Add unit tests

pom.xml

@@ -102,11 +102,13 @@
             **/smp-angular/node_modules/**,
             **/swagger*.js,
             **/web.xml,
+            **/smp-examples/**,
         </sonar.exclusions>
         <sonar.coverage.exclusions>
             **/*Entity.java,
             **/*RO.java,
             **/*Exception.java,
+            **/*Types.java,
         </sonar.coverage.exclusions>
         <!-- latest version compatible with SonarQube 5.6 is: 3.3.0.603-->
         <sonar.maven.plugin.version>3.5.0.1254</sonar.maven.plugin.version>

smp-examples/smp-spi-example/pom.xml

@@ -26,7 +26,6 @@
 
     <artifactId>smp-spi-example</artifactId>
     <name>smp-spi-example</name>
-    <packaging>jar</packaging>
     <description>Example of SMP's SPI Payload validation.</description>
     <dependencies>
         <dependency>

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/logging/SMPMessageCode.java

@@ -51,6 +51,7 @@ public enum SMPMessageCode implements MessageCode {
     SEC_USER_NOT_AUTHENTICATED("SEC-007", "User [{}]. Reason: [{}]."),
     SEC_USER_SUSPENDED("SEC-008", "User [{}] is temporarily suspended."),
     SEC_INVALID_TOKEN("SEC-009", "User [{}] has invalid token value for token id: [{}]."),
+    SEC_TRUSTSTORE_CERT_INVALID("SEC-010", "Truststore certificate with alias [{}] is invalid: [{}]."),
 
 
     ;

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreService.java

@@ -40,6 +40,7 @@ import java.util.*;
 import java.util.regex.Pattern;
 import java.util.stream.Collectors;
 
+import static eu.europa.ec.edelivery.smp.logging.SMPMessageCode.SEC_TRUSTSTORE_CERT_INVALID;
 import static eu.europa.ec.edelivery.smp.logging.SMPMessageCode.SEC_USER_CERT_INVALID;
 import static java.util.Collections.list;
 import static java.util.Locale.US;
@@ -146,13 +147,8 @@ public class UITruststoreService {
                             DistinguishedNamesCodingUtil.getCommonAttributesDN());
                     tmpList.add(subject);
                     hmCertificates.put(alias, x509Certificate);
-                    try {
-                        x509Certificate.checkValidity();
-                    } catch (CertificateExpiredException | CertificateNotYetValidException ex) {
-                        LOG.warn("Certificate: [{}] from truststore is not valid anymore!", alias);
-                    }
+                    validateAndLogError(x509Certificate, alias);
                 }
-
             }
         } catch (Exception exception) {
             LOG.error("Could not load truststore certificates Error: " + ExceptionUtils.getRootCauseMessage(exception), exception);
@@ -171,6 +167,14 @@ public class UITruststoreService {
         certificateROList.clear();
     }
 
+    protected void validateAndLogError(X509Certificate x509Certificate, String alias){
+        try {
+            x509Certificate.checkValidity();
+        } catch (CertificateExpiredException | CertificateNotYetValidException ex) {
+            LOG.securityWarn(SEC_TRUSTSTORE_CERT_INVALID, alias, ExceptionUtils.getRootCauseMessage(ex));
+        }
+    }
+
     public CertificateRO getCertificateData(byte[] buff) throws CertificateException, IOException {
         return getCertificateData(buff, false);
     }

smp-server-library/src/test/java/eu/europa/ec/edelivery/smp/services/ui/UITruststoreServiceTest.java

 package eu.europa.ec.edelivery.smp.services.ui;
 
+import eu.europa.ec.edelivery.smp.data.model.DBUser;
 import eu.europa.ec.edelivery.smp.data.ui.CertificateRO;
 import eu.europa.ec.edelivery.smp.exceptions.CertificateNotTrustedException;
 import eu.europa.ec.edelivery.smp.exceptions.ErrorCode;
@@ -33,6 +34,8 @@ import java.security.cert.*;
 import java.util.*;
 
 import static org.junit.Assert.*;
+import static org.mockito.ArgumentMatchers.anyString;
+import static org.mockito.Mockito.doReturn;
 
 
 @RunWith(SpringJUnit4ClassRunner.class)
@@ -449,4 +452,14 @@ public class UITruststoreServiceTest extends AbstractServiceIntegrationTest {
         MatcherAssert.assertThat(result.getMessage(), CoreMatchers.startsWith("Certificate policy verification failed."));
     }
 
+    @Test
+    public void validateCertificateNotUsed() throws CertificateException {
+        String certId = "cn=test"+UUID.randomUUID().toString()+",o=test,c=eu:123456";
+        CertificateRO certificateRO = new CertificateRO();
+        certificateRO.setCertificateId(certId);
+        // when
+        testInstance.validateCertificateNotUsed(certificateRO);
+        //then no error is thrown
+    }
+
 }
\ No newline at end of file

smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/cas/SMPCas20ServiceTicketValidator.java

@@ -25,6 +25,7 @@ public class SMPCas20ServiceTicketValidator extends Cas20ServiceTicketValidator
         this.urlSuffix = urlSuffix;
     }
 
+    @Override
     protected String getUrlSuffix() {
         if (StringUtils.isBlank(urlSuffix)){
             LOG.warn("Cas20 ServiceTicketValidator url suffix is not configured. Use default value: [{}]", super.getUrlSuffix());
@@ -33,6 +34,7 @@ public class SMPCas20ServiceTicketValidator extends Cas20ServiceTicketValidator
         return urlSuffix;
     }
 
+    @Override
     protected void customParseResponse(final String response, final Assertion assertion)
             throws TicketValidationException {
         LOG.debug("Got CAS response: [{}] and test it with assertion [{}]",response,assertion );

smp-webapp/src/main/java/eu/europa/ec/edelivery/smp/auth/cas/SMPCasConfigurer.java

@@ -68,15 +68,15 @@ public class SMPCasConfigurer {
      * @return
      */
     @Bean
-    public CasAuthenticationEntryPoint casAuthenticationEntryPoint(@Nullable @Qualifier(SMP_CAS_PROPERTIES_BEAN) ServiceProperties serviceProperties, ConfigurationService configService) {
+    public CasAuthenticationEntryPoint casAuthenticationEntryPoint(@Nullable @Qualifier(SMP_CAS_PROPERTIES_BEAN) ServiceProperties serviceProperties) {
 
-        if (!configService.isSSOEnabledForUserAuthentication()) {
-            LOG.debug("Bean CasAuthenticationEntryPoint is not configured because SSO CAS authentication is not enabled!", SMP_CAS_PROPERTIES_BEAN);
+        if (!configurationService.isSSOEnabledForUserAuthentication()) {
+            LOG.debug("Bean [{}] is not configured because SSO CAS authentication is not enabled!", SMP_CAS_PROPERTIES_BEAN);
             return null;
         }
 
-        String casUrl = configService.getCasURL().toString();
-        String casLoginPath = configService.getCasURLPathLogin();
+        String casUrl = configurationService.getCasURL().toString();
+        String casLoginPath = configurationService.getCasURLPathLogin();
         String casUrlLogin = StringUtils.removeEnd(casUrl, "/") + StringUtils.prependIfMissing(casLoginPath, "/");
 
         CasAuthenticationEntryPoint entryPoint = new CasAuthenticationEntryPoint();
@@ -87,21 +87,20 @@ public class SMPCasConfigurer {
     }
 
     @Bean
-    public SMPCas20ServiceTicketValidator ecasServiceTicketValidator(ConfigurationService configService) {
-        if (!configService.isSSOEnabledForUserAuthentication()) {
-            LOG.debug("Bean SMPCas20ServiceTicketValidator is not configured because SSO CAS authentication is not enabled!", SMP_CAS_PROPERTIES_BEAN);
+    public SMPCas20ServiceTicketValidator ecasServiceTicketValidator() {
+        if (!configurationService.isSSOEnabledForUserAuthentication()) {
+            LOG.debug("Bean [{}] is not configured because SSO CAS authentication is not enabled!", SMP_CAS_PROPERTIES_BEAN);
             return null;
         }
-        if (configService.getCasURL() == null) {
-            LOG.error("Bean SMPCas20ServiceTicketValidator is not created! Missing Service parameter [{}]!", SSO_CAS_URL.getProperty());
+        if (configurationService.getCasURL() == null) {
+            LOG.error("Bean  [{}]  is not created! Missing Service parameter [{}]!", SMP_CAS_PROPERTIES_BEAN, SSO_CAS_URL.getProperty());
             return null;
         }
 
-        String casUrl = configService.getCasURL().toString();
-        String casTokenValidationSuffix = configService.getCasURLTokenValidation();
-        LOG.debug("Create Bean SMPCas20ServiceTicketValidator with cas URL [{}] and token suffix [{}]!", casUrl,casTokenValidationSuffix );
+        String casUrl = configurationService.getCasURL().toString();
+        String casTokenValidationSuffix = configurationService.getCasURLTokenValidation();
         SMPCas20ServiceTicketValidator validator = new SMPCas20ServiceTicketValidator(casUrl, casTokenValidationSuffix);
-        validator.setCustomParameters(getCustomParameters(configService));
+        validator.setCustomParameters(getCustomParameters());
         validator.setRenew(false);
         return validator;
     }
@@ -109,15 +108,14 @@ public class SMPCasConfigurer {
     /**
      * Generate properties for SMPCas20ServiceTicketValidator
      *
-     * @param configService
      * @return CAS properties
      */
-    public Map<String, String> getCustomParameters(ConfigurationService configService) {
+    public Map<String, String> getCustomParameters() {
         Map<String, String> map = new HashMap<>();
         // always return details
         map.put("userDetails", "true");
-        map.putAll(configService.getCasTokenValidationParams());
-        List<String> groupList = configService.getCasURLTokenValidationGroups();
+        map.putAll(configurationService.getCasTokenValidationParams());
+        List<String> groupList = configurationService.getCasURLTokenValidationGroups();
         if (!groupList.isEmpty()) {
             map.put("groups", String.join(",", groupList));
         }
@@ -133,10 +131,9 @@ public class SMPCasConfigurer {
     public CasAuthenticationProvider casAuthenticationProvider(
             @Nullable @Qualifier(SMP_CAS_PROPERTIES_BEAN) ServiceProperties serviceProperties,
             @Nullable SMPCas20ServiceTicketValidator serviceTicketValidator,
-            @Nullable SMPCasUserService smpCasUserService,
-            ConfigurationService configService) {
+            @Nullable SMPCasUserService smpCasUserService) {
 
-        if (!configService.isSSOEnabledForUserAuthentication()) {
+        if (!configurationService.isSSOEnabledForUserAuthentication()) {
             LOG.debug("Bean [CasAuthenticationProvider:{}] is not configured because SSO CAS authentication is not enabled!", SMP_CAS_PROPERTIES_BEAN);
             return null;
         }
@@ -169,7 +166,7 @@ public class SMPCasConfigurer {
         //filter.setFilterProcessesUrl(SMP_SECURITY_PATH_CAS_AUTHENTICATE);
         filter.setServiceProperties(casServiceProperties);
         filter.setAuthenticationManager(authenticationManager);
-        LOG.info("Created CAS Filter: " + filter.getClass().getSimpleName() + "with the properties: " + casServiceProperties.getArtifactParameter());
+        LOG.info("Created CAS Filter: [{}] with the properties: [{}]", filter.getClass().getSimpleName() , casServiceProperties.getArtifactParameter());
         return filter;
     }
 }

smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/auth/cas/SMPCas20ServiceTicketValidatorTest.java

+package eu.europa.ec.edelivery.smp.auth.cas;
+
+import org.junit.Test;
+
+import static org.junit.Assert.assertEquals;
+
+public class SMPCas20ServiceTicketValidatorTest {
+
+    @Test
+    public void testGetUrlSuffix() {
+        String casUrl = "https://cas-server.local/cas";
+        String casSuffix = "urlSuffix";
+
+        SMPCas20ServiceTicketValidator testInstance = new SMPCas20ServiceTicketValidator(casUrl, casSuffix);
+
+        assertEquals(casSuffix, testInstance.getUrlSuffix());
+    }
+
+    @Test
+    public void testGetUrlSuffixDefault() {
+        String casUrl = "https://cas-server.local/cas";
+        String casSuffix = null;
+
+        SMPCas20ServiceTicketValidator testInstance = new SMPCas20ServiceTicketValidator(casUrl, casSuffix);
+
+        assertEquals("serviceValidate", testInstance.getUrlSuffix());
+    }
+}
\ No newline at end of file

smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/auth/cas/SMPCasConfigurerTest.java

+package eu.europa.ec.edelivery.smp.auth.cas;
+
+import eu.europa.ec.edelivery.smp.controllers.SmpUrlBuilder;
+import eu.europa.ec.edelivery.smp.services.ConfigurationService;
+import org.junit.Test;
+import org.mockito.Mockito;
+import org.springframework.security.cas.ServiceProperties;
+import org.springframework.security.cas.authentication.CasAuthenticationProvider;
+import org.springframework.security.cas.web.CasAuthenticationEntryPoint;
+
+import java.net.MalformedURLException;
+import java.net.URL;
+import java.util.Arrays;
+import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
+
+import static org.junit.Assert.*;
+import static org.mockito.Mockito.doReturn;
+import static org.mockito.Mockito.mock;
+
+public class SMPCasConfigurerTest {
+    ConfigurationService mockConfigService = Mockito.mock(ConfigurationService.class);
+    SmpUrlBuilder mockSmpUrlBuilder = Mockito.mock(SmpUrlBuilder.class);
+
+    SMPCasConfigurer testInstance = new SMPCasConfigurer(mockSmpUrlBuilder, mockConfigService);
+
+    @Test
+    public void serviceProperties() throws MalformedURLException {
+        String callbackString = "http://callback.local/smp";
+        URL callBackURL = new  URL(callbackString);
+        doReturn(callBackURL).when(mockConfigService).getCasCallbackUrl();
+        ServiceProperties serviceProperties = testInstance.serviceProperties();
+
+        assertNotNull(serviceProperties);
+        assertEquals(callbackString, serviceProperties.getService());
+        assertEquals(ServiceProperties.DEFAULT_CAS_ARTIFACT_PARAMETER, serviceProperties.getArtifactParameter());
+        assertEquals(true, serviceProperties.isAuthenticateAllArtifacts());
+    }
+
+    @Test
+    public void casAuthenticationEntryPoint() throws MalformedURLException {
+        String casUrl = "http://cas-server.local/cas";
+        String casLoginPath = "login";
+        doReturn(true).when(mockConfigService).isSSOEnabledForUserAuthentication();
+        doReturn(new URL(casUrl)).when(mockConfigService).getCasURL();
+        doReturn(casLoginPath).when(mockConfigService).getCasURLPathLogin();
+        ServiceProperties serviceProperties = testInstance.serviceProperties();
+
+        CasAuthenticationEntryPoint result = testInstance.casAuthenticationEntryPoint(serviceProperties);
+        assertNotNull(serviceProperties);
+        assertEquals(casUrl+"/"+casLoginPath,result.getLoginUrl() );
+        assertEquals(serviceProperties,result.getServiceProperties() );
+    }
+
+    @Test
+    public void ecasServiceTicketValidator() throws MalformedURLException {
+        String casUrl = "http://cas-server.local/cas";
+        String tokenValidator = "laxValidate";
+
+        doReturn(true).when(mockConfigService).isSSOEnabledForUserAuthentication();
+        doReturn(new URL(casUrl)).when(mockConfigService).getCasURL();
+        doReturn(tokenValidator).when(mockConfigService).getCasURLTokenValidation();
+
+        SMPCas20ServiceTicketValidator result = testInstance.ecasServiceTicketValidator();
+        assertNotNull(result);
+        assertEquals(tokenValidator, result.getUrlSuffix());
+    }
+
+    @Test
+    public void getCustomParameters() {
+        Map<String, String> testMap = new HashMap<>();
+        testMap.put("key1","val1");
+        testMap.put("key2","val2");
+        List<String> groups = Arrays.asList("list1","list2");
+        doReturn(testMap).when(mockConfigService).getCasTokenValidationParams();
+        doReturn(groups).when(mockConfigService).getCasURLTokenValidationGroups();
+
+        Map<String, String> result = testInstance.getCustomParameters();
+
+        assertEquals(4, result.size());
+        assertEquals("true", result.get("userDetails"));
+        assertEquals(String.join(",", groups), result.get("groups"));
+        assertEquals("val1", result.get("key1"));
+        assertEquals("val2", result.get("key2"));
+    }
+
+    @Test
+    public void casAuthenticationProvider() {
+        ServiceProperties serviceProperties = mock(ServiceProperties.class);
+        SMPCas20ServiceTicketValidator smpCas20ServiceTicketValidator = mock(SMPCas20ServiceTicketValidator.class);
+        SMPCasUserService smpCasUserService = mock(SMPCasUserService.class);
+
+        doReturn(true).when(mockConfigService).isSSOEnabledForUserAuthentication();
+
+
+        CasAuthenticationProvider provider = testInstance.casAuthenticationProvider(serviceProperties, smpCas20ServiceTicketValidator, smpCasUserService);
+
+        assertNotNull(provider);
+
+    }
+
+}
\ No newline at end of file