From 5d183fd9535d80e5066647e0501da881bcac4d58 Mon Sep 17 00:00:00 2001 From: Christof Rabensteiner Date: Wed, 19 Jun 2019 10:46:15 +0200 Subject: Finalize moa-sig-lib's Integration and Add Testcase - Interpret `ISignatureVerificationService` response properly (by following security layer spec [1] and moaspss handbook [2]). - Add config flag `moa.spss.is-manifest-check-active` - Change SignatureVerifier Interface: Remove @return boolean, just throw an exception when a validation error occurs. Reason: In case the signature cannot be validated, the application always needs the reason for the validation error, which requires the verifier to throw an exception. In turn, the only valid return value for `verify()` becomes `true`, which can be omitted at that point. - Add testcase for verifying a valid enveloped xml signature - Remove Certificates that are not needed. [1] https://www.buergerkarte.at/konzept/securitylayer/spezifikation/20140114/core/core.html [2] https://apps.egiz.gv.at/handbooks/moa-spss/handbook/handbook/usage/usage.html --- .../java/at/gv/egiz/moazs/SameThreadDeliveryPipelineTest.java | 11 ++++------- 1 file changed, 4 insertions(+), 7 deletions(-) (limited to 'src/test/java/at/gv/egiz/moazs/SameThreadDeliveryPipelineTest.java') diff --git a/src/test/java/at/gv/egiz/moazs/SameThreadDeliveryPipelineTest.java b/src/test/java/at/gv/egiz/moazs/SameThreadDeliveryPipelineTest.java index 768f376..cd454f2 100644 --- a/src/test/java/at/gv/egiz/moazs/SameThreadDeliveryPipelineTest.java +++ b/src/test/java/at/gv/egiz/moazs/SameThreadDeliveryPipelineTest.java @@ -20,10 +20,12 @@ import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; import org.mockito.Mock; +import org.mockito.Mockito; import org.mockito.junit.MockitoJUnitRunner; import java.util.List; +import static at.gv.egiz.moazs.MoaZSException.moaZSException; import static at.gv.zustellung.app2mzs.xsd.ConfigType.configTypeBuilder; import static at.gv.zustellung.app2mzs.xsd.DeliveryRequestType.Payload; import static at.gv.zustellung.app2mzs.xsd.DeliveryRequestType.Payload.payloadBuilder; @@ -148,7 +150,8 @@ public class SameThreadDeliveryPipelineTest { @Test public void rejectInvalidSignature() { var appDeliveryId = "invalid-signature"; - setupMocks(appDeliveryId, true, List.of(), List.of("*/*"), false); + setupMocks(appDeliveryId, true, List.of(), List.of("*/*")); + doThrow(moaZSException("Signature Invalid!")).when(verifier).verify(any()); pipeline.processRequest(appDeliveryId); var actualCode = repository.getDeliveryRequestStatus(appDeliveryId).get() @@ -160,11 +163,6 @@ public class SameThreadDeliveryPipelineTest { private DeliveryRequestStatusType setupMocks(String appDeliveryId, boolean tnvzRequest, List attachedTypes, List acceptedTypes) { - return setupMocks(appDeliveryId, tnvzRequest, attachedTypes, acceptedTypes, true); - } - - private DeliveryRequestStatusType setupMocks(String appDeliveryId, boolean tnvzRequest, - List attachedTypes, List acceptedTypes, boolean isSignedStatusValid) { var mzsRequest = setupMzsRequest(appDeliveryId, tnvzRequest, attachedTypes); var msgRequest = setupMsgRequest(appDeliveryId); @@ -178,7 +176,6 @@ public class SameThreadDeliveryPipelineTest { when(converter.convert(eq(mzsRequest), any())).thenReturn(msgRequest); when(msgClientFactory.create(msgRequest, mzsRequest.getConfig(), interceptor)).thenReturn(msgClient); when(msgClient.send()).thenReturn(status); - when(verifier.verify(signedStatus)).thenReturn(isSignedStatusValid); return status; -- cgit v1.2.3