diff --git a/vorgang-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/AntragraumITCase.java b/vorgang-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/AntragraumITCase.java
index 51f3cdcefce8386b38119051129a0b6e11148b90..5d2ababcc186088b078edd586f942066dc4a8bf5 100644
--- a/vorgang-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/AntragraumITCase.java
+++ b/vorgang-manager-server/src/test/java/de/ozgcloud/nachrichten/antragraum/AntragraumITCase.java
@@ -264,7 +264,7 @@ class AntragraumITCase {
private Vorgang savedVorgang;
private VorgangAttachedItem vorgangAttachedItem;
- private VorgangAttachedItem vorgangAttachedItemOtherAttachment;
+ private VorgangAttachedItem vorgangAttachedItemDifferentAttachment;
private String fileId;
@BeforeEach
@@ -273,7 +273,7 @@ class AntragraumITCase {
savedVorgang = mongoOperations.save(createVorgang(TrustLevel.LEVEL_3), Vorgang.COLLECTION_NAME);
vorgangAttachedItem = mongoOperations.save(createPostfachNachrichtVorgangAttachedItem(savedVorgang.getId(), fileId),
VorgangAttachedItem.COLLECTION_NAME);
- vorgangAttachedItemOtherAttachment = mongoOperations.save(createPostfachNachrichtVorgangAttachedItem(savedVorgang.getId()),
+ vorgangAttachedItemDifferentAttachment = mongoOperations.save(createPostfachNachrichtVorgangAttachedItem(savedVorgang.getId()),
VorgangAttachedItem.COLLECTION_NAME);
}
@@ -358,14 +358,14 @@ class AntragraumITCase {
when(decrypter.decryptPostfachId(any())).thenReturn(PostfachAddressTestFactory.STRING_BASED_IDENTIFIER_POSTFACH_ID_VALUE);
var request = GrpcGetAttachmentMetadataRequest.newBuilder()
.setSamlToken(SAML_TOKEN)
- .setNachrichtId(vorgangAttachedItemOtherAttachment.getId())
+ .setNachrichtId(vorgangAttachedItemDifferentAttachment.getId())
.setFileId(fileId)
.build();
assertThatThrownBy(() -> grpcService.getAttachmentMetadata(request, responseObserver))
.isInstanceOf(NotFoundException.class)
.hasMessageContaining("PostfachNachricht")
- .hasMessageContaining(vorgangAttachedItemOtherAttachment.getId());
+ .hasMessageContaining(vorgangAttachedItemDifferentAttachment.getId());
}
}
@@ -383,6 +383,7 @@ class AntragraumITCase {
private Vorgang savedVorgang;
private VorgangAttachedItem vorgangAttachedItem;
+ private VorgangAttachedItem vorgangAttachedItemDifferentAttachment;
private String fileId;
@BeforeEach
@@ -391,6 +392,8 @@ class AntragraumITCase {
savedVorgang = mongoOperations.save(createVorgang(TrustLevel.LEVEL_3), Vorgang.COLLECTION_NAME);
vorgangAttachedItem = mongoOperations.save(createPostfachNachrichtVorgangAttachedItem(savedVorgang.getId(), fileId),
VorgangAttachedItem.COLLECTION_NAME);
+ vorgangAttachedItemDifferentAttachment = mongoOperations.save(createPostfachNachrichtVorgangAttachedItem(savedVorgang.getId()),
+ VorgangAttachedItem.COLLECTION_NAME);
}
@Test
@@ -410,6 +413,75 @@ class AntragraumITCase {
verify(responseObserver, timeout(30000)).onNext(captor.capture());
assertThat(captor.getValue().getFileContent()).isEqualTo(expectedContent);
}
+
+ @Test
+ void shouldFailDueToInvalidToken() {
+ when(verifier.verify(any())).thenReturn(List.of(new Saml2Error("invalid_signature", "Signature missing")));
+ when(decrypter.decryptTrustLevel(any())).thenReturn(TrustLevel.LEVEL_3.getValue());
+ when(decrypter.decryptPostfachId(any())).thenReturn(PostfachAddressTestFactory.STRING_BASED_IDENTIFIER_POSTFACH_ID_VALUE);
+ var request = GrpcGetAttachmentContentRequest.newBuilder()
+ .setSamlToken(SAML_TOKEN)
+ .setNachrichtId(vorgangAttachedItem.getId())
+ .setFileId(fileId)
+ .build();
+
+ assertThatThrownBy(() -> grpcService.getAttachmentContent(request, responseObserver))
+ .isInstanceOf(SecurityException.class)
+ .hasMessageContaining("Signature missing")
+ .hasMessageContaining("invalid_signature");
+
+ }
+
+ @Test
+ void shouldFailDueIncorrectPostfachId() {
+ when(verifier.verify(any())).thenReturn(Collections.emptyList());
+ when(decrypter.decryptTrustLevel(any())).thenReturn(TrustLevel.LEVEL_3.getValue());
+ when(decrypter.decryptPostfachId(any())).thenReturn("wrong ID");
+ var request = GrpcGetAttachmentContentRequest.newBuilder()
+ .setSamlToken(SAML_TOKEN)
+ .setNachrichtId(vorgangAttachedItem.getId())
+ .setFileId(fileId)
+ .build();
+
+ assertThatThrownBy(() -> grpcService.getAttachmentContent(request, responseObserver))
+ .isInstanceOf(NotFoundException.class)
+ .hasMessageContaining("PostfachNachricht")
+ .hasMessageContaining(vorgangAttachedItem.getId());
+ }
+
+ @Test
+ void shouldFailDueToTrustLevelTooLow() {
+ when(verifier.verify(any())).thenReturn(Collections.emptyList());
+ when(decrypter.decryptTrustLevel(any())).thenReturn(TrustLevel.LEVEL_2.getValue());
+ when(decrypter.decryptPostfachId(any())).thenReturn(PostfachAddressTestFactory.STRING_BASED_IDENTIFIER_POSTFACH_ID_VALUE);
+ var request = GrpcGetAttachmentContentRequest.newBuilder()
+ .setSamlToken(SAML_TOKEN)
+ .setNachrichtId(vorgangAttachedItem.getId())
+ .setFileId(fileId)
+ .build();
+
+ assertThatThrownBy(() -> grpcService.getAttachmentContent(request, responseObserver))
+ .isInstanceOf(NotFoundException.class)
+ .hasMessageContaining("PostfachNachricht")
+ .hasMessageContaining(vorgangAttachedItem.getId());
+ }
+
+ @Test
+ void shouldFailDueToFileIdNotInPostfachNachricht() {
+ when(verifier.verify(any())).thenReturn(Collections.emptyList());
+ when(decrypter.decryptTrustLevel(any())).thenReturn(TrustLevel.LEVEL_3.getValue());
+ when(decrypter.decryptPostfachId(any())).thenReturn(PostfachAddressTestFactory.STRING_BASED_IDENTIFIER_POSTFACH_ID_VALUE);
+ var request = GrpcGetAttachmentContentRequest.newBuilder()
+ .setSamlToken(SAML_TOKEN)
+ .setNachrichtId(vorgangAttachedItem.getId())
+ .setFileId(fileId)
+ .build();
+
+ assertThatThrownBy(() -> grpcService.getAttachmentContent(request, responseObserver))
+ .isInstanceOf(NotFoundException.class)
+ .hasMessageContaining("PostfachNachricht")
+ .hasMessageContaining(vorgangAttachedItemDifferentAttachment.getId());
+ }
}
private Vorgang createVorgang(TrustLevel trustLevel) {