Page History
...
| Code Block | ||
|---|---|---|
| ||
public class TestFactoryFlow extends AbstractUserIDCardTest {{ private final String NAMEID_FORMAT_X509_SUBJECT_NAME = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName"; @Test public void testDKNCPBST2EHDSIIdws() { /** * Consumer sender request */ // CredentialVault og Factory CredentialVault signingVault = new CredentialVaultTestUtil.getVoces3CredentialVault(ClasspathCredentialVault(null, "Filnavn på PKCS#12 Virksomhedscertifikat", "Kodeord til Virksomhedscertifikat"); CredentialVault holderOfKeyVault = new CredentialVaultTestUtil.getVocesHolderOfKeyCredentialVault(); EHDSIFactoryClasspathCredentialVault(null, "Filnavn på PKCS#12 Holder of key certifikat", "Kodeord til Holder of key certifikat"); EHDSIFactory factory = new EHDSIFactory(); // Build Dkncp Boostrap SAML Assertion String issuer = "http://sosi"; DkncpBootstrapSamlAssertionBuilder dkncpBootstrapSamlAssertionBuilder = factory.createDkncpBootstrapSamlAssertionBuilder(signingVault, issuer); dkncpBootstrapSamlAssertionBuilder.setIssuer(issuer); dkncpBootstrapSamlAssertionBuilder.setAudienceRestriction("https://fmk"); Date now = new Date(); dkncpBootstrapSamlAssertionBuilder.setNotBefore(notBefore); dkncpBootstrapSamlAssertionBuilder.setNotOnOrAfter(notOnOrAfter); dkncpBootstrapSamlAssertionBuilder.setDeliveryNotOnOrAfter(notOnOrAfter); dkncpBootstrapSamlAssertionBuilder.setSubjectName("C=DK,O=LAKESIDE A/S // CVR:25450442,CN=Sårjournal TEST læge,Serial=CVR:25450442-RID:73570260"); dkncpBootstrapSamlAssertionBuilder.setSubjectNameID("nameid"); dkncpBootstrapSamlAssertionBuilder.setSubjectNameIDFormat(SAMLValues.NAMEID_FORMAT_X509_SUBJECT_NAME); dkncpBootstrapSamlAssertionBuilder.setSigningVault(signingVault); dkncpBootstrapSamlAssertionBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate()); // Mandatory attribute values dkncpBootstrapSamlAssertionBuilder.setSubject("Alfonso Gonzalez"); dkncpBootstrapSamlAssertionBuilder.setRole("2221", "Nursing professionals"); dkncpBootstrapSamlAssertionBuilder.setOrganization("Charité – Universitätsmedizin Berlin"); dkncpBootstrapSamlAssertionBuilder.setOrganizationId("urn:oid:1.3.6.1.4.1.44938"); dkncpBootstrapSamlAssertionBuilder.setHealthcareFacilityType("Hospital"); dkncpBootstrapSamlAssertionBuilder.setPurposeOfUse("TREATMENT"); dkncpBootstrapSamlAssertionBuilder.setLocality("Klinik am Berg, 83242 Reit im Winkl"); dkncpBootstrapSamlAssertionBuilder.setPatientId("0205756078^^^&1.2.208.176.1.2&ISO"); dkncpBootstrapSamlAssertionBuilder.setAssuranceLevelNIST("3"); dkncpBootstrapSamlAssertionBuilder.setSpecVersion("eHDSI-IDWS-XUA-1.0"); dkncpBootstrapSamlAssertionBuilder.setIssuancePolicy("urn:dk:sosi:sts:eHDSI-strict"); dkncpBootstrapSamlAssertionBuilder.setCountryOfTreatment("DE"); DkncpBootstrapSamlAssertion dkncpBootstrapSamlAssertion = dkncpBootstrapSamlAssertionBuilder.build(); dkncpBootstrapSamlAssertion.validateSchema(); dkncpBootstrapSamlAssertion.validateSignatureAndTrust(signingVault); // Build Dkncp Bootstrap request DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequestDOMBuilder requestDomBuilder = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequestDOMBuilder(); requestDomBuilder.setAudience("https://sosi"); requestDomBuilder.setSigningVault(holderOfKeyVault); requestDomBuilder.setDkncpBootstrapToken(dkncpBootstrapSamlAssertion); // Serialize request to the same form as received by the STS Document consumerStsRequestDocument = requestDomBuilder.build(); /** * Send request over netværk */ String consumerStsRequestXml = XmlUtil.node2String(consumerStsRequestDocument, false, false); consumerStsRequestDocument = readXml(System.getProperties(), consumerStsRequestXml, false); /** * STS modtager request */ DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequest request = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequestModelBuilder().build(consumerStsRequestDocument); // validate request request.validateSignatureAndTrust(holderOfKeyVault); request.validateHolderOfKeyRelation(); // Validate assertion DkncpBootstrapSamlAssertion assertion = request.getDkncpBootstrapSamlAssertion(); // The DKNCP BST Assertion can be schema validated after serialize/deserialize assertion.validateSchema(); assertion.validateSignatureAndTrust(signingVault); // Verify all attributes Assert.assertEquals("Alfonso Gonzalez", assertion.getSubject()); Assert.assertEquals(EHDSI_ROLE_XSI_TYPE, assertion.getRoleType()); Assert.assertEquals("2221", assertion.getRoleCode()); Assert.assertEquals(EHDSI_ROLE_CODE_SYSTEM, assertion.getRoleCodeSystem()); Assert.assertEquals(EHDSI_ROLE_CODE_SYSTEM_NAME, assertion.getRoleCodeSystemName()); Assert.assertEquals("Nursing professionals", assertion.getRoleDisplayName()); Assert.assertEquals("Charité – Universitätsmedizin Berlin", assertion.getOrganization()); Assert.assertEquals("urn:oid:1.3.6.1.4.1.44938", assertion.getOrganizationId()); Assert.assertEquals("Hospital", assertion.getHealthcareFacilityType()); Assert.assertEquals("TREATMENT", assertion.getPurposeOfUseCode()); Assert.assertEquals("Klinik am Berg, 83242 Reit im Winkl", assertion.getLocality()); Assert.assertEquals("0205756078^^^&1.2.208.176.1.2&ISO", assertion.getPatientId()); Assert.assertEquals("3", assertion.getAssuranceLevelNIST()); Assert.assertEquals("eHDSI-IDWS-XUA-1.0", assertion.getSpecVersion()); Assert.assertEquals("urn:dk:sosi:sts:eHDSI-strict", assertion.getIssuancePolicy()); Assert.assertEquals("DE", assertion.getCountryOfTreatment()); /** * STS bygger response */ // Build Ehdsi Idws Xua Employee identity token EhdsiIdwsXuaEmployeeIdentityTokenBuilder tokenBuilder = factory.createEhdsiIdwsXuaEmployeeIdentityTokenBuilder(); tokenBuilder.setIssuer("http://sosi"); tokenBuilder.setAudienceRestriction("https://fmk"); tokenBuilder.setNotBefore(notBefore); tokenBuilder.setNotOnOrAfter(notOnOrAfter); tokenBuilder.setDeliveryNotOnOrAfter(notOnOrAfter); tokenBuilder.setSubjectNameID("C=DK,O=Ingen organisatorisk tilknytning,CN=Lars Larsen,Serial=PID:9208-2002-2-514358910503"); tokenBuilder.setSubjectNameIDFormat(SAMLValues.NAMEID_FORMAT_X509_SUBJECT_NAME); tokenBuilder.setSigningVault(signingVault); tokenBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate()); tokenBuilder.setSubject("Alfonso Gonzalez"); tokenBuilder.setRole("2221", "Nursing professionals"); tokenBuilder.setOrganization("Charité – Universitätsmedizin Berlin"); tokenBuilder.setOrganizationId("urn:oid:1.3.6.1.4.1.44938"); tokenBuilder.setHealthcareFacilityType("Hospital"); tokenBuilder.setPurposeOfUse("TREATMENT"); tokenBuilder.setLocality("Klinik am Berg, 83242 Reit im Winkl"); tokenBuilder.setPatientId("0205756078^^^&1.2.208.176.1.2&ISO"); tokenBuilder.setAssuranceLevel("3"); tokenBuilder.setSpecVersion("eHDSI-IDWS-XUA-1.0"); tokenBuilder.setIssuancePolicy("urn:dk:sosi:sts:eHDSI-strict"); tokenBuilder.setCountryOfTreatment("DE"); EhdsiIdwsXuaEmployeeIdentityToken ehdsiIdwsXuaEmployeeIdentityToken = tokenBuilder.build(); // Validate Identity Token ehdsiIdwsXuaEmployeeIdentityToken.validateSchema(); ehdsiIdwsXuaEmployeeIdentityToken.validateSignatureAndTrust(signingVault); // Build Ehdsi Idws Xua Employee response DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponseDOMBuilder responseBuilder = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponseDOMBuilder(); responseBuilder.setEhdsiIdwsXuaEmployeeIdentityToken(ehdsiIdwsXuaEmployeeIdentityToken); responseBuilder.setSigningVault(holderOfKeyVault); responseBuilder.setRelatesTo("relatesTo"); responseBuilder.setContext("context"); Document consumerStsResponseDocument = responseBuilder.build(); /** * Send response over netværk */ String consumerStsResponseXml = XmlUtil.node2String(consumerStsResponseDocument, false, false); consumerStsResponseDocument = readXml(System.getProperties(), consumerStsResponseXml, false); /** * Consumer modtager response */ DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponseModelBuilder responseModelBuilder = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponseModelBuilder(); DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponse response = responseModelBuilder.build(consumerStsResponseDocument); // Validate entire response response.validateSignature(); // Validate the Ehdsi Idws Xua Employee Identity token from the response EhdsiIdwsXuaEmployeeIdentityToken employeeIdentityToken = response.getEhdsiIdwsXuaEmployeeIdentityToken(); // The Ehdsi Idws Xua Employee Identity token can be schema validated after serialize/deserialize employeeIdentityToken.validateSchema(); employeeIdentityToken.validateSignatureAndTrust(signingVault); // Verify all attributes assertEquals("3", employeeIdentityToken.getAssuranceLevel()); assertEquals("Alfonso Gonzalez", employeeIdentityToken.getSubject()); Assert.assertEquals("2221", employeeIdentityToken.getRoleCode()); Assert.assertEquals("Nursing professionals", employeeIdentityToken.getRoleDisplayName()); Assert.assertEquals("Charité – Universitätsmedizin Berlin", employeeIdentityToken.getOrganization()); Assert.assertEquals("urn:oid:1.3.6.1.4.1.44938", employeeIdentityToken.getOrganizationId()); Assert.assertEquals("Hospital", employeeIdentityToken.getHealthcareFacilityType()); Assert.assertEquals("TREATMENT", employeeIdentityToken.getPurposeOfUseCode()); Assert.assertEquals("Klinik am Berg, 83242 Reit im Winkl", employeeIdentityToken.getLocality()); Assert.assertEquals("0205756078^^^&1.2.208.176.1.2&ISO", employeeIdentityToken.getPatientId()); Assert.assertEquals("3", employeeIdentityToken.getAssuranceLevel()); Assert.assertEquals("eHDSI-IDWS-XUA-1.0", employeeIdentityToken.getSpecVersion()); Assert.assertEquals("urn:dk:sosi:sts:eHDSI-strict", employeeIdentityToken.getIssuancePolicy()); Assert.assertEquals("DE", employeeIdentityToken.getCountryOfTreatment()); } } |
...