Page History
...
| Code Block | ||
|---|---|---|
| ||
public class TestFactoryFlow {
private final String NAMEID_FORMAT_X509_SUBJECT_NAME = "urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName";
@Test
public void testDKNCPBST2EHDSIIdws() {
/**
* Consumer sender request
*/
// CredentialVault og Factory
CredentialVault signingVault = new ClasspathCredentialVault(null, "Filnavn på PKCS#12 Virksomhedscertifikat", "Kodeord til Virksomhedscertifikat");
CredentialVault holderOfKeyVault = new ClasspathCredentialVault(null, "Filnavn på PKCS#12 Holder of key certifikat", "Kodeord til Holder of key certifikat"); EHDSIFactory
EHDSIFactory factory = new EHDSIFactory();
// Build Dkncp Boostrap SAML Assertion
String issuer = "http://sosi";
DkncpBootstrapSamlAssertionBuilder dkncpBootstrapSamlAssertionBuilder = factory.createDkncpBootstrapSamlAssertionBuilder(signingVault, issuer);
dkncpBootstrapSamlAssertionBuilder.setIssuer(issuer);
dkncpBootstrapSamlAssertionBuilder.setAudienceRestriction("https://fmk");
Date now = new Date();
dkncpBootstrapSamlAssertionBuilder.setNotBefore(notBefore);
dkncpBootstrapSamlAssertionBuilder.setNotOnOrAfter(notOnOrAfter);
dkncpBootstrapSamlAssertionBuilder.setDeliveryNotOnOrAfter(notOnOrAfter);
dkncpBootstrapSamlAssertionBuilder.setSubjectName("C=DK,O=LAKESIDE A/S // CVR:25450442,CN=Sårjournal TEST læge,Serial=CVR:25450442-RID:73570260");
dkncpBootstrapSamlAssertionBuilder.setSubjectNameID("nameid");
dkncpBootstrapSamlAssertionBuilder.setSubjectNameIDFormat(SAMLValues.NAMEID_FORMAT_X509_SUBJECT_NAME);
dkncpBootstrapSamlAssertionBuilder.setSigningVault(signingVault);
dkncpBootstrapSamlAssertionBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate());
// Mandatory attribute values
dkncpBootstrapSamlAssertionBuilder.setSubject("Alfonso Gonzalez");
dkncpBootstrapSamlAssertionBuilder.setRole("2221", "Nursing professionals");
dkncpBootstrapSamlAssertionBuilder.setOrganization("Charité – Universitätsmedizin Berlin");
dkncpBootstrapSamlAssertionBuilder.setOrganizationId("urn:oid:1.3.6.1.4.1.44938");
dkncpBootstrapSamlAssertionBuilder.setHealthcareFacilityType("Hospital");
dkncpBootstrapSamlAssertionBuilder.setPurposeOfUse("TREATMENT");
dkncpBootstrapSamlAssertionBuilder.setLocality("Klinik am Berg, 83242 Reit im Winkl");
dkncpBootstrapSamlAssertionBuilder.setPatientId("0205756078^^^&1.2.208.176.1.2&ISO");
dkncpBootstrapSamlAssertionBuilder.setAssuranceLevelNIST("3");
dkncpBootstrapSamlAssertionBuilder.setSpecVersion("eHDSI-IDWS-XUA-1.0");
dkncpBootstrapSamlAssertionBuilder.setIssuancePolicy("urn:dk:sosi:sts:eHDSI-strict");
dkncpBootstrapSamlAssertionBuilder.setCountryOfTreatment("DE");
DkncpBootstrapSamlAssertion dkncpBootstrapSamlAssertion = dkncpBootstrapSamlAssertionBuilder.build();
dkncpBootstrapSamlAssertion.validateSchema();
dkncpBootstrapSamlAssertion.validateSignatureAndTrust(signingVault);
// Build Dkncp Bootstrap request
DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequestDOMBuilder requestDomBuilder = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequestDOMBuilder();
requestDomBuilder.setAudience("https://sosi");
requestDomBuilder.setSigningVault(holderOfKeyVault);
requestDomBuilder.setDkncpBootstrapToken(dkncpBootstrapSamlAssertion);
// Serialize request to the same form as received by the STS
Document consumerStsRequestDocument = requestDomBuilder.build();
/**
* Send request over netværk
*/
String consumerStsRequestXml = XmlUtil.node2String(consumerStsRequestDocument, false, false);
consumerStsRequestDocument = readXml(System.getProperties(), consumerStsRequestXml, false);
/**
* STS modtager request
*/
DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequest request = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenRequestModelBuilder().build(consumerStsRequestDocument);
// validate request
request.validateSignatureAndTrust(holderOfKeyVault);
request.validateHolderOfKeyRelation();
// Validate assertion
DkncpBootstrapSamlAssertion assertion = request.getDkncpBootstrapSamlAssertion();
// The DKNCP BST Assertion can be schema validated after serialize/deserialize
assertion.validateSchema();
assertion.validateSignatureAndTrust(signingVault);
// Verify all attributes
Assert.assertEquals("Alfonso Gonzalez", assertion.getSubject());
Assert.assertEquals(EHDSI_ROLE_XSI_TYPE, assertion.getRoleType());
Assert.assertEquals("2221", assertion.getRoleCode());
Assert.assertEquals(EHDSI_ROLE_CODE_SYSTEM, assertion.getRoleCodeSystem());
Assert.assertEquals(EHDSI_ROLE_CODE_SYSTEM_NAME, assertion.getRoleCodeSystemName());
Assert.assertEquals("Nursing professionals", assertion.getRoleDisplayName());
Assert.assertEquals("Charité – Universitätsmedizin Berlin", assertion.getOrganization());
Assert.assertEquals("urn:oid:1.3.6.1.4.1.44938", assertion.getOrganizationId());
Assert.assertEquals("Hospital", assertion.getHealthcareFacilityType());
Assert.assertEquals("TREATMENT", assertion.getPurposeOfUseCode());
Assert.assertEquals("Klinik am Berg, 83242 Reit im Winkl", assertion.getLocality());
Assert.assertEquals("0205756078^^^&1.2.208.176.1.2&ISO", assertion.getPatientId());
Assert.assertEquals("3", assertion.getAssuranceLevelNIST());
Assert.assertEquals("eHDSI-IDWS-XUA-1.0", assertion.getSpecVersion());
Assert.assertEquals("urn:dk:sosi:sts:eHDSI-strict", assertion.getIssuancePolicy());
Assert.assertEquals("DE", assertion.getCountryOfTreatment());
/**
* STS bygger response
*/
// Build Ehdsi Idws Xua Employee identity token
EhdsiIdwsXuaEmployeeIdentityTokenBuilder tokenBuilder = factory.createEhdsiIdwsXuaEmployeeIdentityTokenBuilder();
tokenBuilder.setIssuer("http://sosi");
tokenBuilder.setAudienceRestriction("https://fmk");
tokenBuilder.setNotBefore(notBefore);
tokenBuilder.setNotOnOrAfter(notOnOrAfter);
tokenBuilder.setDeliveryNotOnOrAfter(notOnOrAfter);
tokenBuilder.setSubjectNameID("C=DK,O=Ingen organisatorisk tilknytning,CN=Lars Larsen,Serial=PID:9208-2002-2-514358910503");
tokenBuilder.setSubjectNameIDFormat(SAMLValues.NAMEID_FORMAT_X509_SUBJECT_NAME);
tokenBuilder.setSigningVault(signingVault);
tokenBuilder.setHolderOfKeyCertificate(holderOfKeyVault.getSystemCredentialPair().getCertificate());
tokenBuilder.setSubject("Alfonso Gonzalez");
tokenBuilder.setRole("2221", "Nursing professionals");
tokenBuilder.setOrganization("Charité – Universitätsmedizin Berlin");
tokenBuilder.setOrganizationId("urn:oid:1.3.6.1.4.1.44938");
tokenBuilder.setHealthcareFacilityType("Hospital");
tokenBuilder.setPurposeOfUse("TREATMENT");
tokenBuilder.setLocality("Klinik am Berg, 83242 Reit im Winkl");
tokenBuilder.setPatientId("0205756078^^^&1.2.208.176.1.2&ISO");
tokenBuilder.setAssuranceLevel("3");
tokenBuilder.setSpecVersion("eHDSI-IDWS-XUA-1.0");
tokenBuilder.setIssuancePolicy("urn:dk:sosi:sts:eHDSI-strict");
tokenBuilder.setCountryOfTreatment("DE");
EhdsiIdwsXuaEmployeeIdentityToken ehdsiIdwsXuaEmployeeIdentityToken = tokenBuilder.build();
// Validate Identity Token
ehdsiIdwsXuaEmployeeIdentityToken.validateSchema();
ehdsiIdwsXuaEmployeeIdentityToken.validateSignatureAndTrust(signingVault);
// Build Ehdsi Idws Xua Employee response
DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponseDOMBuilder responseBuilder = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponseDOMBuilder();
responseBuilder.setEhdsiIdwsXuaEmployeeIdentityToken(ehdsiIdwsXuaEmployeeIdentityToken);
responseBuilder.setSigningVault(holderOfKeyVault);
responseBuilder.setRelatesTo("relatesTo");
responseBuilder.setContext("context");
Document consumerStsResponseDocument = responseBuilder.build();
/**
* Send response over netværk
*/
String consumerStsResponseXml = XmlUtil.node2String(consumerStsResponseDocument, false, false);
consumerStsResponseDocument = readXml(System.getProperties(), consumerStsResponseXml, false);
/**
* Consumer modtager response
*/
DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponseModelBuilder responseModelBuilder = factory.createDkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponseModelBuilder();
DkncpBootstrapSamlAssertionToEhdsiIdwsXuaEmployeeIdentityTokenResponse response = responseModelBuilder.build(consumerStsResponseDocument);
// Validate entire response
response.validateSignature();
// Validate the Ehdsi Idws Xua Employee Identity token from the response
EhdsiIdwsXuaEmployeeIdentityToken employeeIdentityToken = response.getEhdsiIdwsXuaEmployeeIdentityToken();
// The Ehdsi Idws Xua Employee Identity token can be schema validated after serialize/deserialize
employeeIdentityToken.validateSchema();
employeeIdentityToken.validateSignatureAndTrust(signingVault);
// Verify all attributes
assertEquals("3", employeeIdentityToken.getAssuranceLevel());
assertEquals("Alfonso Gonzalez", employeeIdentityToken.getSubject());
Assert.assertEquals("2221", employeeIdentityToken.getRoleCode());
Assert.assertEquals("Nursing professionals", employeeIdentityToken.getRoleDisplayName());
Assert.assertEquals("Charité – Universitätsmedizin Berlin", employeeIdentityToken.getOrganization());
Assert.assertEquals("urn:oid:1.3.6.1.4.1.44938", employeeIdentityToken.getOrganizationId());
Assert.assertEquals("Hospital", employeeIdentityToken.getHealthcareFacilityType());
Assert.assertEquals("TREATMENT", employeeIdentityToken.getPurposeOfUseCode());
Assert.assertEquals("Klinik am Berg, 83242 Reit im Winkl", employeeIdentityToken.getLocality());
Assert.assertEquals("0205756078^^^&1.2.208.176.1.2&ISO", employeeIdentityToken.getPatientId());
Assert.assertEquals("3", employeeIdentityToken.getAssuranceLevel());
Assert.assertEquals("eHDSI-IDWS-XUA-1.0", employeeIdentityToken.getSpecVersion());
Assert.assertEquals("urn:dk:sosi:sts:eHDSI-strict", employeeIdentityToken.getIssuancePolicy());
Assert.assertEquals("DE", employeeIdentityToken.getCountryOfTreatment());
}
} |
...