Skip to content
Snippets Groups Projects
Commit 3273062a authored by OZGCloud's avatar OZGCloud
Browse files

OZG-7092 refactor token validation properties

parent 033fc831
No related branches found
No related tags found
1 merge request!1OZG-7092 Anpassung TokenChecker
...@@ -18,53 +18,71 @@ ...@@ -18,53 +18,71 @@
* unter der Lizenz sind dem Lizenztext zu entnehmen. * unter der Lizenz sind dem Lizenztext zu entnehmen.
*/ */
package de.ozgcloud.token.saml; package de.ozgcloud.token;
import java.util.List;
import java.util.Map; import java.util.Map;
import jakarta.validation.Valid;
import jakarta.validation.constraints.NotEmpty; import jakarta.validation.constraints.NotEmpty;
import jakarta.validation.constraints.NotNull; import jakarta.validation.constraints.NotNull;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.io.Resource; import org.springframework.core.io.Resource;
import org.springframework.validation.annotation.Validated;
import lombok.AllArgsConstructor;
import lombok.Getter; import lombok.Getter;
import lombok.NoArgsConstructor;
import lombok.Setter; import lombok.Setter;
import lombok.ToString; import lombok.ToString;
@Setter
@Getter
@Configuration
@ConfigurationProperties(prefix = TokenValidationProperties.PREFIX)
public class TokenValidationProperties {
static final String PREFIX = "ozgcloud.token.check";
/**
* List of entities. A ConfigurationEntity contains the necessary information for verifying and decrypting saml tokens.
*/
@NotEmpty
@Valid
private List<TokenValidationProperty> entities;
@Getter @Getter
@Setter @Setter
@NoArgsConstructor
@AllArgsConstructor
@ToString @ToString
@Validated public static class TokenValidationProperty {
public class ConfigurationEntity {
/** /**
* The id of the Identity Provider, this is also the issuer value. * The id of the Identity Provider, this is also the issuer value.
*/ */
@NotEmpty @NotEmpty
private String idpEntityId; private String idpEntityId;
/** /**
* The encryption key * The encryption key
*/ */
@NotEmpty @NotEmpty
private Resource key; private Resource key;
/** /**
* The encryption certificate * The encryption certificate
*/ */
@NotEmpty @NotEmpty
private Resource certificate; private Resource certificate;
/** /**
* The url or the actual SAML Metadata file received from the idp * The url or the actual SAML Metadata file received from the idp
*/ */
@NotEmpty @NotEmpty
private Resource metadata; private Resource metadata;
/** /**
* Use the user id as Postkorbhandle. For Mu * Use the user id as Postkorbhandle. For Muk
*/ */
private Boolean useIdAsPostfachId = Boolean.FALSE; private boolean userIdAsPostfachId = false;
/** /**
* The mappings the PostfachHandle and the TrustLevel. The value of the mapping * The mappings the PostfachHandle and the TrustLevel. The value of the mapping
* the name of the attribute in the SamlResponse that represents these values. * the name of the attribute in the SamlResponse that represents these values.
...@@ -73,3 +91,4 @@ public class ConfigurationEntity { ...@@ -73,3 +91,4 @@ public class ConfigurationEntity {
@NotNull @NotNull
private Map<String, String> mappings; private Map<String, String> mappings;
} }
}
...@@ -18,7 +18,7 @@ ozgcloud: ...@@ -18,7 +18,7 @@ ozgcloud:
key: "classpath:test2-enc.key" key: "classpath:test2-enc.key"
certificate: "classpath:test2-enc.crt" certificate: "classpath:test2-enc.crt"
metadata: "classpath:metadata/muk-idp-e4k.xml" metadata: "classpath:metadata/muk-idp-e4k.xml"
useIdAsPostkorbHandle: true userIdAsPostfachId: true
mappings: mappings:
trustLevel: "ElsterVertrauensniveauAuthentifizierung" trustLevel: "ElsterVertrauensniveauAuthentifizierung"
server: server:
......
...@@ -30,7 +30,7 @@ import org.springframework.boot.test.context.SpringBootTest; ...@@ -30,7 +30,7 @@ import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.TestPropertySource;
@SpringBootTest(classes = { TokenCheckTestConfiguration.class }) @SpringBootTest(classes = { TokenCheckTestConfiguration.class })
class TokenCheckPropertiesITCase { class TokenValidationPropertiesITCase {
private static final String URL = "https=//infra-pre-id.bayernportal.de/idp"; private static final String URL = "https=//infra-pre-id.bayernportal.de/idp";
private static final String TRUST_LEVEL_KEY = "trustLevel"; private static final String TRUST_LEVEL_KEY = "trustLevel";
private static final String TRUST_LEVEL_VALUE = "urn=oid:1.2.3.4"; private static final String TRUST_LEVEL_VALUE = "urn=oid:1.2.3.4";
...@@ -40,27 +40,27 @@ class TokenCheckPropertiesITCase { ...@@ -40,27 +40,27 @@ class TokenCheckPropertiesITCase {
@DisplayName("Test loading token checker configuration") @DisplayName("Test loading token checker configuration")
@Nested @Nested
@TestPropertySource(properties = { @TestPropertySource(properties = {
TokenCheckProperties.PREFIX + ".entities[0].idpEntityId=" + TokenCheckPropertiesITCase.URL, TokenValidationProperties.PREFIX + ".entities[0].idpEntityId=" + TokenValidationPropertiesITCase.URL,
TokenCheckProperties.PREFIX + ".entities[0].key=classpath:test2-enc.key", TokenValidationProperties.PREFIX + ".entities[0].key=classpath:test2-enc.key",
TokenCheckProperties.PREFIX + ".entities[0].certificate=classpath:test2-enc.crt", TokenValidationProperties.PREFIX + ".entities[0].certificate=classpath:test2-enc.crt",
TokenCheckProperties.PREFIX + ".entities[0].metadata=classpath:metadata/bayernid-idp-infra.xml", TokenValidationProperties.PREFIX + ".entities[0].metadata=classpath:metadata/bayernid-idp-infra.xml",
TokenCheckProperties.PREFIX + ".entities[0].mappings.postfachId=" + TokenCheckPropertiesITCase.POSTFACH_ID_VALUE, TokenValidationProperties.PREFIX + ".entities[0].mappings.postfachId=" + TokenValidationPropertiesITCase.POSTFACH_ID_VALUE,
TokenCheckProperties.PREFIX + ".entities[0].mappings.trustLevel=" + TokenCheckPropertiesITCase.TRUST_LEVEL_VALUE TokenValidationProperties.PREFIX + ".entities[0].mappings.trustLevel=" + TokenValidationPropertiesITCase.TRUST_LEVEL_VALUE
}) })
class TestLoadingConfiguration { class TestLoadingConfiguration {
@Autowired @Autowired
private TokenCheckProperties tokenCheckProperties; private TokenValidationProperties tokenValidationProperties;
@Nested @Nested
class TestInitialization { class TestInitialization {
@Test @Test
void shouldHaveProperties() { void shouldHaveProperties() {
assertThat(tokenCheckProperties).isNotNull(); assertThat(tokenValidationProperties).isNotNull();
} }
@Test @Test
void shouldHaveEntities() { void shouldHaveEntities() {
assertThat(tokenCheckProperties.getEntities()).isNotNull(); assertThat(tokenValidationProperties.getEntities()).isNotNull();
} }
} }
...@@ -68,68 +68,68 @@ class TokenCheckPropertiesITCase { ...@@ -68,68 +68,68 @@ class TokenCheckPropertiesITCase {
class TestLoadedEntity { class TestLoadedEntity {
@Test @Test
void shouldHaveIdpEntityId() { void shouldHaveIdpEntityId() {
assertThat(tokenCheckProperties.getEntities().getFirst().getIdpEntityId()).isEqualTo(URL); assertThat(tokenValidationProperties.getEntities().getFirst().getIdpEntityId()).isEqualTo(URL);
} }
@Test @Test
void shouldHaveDevEncKey() { void shouldHaveDevEncKey() {
assertThat(tokenCheckProperties.getEntities().getFirst().getKey()).isNotNull(); assertThat(tokenValidationProperties.getEntities().getFirst().getKey()).isNotNull();
} }
@Test @Test
void shouldHaveDevEncCrt() { void shouldHaveDevEncCrt() {
assertThat(tokenCheckProperties.getEntities().getFirst().getCertificate()).isNotNull(); assertThat(tokenValidationProperties.getEntities().getFirst().getCertificate()).isNotNull();
} }
@Test @Test
void shouldHaveMetadata() { void shouldHaveMetadata() {
assertThat(tokenCheckProperties.getEntities().getFirst().getMetadata()).isNotNull(); assertThat(tokenValidationProperties.getEntities().getFirst().getMetadata()).isNotNull();
} }
@Test @Test
void shouldHavePostkorbHandleMapping() { void shouldHavePostkorbHandleMapping() {
assertThat(tokenCheckProperties.getEntities().getFirst().getMappings()).containsEntry(POSTFACH_ID_KEY, POSTFACH_ID_VALUE); assertThat(tokenValidationProperties.getEntities().getFirst().getMappings()).containsEntry(POSTFACH_ID_KEY, POSTFACH_ID_VALUE);
} }
@Test @Test
void shouldNotHaveUseIdAsPostkorbHandle() { void shouldNotHaveUseIdAsPostkorbHandle() {
assertThat(tokenCheckProperties.getEntities().getFirst().getUseIdAsPostfachId()).isFalse(); assertThat(tokenValidationProperties.getEntities().getFirst().getUserIdAsPostfachId()).isFalse();
} }
@Test @Test
void shouldHaveConfiguredTrustLevelMapping() { void shouldHaveConfiguredTrustLevelMapping() {
assertThat(tokenCheckProperties.getEntities().getFirst().getMappings()).containsEntry(TRUST_LEVEL_KEY, TRUST_LEVEL_VALUE); assertThat(tokenValidationProperties.getEntities().getFirst().getMappings()).containsEntry(TRUST_LEVEL_KEY, TRUST_LEVEL_VALUE);
} }
} }
} }
@DisplayName("Test loading mapping") @DisplayName("Test loading mapping")
@TestPropertySource(properties = { @TestPropertySource(properties = {
TokenCheckProperties.PREFIX + ".entities[0].idpEntityId=" + URL, TokenValidationProperties.PREFIX + ".entities[0].idpEntityId=" + URL,
TokenCheckProperties.PREFIX + ".entities[0].key=classpath:test2-enc.key", TokenValidationProperties.PREFIX + ".entities[0].key=classpath:test2-enc.key",
TokenCheckProperties.PREFIX + ".entities[0].certificate=classpath:test2-enc.crt", TokenValidationProperties.PREFIX + ".entities[0].certificate=classpath:test2-enc.crt",
TokenCheckProperties.PREFIX + ".entities[0].metadata=classpath:metadata/bayernid-idp-infra.xml", TokenValidationProperties.PREFIX + ".entities[0].metadata=classpath:metadata/bayernid-idp-infra.xml",
TokenCheckProperties.PREFIX + ".entities[0]use-id-as-postfach-id=true", TokenValidationProperties.PREFIX + ".entities[0]use-id-as-postfach-id=true",
TokenCheckProperties.PREFIX + ".entities[0].mappings.test=test2", TokenValidationProperties.PREFIX + ".entities[0].mappings.test=test2",
}) })
@Nested @Nested
class TestLoadingMappingConfiguration { class TestLoadingMappingConfiguration {
@Autowired @Autowired
private TokenCheckProperties tokenCheckProperties; private TokenValidationProperties tokenValidationProperties;
@Test @Test
void shouldHaveUseIdAsPostfachId() { void shouldHaveUseIdAsPostfachId() {
assertThat(tokenCheckProperties.getEntities().getFirst().getUseIdAsPostfachId()).isTrue(); assertThat(tokenValidationProperties.getEntities().getFirst().getUserIdAsPostfachId()).isTrue();
} }
@Test @Test
void shouldHaveConfiguredTestMapping() { void shouldHaveConfiguredTestMapping() {
assertThat(tokenCheckProperties.getEntities().getFirst().getMappings()).containsEntry("test", "test2"); assertThat(tokenValidationProperties.getEntities().getFirst().getMappings()).containsEntry("test", "test2");
} }
@Test @Test
void shouldNotHavePostkorbHandleMapping() { void shouldNotHavePostkorbHandleMapping() {
assertThat(tokenCheckProperties.getEntities().getFirst().getMappings()).doesNotContain(entry(POSTFACH_ID_KEY, assertThat(tokenValidationProperties.getEntities().getFirst().getMappings()).doesNotContain(entry(POSTFACH_ID_KEY,
POSTFACH_ID_VALUE)); POSTFACH_ID_VALUE));
} }
} }
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment