Java tutorial
/* * eID Applet Project. * Copyright (C) 2009 FedICT. * * This is free software; you can redistribute it and/or modify it * under the terms of the GNU Lesser General Public License version * 3.0 as published by the Free Software Foundation. * * This software is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU * Lesser General Public License for more details. * * You should have received a copy of the GNU Lesser General Public * License along with this software; if not, see * http://www.gnu.org/licenses/. */ package test.unit.be.fedict.eid.applet.service; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; import java.security.KeyPair; import java.security.Signature; import java.security.cert.X509Certificate; import java.util.HashMap; import java.util.List; import java.util.Map; import javax.servlet.ServletConfig; import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import org.apache.commons.codec.binary.Hex; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; import org.easymock.EasyMock; import org.joda.time.DateTime; import org.junit.Before; import org.junit.Test; import be.fedict.eid.applet.service.AppletServiceServlet; import be.fedict.eid.applet.service.impl.AuthenticationChallenge; import be.fedict.eid.applet.service.impl.UserIdentifierUtil; import be.fedict.eid.applet.service.impl.handler.AuthenticationDataMessageHandler; import be.fedict.eid.applet.service.impl.handler.HelloMessageHandler; import be.fedict.eid.applet.service.impl.handler.IdentityDataMessageHandler; import be.fedict.eid.applet.service.spi.AuthenticationService; import be.fedict.eid.applet.shared.AuthenticationContract; import be.fedict.eid.applet.shared.AuthenticationDataMessage; public class AuthenticationDataMessageHandlerTest { private AuthenticationDataMessageHandler testedInstance; @Before public void setUp() throws Exception { this.testedInstance = new AuthenticationDataMessageHandler(); AuthenticationTestService.reset(); AuditTestService.reset(); } //@Test public void testHandleMessage() throws Exception { // setup KeyPair keyPair = MiscTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); String userId = "1234"; X509Certificate certificate = MiscTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test, SERIALNUMBER=" + userId, notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null); byte[] salt = "salt".getBytes(); byte[] sessionId = "session-id".getBytes(); AuthenticationDataMessage message = new AuthenticationDataMessage(); message.authnCert = certificate; message.saltValue = salt; message.sessionId = sessionId; Map<String, String> httpHeaders = new HashMap<String, String>(); HttpSession testHttpSession = new HttpTestSession(); HttpServletRequest mockServletRequest = EasyMock.createMock(HttpServletRequest.class); ServletConfig mockServletConfig = EasyMock.createMock(ServletConfig.class); byte[] challenge = AuthenticationChallenge.generateChallenge(testHttpSession); AuthenticationContract authenticationContract = new AuthenticationContract(salt, null, null, sessionId, null, challenge); byte[] toBeSigned = authenticationContract.calculateToBeSigned(); Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(keyPair.getPrivate()); signature.update(toBeSigned); byte[] signatureValue = signature.sign(); message.signatureValue = signatureValue; EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.CHALLENGE_MAX_MATURITY_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.AUTHN_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUTHN_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(AuthenticationTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.HOSTNAME_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INET_ADDRESS_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.AUDIT_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUDIT_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(AuditTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVER_CERTIFICATE)) .andStubReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(HelloMessageHandler.SESSION_ID_CHANNEL_BINDING_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_SECRET_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_IDENTITY_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_CERTS_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_ADDRESS_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_PHOTO_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(HelloMessageHandler.IDENTITY_INTEGRITY_SERVICE_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(HelloMessageHandler.IDENTITY_INTEGRITY_SERVICE_INIT_PARAM_NAME + "Class")) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVICE)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVICE + "Class")) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_ORG_ID_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_APP_ID_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUTHN_SIGNATURE_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter( AuthenticationDataMessageHandler.AUTHN_SIGNATURE_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(IdentityDataMessageHandler.INCLUDE_DATA_FILES)) .andReturn(null); EasyMock.expect(mockServletRequest.getAttribute("javax.servlet.request.ssl_session")) .andStubReturn(new String(Hex.encodeHex(sessionId))); EasyMock.expect(mockServletRequest.getRemoteAddr()).andStubReturn("1.2.3.4"); // prepare EasyMock.replay(mockServletRequest, mockServletConfig); // operate AppletServiceServlet.injectInitParams(mockServletConfig, this.testedInstance); this.testedInstance.init(mockServletConfig); this.testedInstance.handleMessage(message, httpHeaders, mockServletRequest, testHttpSession); // verify EasyMock.verify(mockServletRequest, mockServletConfig); assertTrue(AuthenticationTestService.isCalled()); assertEquals(userId, AuditTestService.getAuditUserId()); assertEquals(userId, testHttpSession.getAttribute("eid.identifier")); } //@Test public void testHandleMessageNRCID() throws Exception { // setup KeyPair keyPair = MiscTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); String userId = "1234"; X509Certificate certificate = MiscTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test, SERIALNUMBER=" + userId, notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null); byte[] salt = "salt".getBytes(); byte[] sessionId = "session-id".getBytes(); AuthenticationDataMessage message = new AuthenticationDataMessage(); message.authnCert = certificate; message.saltValue = salt; message.sessionId = sessionId; Map<String, String> httpHeaders = new HashMap<String, String>(); HttpSession testHttpSession = new HttpTestSession(); HttpServletRequest mockServletRequest = EasyMock.createMock(HttpServletRequest.class); ServletConfig mockServletConfig = EasyMock.createMock(ServletConfig.class); byte[] challenge = AuthenticationChallenge.generateChallenge(testHttpSession); AuthenticationContract authenticationContract = new AuthenticationContract(salt, null, null, sessionId, null, challenge); byte[] toBeSigned = authenticationContract.calculateToBeSigned(); Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(keyPair.getPrivate()); signature.update(toBeSigned); byte[] signatureValue = signature.sign(); message.signatureValue = signatureValue; EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.CHALLENGE_MAX_MATURITY_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.AUTHN_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUTHN_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(AuthenticationTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.HOSTNAME_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INET_ADDRESS_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.AUDIT_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUDIT_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(AuditTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVER_CERTIFICATE)) .andStubReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(HelloMessageHandler.SESSION_ID_CHANNEL_BINDING_INIT_PARAM_NAME)) .andStubReturn(null); String nrcidSecret = "112233445566778899AABBCCDDEEFF00112233445566778899"; EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_SECRET_INIT_PARAM_NAME)) .andStubReturn(nrcidSecret); String nrcidAppId = "my-app-id"; EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_APP_ID_INIT_PARAM_NAME)) .andStubReturn(nrcidAppId); String nrcidOrgId = "my-org-id"; EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_ORG_ID_INIT_PARAM_NAME)) .andStubReturn(nrcidOrgId); EasyMock.expect(mockServletRequest.getAttribute("javax.servlet.request.ssl_session")) .andStubReturn(new String(Hex.encodeHex(sessionId))); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_IDENTITY_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_CERTS_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_ADDRESS_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_PHOTO_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(HelloMessageHandler.IDENTITY_INTEGRITY_SERVICE_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(HelloMessageHandler.IDENTITY_INTEGRITY_SERVICE_INIT_PARAM_NAME + "Class")) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVICE)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVICE + "Class")) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(IdentityDataMessageHandler.INCLUDE_DATA_FILES)) .andReturn(null); EasyMock.expect(mockServletRequest.getRemoteAddr()).andStubReturn("1.2.3.4"); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUTHN_SIGNATURE_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter( AuthenticationDataMessageHandler.AUTHN_SIGNATURE_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(null); // prepare EasyMock.replay(mockServletRequest, mockServletConfig); // operate AppletServiceServlet.injectInitParams(mockServletConfig, this.testedInstance); this.testedInstance.init(mockServletConfig); this.testedInstance.handleMessage(message, httpHeaders, mockServletRequest, testHttpSession); // verify EasyMock.verify(mockServletRequest, mockServletConfig); assertTrue(AuthenticationTestService.isCalled()); String nrcid = UserIdentifierUtil.getNonReversibleCitizenIdentifier(userId, nrcidOrgId, nrcidAppId, nrcidSecret); assertTrue(nrcid.equals(AuditTestService.getAuditUserId())); assertTrue(nrcid.equals(testHttpSession.getAttribute("eid.identifier"))); } @Test public void testHandleMessageExpiredChallenge() throws Exception { // setup KeyPair keyPair = MiscTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); String userId = "1234"; X509Certificate certificate = MiscTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test, SERIALNUMBER=" + userId, notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null); byte[] salt = "salt".getBytes(); byte[] sessionId = "session-id".getBytes(); AuthenticationDataMessage message = new AuthenticationDataMessage(); message.authnCert = certificate; message.saltValue = salt; message.sessionId = sessionId; Map<String, String> httpHeaders = new HashMap<String, String>(); HttpSession testHttpSession = new HttpTestSession(); HttpServletRequest mockServletRequest = EasyMock.createMock(HttpServletRequest.class); ServletConfig mockServletConfig = EasyMock.createMock(ServletConfig.class); byte[] challenge = AuthenticationChallenge.generateChallenge(testHttpSession); Thread.sleep(1000); // > 1 ms AuthenticationContract authenticationContract = new AuthenticationContract(salt, null, null, sessionId, null, challenge); byte[] toBeSigned = authenticationContract.calculateToBeSigned(); Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(keyPair.getPrivate()); signature.update(toBeSigned); byte[] signatureValue = signature.sign(); message.signatureValue = signatureValue; EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.CHALLENGE_MAX_MATURITY_INIT_PARAM_NAME)) .andReturn("1"); // 1 ms EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.AUTHN_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUTHN_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(AuthenticationTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.HOSTNAME_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INET_ADDRESS_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVER_CERTIFICATE)) .andStubReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(HelloMessageHandler.SESSION_ID_CHANNEL_BINDING_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_IDENTITY_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_CERTS_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_ADDRESS_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_PHOTO_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(HelloMessageHandler.IDENTITY_INTEGRITY_SERVICE_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(HelloMessageHandler.IDENTITY_INTEGRITY_SERVICE_INIT_PARAM_NAME + "Class")) .andStubReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.AUDIT_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUDIT_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(AuditTestService.class.getName()); EasyMock.expect(mockServletRequest.getRemoteAddr()).andStubReturn("remote-address"); EasyMock.expect(mockServletRequest.getAttribute("javax.servlet.request.ssl_session")) .andStubReturn(new String(Hex.encodeHex(sessionId))); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_SECRET_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVICE)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVICE + "Class")) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_ORG_ID_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_APP_ID_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(IdentityDataMessageHandler.INCLUDE_DATA_FILES)) .andReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUTHN_SIGNATURE_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter( AuthenticationDataMessageHandler.AUTHN_SIGNATURE_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(null); // prepare EasyMock.replay(mockServletRequest, mockServletConfig); // operate AppletServiceServlet.injectInitParams(mockServletConfig, this.testedInstance); this.testedInstance.init(mockServletConfig); try { this.testedInstance.handleMessage(message, httpHeaders, mockServletRequest, testHttpSession); fail(); } catch (ServletException e) { // verify EasyMock.verify(mockServletRequest, mockServletConfig); assertNull(AuditTestService.getAuditUserId()); assertNull(testHttpSession.getAttribute("eid.identifier")); assertEquals(certificate, AuditTestService.getAuditClientCertificate()); assertEquals("remote-address", AuditTestService.getAuditRemoteAddress()); } } @Test public void testInvalidAuthenticationSignature() throws Exception { // setup KeyPair keyPair = MiscTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); String userId = "1234"; X509Certificate certificate = MiscTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test, SERIALNUMBER=" + userId, notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null); byte[] salt = "salt".getBytes(); byte[] sessionId = "session-id".getBytes(); AuthenticationDataMessage message = new AuthenticationDataMessage(); message.authnCert = certificate; message.saltValue = salt; message.sessionId = sessionId; Map<String, String> httpHeaders = new HashMap<String, String>(); HttpSession testHttpSession = new HttpTestSession(); HttpServletRequest mockServletRequest = EasyMock.createMock(HttpServletRequest.class); ServletConfig mockServletConfig = EasyMock.createMock(ServletConfig.class); AuthenticationChallenge.generateChallenge(testHttpSession); AuthenticationContract authenticationContract = new AuthenticationContract(salt, null, null, sessionId, null, "foobar-challenge".getBytes()); byte[] toBeSigned = authenticationContract.calculateToBeSigned(); Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(keyPair.getPrivate()); signature.update(toBeSigned); byte[] signatureValue = signature.sign(); message.signatureValue = signatureValue; EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.CHALLENGE_MAX_MATURITY_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.AUTHN_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUTHN_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(AuthenticationTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.HOSTNAME_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INET_ADDRESS_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVER_CERTIFICATE)) .andStubReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(HelloMessageHandler.SESSION_ID_CHANNEL_BINDING_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.AUDIT_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUDIT_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(AuditTestService.class.getName()); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_SECRET_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_IDENTITY_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_CERTS_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_ADDRESS_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_PHOTO_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(HelloMessageHandler.IDENTITY_INTEGRITY_SERVICE_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(HelloMessageHandler.IDENTITY_INTEGRITY_SERVICE_INIT_PARAM_NAME + "Class")) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVICE)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVICE + "Class")) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_ORG_ID_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_APP_ID_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(IdentityDataMessageHandler.INCLUDE_DATA_FILES)) .andReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUTHN_SIGNATURE_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter( AuthenticationDataMessageHandler.AUTHN_SIGNATURE_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(null); EasyMock.expect(mockServletRequest.getAttribute("javax.servlet.request.ssl_session")) .andStubReturn(new String(Hex.encodeHex(sessionId))); String remoteAddress = "1.2.3.4"; EasyMock.expect(mockServletRequest.getRemoteAddr()).andReturn(remoteAddress); // prepare EasyMock.replay(mockServletRequest, mockServletConfig); // operate AppletServiceServlet.injectInitParams(mockServletConfig, this.testedInstance); this.testedInstance.init(mockServletConfig); try { this.testedInstance.handleMessage(message, httpHeaders, mockServletRequest, testHttpSession); fail(); } catch (SecurityException e) { // expected } // verify EasyMock.verify(mockServletRequest, mockServletConfig); assertFalse(AuthenticationTestService.isCalled()); assertNull(AuditTestService.getAuditUserId()); assertEquals(remoteAddress, AuditTestService.getAuditRemoteAddress()); assertEquals(certificate, AuditTestService.getAuditClientCertificate()); assertNull(testHttpSession.getAttribute("eid.identifier")); } //@Test public void testHandleMessageWithoutAuditService() throws Exception { // setup KeyPair keyPair = MiscTestUtils.generateKeyPair(); DateTime notBefore = new DateTime(); DateTime notAfter = notBefore.plusYears(1); String userId = "1234"; X509Certificate certificate = MiscTestUtils.generateCertificate(keyPair.getPublic(), "CN=Test, SERIALNUMBER=" + userId, notBefore, notAfter, null, keyPair.getPrivate(), true, 0, null, null); byte[] salt = "salt".getBytes(); byte[] sessionId = "session-id".getBytes(); AuthenticationDataMessage message = new AuthenticationDataMessage(); message.authnCert = certificate; message.saltValue = salt; message.sessionId = sessionId; Map<String, String> httpHeaders = new HashMap<String, String>(); HttpSession testHttpSession = new HttpTestSession(); HttpServletRequest mockServletRequest = EasyMock.createMock(HttpServletRequest.class); ServletConfig mockServletConfig = EasyMock.createMock(ServletConfig.class); byte[] challenge = AuthenticationChallenge.generateChallenge(testHttpSession); AuthenticationContract authenticationContract = new AuthenticationContract(salt, null, null, sessionId, null, challenge); byte[] toBeSigned = authenticationContract.calculateToBeSigned(); Signature signature = Signature.getInstance("SHA1withRSA"); signature.initSign(keyPair.getPrivate()); signature.update(toBeSigned); byte[] signatureValue = signature.sign(); message.signatureValue = signatureValue; EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.CHALLENGE_MAX_MATURITY_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.AUTHN_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUTHN_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(AuthenticationTestService.class.getName()); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.HOSTNAME_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INET_ADDRESS_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVER_CERTIFICATE)) .andStubReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(HelloMessageHandler.SESSION_ID_CHANNEL_BINDING_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.AUDIT_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_SECRET_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUDIT_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_IDENTITY_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_CERTS_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_ADDRESS_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.INCLUDE_PHOTO_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(HelloMessageHandler.IDENTITY_INTEGRITY_SERVICE_INIT_PARAM_NAME)) .andStubReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(HelloMessageHandler.IDENTITY_INTEGRITY_SERVICE_INIT_PARAM_NAME + "Class")) .andStubReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVICE)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter(HelloMessageHandler.CHANNEL_BINDING_SERVICE + "Class")) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_ORG_ID_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect( mockServletConfig.getInitParameter(AuthenticationDataMessageHandler.NRCID_APP_ID_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig .getInitParameter(AuthenticationDataMessageHandler.AUTHN_SIGNATURE_SERVICE_INIT_PARAM_NAME)) .andReturn(null); EasyMock.expect(mockServletConfig.getInitParameter( AuthenticationDataMessageHandler.AUTHN_SIGNATURE_SERVICE_INIT_PARAM_NAME + "Class")) .andReturn(null); EasyMock.expect(mockServletRequest.getAttribute("javax.servlet.request.ssl_session")) .andStubReturn(new String(Hex.encodeHex(sessionId))); EasyMock.expect(mockServletConfig.getInitParameter(IdentityDataMessageHandler.INCLUDE_DATA_FILES)) .andReturn(null); EasyMock.expect(mockServletRequest.getRemoteAddr()).andStubReturn("1.2.3.4"); // prepare EasyMock.replay(mockServletRequest, mockServletConfig); // operate AppletServiceServlet.injectInitParams(mockServletConfig, this.testedInstance); this.testedInstance.init(mockServletConfig); this.testedInstance.handleMessage(message, httpHeaders, mockServletRequest, testHttpSession); // verify EasyMock.verify(mockServletRequest, mockServletConfig); assertTrue(AuthenticationTestService.isCalled()); assertNull(AuditTestService.getAuditUserId()); assertEquals(userId, testHttpSession.getAttribute("eid.identifier")); } public static class AuthenticationTestService implements AuthenticationService { private static boolean called; public static void reset() { AuthenticationTestService.called = false; } public static boolean isCalled() { return AuthenticationTestService.called; } private static final Log LOG = LogFactory.getLog(AuthenticationTestService.class); public void validateCertificateChain(List<X509Certificate> certificateChain) throws SecurityException { LOG.debug("validate certificate chain"); AuthenticationTestService.called = true; } public void setHttpSessionObject(Object session) { } } }