package at.gv.egovernment.moa.spss.test.integration; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertThrows; import static org.junit.Assert.assertTrue; import java.io.IOException; import java.util.Collections; import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.TransformerException; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; import org.junit.runners.BlockJUnit4ClassRunner; import org.w3c.dom.Element; import org.xml.sax.SAXException; import at.gv.egovernment.moa.spss.MOAApplicationException; import at.gv.egovernment.moa.spss.MOAException; import at.gv.egovernment.moa.spss.api.common.InputData; import at.gv.egovernment.moa.spss.api.xmlbind.CreateXMLSignatureRequestParser; import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlsign.CreateXMLSignatureResponse; import at.gv.egovernment.moa.spss.api.xmlsign.SignatureEnvironmentResponse; import at.gv.egovernment.moa.spss.api.xmlverify.AdESFormResults; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureRequest; import at.gv.egovernment.moa.spss.api.xmlverify.VerifyXMLSignatureResponse; import at.gv.egovernment.moa.spss.server.config.ConfigurationException; import at.gv.egovernment.moa.spss.server.init.SystemInitializer; import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureCreationInvoker; import at.gv.egovernment.moa.spss.server.invoke.XMLSignatureVerificationInvoker; import at.gv.egovernment.moaspss.util.DOMUtils; @RunWith(BlockJUnit4ClassRunner.class) public class XadesIntegrationTest extends AbstractIntegrationTest { XMLSignatureVerificationInvoker xadesVerifyInvoker; XMLSignatureCreationInvoker xadesSignInvoker; @BeforeClass public static void classInitializer() throws IOException, ConfigurationException, NoSuchFieldException, SecurityException, IllegalArgumentException, IllegalAccessException { jvmStateReset(); final String current = new java.io.File(".").getCanonicalPath(); System.setProperty("moa.spss.server.configuration", current + "/src/test/resources/moaspss_config/MOASPSSConfiguration.xml"); moaSpssCore = SystemInitializer.init(); } @Before public void initializer() throws ConfigurationException { xadesVerifyInvoker = XMLSignatureVerificationInvoker.getInstance(); xadesSignInvoker = XMLSignatureCreationInvoker.getInstance(); setUpContexts(RandomStringUtils.randomAlphabetic(10)); } @Test public void missingTrustProfile() throws IOException, MOAApplicationException, ParserConfigurationException { final VerifyXMLSignatureRequest request = buildVerifyXmlRequest( org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray( "/testdata/xades/xmldsig_enveloped.b64")), RandomStringUtils.randomAlphabetic(5), false, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.emptyMap()); // perform test final MOAException error = assertThrows(MOAException.class, () -> xadesVerifyInvoker.verifyXMLSignature( request)); assertEquals("wrong errorCode", "2203", error.getMessageId()); } @Test public void basicValidationXadesSignature() throws MOAException, IOException, ParserConfigurationException { final VerifyXMLSignatureRequest request = buildVerifyXmlRequest( org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray( "/testdata/xades/xmldsig_enveloped.b64")), "MOAIDBuergerkarteAuthentisierungsDaten", false, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.emptyMap()); // perform test final VerifyXMLSignatureResponse result = xadesVerifyInvoker.verifyXMLSignature(request); // verify result assertNotNull("verification result", result); assertEquals("sigCode", 0, result.getSignatureCheck().getCode()); assertEquals("certCode", 1, result.getCertificateCheck().getCode()); assertNotNull("signerInfo", result.getSignerInfo()); assertNull("issuerCC", result.getSignerInfo().getIssuerCountryCode()); assertFalse("publicAuthority", result.getSignerInfo().isPublicAuthority()); assertFalse("QC", result.getSignerInfo().isQualifiedCertificate()); assertFalse("SSCD", result.getSignerInfo().isSSCD()); assertNull("TSL infos", result.getSignerInfo().getTslInfos()); assertNull("form val. result", result.getAdESFormResults()); assertNull("extended val. result", result.getExtendedCertificateCheck()); assertNull("used sig alg", result.getSignatureAlgorithm()); } @Test public void extendedValidationXadesSignature() throws MOAException, IOException, ParserConfigurationException { final VerifyXMLSignatureRequest request = buildVerifyXmlRequest( org.apache.commons.codec.binary.Base64.decodeBase64(IOUtils.resourceToByteArray( "/testdata/xades/xmldsig_enveloped.b64")), "MOAIDBuergerkarteAuthentisierungsDaten", true, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.emptyMap()); // perform test final VerifyXMLSignatureResponse result = xadesVerifyInvoker.verifyXMLSignature(request); // verify result assertNotNull("verification result", result); assertEquals("sigCode", 0, result.getSignatureCheck().getCode()); assertEquals("certCode", 1, result.getCertificateCheck().getCode()); assertEquals("manifestCode", 0, result.getSignatureManifestCheck().getCode()); assertTrue("manifest refs", result.getXMLDsigManifestChecks().isEmpty()); assertEquals("hash inputdata", 1, result.getHashInputDatas().size()); assertEquals("hash input data alg", "SHA-256", ((InputData) result.getHashInputDatas().get(0)).getHashAlgorithm()); assertEquals("hash input data part", "SignedInfo", ((InputData) result.getHashInputDatas().get(0)).getPartOf()); assertEquals("hash input data ref. number", -1, ((InputData) result.getHashInputDatas().get(0)).getReferringReferenceNumber()); assertNotNull("signerInfo", result.getSignerInfo()); assertNull("issuerCC", result.getSignerInfo().getIssuerCountryCode()); assertFalse("publicAuthority", result.getSignerInfo().isPublicAuthority()); assertFalse("QC", result.getSignerInfo().isQualifiedCertificate()); assertFalse("SSCD", result.getSignerInfo().isSSCD()); assertNull("TSL infos", result.getSignerInfo().getTslInfos()); assertNotNull("form val. result", result.getAdESFormResults()); assertEquals("form val. result size", 1, result.getAdESFormResults().size()); for (final Object el : result.getAdESFormResults()) { final AdESFormResults test = (AdESFormResults) el; assertEquals("Find wrong form val status", 3, test.getCode().longValue()); } assertNotNull("extended val. result", result.getExtendedCertificateCheck()); assertEquals("ext. val major", 4, result.getExtendedCertificateCheck().getMajorCode()); assertEquals("ext. val major", 24, result.getExtendedCertificateCheck().getMinorCode()); assertEquals("used sig alg", "SHA256withRSA", result.getSignatureAlgorithm()); } @Test public void simpleXmlSignature() throws MOAException, ParserConfigurationException, SAXException, IOException, TransformerException { // build request Element xml = DOMUtils.parseXmlNonValidating( CadesIntegrationTest.class.getResourceAsStream("/testdata/xades/sign/createXades_1.xml")); CreateXMLSignatureRequest xmlReq = new CreateXMLSignatureRequestParser().parse(xml); // create signature CreateXMLSignatureResponse xmlResp = xadesSignInvoker.createXMLSignature(xmlReq, Collections.EMPTY_SET); // verify response assertNotNull("xadesResp", xmlResp); assertNotNull("xadesResp elements", xmlResp.getResponseElements()); assertFalse("xadesResp elements", xmlResp.getResponseElements().isEmpty()); SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0); assertNotNull("signed xml", signedXml.getSignatureEnvironment()); // verify signature final VerifyXMLSignatureRequest request = buildVerifyXmlRequest( DOMUtils.serializeNode(signedXml.getSignatureEnvironment()).getBytes(), "jUnitSigning", false, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.emptyMap()); // perform test final VerifyXMLSignatureResponse result = xadesVerifyInvoker.verifyXMLSignature(request); // verify result assertNotNull("verification result", result); assertEquals("sigCode", 0, result.getSignatureCheck().getCode()); assertEquals("certCode", 0, result.getCertificateCheck().getCode()); } @Test public void simpleXadesSignature() throws MOAException, ParserConfigurationException, SAXException, IOException, TransformerException { // build request Element xml = DOMUtils.parseXmlNonValidating( CadesIntegrationTest.class.getResourceAsStream("/testdata/xades/sign/createXades_2.xml")); CreateXMLSignatureRequest xmlReq = new CreateXMLSignatureRequestParser().parse(xml); // create signature CreateXMLSignatureResponse xmlResp = xadesSignInvoker.createXMLSignature(xmlReq, Collections.EMPTY_SET); // verify response assertNotNull("xadesResp", xmlResp); assertNotNull("xadesResp elements", xmlResp.getResponseElements()); assertFalse("xadesResp elements", xmlResp.getResponseElements().isEmpty()); SignatureEnvironmentResponse signedXml = (SignatureEnvironmentResponse) xmlResp.getResponseElements().get(0); assertNotNull("signed xml", signedXml.getSignatureEnvironment()); // verify signature final VerifyXMLSignatureRequest request = buildVerifyXmlRequest( DOMUtils.serializeNode(signedXml.getSignatureEnvironment()).getBytes(), "jUnitSigning", false, null, DEFAULT_XPATH_SIGNATURE_LOCATION, null, Collections.emptyMap()); // perform test final VerifyXMLSignatureResponse result = xadesVerifyInvoker.verifyXMLSignature(request); // verify result assertNotNull("verification result", result); assertEquals("sigCode", 0, result.getSignatureCheck().getCode()); assertEquals("certCode", 0, result.getCertificateCheck().getCode()); } }