v3.0.5

ReleaseNotes.md

@@ -1,3 +1,7 @@
+# Release 3.0.5
+
+- minor refactoring/some bug fixes in testsuite
+
 # Release 3.0.4
 
 - fix missing iat and iss in signedJwks structure

gsi-coverage-report/pom.xml

@@ -6,7 +6,7 @@
   <parent>
     <groupId>de.gematik.idp</groupId>
     <artifactId>gemSekIdp-global</artifactId>
-    <version>3.0.4</version>
+    <version>3.0.5</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 

gsi-server/pom.xml

@@ -7,13 +7,13 @@
   <parent>
     <groupId>de.gematik.idp</groupId>
     <artifactId>gemSekIdp-global</artifactId>
-    <version>3.0.4</version>
+    <version>3.0.5</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 
 
   <artifactId>gsi-server</artifactId>
-  <version>3.0.4</version>
+  <version>3.0.5</version>
   <packaging>jar</packaging>
 
   <name>gsi-server</name>

gsi-testsuite/pom.xml

@@ -7,12 +7,12 @@
   <parent>
     <groupId>de.gematik.idp</groupId>
     <artifactId>gemSekIdp-global</artifactId>
-    <version>3.0.4</version>
+    <version>3.0.5</version>
     <relativePath>../pom.xml</relativePath>
   </parent>
 
   <artifactId>gsi-testsuite</artifactId>
-  <version>3.0.4</version>
+  <version>3.0.5</version>
   <packaging>jar</packaging>
   <description>Testsuite fuer sektorale IDPs</description>
 

gsi-testsuite/src/test/java/de/gematik/idp/gsi/test/steps/IdpSektoralSteps.java

@@ -34,10 +34,6 @@ public class IdpSektoralSteps {
   static final String FED_MASTER_URL = "fedmaster";
   static final String ENTITY_STATEMENT_ENDPOINT = "/.well-known/openid-federation";
 
-  public void fetchEntStmnt() {
-    sendRequestTo("http://" + IDP_SEKTORAL_URL + ENTITY_STATEMENT_ENDPOINT, "GET", null);
-  }
-
   public void sendRequestTo(final String url, final String httpMethod, final DataTable params) {
     SerenityRest.useRelaxedHTTPSValidation();
     final RequestSpecification reqSpec = SerenityRest.rest();

gsi-testsuite/src/test/java/de/gematik/idp/gsi/test/steps/StepsGlue.java

@@ -61,11 +61,6 @@ public class StepsGlue {
 
   @Steps IdpSektoralSteps idpSektoralSteps;
 
-  @And("Fetch Entity statement")
-  public void ifetchEntStmnt() {
-    idpSektoralSteps.fetchEntStmnt();
-  }
-
   @Given("Fetch Fed Master's Entity Statement")
   public void fetchFedMasterSEntityStatement() {
     idpSektoralSteps.sendRequestTo(

gsi-testsuite/src/test/resources/features/gsiSpecificAuthentication.feature

@@ -19,8 +19,8 @@
 Feature: Test GSI specific authentication
 
   Background: Initialisiere Testkontext durch Abfrage des Entity Statements
-    Given Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     Then TGR set local variable "pushed_authorization_request_endpoint" to "!{rbel:currentResponseAsString('$..pushed_authorization_request_endpoint')}"
     Then TGR set local variable "authorization_endpoint" to "!{rbel:currentResponseAsString('$..authorization_endpoint')}"
 

gsi-testsuite/src/test/resources/features/idpsektoralAuthorizationEndpoint.feature

@@ -19,8 +19,8 @@
 Feature: Test IdpSektoral's Auth Endpoint
 
   Background: Initialisiere Testkontext durch Abfrage des Entity Statements
-    Given Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     Then TGR set local variable "pushed_authorization_request_endpoint" to "!{rbel:currentResponseAsString('$..pushed_authorization_request_endpoint')}"
     Then TGR set local variable "authorization_endpoint" to "!{rbel:currentResponseAsString('$..authorization_endpoint')}"
 
@@ -49,13 +49,14 @@ Feature: Test IdpSektoral's Auth Endpoint
       | request_uri   | client_id          |
       | ${requestUri} | gsi.clientid.valid |
     And TGR find request to path ".*"
-    Then TGR current response with attribute "$.responseCode" matches "200"
+    Then TGR current response with attribute "$.responseCode" matches "(200|302)"
 
 
   @TCID:IDPSEKTORAL_AUTH_ENDPOINT_002
     @Approval
     @PRIO:1
     @TESTSTUFE:4
+    @OpenBug
   Scenario Outline: IdpSektoral Auth Endpoint - Negativfall - fehlerhaft befüllte Parameter
 
   ```
@@ -76,17 +77,27 @@ Feature: Test IdpSektoral's Auth Endpoint
       | <request_uri> | <client_id> |
     And TGR find request to path ".*"
     Then TGR current response with attribute "$.responseCode" matches "<responseCode>"
+    And TGR current response at "$.body" matches as JSON:
+        """
+          {
+            "error":                        '.*',
+            "____error_description":        '.*',
+            "____error_uri":                '.*'
+          }
+        """
+    And TGR current response at "$.body.error" matches "<error>"
 
     Examples:
-      | client_id          | request_uri                                                    | error           | responseCode |
-      | gsi.clientid.valid | urn:ietf:params:oauth:request_uri:ZoWuCxe9C8-uW8T3ngvqoYN-stzw | invalid_request | 200          |
-      | invalidClient      | ${requestUri}                                                  | invalid_request | 200          |
+      | client_id          | request_uri                                                    | error               | responseCode |
+      | gsi.clientid.valid | urn:ietf:params:oauth:request_uri:ZoWuCxe9C8-uW8T3ngvqoYN-stzw | invalid_request_uri | 400          |
+      | invalidClient      | ${requestUri}                                                  | invalid_request     | 400          |
 
 
   @TCID:IDPSEKTORAL_AUTH_ENDPOINT_003
     @Approval
     @PRIO:1
     @TESTSTUFE:4
+    @OpenBug
   Scenario Outline: IdpSektoral Auth Endpoint - Negativfall - fehlende verpflichtende Parameter
 
   ```
@@ -158,4 +169,4 @@ Feature: Test IdpSektoral's Auth Endpoint
             "____error_uri":                '.*'
           }
         """
-    And TGR current response at "$.body.error" matches "invalid_request"
+    And TGR current response at "$.body.error" matches "(invalid_request|invalid_request_uri)"

gsi-testsuite/src/test/resources/features/idpsektoralEntityStatement.feature

@@ -19,8 +19,8 @@
 Feature: Test Entity Statement of IdpSektoral
 
   Background: Initialisiere Testkontext durch Abfrage des Entity Statements
-    Given Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     And Expect JWKS in last message and add its keys to truststore
 
   @TCID:IDPSEKTORAL_ENTITY_STATEMENT_001
@@ -33,8 +33,8 @@ Feature: Test Entity Statement of IdpSektoral
   Wir rufen das Entity Statement des IdpSektoral ab und prüfen, ob die Signatur korrekt ist
 
     Given TGR clear recorded messages
-    When Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     And Check signature of JWS in last message
 
   @TCID:IDPSEKTORAL_ENTITY_STATEMENT_002
@@ -52,8 +52,8 @@ Feature: Test Entity Statement of IdpSektoral
   - einen JWS enthalten
 
     Given TGR clear recorded messages
-    When Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     Then TGR current response with attribute "$.responseCode" matches "200"
     And TGR current response with attribute "$.header.Content-Type" matches "application/entity-statement\+jwt.*"
 
@@ -70,8 +70,8 @@ Feature: Test Entity Statement of IdpSektoral
   Der Response Body muss ein JWS mit den folgenden Header Claims sein:
 
     Given TGR clear recorded messages
-    When Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     Then TGR current response at "$.body.header" matches as JSON:
             """
           {
@@ -93,8 +93,8 @@ Feature: Test Entity Statement of IdpSektoral
   Der Response Body muss ein JWS mit den korrekten Body Claims sein:
 
     Given TGR clear recorded messages
-    When Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     Then TGR current response at "$.body.body" matches as JSON:
             """
           {
@@ -120,8 +120,8 @@ Feature: Test Entity Statement of IdpSektoral
   Der Response Body muss ein JWS sein. Dieser muss einen korrekt aufgebauten Body Claim metadata enthalten
 
     Given TGR clear recorded messages
-    When Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     Then TGR current response at "$.body.body.metadata" matches as JSON:
     """
           {
@@ -166,8 +166,8 @@ Feature: Test Entity Statement of IdpSektoral
     """
           {
             name:             '.*',
-            contacts:         "${json-unit.ignore}",
-            homepage_uri:     'http.*'
+            ____contacts:         "${json-unit.ignore}",
+            ____homepage_uri:     'http.*'
           }
     """
     And TGR current response at "$.body.body.metadata.federation_entity.contacts.0" matches ".*"
@@ -186,8 +186,8 @@ Feature: Test Entity Statement of IdpSektoral
   Das JWKS muss mindestens einen strukturell korrekten JWK mit use = sig enthalten.
 
     Given TGR clear recorded messages
-    When Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     Then TGR current response at "$.body.body.jwks.keys.[?(@.kid.content =='${gsi.sigKeyKid}')]" matches as JSON:
         """
           {
@@ -213,8 +213,8 @@ Feature: Test Entity Statement of IdpSektoral
   In dem Claim scopes_supported müssen (neben möglichen anderen) die von der gematik vorgeschriebenen Scopes enthalten sein
 
     Given TGR clear recorded messages
-    When Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     And TGR current response at "$.body.body.metadata.openid_provider.scopes_supported" matches ".*urn:telematik:given_name.*"
     And TGR current response at "$.body.body.metadata.openid_provider.scopes_supported" matches ".*urn:telematik:geburtsdatum.*"
     And TGR current response at "$.body.body.metadata.openid_provider.scopes_supported" matches ".*urn:telematik:alter.*"
@@ -237,6 +237,6 @@ Feature: Test Entity Statement of IdpSektoral
   In dem Claim response_types_supported muss (neben möglichen anderen) der Wert "code" enthalten sein
 
     Given TGR clear recorded messages
-    When Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     And TGR current response at "$.body.body.metadata.openid_provider.response_types_supported" matches ".*code.*"

gsi-testsuite/src/test/resources/features/idpsektoralPushedAuthorizationEndpoint.feature

@@ -19,8 +19,8 @@
 Feature: Test IdpSektoral's Pushed Auth Endpoint
 
   Background: Initialisiere Testkontext durch Abfrage des Entity Statements
-    Given Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     Then TGR set local variable "pushed_authorization_request_endpoint" to "!{rbel:currentResponseAsString('$..pushed_authorization_request_endpoint')}"
 
   @TCID:IDPSEKTORAL_PUSHED_AUTH_ENDPOINT_001
@@ -99,7 +99,7 @@ Feature: Test IdpSektoral's Pushed Auth Endpoint
 
     Examples:
       | client_id          | redirect_uri            | code_challenge_method | response_type | scope        | acr_values               | error           | responseCode |
-      | notUrl             | gsi.redirectUri         | S256                  | code          | gsi.scope    | gematik-ehealth-loa-high | invalid_request | 400          |
+      | notUrl             | gsi.redirectUri         | S256                  | code          | gsi.scope    | gematik-ehealth-loa-high | invalid_.*      | 40.*         |
       | gsi.clientid.valid | gsi.redirectUri         | plain                 | code          | gsi.scope    | gematik-ehealth-loa-high | invalid_request | 400          |
       | gsi.clientid.valid | gsi.redirectUri         | S256                  | token         | gsi.scope    | gematik-ehealth-loa-high | .*              | 400          |
       | gsi.clientid.valid | gsi.redirectUri         | S256                  | code          | invalidScope | gematik-ehealth-loa-high | invalid_scope   | 400          |
@@ -195,7 +195,7 @@ Feature: Test IdpSektoral's Pushed Auth Endpoint
     And TGR current response at "$.body" matches as JSON:
         """
           {
-            "error":                        'invalid_request',
+            "error":                        '(invalid_request|invalid_client)',
             "____error_description":        '.*'
           }
         """
@@ -219,7 +219,7 @@ Feature: Test IdpSektoral's Pushed Auth Endpoint
     And TGR current response at "$.body" matches as JSON:
         """
           {
-            "error":                        'invalid_request',
+            "error":                        '(invalid_request|invalid_client)',
             "____error_description":        '.*'
           }
         """

gsi-testsuite/src/test/resources/features/idpsektoralSignedJwks.feature

@@ -19,8 +19,8 @@
 Feature: Test signed Jwks of IdpSektoral
 
   Background: Initialisiere Testkontext durch Abfrage des Entity Statements
-    Given Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     And Expect JWKS in last message and add its keys to truststore
     Then TGR set local variable "signed_jwks_uri" to "!{rbel:currentResponseAsString('$..signed_jwks_uri')}"
     And TGR set local variable "entity_statement_sig_kid" to "!{rbel:currentResponseAsString('$.body.header.kid')}"

gsi-testsuite/src/test/resources/features/idpsektoralTokenEndpoint.feature

@@ -19,8 +19,8 @@
 Feature: Test IdpSektoral's Token Endpoint
 
   Background: Initialisiere Testkontext durch Abfrage des Entity Statements
-    Given Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     Then TGR set local variable "pushed_authorization_request_endpoint" to "!{rbel:currentResponseAsString('$..pushed_authorization_request_endpoint')}"
     Then TGR set local variable "authorization_endpoint" to "!{rbel:currentResponseAsString('$..authorization_endpoint')}"
     Then TGR set local variable "token_endpoint" to "!{rbel:currentResponseAsString('$..token_endpoint')}"
@@ -51,7 +51,7 @@ Feature: Test IdpSektoral's Token Endpoint
             "____error_uri":                '.*'
           }
         """
-    And TGR current response at "$.body.error" matches "(invalid_request)|(invalid_grant)"
+    And TGR current response at "$.body.error" matches "(invalid_request)|(invalid_grant)|(invalid_client)|(unsupported_grant_type)"
 
     Examples:
       | client_id          | redirect_uri            | code_verifier    | grant_type         | code                  | responseCode |

gsi-testsuite/src/test/resources/features/registration.feature

@@ -35,8 +35,8 @@ Feature: Test Fed Master's Entity Statement about IdpSektoral
   Wir rufen das Entity Statement des Fed Masters über den IdpSektoral ab und prüfen, ob im jwks ein passender Schlüssel steht
 
     Given TGR clear recorded messages
-    And Fetch Entity statement
-    And TGR find request to path "/.well-known/openid-federation"
+    When TGR sende eine leere GET Anfrage an "${gsi.fachdienstEntityStatementEndpoint}"
+    And TGR find request to path ".*/.well-known/openid-federation"
     Then TGR set local variable "idpSigKid" to "!{rbel:currentResponseAsString('$.body.header.kid')}"
     Given TGR clear recorded messages
     When Send Get Request to "${fedmasterFederationFetchEndpoint}" with

gsi-testsuite/tc_properties-external-Idp.yaml

@@ -15,4 +15,6 @@ codeChallenge: Ca3Ve8jSsBQOBFVqQvLs1E-dGV1BXg2FTvrd-Tg19Vg
 
 authorizationCode: eyfadsfds
 
-idToken: eyJhbGciOiJFUzI1NiIsImtpZCI6InB1a19pZHBfc2lnIiwidHlwIjoiSldUIn0=.eyJpc3MiOiJodHRwczovL2lkcC10ZXN0LnplbnRyYWwuaWRwLnNwbGl0ZG5zLnRpLWRpZW5zdGUuZGUiLCJzdWIiOiJodHRwczovL2lkcC10ZXN0LnplbnRyYWwuaWRwLnNwbGl0ZG5zLnRpLWRpZW5zdGUuZGUiLCJpYXQiOjE2MjMwNTYxMzYsImV4cCI6MTYyMzA5OTMzNiwiYXVkIjoiaHR0cHM6Ly9pZHAtdGVzdC56ZW50cmFsLmlkcC5zcGxpdGRucy50aS1kaWVuc3RlLmRlIiwibm9uY2UiOiI5ODc2NSIsImFjciI6ImdlbWF0aWstZWhlYWx0aC1sb2EtaGlnaCIsImFtciI6InVybjp0ZWxlbWF0aWs6YXV0aDplR0siLCJ1cm46dGVsZW1hdGlrOmNsYWltczpwcm9mZXNzaW9uIjoiMS4yLjI3Ni4wLjc2LjQuNDkiLCJ1cm46dGVsZW1hdGlrOmNsYWltczpnaXZlbl9uYW1lIjoiRGFyaXVzIE1pY2hhZWwgQnJpYW4gVWJibyIsInVybjp0ZWxlbWF0aWs6Y2xhaW1zOm9yZ2FuaXphdGlvbiI6IlRlc3QgR0tWLVNWTk9ULVZBTElEIiwidXJuOnRlbGVtYXRpazpjbGFpbXM6aWQiOiJYMTEwNDExNjc1Igp9.Z0mhWFS2TcUtZlj-KAX9ys9Az-MwEvQ6AxRMLh2mKSdG6PKfsxsXJQhldeIzD1s2zcTTe74QPd0xUG8OCz9VuQ
+idToken: eyJhbGciOiJFUzI1NiIsImtpZCI6InB1a19pZHBfc2lnIiwidHlwIjoiSldUIn0=.eyJpc3MiOiJodHRwczovL2lkcC10ZXN0LnplbnRyYWwuaWRwLnNwbGl0ZG5zLnRpLWRpZW5zdGUuZGUiLCJzdWIiOiJodHRwczovL2lkcC10ZXN0LnplbnRyYWwuaWRwLnNwbGl0ZG5zLnRpLWRpZW5zdGUuZGUiLCJpYXQiOjE2MjMwNTYxMzYsImV4cCI6MTYyMzA5OTMzNiwiYXVkIjoiaHR0cHM6Ly9pZHAtdGVzdC56ZW50cmFsLmlkcC5zcGxpdGRucy50aS1kaWVuc3RlLmRlIiwibm9uY2UiOiI5ODc2NSIsImFjciI6ImdlbWF0aWstZWhlYWx0aC1sb2EtaGlnaCIsImFtciI6InVybjp0ZWxlbWF0aWs6YXV0aDplR0siLCJ1cm46dGVsZW1hdGlrOmNsYWltczpwcm9mZXNzaW9uIjoiMS4yLjI3Ni4wLjc2LjQuNDkiLCJ1cm46dGVsZW1hdGlrOmNsYWltczpnaXZlbl9uYW1lIjoiRGFyaXVzIE1pY2hhZWwgQnJpYW4gVWJibyIsInVybjp0ZWxlbWF0aWs6Y2xhaW1zOm9yZ2FuaXphdGlvbiI6IlRlc3QgR0tWLVNWTk9ULVZBTElEIiwidXJuOnRlbGVtYXRpazpjbGFpbXM6aWQiOiJYMTEwNDExNjc1Igp9.Z0mhWFS2TcUtZlj-KAX9ys9Az-MwEvQ6AxRMLh2mKSdG6PKfsxsXJQhldeIzD1s2zcTTe74QPd0xUG8OCz9VuQ
+
+fachdienstEntityStatementEndpoint: http://gsiserver/.well-known/openid-federation