diff --git a/vorgang-manager-server/src/main/java/de/ozgcloud/vorgang/servicekonto/ServiceKonto.java b/vorgang-manager-server/src/main/java/de/ozgcloud/vorgang/servicekonto/ServiceKonto.java
index dc55642a887b0d8a453a10ead82e0fb7de5970c8..c65e33018262555e9b38727cf434e221ec3ac4eb 100644
--- a/vorgang-manager-server/src/main/java/de/ozgcloud/vorgang/servicekonto/ServiceKonto.java
+++ b/vorgang-manager-server/src/main/java/de/ozgcloud/vorgang/servicekonto/ServiceKonto.java
@@ -24,7 +24,7 @@ public class ServiceKonto {
@Singular
private List<PostfachAddress> postfachAddresses;
- static class ServiceKontoBuilder {
+ public static class ServiceKontoBuilder {
public ServiceKontoBuilder trustLevel(String trustLevel) {
validateTrustLevel(trustLevel);
diff --git a/vorgang-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/AntragraumITCase.java b/vorgang-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/AntragraumITCase.java
new file mode 100644
index 0000000000000000000000000000000000000000..81ff258399f0ffa813c0ac5837c83d4d5e8ec544
--- /dev/null
+++ b/vorgang-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/AntragraumITCase.java
@@ -0,0 +1,226 @@
+package de.ozgcloud.nachrichten.antragraum;
+
+import static org.assertj.core.api.Assertions.*;
+import static org.mockito.ArgumentMatchers.*;
+import static org.mockito.Mockito.*;
+
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+import org.apache.commons.lang3.StringUtils;
+import org.apache.xml.security.stax.ext.XMLSecurityConstants.DIRECTION;
+import org.junit.jupiter.api.BeforeEach;
+import org.junit.jupiter.api.DisplayName;
+import org.junit.jupiter.api.Nested;
+import org.junit.jupiter.api.Test;
+import org.mockito.ArgumentCaptor;
+import org.mockito.Captor;
+import org.mockito.Mock;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.mock.mockito.MockBean;
+import org.springframework.data.mongodb.core.MongoOperations;
+import org.springframework.security.test.context.support.WithMockUser;
+import org.springframework.test.annotation.DirtiesContext;
+
+import de.ozgcloud.common.test.DataITCase;
+import de.ozgcloud.common.test.TestUtils;
+import de.ozgcloud.nachrichten.postfach.PostfachAddress;
+import de.ozgcloud.nachrichten.postfach.PostfachNachricht;
+import de.ozgcloud.nachrichten.postfach.PostfachNachrichtTestFactory;
+import de.ozgcloud.nachrichten.postfach.osi.OsiPostfachProperties;
+import de.ozgcloud.nachrichten.postfach.osi.ReplyOption;
+import de.ozgcloud.vorgang.VorgangManagerServerApplication;
+import de.ozgcloud.vorgang.attached_item.VorgangAttachedItem;
+import de.ozgcloud.vorgang.attached_item.VorgangAttachedItemTestFactory;
+import de.ozgcloud.vorgang.servicekonto.PostfachAddressTestFactory;
+import de.ozgcloud.vorgang.servicekonto.ServiceKonto;
+import de.ozgcloud.vorgang.servicekonto.ServiceKontoTestFactory;
+import de.ozgcloud.vorgang.vorgang.Vorgang;
+import de.ozgcloud.vorgang.vorgang.VorgangHeadTestFactory;
+import de.ozgcloud.vorgang.vorgang.VorgangTestFactory;
+import io.grpc.stub.StreamObserver;
+
+@SpringBootTest(classes = { VorgangManagerServerApplication.class, OsiPostfachProperties.class }, properties = {
+ "grpc.server.in-process-name=postfachitcase",
+ "ozgcloud.antragraum.url=https://localhost/dummy/antragraum",
+ "ozgcloud.antragraum.entityId=dummy-id",
+ "ozgcloud.antragraum.metadataUri=http://localhost/dummy/antragraum/uri",
+ "ozgcloud.antragraum.decryptionPrivateKey=dummyPrivateKey",
+ "ozgcloud.antragraum.decryptionCertificate=dummyCertificate",
+ "grpc.client.ozgcloud-command-manager.address=in-process:postfachitcase",
+ "grpc.client.command-manager.address=in-process:postfachitcase",
+ "grpc.client.info-manager.address=in-process:postfachitcase",
+ "grpc.client.vorgang-manager.address=in-process:postfachitcase",
+})
+@WithMockUser
+@DataITCase
+@DirtiesContext(classMode = DirtiesContext.ClassMode.BEFORE_CLASS)
+class AntragraumITCase {
+
+ @Autowired
+ private AntragraumGrpcService grpcService;
+ @Autowired
+ private MongoOperations mongoOperations;
+
+ @MockBean
+ private Saml2Decrypter decrypter;
+ @MockBean
+ private Saml2Verifier verifier;
+
+ @BeforeEach
+ void prepareDatabase() {
+ mongoOperations.dropCollection(Vorgang.COLLECTION_NAME);
+ mongoOperations.dropCollection(VorgangAttachedItem.COLLECTION_NAME);
+ }
+
+ @DisplayName("Find rueckfragen")
+ @Nested
+ class TestFindRueckfragen {
+
+ @Mock
+ private StreamObserver<GrpcFindRueckfragenResponse> responseObserver;
+
+ @Captor
+ private ArgumentCaptor<GrpcFindRueckfragenResponse> captor;
+
+ @BeforeEach
+ void mock() {
+ when(decrypter.decryptPostfachId(any())).thenReturn(PostfachAddressTestFactory.STRING_BASED_IDENTIFIER_POSTFACH_ID_VALUE);
+ when(verifier.verify(any())).thenReturn(Collections.emptyList());
+ }
+
+ @DisplayName("with nachrichten from different vorgaenge")
+ @Nested
+ class TestWithDifferentVorgangId {
+
+ private Vorgang vorgangTrustLevel3;
+ private Vorgang vorgangTrustLevel2;
+
+ @BeforeEach
+ void prepareDatabase() {
+ vorgangTrustLevel3 = mongoOperations.save(createVorgang(TrustLevel.LEVEL_3), Vorgang.COLLECTION_NAME);
+ mongoOperations.save(createPostfachNachrichtVorgangAttachedItem(vorgangTrustLevel3.getId()), VorgangAttachedItem.COLLECTION_NAME);
+
+ vorgangTrustLevel2 = mongoOperations.save(createVorgang(TrustLevel.LEVEL_2), Vorgang.COLLECTION_NAME);
+ mongoOperations.save(createPostfachNachrichtVorgangAttachedItem(vorgangTrustLevel2.getId()), VorgangAttachedItem.COLLECTION_NAME);
+ }
+
+ @Test
+ void shouldHaveTrustLevelForVorgang() {
+ when(decrypter.decryptTrustLevel(any())).thenReturn(TrustLevel.LEVEL_4.getValue());
+
+ var rueckfragen = findRueckfragen().stream()
+ .filter(rueckfrage -> StringUtils.equals(rueckfrage.getVorgangId(), vorgangTrustLevel3.getId()))
+ .toList();
+
+ assertThat(rueckfragen).isNotEmpty().hasSize(1);
+ assertThat(rueckfragen.get(0).getTrustLevel()).isEqualTo(TrustLevel.LEVEL_3.getValue());
+ assertThat(rueckfragen.get(0).getAccessible()).isTrue();
+ }
+
+ @Test
+ void shouldHaveTrustLevelForOtherVorgang() {
+ when(decrypter.decryptTrustLevel(any())).thenReturn(TrustLevel.LEVEL_1.getValue());
+
+ var rueckfragen = findRueckfragen().stream()
+ .filter(rueckfrage -> StringUtils.equals(rueckfrage.getVorgangId(), vorgangTrustLevel2.getId()))
+ .toList();
+
+ assertThat(rueckfragen).isNotEmpty().hasSize(1);
+ assertThat(rueckfragen.get(0).getTrustLevel()).isEqualTo(TrustLevel.LEVEL_2.getValue());
+ assertThat(rueckfragen.get(0).getAccessible()).isFalse();
+ }
+ }
+
+ @DisplayName("with nachrichten from one vorgang")
+ @Nested
+ class TestWithOneVorgangId {
+
+ @BeforeEach
+ void prepareDatabase() {
+ var vorgang = mongoOperations.save(createVorgang(TrustLevel.LEVEL_3), Vorgang.COLLECTION_NAME);
+ mongoOperations.save(createPostfachNachrichtVorgangAttachedItem(vorgang.getId()), VorgangAttachedItem.COLLECTION_NAME);
+ }
+
+ @Test
+ void shouldReturnOnMatchingTokenTrustLevel() {
+ when(decrypter.decryptTrustLevel(any())).thenReturn(TrustLevel.LEVEL_3.getValue());
+
+ var rueckfragen = findRueckfragen();
+
+ assertThat(rueckfragen).isNotEmpty().hasSize(1);
+ assertThat(rueckfragen.get(0).getTrustLevel()).isEqualTo(TrustLevel.LEVEL_3.getValue());
+ assertThat(rueckfragen.get(0).getAccessible()).isTrue();
+ }
+
+ @Test
+ void shouldReturnOnLowerTokenTrustLevel() {
+ when(decrypter.decryptTrustLevel(any())).thenReturn(TrustLevel.LEVEL_1.getValue());
+
+ var rueckfragen = findRueckfragen();
+
+ assertThat(rueckfragen).isNotEmpty().hasSize(1);
+ assertThat(rueckfragen.get(0).getTrustLevel()).isEqualTo(TrustLevel.LEVEL_3.getValue());
+ assertThat(rueckfragen.get(0).getAccessible()).isFalse();
+ }
+
+ @Test
+ void shouldReturnOnHigherTokenTrustLevel() {
+ when(decrypter.decryptTrustLevel(any())).thenReturn(TrustLevel.LEVEL_4.getValue());
+
+ var rueckfragen = findRueckfragen();
+
+ assertThat(rueckfragen).isNotEmpty().hasSize(1);
+ assertThat(rueckfragen.get(0).getTrustLevel()).isEqualTo(TrustLevel.LEVEL_3.getValue());
+ assertThat(rueckfragen.get(0).getAccessible()).isTrue();
+ }
+ }
+
+ private List<GrpcRueckfrageHead> findRueckfragen() {
+ grpcService.findRueckfragen(
+ GrpcFindRueckfrageRequestTestFactory.createBuilder().setSamlToken(TestUtils.loadTextFile("SamlResponse.xml")).build(),
+ responseObserver);
+ verify(responseObserver).onNext(captor.capture());
+ return captor.getValue().getRueckfrageHeadList();
+ }
+ }
+
+ private Vorgang createVorgang(TrustLevel trustLevel) {
+ return VorgangTestFactory.createBuilder()
+ .id(null)
+ .header(VorgangHeadTestFactory.createBuilder().serviceKonto(createBayernIdServiceKonto(trustLevel)).build())
+ .build();
+ }
+
+ private ServiceKonto createBayernIdServiceKonto(TrustLevel trustLevel) {
+ return ServiceKontoTestFactory.createBuilder().type("BayernID").trustLevel(trustLevel.getValue()).build();
+ }
+
+ private VorgangAttachedItem createPostfachNachrichtVorgangAttachedItem(String vorgangId) {
+ return VorgangAttachedItemTestFactory.createBuilder()
+ .id(null)
+ .version(0)
+ .vorgangId(vorgangId)
+ .itemName("PostfachMail")
+ .client("OzgCloud_NachrichtenManager")
+ .item(createBayernIdPostfachNachrichtItem(vorgangId))
+ .build();
+ }
+
+ private Map<String, Object> createBayernIdPostfachNachrichtItem(String vorgangId) {
+ var nachrichtItem = PostfachNachrichtTestFactory.asMap();
+ nachrichtItem.put(PostfachNachricht.FIELD_DIRECTION, DIRECTION.OUT.name());
+ nachrichtItem.put(PostfachNachricht.FIELD_REPLY_OPTION, ReplyOption.POSSIBLE);
+ nachrichtItem.put(PostfachNachricht.FIELD_VORGANG_ID, vorgangId);
+ nachrichtItem.put(PostfachNachricht.FIELD_POSTFACH_ID, PostfachAddressTestFactory.STRING_BASED_IDENTIFIER_POSTFACH_ID_VALUE);
+ nachrichtItem.put(PostfachNachricht.POSTFACH_ADDRESS_FIELD, Map.of(
+ PostfachAddress.TYPE_FIELD, 0,
+ PostfachAddress.VERSION_FIELD, 1,
+ PostfachAddress.IDENTIFIER_FIELD,
+ Map.of(PostfachNachricht.FIELD_POSTFACH_ID, PostfachAddressTestFactory.STRING_BASED_IDENTIFIER_POSTFACH_ID_VALUE),
+ PostfachAddress.SERVICEKONTO_TYPE_FIELD, "BayernID"));
+ return nachrichtItem;
+ }
+}
\ No newline at end of file