diff options
Diffstat (limited to 'src')
3 files changed, 226 insertions, 0 deletions
| diff --git a/src/test/java/at/gv/egiz/moazs/ITSignatureVerifierTest.java b/src/test/java/at/gv/egiz/moazs/ITSignatureVerifierTest.java index 592b108..af958a5 100644 --- a/src/test/java/at/gv/egiz/moazs/ITSignatureVerifierTest.java +++ b/src/test/java/at/gv/egiz/moazs/ITSignatureVerifierTest.java @@ -2,14 +2,20 @@ package at.gv.egiz.moazs;  import at.gv.egiz.eid.authhandler.modules.sigverify.moasig.api.ISignatureVerificationService;  import at.gv.egiz.moazs.backend.SignatureVerifier; +import at.gv.egiz.moazs.scheme.SOAPUtils;  import org.junit.Test;  import org.junit.runner.RunWith; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory;  import org.springframework.beans.factory.annotation.Autowired;  import org.springframework.boot.test.context.SpringBootTest;  import org.springframework.boot.test.context.TestConfiguration;  import org.springframework.context.annotation.Bean;  import org.springframework.test.context.junit4.SpringRunner; +import org.xml.sax.SAXException; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException;  import java.io.File;  import java.io.IOException;  import java.nio.file.Files; @@ -19,6 +25,8 @@ import java.nio.file.Files;  @SpringBootTest      public class ITSignatureVerifierTest { +    private static final Logger log = LoggerFactory.getLogger(ITSignatureVerifierTest.class); +      private final String resourcesPath = "src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/";      @TestConfiguration @@ -62,4 +70,34 @@ import java.nio.file.Files;          verifier.accept(signature);      } + +    @Test +    public void acceptValidSoapedDeliveryNotification() throws IOException, ParserConfigurationException, SAXException, TransformerException { + +        var path = resourcesPath + "valid-signed-soaped-notification.xml"; +        var soapedNotificationBytes = Files.readAllBytes(new File(path).toPath()); + +        var soapUtils = new SOAPUtils(); +        var soapedNotification = soapUtils.toDOM(soapedNotificationBytes); +        var deliveryNotificationNode = soapUtils.getChildElementOfSoapBody(soapedNotification); +        var notificationBytes = soapUtils.toBytes(deliveryNotificationNode); + +        verifier.accept(notificationBytes); +    } + +    //shuffled means that the <dsig:Signature> was moved from it's original +    //place to a different place. +    @Test +    public void acceptValidShuffledSoapedDeliveryNotification() throws IOException, ParserConfigurationException, SAXException, TransformerException { + +        var path = resourcesPath + "valid-signed-shuffled-soaped-notification.xml"; +        var soapedNotificationBytes = Files.readAllBytes(new File(path).toPath()); + +        var soapUtils = new SOAPUtils(); +        var soapedNotification = soapUtils.toDOM(soapedNotificationBytes); +        var deliveryNotificationNode = soapUtils.getChildElementOfSoapBody(soapedNotification); +        var notificationBytes = soapUtils.toBytes(deliveryNotificationNode); + +        verifier.accept(notificationBytes); +    }  } diff --git a/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/valid-signed-shuffled-soaped-notification.xml b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/valid-signed-shuffled-soaped-notification.xml new file mode 100644 index 0000000..1262c3e --- /dev/null +++ b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/valid-signed-shuffled-soaped-notification.xml @@ -0,0 +1,94 @@ +<?xml version="1.0" encoding="UTF-8"?> +<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> +<soapenv:Body><DeliveryNotification xmlns="http://reference.e-government.gv.at/namespace/zustellung/msg" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:p="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> +        <Success> +            <DeliveryService>https://localhost/example-delivery-system</DeliveryService> +            <AppDeliveryID>12345</AppDeliveryID> +            <ZSDeliveryID>678910</ZSDeliveryID> +            <Sender> +                <Organisation> +                    <p:FullName>Musterbehörde</p:FullName> +                </Organisation> +                <p:PostalAddress type="undefined"> +                    <p:CountryCode>AT</p:CountryCode> +                    <p:PostalCode>1234 </p:PostalCode> +                    <p:Municipality>Graz</p:Municipality> +                    <p:DeliveryAddress> +                        <p:StreetName>Musterstraße</p:StreetName> +                        <p:BuildingNumber>1 </p:BuildingNumber> +                        <p:Unit>b2</p:Unit> +                    </p:DeliveryAddress> +                </p:PostalAddress> +                <p:InternetAddress> +                    <p:Address>max.mustermann@musterbehoerde.gv.at</p:Address> +                </p:InternetAddress> +            </Sender> +            <Receiver> +                <p:PhysicalPerson> +                    <p:Name> +                        <p:GivenName>Maxi</p:GivenName> +                        <p:FamilyName primary="undefined">Mustermann1</p:FamilyName> +                    </p:Name> +                    <p:DateOfBirth>1984-01-24-02:00</p:DateOfBirth> +                </p:PhysicalPerson> +                <p:PostalAddress type="undefined"> +                    <p:PostalCode>1010</p:PostalCode> +                    <p:Municipality>Wien</p:Municipality> +                    <p:DeliveryAddress> +                        <p:StreetName>Muststrasse</p:StreetName> +                        <p:BuildingNumber>10</p:BuildingNumber> +                    </p:DeliveryAddress> +                </p:PostalAddress> +            </Receiver> +            <NotificationsPerformed> +                <RecipientNotification> +                    <NotificationMethod>electronic</NotificationMethod> +                    <Timestamp>2002-05-30T09:00:00</Timestamp> +                </RecipientNotification> +            </NotificationsPerformed> +            <ConfirmationTimestamp>2002-05-30T09:00:00</ConfirmationTimestamp> +            <AuthBlock AssertionID="asdf" IssueInstant="2002-05-30T09:00:00" Issuer="mee" MajorVersion="1" MinorVersion="100"> +                <saml:AttributeStatement> +                    <saml:Subject> +                        <saml:NameIdentifier>1234</saml:NameIdentifier> +                        <saml:SubjectConfirmation> +                            <saml:ConfirmationMethod>1234</saml:ConfirmationMethod> +                        </saml:SubjectConfirmation> +                    </saml:Subject> +                    <saml:Attribute AttributeName="1234" AttributeNamespace="123"> +                        <saml:AttributeValue>100</saml:AttributeValue> +                    </saml:Attribute> +                </saml:AttributeStatement> +            </AuthBlock> +        <dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>kh0DDpXv4nh2gqK3lVle+3O/Oz4nSB2exjUHfalqyG0=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>OV3sSaUEkAh2Kls7g0v2EHCDnpsaN3BDU5dgwKhw8inkeADfhAgNbJyeq0Y/Hwl6 +    JmfJOD1aF7qmxICI5/ZfTE9h+LIebcMZ30qkZ6YnzyxoeBa+hnTmvPKvSpQtGUYL +    Xa1gakY5LN3l/w1AokkPN9j7WCGjF8ZoDZLP2M0KXcjhyPuwQ3XzXD8Cqnl42jfI +    oL3b6P9Wd/MYugFTho9cY1awpPqIlXG4kob9zjDfFyTyEqa5A6LgcjdU5e3viSoh +    N7hLuSYH6BfaLxuolwF3Bszj1GP1vGSWNQBPSHVu5crnfPb5KpDmZE4nzw3wp4zo +    hovAEEVexRtqYZEX95TTiA==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD +    ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD +    VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD +    VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +    IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +    bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE +    BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE +    AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF +    AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH +    mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR +    yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI +    Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL +    STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI +    6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD +    VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB +    TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh +    ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI +    KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh +    ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG +    AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ +    S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56 +    QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ +    KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb +    gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W +    ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo></dsig:Signature></Success> +    </DeliveryNotification></soapenv:Body> +</soapenv:Envelope> diff --git a/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/valid-signed-soaped-notification.xml b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/valid-signed-soaped-notification.xml new file mode 100644 index 0000000..54e9918 --- /dev/null +++ b/src/test/resources/at/gv/egiz/moazs/ITSignatureVerifierTest/valid-signed-soaped-notification.xml @@ -0,0 +1,94 @@ +<?xml version="1.0" encoding="UTF-8"?> +<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/"> +<soapenv:Body><DeliveryNotification xmlns="http://reference.e-government.gv.at/namespace/zustellung/msg" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:p="http://reference.e-government.gv.at/namespace/persondata/20020228#" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> +        <Success> +            <DeliveryService>https://localhost/example-delivery-system</DeliveryService> +            <AppDeliveryID>12345</AppDeliveryID> +            <ZSDeliveryID>678910</ZSDeliveryID> +            <Sender> +                <Organisation> +                    <p:FullName>Musterbehörde</p:FullName> +                </Organisation> +                <p:PostalAddress type="undefined"> +                    <p:CountryCode>AT</p:CountryCode> +                    <p:PostalCode>1234 </p:PostalCode> +                    <p:Municipality>Graz</p:Municipality> +                    <p:DeliveryAddress> +                        <p:StreetName>Musterstraße</p:StreetName> +                        <p:BuildingNumber>1 </p:BuildingNumber> +                        <p:Unit>b2</p:Unit> +                    </p:DeliveryAddress> +                </p:PostalAddress> +                <p:InternetAddress> +                    <p:Address>max.mustermann@musterbehoerde.gv.at</p:Address> +                </p:InternetAddress> +            </Sender> +            <Receiver> +                <p:PhysicalPerson> +                    <p:Name> +                        <p:GivenName>Maxi</p:GivenName> +                        <p:FamilyName primary="undefined">Mustermann1</p:FamilyName> +                    </p:Name> +                    <p:DateOfBirth>1984-01-24-02:00</p:DateOfBirth> +                </p:PhysicalPerson> +                <p:PostalAddress type="undefined"> +                    <p:PostalCode>1010</p:PostalCode> +                    <p:Municipality>Wien</p:Municipality> +                    <p:DeliveryAddress> +                        <p:StreetName>Muststrasse</p:StreetName> +                        <p:BuildingNumber>10</p:BuildingNumber> +                    </p:DeliveryAddress> +                </p:PostalAddress> +            </Receiver> +            <NotificationsPerformed> +                <RecipientNotification> +                    <NotificationMethod>electronic</NotificationMethod> +                    <Timestamp>2002-05-30T09:00:00</Timestamp> +                </RecipientNotification> +            </NotificationsPerformed> +            <ConfirmationTimestamp>2002-05-30T09:00:00</ConfirmationTimestamp> +            <AuthBlock AssertionID="asdf" IssueInstant="2002-05-30T09:00:00" Issuer="mee" MajorVersion="1" MinorVersion="100"> +                <saml:AttributeStatement> +                    <saml:Subject> +                        <saml:NameIdentifier>1234</saml:NameIdentifier> +                        <saml:SubjectConfirmation> +                            <saml:ConfirmationMethod>1234</saml:ConfirmationMethod> +                        </saml:SubjectConfirmation> +                    </saml:Subject> +                    <saml:Attribute AttributeName="1234" AttributeNamespace="123"> +                        <saml:AttributeValue>100</saml:AttributeValue> +                    </saml:Attribute> +                </saml:AttributeStatement> +            </AuthBlock> +        </Success><dsig:Signature Id="signature-1-1" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>kh0DDpXv4nh2gqK3lVle+3O/Oz4nSB2exjUHfalqyG0=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>OV3sSaUEkAh2Kls7g0v2EHCDnpsaN3BDU5dgwKhw8inkeADfhAgNbJyeq0Y/Hwl6 +    JmfJOD1aF7qmxICI5/ZfTE9h+LIebcMZ30qkZ6YnzyxoeBa+hnTmvPKvSpQtGUYL +    Xa1gakY5LN3l/w1AokkPN9j7WCGjF8ZoDZLP2M0KXcjhyPuwQ3XzXD8Cqnl42jfI +    oL3b6P9Wd/MYugFTho9cY1awpPqIlXG4kob9zjDfFyTyEqa5A6LgcjdU5e3viSoh +    N7hLuSYH6BfaLxuolwF3Bszj1GP1vGSWNQBPSHVu5crnfPb5KpDmZE4nzw3wp4zo +    hovAEEVexRtqYZEX95TTiA==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD +    ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD +    VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD +    VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5 +    IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ +    bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE +    BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE +    AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF +    AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH +    mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR +    yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI +    Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL +    STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI +    6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD +    VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB +    TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh +    ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI +    KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh +    ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG +    AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ +    S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56 +    QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ +    KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb +    gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W +    ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo></dsig:Signature> +    </DeliveryNotification></soapenv:Body> +</soapenv:Envelope> | 
