From a867ca9950c6bf670407b366ee2980eb747358f2 Mon Sep 17 00:00:00 2001
From: Christof Rabensteiner <christof.rabensteiner@iaik.tugraz.at>
Date: Wed, 19 Jun 2019 11:07:11 +0200
Subject: Add Testcase: Reject Invalid Delivery Response Signature

---
 .../egiz/moazs/MoaSPSSSignatureVerifierTest.java   | 13 +++++++---
 .../invalid-signed-delivery-response.xml           | 30 ++++++++++++++++++++++
 2 files changed, 40 insertions(+), 3 deletions(-)
 create mode 100644 src/test/resources/at/gv/egiz/moazs/MoaSPSSSignatureVerifierTest/invalid-signed-delivery-response.xml

diff --git a/src/test/java/at/gv/egiz/moazs/MoaSPSSSignatureVerifierTest.java b/src/test/java/at/gv/egiz/moazs/MoaSPSSSignatureVerifierTest.java
index afa817f..7d3e9d1 100644
--- a/src/test/java/at/gv/egiz/moazs/MoaSPSSSignatureVerifierTest.java
+++ b/src/test/java/at/gv/egiz/moazs/MoaSPSSSignatureVerifierTest.java
@@ -5,8 +5,6 @@ import at.gv.egiz.moazs.verify.MoaSPSSSignatureVerifier;
 import at.gv.egiz.moazs.verify.SignatureVerifier;
 import org.junit.Test;
 import org.junit.runner.RunWith;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.test.context.SpringBootTest;
 import org.springframework.boot.test.context.TestConfiguration;
@@ -17,6 +15,7 @@ import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
 
+//Note: Certificate that signed these delivery responses expires in 2023-09-27.
 @RunWith(SpringRunner.class)
 @SpringBootTest
     public class MoaSPSSSignatureVerifierTest {
@@ -36,7 +35,6 @@ import java.nio.file.Files;
     @Autowired
     private SignatureVerifier verifier;
 
-    //TODO make sure that testcase does not depend on runtime because it's certificate expires in 2023-09-27.
     @Test
     public void acceptValidSignedDeliveryResponse() throws IOException {
 
@@ -46,4 +44,13 @@ import java.nio.file.Files;
         verifier.verify(signature);
     }
 
+    @Test(expected = MoaZSException.class)
+    public void rejectInvalidSignedDeliveryResponse() throws IOException {
+
+        var path = resourcesPath + "invalid-signed-delivery-response.xml";
+        var signature = Files.readAllBytes(new File(path).toPath());
+
+        verifier.verify(signature);
+    }
+
 }
diff --git a/src/test/resources/at/gv/egiz/moazs/MoaSPSSSignatureVerifierTest/invalid-signed-delivery-response.xml b/src/test/resources/at/gv/egiz/moazs/MoaSPSSSignatureVerifierTest/invalid-signed-delivery-response.xml
new file mode 100644
index 0000000..b850145
--- /dev/null
+++ b/src/test/resources/at/gv/egiz/moazs/MoaSPSSSignatureVerifierTest/invalid-signed-delivery-response.xml
@@ -0,0 +1,30 @@
+<DeliveryResponse xmlns="http://reference.e-government.gv.at/namespace/zustellung/msg/phase2/20181206#" xmlns:ns2="http://reference.e-government.gv.at/namespace/persondata/phase2/20181206#" xmlns:ns3="http://www.w3.org/2000/09/xmldsig#"><PartialSuccess><DeliverySystem>https://testzustellsystem.egiz.gv.at</DeliverySystem><ZSDeliveryID>manipulated-delivery-id</ZSDeliveryID><AppDeliveryID>manipulated-delivery-request-id</AppDeliveryID><GZ>00000</GZ></PartialSuccess><dsig:Signature xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" Id="signature-1-1"><dsig:SignedInfo><dsig:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/><dsig:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1"/><dsig:Reference Id="reference-1-1" URI=""><dsig:Transforms><dsig:Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature"/><dsig:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"/></dsig:Transforms><dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/><dsig:DigestValue>ejvUI0yh/IIyauFe8x5ZonD/i5oznl8vFyS3oLNivzA=</dsig:DigestValue></dsig:Reference></dsig:SignedInfo><dsig:SignatureValue>hmVZrLkMDbXaRLYQKOaV3OtK13TQgMu3csKyw9M4zWqNyva1yxnYkzoX3dKDOdc9
+O56yQJsjoA3Cuw7pXlGO7jSfVM77dTXbWSDaF95O9Vdsrmr7R6Uki0jA9SmgQLXg
+hZAUG8JpsHcBn8M0L2BXADKjSn0LuMDL2L7dmU3EM7eRy+OvFwDrXDw1fhjQO6L2
+KoflAWLgUerDhJSpzr0+YfmkrjzitLUA7oIg8ieOnfGyql31ECmDJEqgnL78hyPZ
+KaNZImDf3EWFs8je6mt+os1TwsyXYwz+GGbjoDR8lGTS9xVqnXdrgP8Jyv6p9FEu
+0IYgSY2FlbI3skPZC8ZVXg==</dsig:SignatureValue><dsig:KeyInfo><dsig:X509Data><dsig:X509Certificate>MIIEqzCCBBSgAwIBAgIHANux81oNezANBgkqhkiG9w0BAQUFADBAMSIwIAYDVQQD
+ExlJQUlLIFRlc3QgSW50ZXJtZWRpYXRlIENBMQ0wCwYDVQQKEwRJQUlLMQswCQYD
+VQQGEwJBVDAeFw0xMzA5MjcwNTMzMzdaFw0yMzA5MjcwNTMzMzdaMIHkMQswCQYD
+VQQGEwJBVDENMAsGA1UEBxMER3JhejEmMCQGA1UEChMdR3JheiBVbml2ZXJzaXR5
+IG9mIFRlY2hub2xvZ3kxSDBGBgNVBAsTP0luc3RpdHV0ZSBmb3IgQXBwbGllZCBJ
+bmZvcm1hdGlvbiBQcm9jZXNzaW5nIGFuZCBDb21tdW5pY2F0aW9uczEUMBIGA1UE
+BBMLTU9BLVNTIFRlc3QxGDAWBgNVBCoTD0VHSVogVGVzdHBvcnRhbDEkMCIGA1UE
+AxMbRUdJWiBUZXN0cG9ydGFsIE1PQS1TUyBUZXN0MIIBIjANBgkqhkiG9w0BAQEF
+AAOCAQ8AMIIBCgKCAQEAuDjOyf+mY+oQL2FQzzuaiC8C23vVKbq/n2Zi7BqSibZH
+mtqMJfmj4pT+hWSNHvVvWsaxFcx4KeNqdCMzwnw1r4P3Sf+2o5uFku5KHEMLMokR
+yYQG9VqY/KkB94ye7Pv6zT8gvKqxGFg96UamECep4swPaSZrA8AOER5WAtyGDzKI
+Tz+a5zfFaTXDoba7f98PCWR96yKiFjVOhzp38WVz4VJgz+b8ZSY7Xsv5Kn7DXjOL
+STX4MevFLki3rFPup3+4vGToaMBW3PEj67HXBdqR855Le6+E6rVxORqsXqlVwhsI
+6nuS0CO2LWYmBNR1IB0mXteeYH/HfxvuZc+7yDjdPQIDAQABo4IBhDCCAYAwDgYD
+VR0PAQH/BAQDAgbAMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFEmcH6VY4BG1EAGB
+TLoNR9vH/g6yMFAGA1UdHwRJMEcwRaBDoEGGP2h0dHA6Ly9jYS5pYWlrLnR1Z3Jh
+ei5hdC9jYXBzby9jcmxzL0lBSUtUZXN0X0ludGVybWVkaWF0ZUNBLmNybDCBqgYI
+KwYBBQUHAQEEgZ0wgZowSgYIKwYBBQUHMAGGPmh0dHA6Ly9jYS5pYWlrLnR1Z3Jh
+ei5hdC9jYXBzby9PQ1NQP2NhPUlBSUtUZXN0X0ludGVybWVkaWF0ZUNBMEwGCCsG
+AQUFBzAChkBodHRwOi8vY2EuaWFpay50dWdyYXouYXQvY2Fwc28vY2VydHMvSUFJ
+S1Rlc3RfSW50ZXJtZWRpYXRlQ0EuY2VyMCEGA1UdEQQaMBiBFnRob21hcy5sZW56
+QGVnaXouZ3YuYXQwHwYDVR0jBBgwFoAUaKJeEdreL4BrRES/jfplNoEkp28wDQYJ
+KoZIhvcNAQEFBQADgYEAlFGjUxXLs7SAT8NtXSrv2WrjlklaRnHTFHLQwyVo8JWb
+gvRkHHDUv2o8ofXUY2R2WJ38dxeDoccgbXrJb/Qhi8IY7YhCwv/TuIZDisyAqo8W
+ORKSip/6HWlGCSR/Vgoet1GtCmF0FoUxFUIGSAuQ2yyt4fIzt5GJrU1X5ujjI1w=</dsig:X509Certificate></dsig:X509Data></dsig:KeyInfo></dsig:Signature></DeliveryResponse>
-- 
cgit v1.2.3