|
| 1 | +package at.asitplus.wallet.backend |
| 2 | + |
| 3 | +import at.asitplus.openid.OidcUserInfoExtended |
| 4 | +import at.asitplus.wallet.backend.config.buildSdJwtClaims |
| 5 | +import at.asitplus.wallet.eupidsdjwt.EuPidSdJwtScheme |
| 6 | +import at.asitplus.wallet.lib.agent.EphemeralKeyWithoutCert |
| 7 | +import at.asitplus.wallet.lib.agent.HolderAgent |
| 8 | +import at.asitplus.wallet.lib.agent.IssuerAgent |
| 9 | +import at.asitplus.wallet.lib.agent.RandomSource |
| 10 | +import at.asitplus.wallet.lib.agent.toStoreCredentialInput |
| 11 | +import at.asitplus.wallet.lib.data.rfc3986.toUri |
| 12 | +import at.asitplus.wallet.lib.oidvci.formUrlEncode |
| 13 | +import at.asitplus.wallet.lib.openid.AuthenticationResponseResult |
| 14 | +import at.asitplus.wallet.lib.openid.OpenId4VpHolder |
| 15 | +import io.kotest.matchers.nulls.shouldNotBeNull |
| 16 | +import io.kotest.matchers.types.shouldBeInstanceOf |
| 17 | +import io.ktor.http.Url |
| 18 | +import kotlinx.coroutines.test.runTest |
| 19 | +import kotlinx.serialization.json.buildJsonObject |
| 20 | +import kotlinx.serialization.json.put |
| 21 | +import org.junit.jupiter.api.Test |
| 22 | +import org.springframework.beans.factory.annotation.Autowired |
| 23 | +import org.springframework.boot.test.context.SpringBootTest |
| 24 | +import org.springframework.boot.webmvc.test.autoconfigure.AutoConfigureMockMvc |
| 25 | +import org.springframework.http.MediaType |
| 26 | +import org.springframework.security.oauth2.core.oidc.IdTokenClaimNames |
| 27 | +import org.springframework.test.web.servlet.MockMvc |
| 28 | +import org.springframework.test.web.servlet.get |
| 29 | +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.asyncDispatch |
| 30 | +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get as mvcGet |
| 31 | +import org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post as mvcPost |
| 32 | +import org.springframework.test.web.servlet.result.MockMvcResultMatchers.jsonPath |
| 33 | +import org.springframework.test.web.servlet.result.MockMvcResultMatchers.request |
| 34 | +import org.springframework.test.web.servlet.result.MockMvcResultMatchers.status |
| 35 | +import java.net.URI |
| 36 | +import kotlin.time.Clock |
| 37 | +import kotlin.time.Duration.Companion.days |
| 38 | + |
| 39 | +@SpringBootTest |
| 40 | +@AutoConfigureMockMvc |
| 41 | +class PidLoginFlowTest { |
| 42 | + |
| 43 | + @Autowired |
| 44 | + private lateinit var mockMvc: MockMvc |
| 45 | + |
| 46 | + @Test |
| 47 | + fun `login with PID from wallet completes session login`() = runTest { |
| 48 | + val holderOid4vp = holderWithPid() |
| 49 | + val loginResult = mockMvc.perform(asyncDispatch( |
| 50 | + mockMvc.get(Paths.LoginUrl) |
| 51 | + .andExpect { request { asyncStarted() } } |
| 52 | + .andReturn() |
| 53 | + )) |
| 54 | + .andExpect(status().isOk) |
| 55 | + .andReturn() |
| 56 | + val authToken = loginResult.response.getHeader("X-Auth-Token").shouldNotBeNull() |
| 57 | + val loginPidUrl = loginResult.modelAndView?.model?.get("loginPidUrl") |
| 58 | + .shouldBeInstanceOf<String>() |
| 59 | + val requestUri = Url(loginPidUrl).parameters["request_uri"].shouldNotBeNull() |
| 60 | + |
| 61 | + val authnRequest = mockMvc.perform(asyncDispatch( |
| 62 | + mockMvc.perform(mvcGet(URI(requestUri).rawPath).header("X-Auth-Token", authToken)) |
| 63 | + .andExpect(request().asyncStarted()) |
| 64 | + .andReturn() |
| 65 | + )) |
| 66 | + .andExpect(status().isOk) |
| 67 | + .andReturn() |
| 68 | + .response.contentAsString |
| 69 | + |
| 70 | + val authnResponse = holderOid4vp.createAuthnResponse(authnRequest) |
| 71 | + .getOrThrow() |
| 72 | + .shouldBeInstanceOf<AuthenticationResponseResult.Post>() |
| 73 | + |
| 74 | + mockMvc.perform(asyncDispatch( |
| 75 | + mockMvc.perform( |
| 76 | + mvcPost(URI(authnResponse.url).rawPath) |
| 77 | + .header("X-Auth-Token", authToken) |
| 78 | + .contentType(MediaType.APPLICATION_FORM_URLENCODED) |
| 79 | + .content(authnResponse.params.formUrlEncode()) |
| 80 | + ) |
| 81 | + .andExpect(request().asyncStarted()) |
| 82 | + .andReturn() |
| 83 | + )) |
| 84 | + .andExpect(status().isOk) |
| 85 | + |
| 86 | + mockMvc.perform(asyncDispatch( |
| 87 | + mockMvc.perform(mvcGet(Paths.LoginStatusUrl).header("X-Auth-Token", authToken)) |
| 88 | + .andExpect(request().asyncStarted()) |
| 89 | + .andReturn() |
| 90 | + )) |
| 91 | + .andExpect(status().isOk) |
| 92 | + .andExpect(jsonPath("$.authenticated").value(true)) |
| 93 | + } |
| 94 | + |
| 95 | + private suspend fun holderWithPid(): OpenId4VpHolder { |
| 96 | + val holderKey = EphemeralKeyWithoutCert() |
| 97 | + val holder = HolderAgent(holderKey) |
| 98 | + val now = Clock.System.now() |
| 99 | + holder.storeCredential( |
| 100 | + IssuerAgent( |
| 101 | + identifier = "https://issuer.example.com/".toUri(), |
| 102 | + randomSource = RandomSource.Default, |
| 103 | + ).issueCredential( |
| 104 | + EuPidSdJwtScheme.buildSdJwtClaims( |
| 105 | + userInfo = pidUserInfo(), |
| 106 | + iss = now, |
| 107 | + exp = now + 1.days, |
| 108 | + subjectPublicKey = holderKey.publicKey, |
| 109 | + ) |
| 110 | + ).getOrThrow().toStoreCredentialInput() |
| 111 | + ).getOrThrow() |
| 112 | + return OpenId4VpHolder(holder = holder, randomSource = RandomSource.Default) |
| 113 | + } |
| 114 | + |
| 115 | + private fun pidUserInfo() = OidcUserInfoExtended.fromJsonObject(buildJsonObject { |
| 116 | + put(IdTokenClaimNames.SUB, "IFOQP3T5XYLMSDOQAEGMF52MWGMWBPXN") |
| 117 | + put("birthdate", "1983-06-04") |
| 118 | + put("given_name", "XXXOzgur") |
| 119 | + put("family_name", "XXXTuzekci") |
| 120 | + }).getOrThrow() |
| 121 | +} |
0 commit comments