getName() + " erfolgreich abgearbeitet! -----------------------"); } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA351() throws Exception { try { String sessionID = startAuthentication(); System.out.println(sessionID); String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); server.verifyIdentityLink(sessionID, infoboxReadResponse); InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); IdentityLink idl = irrp.parseIdentityLink(); Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID()); Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); // System.out.println(createXMLSignatureRequest); String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); // nicht existierende Session.... try { server.verifyAuthenticationBlock("0", createXMLSignatureResponse); fail(); } catch (AuthenticationException e) { System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); } } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA352() throws Exception { try { String sessionID = startAuthentication(); System.out.println(sessionID); String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); server.verifyIdentityLink(sessionID, infoboxReadResponse); server.setSecondsSessionTimeOut(-100); server.cleanup(); InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); IdentityLink idl = irrp.parseIdentityLink(); Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID()); Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); // System.out.println(createXMLSignatureRequest); String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); // abgelaufene Session.... server.setSecondsSessionTimeOut(1000); try { server.verifyAuthenticationBlock("0", createXMLSignatureResponse); fail(); } catch (AuthenticationException e) { System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); } } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA353() throws Exception { try { String sessionID = startAuthentication(); System.out.println(sessionID); String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); // Session for VerifyIdentityLink-Aufruf try { server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); fail(); } //NOCH SEHR UNSCHÖN..... (fliegt raus im AuthenticationServer, Methode buildAuthenticationData // ( IdentityLink identityLink = session.getIdentityLink(); ==> liefert dann NULL... catch (NullPointerException e) { System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); } } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA354() throws Exception { try { String sessionID = startAuthentication(); System.out.println(sessionID); String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); server.verifyIdentityLink(sessionID, infoboxReadResponse); InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); IdentityLink idl = irrp.parseIdentityLink(); Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, AuthConfigurationProvider.getInstance().getMoaSpAuthBlockTrustProfileID()); Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); // System.out.println(createXMLSignatureRequest); String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); // nicht existierende Session.... server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); try { server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); fail(); } catch (AuthenticationException e) { System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); } } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA355() throws Exception { try { String sessionID = startAuthentication(); try { initServer(sessionID); fail(); } catch (ParseException e) { System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); } } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA356() throws Exception { try { String sessionID = startAuthentication(); try { initServer(sessionID); fail(); } catch (ParseException e) { System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); } } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA357() throws Exception { try { String sessionID = startAuthentication(); try { initServer(sessionID); fail(); } catch (ValidateException e) { System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); } } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA358() throws Exception { try { String sessionID = startAuthentication(); try { initServer(sessionID); fail(); } catch (ValidateException e) { System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); } } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA359() throws Exception { try { String sessionID = startAuthentication(); try { initServer(sessionID); fail(); } catch (ValidateException e) { System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); } } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA360() throws Exception { try { String sessionID = startAuthentication(); try { initServer(sessionID); fail(); } catch (ValidateException e) { System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); } } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA361() throws Exception { try { String sessionID = startAuthentication(); try { initServer(sessionID); fail(); } catch (ValidateException e) { System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); } } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA362() throws Exception { try { String sessionID = startAuthentication(); try { initServer(sessionID); fail(); } catch (ValidateException e) { System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); } } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA363() throws Exception { try { String sessionID = startAuthentication(); try { initServer(sessionID); fail(); } catch (ValidateException e) { System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); } } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } public void testA364() throws Exception { try { String sessionID = startAuthentication(); try { initServer(sessionID); fail(); } catch (ValidateException e) { System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage() + "-----------------------"); } } catch (Exception e) { System.err.println("------ FEHLER IN " + this.getName() + ":" + e.getLocalizedMessage()); throw e; } } /* public void testA365() throws Exception { String sessionID = startAuthentication(); try { // wegen sinnlosigkeit gestrichen initServer(sessionID); fail(); } catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");} }*/ public void testA366() throws Exception { String sessionID = startAuthentication(); try { initServer(sessionID); fail(); } catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");} } public void testA367() throws Exception { String sessionID = startAuthentication(); try { initServer(sessionID); fail(); } catch (ValidateException e) {System.out.println("-----------------------Fehler in " + this.getName() + " erfolgreich abgefangen: " + e.getLocalizedMessage()+ "-----------------------");} } private AuthenticationData initServer(String sessionID) throws Exception { String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); server.verifyIdentityLink(sessionID, infoboxReadResponse); InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); IdentityLink idl = irrp.parseIdentityLink(); Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, "TrustProfile1"); Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); // System.out.println(createXMLSignatureRequest); String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); // CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(),"gb","https://localhost:9443/"); String samlArtifact = server.verifyAuthenticationBlock(sessionID, createXMLSignatureResponse); AuthenticationData authData = server.getAuthenticationData(samlArtifact); return authData; } private AuthenticationData initServerWithoutValidateAuthBlock(String sessionID) throws Exception { String infoboxReadResponse = readXmldata("InfoBoxReadResponse.xml"); server.verifyIdentityLink(sessionID, infoboxReadResponse); InfoboxReadResponseParser irrp = new InfoboxReadResponseParser(infoboxReadResponse); IdentityLink idl = irrp.parseIdentityLink(); Element domVerifyXMLSignatureRequest = new VerifyXMLSignatureRequestBuilder().build(idl, "TrustProfile1"); Element domVerifyXMLSignatureResponse = new SignatureVerificationInvoker().verifyXMLSignature(domVerifyXMLSignatureRequest); new VerifyXMLSignatureResponseParser(domVerifyXMLSignatureResponse); //VerifyXMLSignatureResponseValidator.getInstance().validate(respParser.parseData(), AuthConfigurationProvider.getInstance().getIdentityLinkX509SubjectNames()); // System.out.println(createXMLSignatureRequest); String createXMLSignatureResponse = readXmldata("CreateXMLSignatureResponse.xml"); // CreateXMLSignatureResponseValidator.getInstance().validate(new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(),"gb","https://localhost:9443/"); AuthenticationSession session = AuthenticationServer.getSession(sessionID); AuthConfigurationProvider authConf = AuthConfigurationProvider.getInstance(); // parses CreateXMLSignatureResponse csresp = new CreateXMLSignatureResponseParser(createXMLSignatureResponse).parseResponse(); // validates new CreateXMLSignatureResponseValidator().validate(csresp, session); // builds a for a MOA-SPSS call String[] vtids = authConf.getMoaSpAuthBlockVerifyTransformsInfoIDs(); String tpid = authConf.getMoaSpAuthBlockTrustProfileID(); Element domVsreq = new VerifyXMLSignatureRequestBuilder().build(csresp, vtids, tpid); // invokes the call Element domVsresp = new SignatureVerificationInvoker().verifyXMLSignature(domVsreq); // parses the VerifyXMLSignatureResponse vsresp = new VerifyXMLSignatureResponseParser(domVsresp).parseData(); // validates the VerifyXMLSignatureResponseValidator.getInstance().validate(vsresp, null, VerifyXMLSignatureResponseValidator.CHECK_AUTH_BLOCK, true); // compares the public keys from the identityLink with the AuthBlock // builds authentication data and stores it together with a SAML artifact AuthenticationData authData = buildAuthenticationData(session, vsresp); return authData; } private AuthenticationData buildAuthenticationData( AuthenticationSession session, VerifyXMLSignatureResponse verifyXMLSigResp) throws ConfigurationException, BuildException { IdentityLink identityLink = session.getIdentityLink(); AuthenticationData authData = new AuthenticationData(); authData.setMajorVersion(1); authData.setMinorVersion(0); authData.setAssertionID(Random.nextRandom()); authData.setIssuer(session.getAuthURL()); authData.setIssueInstant(DateTimeUtils.buildDateTime(Calendar.getInstance())); String vpkBase64 = new BPKBuilder().buildBPK( identityLink.getIdentificationValue(), session.getTarget()); authData.setBPK(vpkBase64); authData.setGivenName(identityLink.getGivenName()); authData.setFamilyName(identityLink.getFamilyName()); authData.setDateOfBirth(identityLink.getDateOfBirth()); authData.setQualifiedCertificate(verifyXMLSigResp.isQualifiedCertificate()); authData.setPublicAuthority(verifyXMLSigResp.isPublicAuthority()); authData.setPublicAuthorityCode(verifyXMLSigResp.getPublicAuthorityCode()); OAAuthParameter oaParam = AuthConfigurationProvider.getInstance().getOnlineApplicationParameter( session.getPublicOAURLPrefix()); String prPerson = new PersonDataBuilder().build( identityLink, oaParam.getProvideStammzahl()); try { String ilAssertion = oaParam.getProvideIdentityLink() ? DOMUtils.serializeNode(identityLink.getSamlAssertion()) : ""; String authBlock = oaParam.getProvideAuthBlock() ? session.getAuthBlock() : ""; String samlAssertion = new AuthenticationDataAssertionBuilder().build( authData, prPerson, authBlock, ilAssertion, session.getBkuURL(), "", false); authData.setSamlAssertion(samlAssertion); return authData; } catch (Throwable ex) { throw new BuildException( "builder.00", new Object[] { "AuthenticationData", ex.getMessage() }, ex); } } }