MAINTENANCE code cleanup

README.md

@@ -1,3 +1,5 @@
+<img src='img/eu_regional_development_fund_horizontal.jpg'>
+
 # eIDAS Proxy integration tests
 
 Tests for eIDAS proxy component (both eIDAS standard component and Estonia specific component)

pom.xml

@@ -30,7 +30,11 @@
         <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
     </properties>
     <dependencies>
-
+        <dependency>
+            <groupId>org.junit.vintage</groupId>
+            <artifactId>junit-vintage-engine</artifactId>
+            <version>5.7.0</version>
+        </dependency>
         <!-- Groovy -->
         <dependency>
             <groupId>org.codehaus.groovy</groupId>

src/main/java/ee/ria/specificproxyservice/MetadataUtils.java

@@ -17,13 +17,11 @@
 public class MetadataUtils {
     public static Credential getEncryptionCredentialFromMetaData(String body) throws CertificateException {
         java.security.cert.X509Certificate x509Certificate = getEncryptionCertificate(body);
-        BasicX509Credential encryptionCredential = new BasicX509Credential(x509Certificate);
-        return encryptionCredential;
+        return new BasicX509Credential(x509Certificate);
     }
     protected static java.security.cert.X509Certificate getEncryptionCertificate(String body) throws CertificateException {
         XmlPath metadataXml = new XmlPath(body);
-        java.security.cert.X509Certificate x509 = X509Support.decodeCertificate(metadataXml.getString("**.findAll {it.@use == 'encryption'}.KeyInfo.X509Data.X509Certificate"));
-        return x509;
+        return X509Support.decodeCertificate(metadataXml.getString("**.findAll {it.@use == 'encryption'}.KeyInfo.X509Data.X509Certificate"));
     }
     protected static void validateMetadataSignature(String body) {
         XmlPath metadataXml = new XmlPath(body);

src/main/java/ee/ria/specificproxyservice/OpenSAMLUtils.java

@@ -1,6 +1,5 @@
 package ee.ria.specificproxyservice;
 
-import ee.ria.specificproxyservice.OpenSAMLConfiguration;
 import net.shibboleth.utilities.java.support.security.RandomIdentifierGenerationStrategy;
 import net.shibboleth.utilities.java.support.xml.SerializeSupport;
 import net.shibboleth.utilities.java.support.xml.XMLParserException;

src/main/java/ee/ria/specificproxyservice/ResponseAssertionBuilderUtils.java

@@ -120,8 +120,7 @@ protected EncryptedAssertion encryptAssertion (Assertion assertion,Credential en
 
         Encrypter samlEncrypter = new Encrypter(encryptParams, keyParams);
         samlEncrypter.setKeyPlacement(Encrypter.KeyPlacement.INLINE);
-        EncryptedAssertion encryptedAssertion = samlEncrypter.encrypt(assertion);
-        return  encryptedAssertion;
+        return samlEncrypter.encrypt(assertion);
     }
 
     protected EncryptedAssertion buildEncrAssertionWithoutAssertionSignature(Credential encCredential, String inResponseId, String recipient, DateTime issueInstant, Integer acceptableTimeMin, String loa, String givenName, String familyName, String personIdentifier, String dateOfBirth, String issuerValue, String audienceUri) throws EncryptionException {
@@ -358,26 +357,4 @@ else if (subjectConfirmationCnt == 2) {
 
         return encryptAssertion(assertion, encCredential);
     }
-
-    protected EncryptedAssertion buildEncrAssertionNameIdCnt(Integer nameIdCnt, String nameIdFormat,Credential signCredential, Credential encCredential, String inResponseId, String recipient, DateTime issueInstant, Integer acceptableTimeMin, String loa, String givenName, String familyName, String personIdentifier, String dateOfBirth, String issuerValue, String audienceUri) throws SecurityException, SignatureException, MarshallingException, EncryptionException {
-        Signature signature = prepareSignature(signCredential);
-        Assertion assertion = buildAssertionForSigning(inResponseId, recipient ,issueInstant, acceptableTimeMin, loa, givenName, familyName, personIdentifier, dateOfBirth, issuerValue, audienceUri);
-
-        if (nameIdCnt == 0) {
-            assertion.getSubject().setNameID(null);
-        }
-        else if (nameIdCnt == 1) {
-            assertion.getSubject().getNameID().setFormat(nameIdFormat);
-        }
-        else if (nameIdCnt == 2) {
-            //TODO: Have to find a way for that
-        }
-
-        assertion.setSignature(signature);
-        XMLObjectProviderRegistrySupport.getMarshallerFactory().getMarshaller(assertion).marshall(assertion);
-        Signer.signObject(signature);
-
-        return encryptAssertion(assertion, encCredential);
-    }
-
 }

src/main/java/ee/ria/specificproxyservice/SamlSignatureUtils.java

@@ -41,10 +41,8 @@ protected static void validateSignature(String body, java.security.cert.X509Cert
             throw new RuntimeException("Signature validation in validateSignature() failed: " + e.getMessage(), e);
         } catch (CertificateNotYetValidException e) {
             //Expired certificates are used in test environment
-            return;
         } catch (CertificateExpiredException e) {
             //Expired certificates are used in test environment
-            return;
         }
     }
 

src/main/java/ee/ria/specificproxyservice/XmlUtils.java

@@ -33,8 +33,7 @@ public static <T extends org.opensaml.core.xml.XMLObject> T unmarshallElement(St
 
     private static Document parseXMLDocument(String xml) throws XMLParserException {
         InputStream is = new ByteArrayInputStream(xml.getBytes(StandardCharsets.UTF_8));
-        Document doc = XMLObjectProviderRegistrySupport.getParserPool().parse(is);
-        return doc;
+        return XMLObjectProviderRegistrySupport.getParserPool().parse(is);
     }
 
     private static Unmarshaller getUnmarshaller(Element element) {

src/test/groovy/ee/ria/specificproxyservice/GeneralAuthenticationSpec.groovy

@@ -3,12 +3,10 @@ package ee.ria.specificproxyservice
 import io.qameta.allure.Feature
 import io.restassured.filter.cookie.CookieFilter
 import io.restassured.response.Response
-import org.hamcrest.Matcher
 import org.opensaml.saml.saml2.core.Assertion
 import spock.lang.Unroll
 
 import static org.junit.Assert.assertEquals
-import static org.junit.Assert.assertThat
 
 class GeneralAuthenticationSpec extends SpecificProxyServiceSpecification {
     public static final String FN_DATE = "DateOfBirth"
@@ -149,13 +147,14 @@ class GeneralAuthenticationSpec extends SpecificProxyServiceSpecification {
         Response midAuthAcceptResponse = Steps.authenticateWithMidAndFollowRedirects(flow, taraInitResponse)
         Response getLegalEntityListResponse = Steps.getLegalEntityList(flow, midAuthAcceptResponse)
         Response legalPersonSelectionResponse = Steps.selectLegalEntity(flow, getLegalEntityListResponse.body().jsonPath().get("legalPersons[0].legalPersonIdentifier"))
+        String legalName = getLegalEntityListResponse.body().jsonPath().get("legalPersons[0].legalName")
         Response taraAuthenticationResponse = Steps.userConsentAndFollowRedirects(flow, legalPersonSelectionResponse)
         Response eidasResponse = Steps.finishAuthProcessInEidasNode(flow, taraAuthenticationResponse.getHeader("Location"))
 
         Assertion assertion = SamlResponseUtils.getSamlAssertionFromResponse(eidasResponse, flow.connector.encryptionCredential)
 
         assertEquals("Correct LOA is returned", "http://eidas.europa.eu/LoA/high", SamlUtils.getLoaValue(assertion))
-        assertThat("Either legal name from dev or test business register", SamlUtils.getAttributeValue(assertion, "LegalName"), org.hamcrest.Matchers.oneOf("täisühing VAVILOV", "AS Hallebygg", "OÜ Ibor JFM"))
+        assertEquals("Either legal name from dev or test business register", SamlUtils.getAttributeValue(assertion, "LegalName"), legalName)
         assertEquals("Correct legal person identifier is returned", "EE/CA/" + getLegalEntityListResponse.body().jsonPath().get("legalPersons[0].legalPersonIdentifier"), SamlUtils.getAttributeValue(assertion, "LegalPersonIdentifier"))
     }
 

src/test/groovy/ee/ria/specificproxyservice/IdpResponseSpec.groovy

@@ -154,11 +154,6 @@ class IdpResponseSpec extends SpecificProxyServiceSpecification {
         String returnUrl = flow.specificProxyService.taraBaseUrl + "/auth/reject?error_code=user_cancel"
 
         Response cancelResponse = Requests.backToServiceProvider(flow, returnUrl)
-        String backToSpUrl = cancelResponse.then().extract().response().getHeader("location")
-
-        String[] elements = backToSpUrl.split('\\?|&')
-
-        Response idpResponse =  Requests.idpResponse(flow, elements[0]+"?"+errorCode+"&"+errorMessage+"&"+elements[3])
 
         assertEquals("Correct status is returned", statusCode, cancelResponse.getStatusCode())
 

src/test/groovy/ee/ria/specificproxyservice/OidcRequestSpec.groovy

@@ -3,6 +3,7 @@ package ee.ria.specificproxyservice
 import io.qameta.allure.Feature
 import io.restassured.filter.cookie.CookieFilter
 import io.restassured.response.Response
+import org.hamcrest.MatcherAssert
 import org.hamcrest.Matchers
 import spock.lang.Unroll
 
@@ -34,9 +35,9 @@ class OidcRequestSpec extends SpecificProxyServiceSpecification {
 
         String taraUrl =  response2.then().extract().response().getHeader("location")
 
-        assertThat(taraUrl, Matchers.stringContainsInOrder(mainStructure))
-        assertThat(taraUrl, Matchers.stringContainsInOrder(transformedLoa))
-        assertThat(taraUrl, Matchers.stringContainsInOrder(defaultLocale))
+        MatcherAssert.assertThat(taraUrl, Matchers.stringContainsInOrder(mainStructure))
+        MatcherAssert.assertThat(taraUrl, Matchers.stringContainsInOrder(transformedLoa))
+        MatcherAssert.assertThat(taraUrl, Matchers.stringContainsInOrder(defaultLocale))
 
         where:
         requestLoa                               || transformedLoa           || defaultLocale     || mainStructure
@@ -61,7 +62,7 @@ class OidcRequestSpec extends SpecificProxyServiceSpecification {
 
         String taraUrl =  response2.then().extract().response().getHeader("location")
 
-        assertThat("Only supported attributes should be requested", taraUrl, Matchers.stringContainsInOrder("scope=openid%20idcard%20mid&"))
+        MatcherAssert.assertThat("Only supported attributes should be requested", taraUrl, Matchers.stringContainsInOrder("scope=openid%20idcard%20mid&"))
     }
 
     @Unroll
@@ -79,7 +80,7 @@ class OidcRequestSpec extends SpecificProxyServiceSpecification {
 
         String taraUrl =  response2.then().extract().response().getHeader("location")
 
-        assertThat("Only supported attributes should be requested", taraUrl, Matchers.stringContainsInOrder("scope=openid%20idcard%20mid&"))
+        MatcherAssert.assertThat("Only supported attributes should be requested", taraUrl, Matchers.stringContainsInOrder("scope=openid%20idcard%20mid&"))
     }
 
     @Unroll
@@ -97,6 +98,6 @@ class OidcRequestSpec extends SpecificProxyServiceSpecification {
 
         String taraUrl =  response2.then().extract().response().getHeader("location")
 
-        assertThat("Only supported attributes should be requested", taraUrl, Matchers.stringContainsInOrder("scope=openid%20idcard%20mid%20legalperson&"))
+        MatcherAssert.assertThat("Only supported attributes should be requested", taraUrl, Matchers.stringContainsInOrder("scope=openid%20idcard%20mid%20legalperson&"))
     }
 }

src/test/groovy/ee/ria/specificproxyservice/UserConsentSpec.groovy

@@ -6,7 +6,6 @@ import io.restassured.response.Response
 import spock.lang.Unroll
 
 import static org.junit.Assert.assertEquals
-import static org.junit.Assert.assertThat
 
 class UserConsentSpec extends SpecificProxyServiceSpecification {