View Javadoc

1   /*
2    * The MIT License
3    *
4    * Original work sponsored and donated by National Board of e-Health (NSI), Denmark (http://www.nsi.dk)
5    *
6    * Copyright (C) 2011 National Board of e-Health (NSI), Denmark (http://www.nsi.dk)
7    *
8    * Permission is hereby granted, free of charge, to any person obtaining a copy of
9    * this software and associated documentation files (the "Software"), to deal in
10   * the Software without restriction, including without limitation the rights to
11   * use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies
12   * of the Software, and to permit persons to whom the Software is furnished to do
13   * so, subject to the following conditions:
14   *
15   * The above copyright notice and this permission notice shall be included in all
16   * copies or substantial portions of the Software.
17   *
18   * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
19   * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
20   * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
21   * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
22   * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
23   * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
24   * SOFTWARE.
25   *
26   * $HeadURL: https://svn.softwareborsen.dk/sosi/trunk/modules/seal/src/test/java/dk/sosi/seal/TestSOSIFactory.java $
27   * $Id: TestSOSIFactory.java 8697 2011-09-02 10:33:55Z chg@lakeside.dk $
28   */
29  package dk.sosi.seal;
30  
31  import dk.sosi.seal.model.*;
32  import dk.sosi.seal.model.constants.*;
33  import dk.sosi.seal.model.dombuilders.SAMLUtil;
34  import dk.sosi.seal.modelbuilders.ModelBuildException;
35  import dk.sosi.seal.modelbuilders.ModelPrefixResolver;
36  import dk.sosi.seal.pki.PKIException;
37  import dk.sosi.seal.pki.SOSIFederation;
38  import dk.sosi.seal.pki.SOSITestFederation;
39  import dk.sosi.seal.pki.TestAbstractOCESCertificationAuthority;
40  import dk.sosi.seal.pki.impl.HashMapCertificateCache;
41  import dk.sosi.seal.pki.testobjects.CredentialVaultAdapter;
42  import dk.sosi.seal.vault.CredentialVaultTestUtil;
43  import dk.sosi.seal.vault.EmptyCredentialVault;
44  import dk.sosi.seal.vault.GenericCredentialVault;
45  import dk.sosi.seal.xml.XmlUtil;
46  import junit.framework.TestCase;
47  import org.w3c.dom.Document;
48  import org.w3c.dom.Element;
49  import org.w3c.dom.Node;
50  
51  import javax.xml.transform.TransformerException;
52  import java.io.IOException;
53  import java.security.cert.X509Certificate;
54  import java.util.Properties;
55  
56  /**
57   * Test SOSIFactory
58   *
59   * @author kkj
60   * @version 1.0 Apr 28, 2006
61   * @since 1.0
62   */
63  public class TestSOSIFactory extends TestCase {
64  
65  	public void testSOSIFactoryConstruction() throws Exception {
66  		try {
67  			new SOSIFactory(null, System.getProperties());
68  			fail("Constructor should fail with credentialvault='null'");
69  		} catch (ModelException re) {
70  			// OK!
71  		}
72  		try {
73  			new SOSIFactory(CredentialVaultTestUtil.getCredentialVault(), null);
74  			fail("Constructor should fail with properties='null'");
75  		} catch (ModelException re) {
76  			// OK!
77  		}
78  	}
79  
80  	public void testCreateRequest() throws Exception {
81  
82  		SOSIFactory factory = new SOSIFactory(CredentialVaultTestUtil.getCredentialVault(), System.getProperties());
83  		assertEquals(System.getProperties(), factory.getProperties());
84  
85  		String flowID = null;
86  		String issuer = "testissuer";
87  		System.getProperties().setProperty("issuer", issuer);
88  		boolean nonRep = false;
89  
90  		Request req = factory.createNewRequest(nonRep, flowID);
91  		checkRequest(req, nonRep, flowID);
92  
93  		flowID = "1234";
94  		nonRep = true;
95  		req = factory.createNewRequest(nonRep, flowID);
96  		checkRequest(req, nonRep, flowID);
97  
98  		try {
99  			req.serialize2DOMDocument();
100 			fail("Should fail with req.idcard='null'");
101 		} catch (ModelException me) {
102 			// OK!
103 		}
104 
105 		assertEquals(req, req); // Check equals()
106 		Request req1 = factory.createNewRequest(nonRep, flowID);
107 		assertFalse(req.equals(req1)); // Different messageID's
108 		assertFalse(req.getMessageID().equals(req1.getMessageID()));
109 
110 		CareProvider careProvider = createCareProvider();
111 
112 		req.setIDCard(createVOCESSignedSystemIDCard(factory, careProvider, null));
113 		Document doc = req.serialize2DOMDocument();
114 		assertTrue(doc.getDocumentElement().getChildNodes().getLength() > 0);
115 
116 	}
117 
118 	public void testIDCard() {
119 
120 		SOSIFactory factory = new SOSIFactory(CredentialVaultTestUtil.getCredentialVault(), System.getProperties());
121 
122 		String issuer = "testissuer";
123 		System.getProperties().setProperty("sosi:issuer", issuer);
124 
125 		String flowID = "1234";
126 		boolean nonRep = true;
127 		Request req = factory.createNewRequest(nonRep, flowID);
128 
129 		CareProvider careProvider = createCareProvider();
130 
131 		// test systemidcard with voces
132 		IDCard idCard = createVOCESSignedSystemIDCard(factory,careProvider, null);
133 		assertTrue(idCard.getIssuer().equals("testissuer"));
134 		Element idCardElement = idCard.serialize2DOMDocument(factory, XmlUtil.createEmptyDocument());
135 		String xml = XmlUtil.node2String(idCardElement, true, true);
136 		IDCard deserializedIDCard = factory.deserializeIDCard(xml);
137 		assertEquals(idCard, deserializedIDCard);
138 		req.setIDCard(idCard);
139 		req.serialize2DOMDocument(XmlUtil.createEmptyDocument());
140 
141 
142 		// test systemidcard with no authentification
143 		idCard = factory.createNewSystemIDCard("SOSITEST", careProvider, AuthenticationLevel.NO_AUTHENTICATION, null, null, null, null);
144 		assertTrue(idCard.getIssuer().equals("testissuer"));
145 		idCardElement = idCard.serialize2DOMDocument(factory, XmlUtil.createEmptyDocument());
146 		xml = XmlUtil.node2String(idCardElement, false, true);
147 		deserializedIDCard = factory.deserializeIDCard(xml);
148 		assertEquals(idCard, deserializedIDCard);
149 		req.setIDCard(idCard);
150 		req.serialize2DOMDocument(XmlUtil.createEmptyDocument());
151 
152 		// test useridcard with moces
153 		UserInfo userInfo = new UserInfo("2601610143", "Peter", "Buus", "peter@signaturgruppen.dk", "hacker", "nurse", "2101");
154 		idCard = factory.createNewUserIDCard("SOSITEST", userInfo, createCareProvider(), AuthenticationLevel.MOCES_TRUSTED_USER, null, null,
155 				factory.getCredentialVault().getSystemCredentialPair().getCertificate(), null);
156 		idCardElement = idCard.serialize2DOMDocument(factory, XmlUtil.createEmptyDocument());
157 		xml = XmlUtil.node2String(idCardElement, false, true);
158 		deserializedIDCard = factory.deserializeIDCard(xml);
159 		assertEquals(idCard, deserializedIDCard);
160 		req.setIDCard(idCard);
161 		req.serialize2DOMDocument(XmlUtil.createEmptyDocument());
162 		// TODO: Assertions?
163 
164 		// test useridcard with no authentification
165 		idCard = factory.createNewUserIDCard("SOSITEST", userInfo, createCareProvider(), AuthenticationLevel.NO_AUTHENTICATION, null, null, null, null);
166 		idCardElement = idCard.serialize2DOMDocument(factory, XmlUtil.createEmptyDocument());
167 		xml = XmlUtil.node2String(idCardElement, false, true);
168 		deserializedIDCard = factory.deserializeIDCard(xml);
169 		assertEquals(idCard, deserializedIDCard);
170 		req.setIDCard(idCard);
171 		req.serialize2DOMDocument(XmlUtil.createEmptyDocument());
172 		// TODO: Assertions?
173 	}
174 
175 	public void testInvalidIDCards() throws Exception {
176 		SOSIFactory factory = new SOSIFactory(CredentialVaultTestUtil.getCredentialVault(), System.getProperties());
177 		CareProvider careProvider = createCareProvider();
178 
179 		UserInfo userInfo = new UserInfo("9999999999", "John", "Doe", "spam@somesite.dk", "hacker", "doctor", "2101");
180 		IDCard idCard = factory.createNewUserIDCard("SOSITEST", userInfo, careProvider, AuthenticationLevel.NO_AUTHENTICATION, null, null,
181 				factory.getCredentialVault().getSystemCredentialPair().getCertificate(), null);
182 		Document doc = XmlUtil.createEmptyDocument();
183 
184 		// Create a DOM document with the serialized UserIDCard
185 		Request req = factory.createNewRequest(false, "1234");
186 		req.setIDCard(idCard);
187 		doc = XmlUtil.createEmptyDocument();
188 		req.serialize2DOMDocument(doc);
189 		Document validDocument = doc;
190 
191 		// Fetch the IDCardType element
192 		doc = (Document)validDocument.cloneNode(true);
193 		Element samlAttrIDCardType = getIDCardTypeAttributeValueElement(doc);
194 
195 		// Replace the value with an invalid type designation
196 		samlAttrIDCardType.replaceChild(doc.createTextNode("bogus"),samlAttrIDCardType.getFirstChild());
197 
198 		// Check that the DOM serializer fails when building the model
199 		try {
200 			req = factory.deserializeRequest(XmlUtil.node2String(doc,false,false));
201 			fail("Modelbuilder does not fail on invalid id card type!");
202 		} catch (ModelBuildException mbe) {
203 			// OK!
204 		}
205 
206 		// Replace the value with 'system'. System IDCards should not have UserLog entries.
207 		doc = (Document)validDocument.cloneNode(true);
208 		samlAttrIDCardType = getIDCardTypeAttributeValueElement(doc);
209 		samlAttrIDCardType.replaceChild(doc.createTextNode(IDCard.IDCARDTYPE_SYSTEM),samlAttrIDCardType.getFirstChild());
210 		// Check that the DOM serializer fails when building the model
211 		try {
212 			req = factory.deserializeRequest(XmlUtil.node2String(doc,false,false));
213 			fail("Modelbuilder should fail when SystemIDCards has UserLog elements!");
214 		} catch (ModelBuildException mbe) {
215 			// OK!
216 		}
217 
218 		// Remove IDCard data element.
219 		checkMissingAttrStmt(factory, validDocument, IDValues.IDCARD_DATA, "Modelbuilder should fail when IDCardData element is missing");
220 		checkMissingAttrStmt(factory, validDocument, IDValues.SYSTEM_LOG, "Modelbuilder should fail when SystemLog element is missing");
221 		checkMissingAttrStmt(factory, validDocument, IDValues.USER_LOG, "Modelbuilder should fail when UserLog element is missing in UserIDCards");
222 	}
223 
224 	public void testAlternativeIdentifiersForIDCards() throws Exception {
225 
226 		SOSIFactory factory = new SOSIFactory(CredentialVaultTestUtil.getCredentialVault(), System.getProperties());
227 
228 		CareProvider careProvider = createCareProvider();
229 
230 		String alternativeIdentifier = "someAlternativeIdentifier";
231 
232 		// test systemidcard with voces
233 		IDCard idCard = createVOCESSignedSystemIDCard(factory,careProvider, alternativeIdentifier);
234 		assertEquals(alternativeIdentifier, idCard.getAlternativeIdentifier());
235 		Element idCardElement = idCard.serialize2DOMDocument(factory, XmlUtil.createEmptyDocument());
236 		String xml = XmlUtil.node2String(idCardElement, false, true);
237 		IDCard deserializedIDCard = factory.deserializeIDCard(xml);
238 		assertEquals(idCard.getAlternativeIdentifier(), deserializedIDCard.getAlternativeIdentifier());
239 		assertEquals(idCard, deserializedIDCard);
240 
241 
242 		// test systemidcard with no authentification
243 		idCard = factory.createNewSystemIDCard("SOSITEST", careProvider, AuthenticationLevel.NO_AUTHENTICATION, null, null, null, alternativeIdentifier);
244 		assertEquals(alternativeIdentifier, idCard.getAlternativeIdentifier());
245 		idCardElement = idCard.serialize2DOMDocument(factory, XmlUtil.createEmptyDocument());
246 		xml = XmlUtil.node2String(idCardElement, false, true);
247 		deserializedIDCard = factory.deserializeIDCard(xml);
248 		assertEquals(idCard.getAlternativeIdentifier(), deserializedIDCard.getAlternativeIdentifier());
249 		assertEquals(idCard, deserializedIDCard);
250 
251 		// test useridcard with moces
252 		UserInfo userInfo = new UserInfo("2601610143", "Peter", "Buus", "peter@signaturgruppen.dk", "hacker", "nurse", "2101");
253 		idCard = factory.createNewUserIDCard("SOSITEST", userInfo, createCareProvider(), AuthenticationLevel.MOCES_TRUSTED_USER,
254 				null, null, factory.getCredentialVault().getSystemCredentialPair().getCertificate(), alternativeIdentifier);
255 		assertEquals(alternativeIdentifier, idCard.getAlternativeIdentifier());
256 		idCardElement = idCard.serialize2DOMDocument(factory, XmlUtil.createEmptyDocument());
257 		xml = XmlUtil.node2String(idCardElement, false, true);
258 		deserializedIDCard = factory.deserializeIDCard(xml);
259 		assertEquals(idCard.getAlternativeIdentifier(), deserializedIDCard.getAlternativeIdentifier());
260 		assertEquals(idCard, deserializedIDCard);
261 
262 		// test useridcard with no authentification
263 		idCard = factory.createNewUserIDCard("SOSITEST", userInfo, createCareProvider(), AuthenticationLevel.NO_AUTHENTICATION, null, null, null, alternativeIdentifier);
264 		assertEquals(alternativeIdentifier, idCard.getAlternativeIdentifier());
265 		idCardElement = idCard.serialize2DOMDocument(factory, XmlUtil.createEmptyDocument());
266 		xml = XmlUtil.node2String(idCardElement, false, true);
267 		deserializedIDCard = factory.deserializeIDCard(xml);
268 		assertEquals(idCard.getAlternativeIdentifier(), deserializedIDCard.getAlternativeIdentifier());
269 		assertEquals(idCard, deserializedIDCard);
270 	}
271 
272 	/**
273 	 *  Test the combination of careproviders and generation of SAML Subject name ID
274 	 * @throws TransformerException
275 	 */
276 	public void testCareProvidersInSystemIDCards() throws Exception {
277 		SOSIFactory factory = new SOSIFactory(CredentialVaultTestUtil.getCredentialVault(), System.getProperties());
278 
279 		checkCareProviderAndSubjectNameID(factory, SubjectIdentifierTypeValues.CVR_NUMBER);
280 		checkCareProviderAndSubjectNameID(factory, SubjectIdentifierTypeValues.Y_NUMBER);
281 		checkCareProviderAndSubjectNameID(factory, SubjectIdentifierTypeValues.P_NUMBER);
282 		checkCareProviderAndSubjectNameID(factory, SubjectIdentifierTypeValues.SKS_CODE);
283 
284 	}
285 
286 	public void testSecurityTokenRequest() {
287 
288 		SOSIFactory factory = new SOSIFactory(CredentialVaultTestUtil.getCredentialVault(), System.getProperties());
289 		String issuer = "testissuer";
290 		System.getProperties().setProperty("sosi:issuer", issuer);
291 
292 		SecurityTokenRequest securityTokenRequest = factory.createNewSecurityTokenRequest();
293 
294 		try {
295 			securityTokenRequest.serialize2DOMDocument();
296 			fail("Must fail with no ID Card present");
297 		} catch (ModelException e) {
298 			// OK
299 		}
300 
301 		try {
302 			securityTokenRequest.setFlowID("NOT APPLICABLE");
303 			fail("Flow ID not applicable for SecurityTokenRequest");
304 		} catch (ModelException e) {
305 			// OK
306 		}
307 
308 		CareProvider careProvider = createCareProvider();
309 		IDCard idCard = createVOCESSignedSystemIDCard(factory,careProvider, null);
310 		securityTokenRequest.setIDCard(idCard);
311 
312 		Document doc = securityTokenRequest.serialize2DOMDocument();
313 
314 		Node signature = doc.getElementsByTagNameNS(NameSpaces.DSIG_SCHEMA, "Signature").item(0);
315 		assertNotNull(signature);
316 		assertTrue(SignatureUtil.validate(signature, factory.getFederation(),factory.getCredentialVault(),true));
317 
318 		try {
319 			String xml = XmlUtil.node2String(doc, false, true);
320 			SecurityTokenRequest securityTokenRequest1 = factory.deserializeSecurityTokenRequest(xml);
321 			assertTrue(securityTokenRequest.equals(securityTokenRequest1));
322 			assertEquals(securityTokenRequest.hashCode(), securityTokenRequest1.hashCode());
323 			Document doc1 = securityTokenRequest1.serialize2DOMDocument();
324             assertTrue(XmlUtil.deepDiff(doc, doc1) == null);
325 		} catch (Exception e) {
326 			e.printStackTrace();
327 			fail("Error parsing SecurityTokenRequest "+e.getMessage());
328 		}
329 
330 	}
331 
332 	public void testSecurityTokenRequestWithEmptyCredentialVaultAndWithNoAuthSystemID() {
333 
334 		SOSIFactory factory = new SOSIFactory(new EmptyCredentialVault(), System.getProperties());
335 		String issuer = "testissuer";
336 		System.getProperties().setProperty("sosi:issuer", issuer);
337 
338 		SecurityTokenRequest securityTokenRequest = factory.createNewSecurityTokenRequest();
339 
340 		try {
341 			securityTokenRequest.serialize2DOMDocument();
342 			fail("Must fail with no ID Card present");
343 		} catch (Exception e) {
344 			// OK
345 		}
346 
347 		try {
348 			securityTokenRequest.setFlowID("NOT APPLICABLE");
349 			fail("Flow ID not applicable for SecurityTokenRequest");
350 		} catch (Exception e) {
351 			// OK
352 		}
353 
354 		CareProvider careProvider = createCareProvider();
355 		IDCard idCard = factory.createNewSystemIDCard("SOSITEST", careProvider, AuthenticationLevel.NO_AUTHENTICATION, null, null, null, null);
356 		securityTokenRequest.setIDCard(idCard);
357 
358 		Document doc = securityTokenRequest.serialize2DOMDocument();
359 
360 		Node signature = doc.getElementsByTagNameNS(NameSpaces.DSIG_SCHEMA, "Signature").item(0);
361 		assertNull(signature);
362 
363 		try {
364 			String xml = XmlUtil.node2String(doc, false, true);
365 			SecurityTokenRequest securityTokenRequest1 = factory.deserializeSecurityTokenRequest(xml);
366 			assertTrue(securityTokenRequest.equals(securityTokenRequest1));
367 			assertEquals(securityTokenRequest.hashCode(), securityTokenRequest1.hashCode());
368 			Document doc1 = securityTokenRequest1.serialize2DOMDocument();
369 			XmlUtil.node2String(doc1, false, true);
370 			assertTrue(XmlUtil.deepDiff(doc, doc1) == null);
371 		} catch (Exception e) {
372 			e.printStackTrace();
373 			fail("Error parsing SecurityTokenRequest");
374 		}
375 
376 	}
377 
378 	public void testSecurityTokenResponse() {
379 
380 		SOSIFactory factory = new SOSIFactory(CredentialVaultTestUtil.getCredentialVault(), System.getProperties());
381 		String issuer = "testissuer";
382 		System.getProperties().setProperty("sosi:issuer", issuer);
383 		SecurityTokenRequest request = factory.createNewSecurityTokenRequest();
384 
385 		SecurityTokenResponse securityTokenResponse = factory.createNewSecurityTokenErrorResponse(request, "FAILURE", "ERROR", "ACTOR");
386 		assertEquals("FAILURE", securityTokenResponse.getFaultCode());
387 		assertEquals("ERROR", securityTokenResponse.getFaultString());
388 		Document errorResponseDoc = XmlUtil.createEmptyDocument();
389 		securityTokenResponse.serialize2DOMDocument(errorResponseDoc);
390 
391 		try {
392 			String xml = XmlUtil.node2String(errorResponseDoc, false, true);
393 			SecurityTokenResponse securityTokenResponse1 = factory.deserializeSecurityTokenResponse(xml);
394 			assertTrue(securityTokenResponse.equals(securityTokenResponse1));
395 			Document doc1 = XmlUtil.createEmptyDocument();
396 			securityTokenResponse1.serialize2DOMDocument(doc1);
397 			assertTrue(XmlUtil.deepDiff(errorResponseDoc, doc1) == null);
398 		} catch (Exception e) {
399 			e.printStackTrace();
400 			fail("Error parsing SecurityTokenResponse with error");
401 		}
402 
403 		SecurityTokenRequest newRequest = factory.createNewSecurityTokenRequest();
404 		SecurityTokenResponse securityTokenResponseError = factory.createNewSecurityTokenErrorResponse(newRequest, "FAILURE", "ERROR", "ACTOR");
405 		// on slow computers createdate can be different
406 		securityTokenResponseError.setCreationDate(securityTokenResponse.getCreationDate());
407 
408 		assertFalse(securityTokenResponse.equals(securityTokenResponseError));
409 		securityTokenResponseError.setMessageID(securityTokenResponse.getMessageID());
410 		assertTrue(securityTokenResponse.equals(securityTokenResponseError));
411 
412 		securityTokenResponseError = factory.createNewSecurityTokenErrorResponse(request, "FUILARE", "ERROR", "ACTOR");
413 		assertFalse(securityTokenResponse.equals(securityTokenResponseError));
414 		securityTokenResponseError.setMessageID(securityTokenResponse.getMessageID());
415 		assertFalse(securityTokenResponse.equals(securityTokenResponseError));
416 
417 		securityTokenResponseError = factory.createNewSecurityTokenErrorResponse(request, "FAILURE", "ORRER", "ACTOR");
418 		assertFalse(securityTokenResponse.equals(securityTokenResponseError));
419 		securityTokenResponseError.setMessageID(securityTokenResponse.getMessageID());
420 		assertFalse(securityTokenResponse.equals(securityTokenResponseError));
421 
422 		securityTokenResponse = factory.createNewSecurityTokenResponse(newRequest);
423 
424 		try {
425 			securityTokenResponse.serialize2DOMDocument(XmlUtil.createEmptyDocument());
426 			fail("Must fail with no ID Card present");
427 		} catch (ModelException e) {
428 			// OK
429 		}
430 
431 		try {
432 			securityTokenResponse.setFlowID("NOT APPLICABLE");
433 			fail("Flow ID not applicable for SecurityTokenResponse");
434 		} catch (Exception e) {
435 			// OK
436 		}
437 
438 		try {
439 			securityTokenResponse.getFaultCode();
440 			fail("getFaultCode should fail for errorless SecurityTokenResponse");
441 		} catch (Exception e) {
442 			// OK
443 		}
444 
445 		try {
446 			securityTokenResponse.getFaultString();
447 			fail("getFaultString should fail for errorless SecurityTokenResponse");
448 		} catch (Exception e) {
449 			// OK
450 		}
451 
452 		CareProvider careProvider = createCareProvider();
453 		IDCard idCard =createVOCESSignedSystemIDCard(factory,careProvider, null);
454 		securityTokenResponse.setIDCard(idCard);
455 
456 		Document doc = XmlUtil.createEmptyDocument();
457 		securityTokenResponse.serialize2DOMDocument(doc);
458 
459 		Node signature = doc.getElementsByTagNameNS(NameSpaces.DSIG_SCHEMA, "Signature").item(0);
460 		assertNotNull(signature);
461 		assertTrue(SignatureUtil.validate(signature, factory.getFederation(),factory.getCredentialVault(),true));
462 
463 		try {
464 			String xml = XmlUtil.node2String(doc, false, true);
465 			SecurityTokenResponse securityTokenResponse1 = factory.deserializeSecurityTokenResponse(xml);
466 			assertTrue(securityTokenResponse.equals(securityTokenResponse1));
467 			Document doc1 = XmlUtil.createEmptyDocument();
468 			securityTokenResponse1.serialize2DOMDocument(doc1);
469 			assertTrue(XmlUtil.deepDiff(doc, doc1) == null);
470 		} catch (Exception e) {
471 			e.printStackTrace();
472 			fail("Error parsing SecurityTokenResponse");
473 		}
474 
475 	}
476 
477 	public void testSTSLoop() {
478 
479 		SOSIFactory factory = new SOSIFactory(CredentialVaultTestUtil.getCredentialVault(), System.getProperties());
480 		String issuer = "testissuer";
481 		System.getProperties().setProperty("sosi:issuer", issuer);
482 
483 		SecurityTokenRequest securityTokenRequest = factory.createNewSecurityTokenRequest();
484 
485 		CareProvider careProvider = createCareProvider();
486 		IDCard idCardBeforeSerialization = createVOCESSignedSystemIDCard(factory,careProvider, null);
487 		securityTokenRequest.setIDCard(idCardBeforeSerialization);
488 
489 		Document doc = XmlUtil.createEmptyDocument();
490 		securityTokenRequest.serialize2DOMDocument(doc);
491 
492 		Node signature = doc.getElementsByTagNameNS(NameSpaces.DSIG_SCHEMA, "Signature").item(0);
493 		assertNotNull(signature);
494 		assertTrue(SignatureUtil.validate(signature, factory.getFederation(), factory.getCredentialVault(),true));
495 
496 		SecurityTokenRequest afterSentOverTheWire = null;
497 		try {
498 			String xml = XmlUtil.node2String(doc, false, true);
499 			afterSentOverTheWire = factory.deserializeSecurityTokenRequest(xml);
500 		} catch (Exception e) {
501 			e.printStackTrace();
502 			fail("Error parsing SecurityTokenRequest");
503 		}
504 
505 		SecurityTokenResponse securityTokenResponse = factory.createNewSecurityTokenResponse(afterSentOverTheWire);
506 		securityTokenResponse.setIDCard(factory.copyToVOCESSignedIDCard(afterSentOverTheWire.getIDCard()));
507 		Document responseDoc = XmlUtil.createEmptyDocument();
508 		securityTokenResponse.serialize2DOMDocument(responseDoc);
509 		Node responseSignature = responseDoc.getElementsByTagNameNS(NameSpaces.DSIG_SCHEMA, "Signature").item(0);
510 		assertTrue(SignatureUtil.validate(responseSignature, factory.getFederation(), factory.getCredentialVault(),true));
511 
512 	}
513 
514 	public void testFederationSetup() throws Exception {
515 		try {
516             Properties properties = SignatureUtil.setupCryptoProviderForJVM();
517 
518 			GenericCredentialVault vault = CredentialVaultTestUtil.getVocesCredentialVault(properties);
519 
520 			SOSIFactory factory = new SOSIFactory(vault, properties);
521 			assertNull(factory.getFederation());
522 
523 			SOSITestFederation testFederation = new SOSITestFederation(properties, new HashMapCertificateCache());
524 			factory = new SOSIFactory(testFederation, vault, properties);
525 
526 			assertEquals(vault, factory.getCredentialVault());
527 			assertTrue(factory.getFederation() != null);
528 			assertTrue(factory.getFederation() instanceof SOSITestFederation);
529 
530             SOSIFederation federation = new SOSIFederation(properties);
531 			factory = new SOSIFactory(federation, vault, properties);
532 
533 			assertEquals(vault, factory.getCredentialVault());
534 			assertTrue(factory.getFederation() != null);
535 			assertTrue(factory.getFederation() instanceof SOSIFederation);
536 
537             try {
538                 federation.getCertificationAuthority().isValid(vault.getSystemCredentialPair().getCertificate());
539                 fail();
540             } catch (PKIException e) {
541                assertEquals("The supplied certificate is not a OCES Production certificate", e.getMessage());
542             }
543 
544 		} catch (PKIException e) {
545 			System.out.println("May be offline! - test not run..");
546 			System.out.println(e.getMessage());
547 		}
548 	}
549 
550     public void testCreateNewSystemIDCard() throws IOException {
551         String sysId = "mySYS";
552         CareProvider cp = new CareProvider(SubjectIdentifierTypeValues.CVR_NUMBER, "123456789", "myTestOrg");
553         AuthenticationLevel authenticationLevel = AuthenticationLevel.USERNAME_PASSWORD_AUTHENTICATION;
554         String username = "username";
555         String password = "password";
556         X509Certificate certificate = TestAbstractOCESCertificationAuthority.loadIntermediateCertificateIG();
557         String alternativeIdentifie = "altIdent";
558 
559         SystemIDCard sysIdCard = new SOSIFactory(new CredentialVaultAdapter(), new Properties()).createNewSystemIDCard(sysId, cp, authenticationLevel, username, password, certificate, alternativeIdentifie);
560 
561         assertEquals("alternativeIdentifier", "altIdent", sysIdCard.getAlternativeIdentifier());
562         assertEquals("authenticationLevel", AuthenticationLevel.USERNAME_PASSWORD_AUTHENTICATION, sysIdCard.getAuthenticationLevel());
563         assertEquals("password", "password", sysIdCard.getPassword());
564         assertEquals("username", "username", sysIdCard.getUsername());
565         assertSame("systemInfo.careProvider", cp, sysIdCard.getSystemInfo().getCareProvider());
566         assertEquals("systemInfo.itSystemName", "mySYS", sysIdCard.getSystemInfo().getITSystemName());
567     }
568 
569 
570 	// ===========================
571 	//  Private parts
572 	// ===========================
573 
574 	private void checkRequest(Request req, boolean nonRep, String flowID) {
575 		assertEquals(nonRep, req.isDemandNonRepudiationReceipt());
576 		assertEquals(flowID, req.getFlowID());
577 		assertNotNull(req.getCreationDate());
578 		assertNotNull(req.getCreationDate());
579 		assertTrue(req.getCreationDate().getTime() <= System.currentTimeMillis());
580 		assertNotNull(req.getMessageID());
581 	}
582 
583 	private Element getIDCardTypeAttributeValueElement(Document doc) throws Exception {
584 		Element samlAttrIDCardType = new SAMLUtil().fetchSamlAttributeValue(doc,SOSIAttributes.IDCARD_TYPE);
585 		assertNotNull(samlAttrIDCardType);
586 		return samlAttrIDCardType;
587 	}
588 
589 	private void checkMissingAttrStmt(SOSIFactory factory, Document validDocument, String stmtID, String failureMessage) throws Exception {
590 		Document doc  = (Document)validDocument.cloneNode(true);
591 		Element iattrStmt = new SAMLUtil().fetchSamlAttributeStatement(doc,stmtID);
592 		iattrStmt.getParentNode().removeChild(iattrStmt);
593 		// Check that the DOM serializer fails when building the model
594 		try {
595 			factory.deserializeRequest(XmlUtil.node2String(doc,false,false));
596 			fail(failureMessage);
597 		} catch (ModelBuildException mbe) {
598 			// OK!
599 		} catch (ModelException e) {
600 			// OK!
601 		}
602 
603 	}
604 
605 	private CareProvider createCareProvider() {
606 		return createCareProvider(SubjectIdentifierTypeValues.CVR_NUMBER);
607 	}
608 
609 	private CareProvider createCareProvider(String type) {
610 		return new CareProvider(type, "someID", "someOrgName");
611 	}
612 
613 	private SystemIDCard createVOCESSignedSystemIDCard(SOSIFactory factory, CareProvider careProvider, String alternativeIdentifier) {
614 		return factory.createNewSystemIDCard("SOSITEST", careProvider,AuthenticationLevel.VOCES_TRUSTED_SYSTEM, null, null, factory.getCredentialVault().getSystemCredentialPair().getCertificate(), alternativeIdentifier);
615 	}
616 
617 	private SystemIDCard createUnsignedSystemIDCard(SOSIFactory factory, CareProvider careProvider) {
618 		return factory.createNewSystemIDCard("SOSITEST", careProvider,AuthenticationLevel.NO_AUTHENTICATION, null, null, factory.getCredentialVault().getSystemCredentialPair().getCertificate(), null);
619 	}
620 
621 	private void checkCareProviderAndSubjectNameID(SOSIFactory factory, String cpType) throws TransformerException {
622 		IDCard idCard = createUnsignedSystemIDCard(factory,createCareProvider(cpType));
623 		Document doc = XmlUtil.createEmptyDocument();
624 		Request req = factory.createNewRequest(false, "1234");
625 		req.setIDCard(idCard);
626 		req.serialize2DOMDocument(doc);
627         Element subject = XmlUtil.selectSingleElement(doc, "//"+ SAMLTags.NAMEID_PREFIXED, new ModelPrefixResolver());
628 		assertEquals(cpType,subject.getAttribute(SAMLAttributes.FORMAT));
629 	}
630 }