- fix x-forwarded parameters

smp-server-library/src/main/java/eu/europa/ec/edelivery/smp/services/ui/UIServiceMetadataService.java

@@ -54,6 +54,7 @@ public class UIServiceMetadataService extends UIServiceBase<DBServiceMetadata, S
 
     @Transactional
     public ServiceMetadataRO getServiceMetadataXMLById(Long serviceMetadataId) {
+        LOG.debug("Get service metadata: {}", serviceMetadataId);
         DBServiceMetadata dbServiceMetadata = serviceMetadataDao.find(serviceMetadataId);
         ServiceMetadataRO serviceMetadataRO = new ServiceMetadataRO();
 

smp-webapp/src/test/java/eu/europa/ec/edelivery/smp/ui/UserResourceTest.java

@@ -5,9 +5,11 @@ import eu.europa.ec.edelivery.smp.config.PropertiesTestConfig;
 import eu.europa.ec.edelivery.smp.config.SmpAppConfig;
 import eu.europa.ec.edelivery.smp.config.SmpWebAppConfig;
 import eu.europa.ec.edelivery.smp.config.SpringSecurityConfig;
+import eu.europa.ec.edelivery.smp.data.ui.CertificateRO;
 import eu.europa.ec.edelivery.smp.data.ui.ServiceGroupRO;
 import eu.europa.ec.edelivery.smp.data.ui.ServiceResult;
 import eu.europa.ec.edelivery.smp.data.ui.UserRO;
+import org.apache.commons.io.IOUtils;
 import org.junit.Before;
 import org.junit.Test;
 import org.junit.runner.RunWith;
@@ -33,6 +35,7 @@ import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 import static org.springframework.security.test.web.servlet.request.SecurityMockMvcRequestPostProcessors.httpBasic;
 import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.get;
+import static org.springframework.test.web.servlet.request.MockMvcRequestBuilders.post;
 import static org.springframework.test.web.servlet.result.MockMvcResultMatchers.status;
 
 /**
@@ -58,6 +61,7 @@ public class UserResourceTest {
 
     private MockMvc mvc;
     private static final RequestPostProcessor ADMIN_CREDENTIALS = httpBasic("smp_admin", "test123");
+    private static final RequestPostProcessor SYSTEM_CREDENTIALS = httpBasic("sys_admin", "test123");
     @Before
     public void setup() {
         mvc = MockMvcBuilders.webAppContextSetup(webAppContext)
@@ -94,5 +98,74 @@ public class UserResourceTest {
         });
     }
 
+    @Test
+    public void uploadCertificateSystemAdmin() throws Exception {
+        byte[] buff = IOUtils.toByteArray(UserResourceTest.class.getResourceAsStream("/SMPtest.crt"));
+
+        // given when
+        MvcResult result = mvc.perform(post(PATH+"/1098765430/certdata")
+                .with(SYSTEM_CREDENTIALS)
+                .content(buff))
+                .andExpect(status().isOk()).andReturn();
+
+        //them
+        ObjectMapper mapper = new ObjectMapper();
+        CertificateRO res = mapper.readValue(result.getResponse().getContentAsString(), CertificateRO.class);
+
+
+        assertNotNull(res);
+        assertEquals("CN=Intermediate CA, O=DIGIT, C=BE", res.getIssuer());
+        assertEquals("EMAILADDRESS=smp@test.com, CN=SMP test, O=DIGIT, C=BE", res.getSubject());
+        assertEquals("3", res.getSerialNumber());
+        assertEquals("CN=SMP test,O=DIGIT,C=BE:0000000000000003", res.getCertificateId());
+        assertEquals("sno=3&subject=EMAILADDRESS%3Dsmp%40test.com%2C+CN%3DSMP+test%2C+O%3DDIGIT%2C+C%3DBE&validfrom=May+22+20%3A59%3A00+2018+GTM&validto=May+22+20%3A56%3A00+2019+GTM&issuer=CN%3DIntermediate+CA%2C+O%3DDIGIT%2C+C%3DBE", res.getBlueCoatHeader());
+
+    }
+
+    @Test
+    public void uploadCertificateInvalidUser() throws Exception {
+        byte[] buff = IOUtils.toByteArray(UserResourceTest.class.getResourceAsStream("/SMPtest.crt"));
+        // id and logged user not match
+        // given when
+        mvc.perform(post(PATH+"/34556655/certdata")
+                .with(ADMIN_CREDENTIALS)
+                .content(buff))
+                .andExpect(status().isUnauthorized()).andReturn();
+    }
+
+    @Test
+    public void samePreviousPasswordUsedTrue() throws Exception {
+        // 1 is id for smp_admin
+        MvcResult result = mvc.perform(post(PATH+"/1/samePreviousPasswordUsed")
+                .with(ADMIN_CREDENTIALS)
+                .content("test123"))
+                .andExpect(status().isOk()).andReturn();
+
+        assertNotNull(result);
+        assertEquals("true", result.getResponse().getContentAsString());
+    }
+
+    @Test
+    public void samePreviousPasswordUsedFalse() throws Exception {
+        // 1 is id for smp_admin
+        MvcResult result = mvc.perform(post(PATH+"/1/samePreviousPasswordUsed")
+                .with(ADMIN_CREDENTIALS)
+                .content("7777"))
+                .andExpect(status().isOk()).andReturn();
+
+        assertNotNull(result);
+        assertEquals("false", result.getResponse().getContentAsString());
+    }
+
+    @Test
+    public void samePreviousPasswordUsedUnauthorized() throws Exception {
+        // 1 is id for smp_admin so for 3 should be Unauthorized
+        MvcResult result = mvc.perform(post(PATH+"/3/samePreviousPasswordUsed")
+                .with(ADMIN_CREDENTIALS)
+                .content("test123"))
+                .andExpect(status().isUnauthorized()).andReturn();
+
+
+    }
 
 }
\ No newline at end of file

smp-webapp/src/test/resources/SMPtest.crt

+-----BEGIN CERTIFICATE-----
+MIIDGjCCAgKgAwIBAgIBAzANBgkqhkiG9w0BAQUFADA3MQswCQYDVQQGEwJCRTEO
+MAwGA1UEChMFRElHSVQxGDAWBgNVBAMTD0ludGVybWVkaWF0ZSBDQTAeFw0xODA1
+MjIxODU5MDBaFw0xOTA1MjIxODU2MDBaME0xCzAJBgNVBAYTAkJFMQ4wDAYDVQQK
+EwVESUdJVDERMA8GA1UEAxMIU01QIHRlc3QxGzAZBgkqhkiG9w0BCQEWDHNtcEB0
+ZXN0LmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAN2GBB4bW5HA
+lPY4z71I36v34xFWz6iv80PFe9dSA4hSH621bC8xjB6tKvgol8/9oSDO8OL2Do+I
+x16Scn7u5iFnV3c64XnsBVtglRcntjJi7RoXje3AfJnxkBOptbBeNaV6UFqsabRa
+3mapZbJ/8Bog7rayCRp27UZEJVK/1lw/f2p8/9iyKInchHYWuC8KtUGxwpjVy6eb
+Zh+TX32U3KU9UDNkbhEkKG0M+aC6BhCo21qnkv1KZ0QO4ol1MDoG7d1seQlJBb9C
+dQOhDN4USc62biqShcZthDwsJpoPIJuGhwEH5tigyUVJ0zv+MzSPvzqpgn7BMvKe
+MPH0/2m1Kv0CAwEAAaMbMBkwCQYDVR0TBAIwADAMBgNVHQ8EBQMDB/mAMA0GCSqG
+SIb3DQEBBQUAA4IBAQAfJkY3mF/1aftAgiQHdSJEm0OwT/Ow1Wv3nlljz5RlR5Wz
+Co3I83TLum6F8bnF0taA0nks3NzYBjInd6DKHhV54lhCga1JydCIMr1DFrGPbLui
+OlnF89y4TWkIkGOWd74alxLv+ioE0PiPDWZjMXxOWcAkYz+Qjo0BkdbEaWglTjLA
+LBWMjpiVV7Pf7wH2R+D6KW4ktKTnO+yM1VihJkaDPMtGxv4nGK7npATg560BR+hJ
+kY53TEz2RhRMedwUz6weNibI4cfRyD1qIElMGOtol55bRNFcby1LfXLz7ljcY+LB
+VXbP7yNUsICtrN+9pWW51TGw8/lkSTeYkzsiQ5as
+-----END CERTIFICATE-----

smp-webapp/src/test/resources/webapp_integration_test_data.sql

@@ -10,7 +10,7 @@
 
 insert into SMP_USER (ID, USERNAME, PASSWORD, ROLE, ACTIVE, CREATED_ON, LAST_UPDATED_ON) values (1, 'smp_admin', '$2a$06$AXSSUDJlpzzq/gPZb7eIBeb8Mi0.PTKqDjzujZH.bWPwj5.ePEInW', 'SMP_ADMIN', 1,CURRENT_TIMESTAMP(),CURRENT_TIMESTAMP());
 insert into SMP_USER (ID, USERNAME, PASSWORD, ROLE, ACTIVE, CREATED_ON, LAST_UPDATED_ON) values (2, 'sg_admin', '$2a$06$AXSSUDJlpzzq/gPZb7eIBeb8Mi0.PTKqDjzujZH.bWPwj5.ePEInW', 'SERVICE_GROUP_ADMIN', 1,CURRENT_TIMESTAMP(),CURRENT_TIMESTAMP());
-insert into SMP_USER (ID, USERNAME, PASSWORD, ROLE, ACTIVE, CREATED_ON, LAST_UPDATED_ON) values (3, 'sys_admin', '$2a$06$AXSSUDJlpzzq/gPZb7eIBeb8Mi0.PTKqDjzujZH.bWPwj5.ePEInW', 'SMP_ADMIN', 1,CURRENT_TIMESTAMP(),CURRENT_TIMESTAMP());
+insert into SMP_USER (ID, USERNAME, PASSWORD, ROLE, ACTIVE, CREATED_ON, LAST_UPDATED_ON) values (3, 'sys_admin', '$2a$06$AXSSUDJlpzzq/gPZb7eIBeb8Mi0.PTKqDjzujZH.bWPwj5.ePEInW', 'SYSTEM_ADMIN', 1,CURRENT_TIMESTAMP(),CURRENT_TIMESTAMP());
 
 insert into SMP_USER(ID, USERNAME, PASSWORD, ROLE, ACTIVE, CREATED_ON, LAST_UPDATED_ON) values (4, 'test_user_hashed_pass',                     '$2a$06$AXSSUDJlpzzq/gPZb7eIBeb8Mi0.PTKqDjzujZH.bWPwj5.ePEInW', 'SERVICE_GROUP_ADMIN',1,CURRENT_TIMESTAMP(),CURRENT_TIMESTAMP());
 insert into SMP_USER(ID, USERNAME, PASSWORD, ROLE, ACTIVE, CREATED_ON, LAST_UPDATED_ON) values (5, 'test_user_clear_pass',                      'test123',                                                     'SERVICE_GROUP_ADMIN',1,CURRENT_TIMESTAMP(),CURRENT_TIMESTAMP());