AUT-936 Add ID-Card tests with revoked and unknown AUTH certificates

src/test/groovy/ee/ria/tara/IDCardAuthSpec.groovy

@@ -27,7 +27,7 @@ class IDCardAuthSpec extends TaraSpecification {
     def "Init ID-Card authentication"() {
         expect:
         String certificate = Utils.getCertificateAsString("src/test/resources/joeorg-auth.pem")
-        Response initClientAuthenticationSession = Steps.startAuthenticationInTara(flow)
+        Steps.startAuthenticationInTara(flow)
         HashMap<String, String> headersMap = (HashMap) Collections.emptyMap()
         Utils.setParameter(headersMap, "XCLIENTCERTIFICATE", certificate)
         Response response = Requests.idCardAuthentication(flow, headersMap)
@@ -43,7 +43,7 @@ class IDCardAuthSpec extends TaraSpecification {
     def "Init ID-Card authentication with expired certificate"() {
         expect:
         String certificate = Utils.getCertificateAsString("src/test/resources/expired-cert.pem")
-        Response initClientAuthenticationSession = Steps.startAuthenticationInTara(flow)
+        Steps.startAuthenticationInTara(flow)
         HashMap<String, String> headersMap = (HashMap) Collections.emptyMap()
         Utils.setParameter(headersMap, "XCLIENTCERTIFICATE", certificate)
         Response response = Requests.idCardAuthentication(flow, headersMap)
@@ -53,12 +53,44 @@ class IDCardAuthSpec extends TaraSpecification {
         assertEquals("application/json;charset=UTF-8", response.getContentType(), "Correct Content-Type is returned")
     }
 
+    @Unroll
+    @Feature("ESTEID_AUTH_ENDPOINT")
+    @Feature("REJECT_UNKNOWN_CERTS")
+    def "Init ID-Card authentication with revoked certificate"() {
+        expect:
+        String certificate = Utils.getCertificateAsString("src/test/resources/revoked-cert.pem")
+        Steps.startAuthenticationInTara(flow)
+        HashMap<String, String> headersMap = (HashMap) Collections.emptyMap()
+        Utils.setParameter(headersMap, "XCLIENTCERTIFICATE", certificate)
+        Response response = Requests.idCardAuthentication(flow, headersMap)
+        assertEquals(400, response.statusCode(), "Correct HTTP status code is returned")
+        assertThat("Correct response", response.body().jsonPath().get("status").toString(), equalTo("ERROR"))
+        assertThat("Correct error message", response.body().jsonPath().get("message").toString(), equalTo("ID-kaardi sertifikaadid on peatatud või tühistatud. Palun pöörduge Politsei- ja Piirivalveameti teenindusse."))
+        assertEquals("application/json;charset=UTF-8", response.getContentType(), "Correct Content-Type is returned")
+    }
+
+    @Unroll
+    @Feature("ESTEID_AUTH_ENDPOINT")
+    @Feature("REJECT_UNKNOWN_CERTS")
+    def "Init ID-Card authentication with unknown certificate"() {
+        expect:
+        String certificate = Utils.getCertificateAsString("src/test/resources/unknown-cert.pem")
+        Steps.startAuthenticationInTara(flow)
+        HashMap<String, String> headersMap = (HashMap) Collections.emptyMap()
+        Utils.setParameter(headersMap, "XCLIENTCERTIFICATE", certificate)
+        Response response = Requests.idCardAuthentication(flow, headersMap)
+        assertEquals(400, response.statusCode(), "Correct HTTP status code is returned")
+        assertThat("Correct response", response.body().jsonPath().get("status").toString(), equalTo("ERROR"))
+        assertThat("Correct error message", response.body().jsonPath().get("message").toString(), equalTo("ID-kaardi sertifikaadid on peatatud või tühistatud. Palun pöörduge Politsei- ja Piirivalveameti teenindusse."))
+        assertEquals("application/json;charset=UTF-8", response.getContentType(), "Correct Content-Type is returned")
+    }
+
     @Unroll
     @Feature("IDCARD_AUTH_SUCCESSFUL")
     def "Authenticate with ID-Card"() {
         expect:
         String certificate = Utils.getCertificateAsString("src/test/resources/joeorg-auth.pem")
-        Response initClientAuthenticationSession = Steps.startAuthenticationInTara(flow)
+        Steps.startAuthenticationInTara(flow)
         HashMap<String, String> headersMap = (HashMap) Collections.emptyMap()
         Utils.setParameter(headersMap, "XCLIENTCERTIFICATE", certificate)
         Response response = Requests.idCardAuthentication(flow, headersMap)
@@ -97,7 +129,7 @@ class IDCardAuthSpec extends TaraSpecification {
     def "Authenticate with ID-Card. Esteid 2015 chain certificate"() {
         expect:
         String certificate = Utils.getCertificateAsString("src/test/resources/Mari-Liis-Esteid-2015_auth.pem")
-        Response initClientAuthenticationSession = Steps.startAuthenticationInTara(flow)
+        Steps.startAuthenticationInTara(flow)
         HashMap<String, String> headersMap = (HashMap) Collections.emptyMap()
         Utils.setParameter(headersMap, "XCLIENTCERTIFICATE", certificate)
         Response response = Requests.idCardAuthentication(flow, headersMap)
@@ -141,7 +173,7 @@ class IDCardAuthSpec extends TaraSpecification {
     def "Verify ID-Card authentication response headers"() {
         expect:
         String certificate = Utils.getCertificateAsString("src/test/resources/joeorg-auth.pem")
-        Response initClientAuthenticationSession = Steps.startAuthenticationInTara(flow)
+        Steps.startAuthenticationInTara(flow)
         HashMap<String, String> headersMap = (HashMap) Collections.emptyMap()
         Utils.setParameter(headersMap, "XCLIENTCERTIFICATE", certificate)
         Response response = Requests.idCardAuthentication(flow, headersMap)
@@ -154,7 +186,7 @@ class IDCardAuthSpec extends TaraSpecification {
     def "Init ID-Card authentication with invalid session"() {
         expect:
         String certificate = Utils.getCertificateAsString("src/test/resources/joeorg-auth.pem")
-        Response initClientAuthenticationSession = Steps.startAuthenticationInTara(flow)
+        Steps.startAuthenticationInTara(flow)
         HashMap<String, String> headersMap = (HashMap) Collections.emptyMap()
         Utils.setParameter(headersMap, "XCLIENTCERTIFICATE", certificate)
         flow.setSessionId("123456789")
@@ -170,7 +202,7 @@ class IDCardAuthSpec extends TaraSpecification {
     def "Init ID-Card authentication with missing session cookie"() {
         expect:
         String certificate = Utils.getCertificateAsString("src/test/resources/joeorg-auth.pem")
-        Response initClientAuthenticationSession = Steps.startAuthenticationInTara(flow)
+        Steps.startAuthenticationInTara(flow)
         HashMap<String, String> headersMap = (HashMap) Collections.emptyMap()
         Utils.setParameter(headersMap, "XCLIENTCERTIFICATE", certificate)
         Response response = Requests.idCardAuthenticationWithoutSession(flow, headersMap)

src/test/resources/revoked-cert.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEDjCCA2+gAwIBAgIQV+LMA+DL5AtcyshOw6C/kzAKBggqhkjOPQQDBDBgMQsw
+CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh
+DA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4X
+DTE5MDUwMjEwMzcwMloXDTI5MDUwMjEwMzcwMlowfzELMAkGA1UEBhMCRUUxFjAU
+BgNVBCoMDUpBQUstS1JJU1RKQU4xEDAOBgNVBAQMB0rDlUVPUkcxKjAoBgNVBAMM
+IUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEaMBgGA1UEBRMRUE5P
+RUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAToiXPYxQeHolEu
+uRpUuXtzFtkD2sxKYh6WjlvWwZXDlzYZh6bRZ0TaRMinThln2CNH/e/jbjwDrd8x
+sJWClzKk4lEekCB6Op2t0kTod/6yrPfo6SfyriCyI2bJkWrirz+jggHNMIIByTAJ
+BgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIDiDBHBgNVHSAEQDA+MDIGCysGAQQBg5Eh
+AQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAIBgYEAI96
+AQIwKQYDVR0RBCIwIIEea3Jpc3RqYW4tamFhay5qb2VvcmdrQGVlc3RpLmVlMB0G
+A1UdDgQWBBRH6VQB9Wa6AVDhOiJjkwhTKSTxuzBhBggrBgEFBQcBAwRVMFMwUQYG
+BACORgEFMEcwRRY/aHR0cHM6Ly9zay5lZS9lbi9yZXBvc2l0b3J5L2NvbmRpdGlv
+bnMtZm9yLXVzZS1vZi1jZXJ0aWZpY2F0ZXMvEwJFTjAgBgNVHSUBAf8EFjAUBggr
+BgEFBQcDAgYIKwYBBQUHAwQwHwYDVR0jBBgwFoAUwISZKcROnzsCNPaZ4QpWAAgp
+PnswcwYIKwYBBQUHAQEEZzBlMCwGCCsGAQUFBzABhiBodHRwOi8vYWlhLmRlbW8u
+c2suZWUvZXN0ZWlkMjAxODA1BggrBgEFBQcwAoYpaHR0cDovL2Muc2suZWUvVGVz
+dF9vZl9FU1RFSUQyMDE4LmRlci5jcnQwCgYIKoZIzj0EAwQDgYwAMIGIAkIAh/ZY
+LzGO80Dbh08tDInz1AYhxXsp+iEk+6fdXyPLmXNt3zlH+udzIC33XtDXhJ3xjMiD
+t/QbmNwfXIE12TCSPUACQgCWkyVDf3h8ex9UbCkEmBMv3TBbHrQU8Fyfat9qRf9N
+eqFtuScOLrPkDXGqCTgEa4Olj7BYmBrQDG5WDV4mEmHWkA==
+-----END CERTIFICATE-----

src/test/resources/unknown-cert.pem

@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIID7TCCA0+gAwIBAgIQF2q2ts5+lGVcyskEJYEhdDAKBggqhkjOPQQDBDBgMQsw
+CQYDVQQGEwJFRTEbMBkGA1UECgwSU0sgSUQgU29sdXRpb25zIEFTMRcwFQYDVQRh
+DA5OVFJFRS0xMDc0NzAxMzEbMBkGA1UEAwwSVEVTVCBvZiBFU1RFSUQyMDE4MB4X
+DTE5MDUwMjEwNDAwNFoXDTI5MDUwMjEwNDAwNFowfzELMAkGA1UEBhMCRUUxFjAU
+BgNVBCoMDUpBQUstS1JJU1RKQU4xEDAOBgNVBAQMB0rDlUVPUkcxKjAoBgNVBAMM
+IUrDlUVPUkcsSkFBSy1LUklTVEpBTiwzODAwMTA4NTcxODEaMBgGA1UEBRMRUE5P
+RUUtMzgwMDEwODU3MTgwdjAQBgcqhkjOPQIBBgUrgQQAIgNiAAQDucCo8W0S0rsA
+AMCxmmMI4SVPY/zfCppYrH6rElG9oJ30Ktsuw6KrCDwr0I8u+49ZX6meluG8FV3s
+Q/KfnYT2hyZRsBETNGGvnyFhoDY1leUjrvf1KnbyhPlsdwZW6eqjggGtMIIBqTAJ
+BgNVHRMEAjAAMA4GA1UdDwEB/wQEAwIDiDBHBgNVHSAEQDA+MDIGCysGAQQBg5Eh
+AQIBMCMwIQYIKwYBBQUHAgEWFWh0dHBzOi8vd3d3LnNrLmVlL0NQUzAIBgYEAI96
+AQIwCQYDVR0RBAIwADAdBgNVHQ4EFgQU0NEIPGGVqGxjUkSRFmfNz0w5YPEwYQYI
+KwYBBQUHAQMEVTBTMFEGBgQAjkYBBTBHMEUWP2h0dHBzOi8vc2suZWUvZW4vcmVw
+b3NpdG9yeS9jb25kaXRpb25zLWZvci11c2Utb2YtY2VydGlmaWNhdGVzLxMCRU4w
+IAYDVR0lAQH/BBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMEMB8GA1UdIwQYMBaAFMCE
+mSnETp87AjT2meEKVgAIKT57MHMGCCsGAQUFBwEBBGcwZTAsBggrBgEFBQcwAYYg
+aHR0cDovL2FpYS5kZW1vLnNrLmVlL2VzdGVpZDIwMTgwNQYIKwYBBQUHMAKGKWh0
+dHA6Ly9jLnNrLmVlL1Rlc3Rfb2ZfRVNURUlEMjAxOC5kZXIuY3J0MAoGCCqGSM49
+BAMEA4GLADCBhwJCAIVlbkObg0ket7u5re7q2RWUlGYO9pMuXxi57r7rA9uXQuU4
+1+CcrIAharO3JcNzAFHL+6UCeOopeI7S+DZyOKeAAkFUBP0lomF6QrjxggHgQBrs
+NHt2/+3tiwGxboTA9QEEIhg3VrWX2jzydAQjN1UTOp7/sIKyQf+0gCaxIolBDqrs
+Dg==
+-----END CERTIFICATE-----