Merge branch 'new-tests'

Author: marche271

testplans/spid-cie-oidc/config/testplan-to-mr/templates/wrong_input-JWT parameter not in.json

@@ -0,0 +1,37 @@
+{
+  "test suite": {
+    "name": "Single test",
+    "description": "One test only",
+    "filter messages": true
+  },
+  "tests": [
+    {
+      "test": {
+        "name": "var0",
+        "description": "var1",
+        "type": "passive",
+        "sessions": "session0",
+        "operations": [
+          {
+            "message type": "var2",
+            "decode operations": [
+              {
+                "from": "var3",
+                "decode param": "var4",
+                "type": "jwt",
+                "checks": [
+                  {
+                    "in": "var5",
+                    "check": "$var6",
+                    "not matches regex": "var7"
+                  }
+                ]
+              }
+            ]
+          }
+        ],
+        "result": "correct flow s1"
+      }
+    }
+  ]
+}

testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/tests/single/AA/AA-Entity Configuration response-metadata-authorization_endpoint-value.json

@@ -0,0 +1,39 @@
+{
+  "test suite": {
+    "name": "Single test",
+    "description": "One test only",
+    "filter messages": true
+  },
+  "tests": [
+    {
+      "test": {
+        "name": "Does the AA metadata contain correct type authorization_endpoint claim",
+        "description": "In this test the AA metadata in the AA Entity Configuration are taken and the value of the authorization_endpoint claim in the 'federation_entity' entity type is \"private\"",
+        "type": "passive",
+        "sessions": [
+          "s1"
+        ],
+        "operations": [
+          {
+            "message type": "Entity Configuration response AA",
+            "decode operations": [
+              {
+                "from": "body",
+                "decode param": "[^\\n\\r]*",
+                "type": "jwt",
+                "checks": [
+                  {
+                    "in": "payload",
+                    "check": "$.metadata.federation_entity",
+                    "json schema compliant": "{\"type\": \"object\",\"properties\": {\"authorization_endpoint\": {\"type\": \"string\",\"const\": \"private\"}},\"required\": [\"authorization_endpoint\"]}"
+                  }
+                ]
+              }
+            ]
+          }
+        ],
+        "result": "correct flow s1"
+      }
+    }
+  ]
+}

testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/tests/single/AA/AA-Entity Configuration response-metadata-logo_uri-type.json

@@ -0,0 +1,39 @@
+{
+  "test suite": {
+    "name": "Single test",
+    "description": "One test only",
+    "filter messages": true
+  },
+  "tests": [
+    {
+      "test": {
+        "name": "Does the AA metadata contain correct type logo_uri claim",
+        "description": "In this test the SA metadata in the TA Entity Configuration are taken and the value of the logo_uri claim in the 'federation_entity' entity type is an URL with an .svg file",
+        "type": "passive",
+        "sessions": [
+          "s1"
+        ],
+        "operations": [
+          {
+            "message type": "Entity Configuration response AA",
+            "decode operations": [
+              {
+                "from": "body",
+                "decode param": "[^\\n\\r]*",
+                "type": "jwt",
+                "checks": [
+                  {
+                    "in": "payload",
+                    "check": "$.metadata.federation_entity",
+                    "json schema compliant": "{\"type\":\"object\", \"properties\":{\"logo_uri\":{\"type\":\"string\", \"format\":\"uri\", \"pattern\":\"^https://.*\\\\.svg$\"}},\"required\":[\"logo_uri\"]}"
+                  }
+                ]
+              }
+            ]
+          }
+        ],
+        "result": "correct flow s1"
+      }
+    }
+  ]
+}

testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/tests/single/RP/RP-Token response-Assertion-aud-type.json testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/tests/single/AA/AA-Entity Configuration response-metadata-op_policy_uri-type.json

@@ -7,34 +7,32 @@
   "tests": [
     {
       "test": {
-        "name": "Does the signed JWT assertion contain a correct aud claim",
-        "description": "This test can be performed by taking the JWT present in the 'client_assertion' field of the RP's request, base64url decoding the payload and checking the aud. Its value must be an URL",
+        "name": "Does the AA metadata contain correct type op_policy_uri claim",
+        "description": "In this test the AA metadata in the AA Entity Configuration are taken and the value of the op_policy_uri claim in the 'openid_provider' entity type is \"private\"",
         "type": "passive",
         "sessions": [
           "s1"
         ],
         "operations": [
           {
-            "message type": "Token response",
+            "message type": "Entity Configuration response AA",
             "decode operations": [
               {
                 "from": "body",
-                "decode param": "(?<=client_assertion=)([^&]+)",
+                "decode param": "[^\\n\\r]*",
                 "type": "jwt",
                 "checks": [
                   {
                     "in": "payload",
-                    "check": "$",
-                    "json schema compliant": "{\"type\": \"object\", \"properties\": {\"aud\": {\"type\": \"string\", \"format\": \"uri-reference\"}}, \"required\": [\"aud\"]}"
+                    "check": "$.metadata.openid_provider",
+                    "json schema compliant": "{\"type\": \"object\",\"properties\": {\"op_policy_uri\": {\"type\": \"string\",\"format\": \"uri\"}},\"required\": [\"op_policy_uri\"]}"
                   }
                 ]
               }
             ]
           }
         ],
-        "result": [
-          "s1"
-        ]
+        "result": "correct flow s1"
       }
     }
   ]

testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/tests/single/AA/AA-Entity Configuration response-metadata-op_policy_uri.json

@@ -7,8 +7,8 @@
   "tests": [
     {
       "test": {
-        "name": "Does the AA metadata contain the op_policy_uri claim",
-        "description": "In this test the AA metadata in the AA Entity Configuration are taken and the presence of the op_policy_uri claim in the 'oauth_authorization_server' entity type is checked.",
+        "name": "Does the AA metadata contain op_policy_uri claim",
+        "description": "In this test the AA metadata in the AA Entity Configuration are taken and the presence of the op_policy_uri claim in the 'openid_provider' entity type is checked",
         "type": "passive",
         "sessions": [
           "s1"
@@ -19,12 +19,12 @@
             "decode operations": [
               {
                 "from": "body",
-                "decode regex": "[^\\r\\n]*",
+                "decode param": "[^\\n\\r]*",
                 "type": "jwt",
                 "checks": [
                   {
                     "in": "payload",
-                    "check": "$.metadata.oauth_authorization_server.op_policy_uri",
+                    "check": "$..metadata.openid_provider.op_policy_uri",
                     "is present": "true"
                   }
                 ]

testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/tests/single/AA/AA-Entity Configuration response-metadata-resource-type.json

@@ -0,0 +1,39 @@
+{
+  "test suite": {
+    "name": "Single test",
+    "description": "One test only",
+    "filter messages": true
+  },
+  "tests": [
+    {
+      "test": {
+        "name": "Does the AA metadata contain correct type resource claim",
+        "description": "In this test the AA metadata in the AA Entity Configuration are taken and the value of the resource claim in the 'federation_entity' entity type is an HTTPS URL",
+        "type": "passive",
+        "sessions": [
+          "s1"
+        ],
+        "operations": [
+          {
+            "message type": "Entity Configuration response AA",
+            "decode operations": [
+              {
+                "from": "body",
+                "decode param": "[^\\n\\r]*",
+                "type": "jwt",
+                "checks": [
+                  {
+                    "in": "payload",
+                    "check": "$.metadata.federation_entity",
+                    "json schema compliant": "{\"type\": \"object\",\"properties\": {\"resource\": {\"oneOf\": [{\"type\": \"string\", \"format\": \"uri\", \"pattern\": \"^https://\"},{\"type\": \"array\",\"items\": {\"type\": \"string\", \"format\": \"uri\", \"pattern\": \"^https://\"},\"minItems\": 1}]}},\"required\": [\"resource\"]}"
+                  }
+                ]
+              }
+            ]
+          }
+        ],
+        "result": "correct flow s1"
+      }
+    }
+  ]
+}

testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/tests/single/AA/ALL-Entity Configuration response-correct-content-type.json

@@ -0,0 +1,33 @@
+{
+  "test suite": {
+    "name": "Single test",
+    "description": "One test only",
+    "filter messages": true
+  },
+  "tests": [
+    {
+      "test": {
+        "name": "Does the entity return a correct Content-Type in the EC response",
+        "description": "In this test a correct request to the entity's /.well-known/openid-federation endpoint is made and the response is analyzed. It must have a Content-Type parameter set to application/entity-statement+jwt",
+        "type": "passive",
+        "sessions": [
+          "s1"
+        ],
+        "operations": [
+          {
+            "message type": "Entity Configuration response AA",
+            "checks": [
+              {
+                "in": "head",
+                "url decode": false,
+                "is": "application/entity-statement+jwt",
+                "check param": "Content-Type"
+              }
+            ]
+          }
+        ],
+        "result": "correct flow s1"
+      }
+    }
+  ]
+}

testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/tests/single/TA/TA-Trust Mark status response-valid-trust_mark-status.json testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/tests/single/AA/ALL-Entity Configuration response-correct-http-code.json

@@ -7,15 +7,15 @@
   "tests": [
     {
       "test": {
-        "name": "Does the Entity's trust mark status endpoint correctly response to valid Trust Marks",
-        "description": "In order to check if the trust mark status endpoint of a TA or SA correctly verifies valid trust marks, a valid trust mark can be sent to the endpoint and the response analyzed",
+        "name": "Does the entity return a correct HTTP code in the EC response",
+        "description": "In this test a correct request to the entity's /.well-known/openid-federation endpoint is made and the response is analyzed. It must be an HTTP 200 OK response",
         "type": "passive",
         "sessions": [
           "s1"
         ],
         "operations": [
           {
-            "message type": "Trust Mark status response",
+            "message type": "Entity Configuration response AA",
             "checks": [
               {
                 "in": "head",

testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/tests/single/AA/ALL-Entity Configuration response-exp-type.json

@@ -0,0 +1,39 @@
+{
+  "test suite": {
+    "name": "Single test",
+    "description": "One test only",
+    "filter messages": true
+  },
+  "tests": [
+    {
+      "test": {
+        "name": "Does entity configuration contain a correct exp parameter",
+        "description": "To accomplish this test, the Entity configuration of the interested entity is taken, the payload is decoded (Base64 encoding) and the presence of the exp parameter is checked",
+        "type": "passive",
+        "sessions": [
+          "s1"
+        ],
+        "operations": [
+          {
+            "message type": "Entity Configuration response AA",
+            "decode operations": [
+              {
+                "from": "body",
+                "decode param": "[^\\r\\n]*",
+                "type": "jwt",
+                "checks": [
+                  {
+                    "in": "payload",
+                    "check": "$",
+                    "json schema compliant": "{\"type\": \"object\", \"properties\": {\"exp\": {\"type\": \"integer\", \"minimum\": 0}}, \"required\": [\"exp\"]}"
+                  }
+                ]
+              }
+            ]
+          }
+        ],
+        "result": "correct flow s1"
+      }
+    }
+  ]
+}

testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/tests/single/AA/ALL-Entity Configuration response-exp.json

@@ -0,0 +1,39 @@
+{
+  "test suite": {
+    "name": "Single test",
+    "description": "One test only",
+    "filter messages": true
+  },
+  "tests": [
+    {
+      "test": {
+        "name": "Does entity configuration contain the exp parameter",
+        "description": "To accomplish this test, the Entity configuration of the interested entity is taken, the payload is decoded (Base64 encoding) and the presence of the exp parameter is checked",
+        "type": "passive",
+        "sessions": [
+          "s1"
+        ],
+        "operations": [
+          {
+            "message type": "Entity Configuration response AA",
+            "decode operations": [
+              {
+                "from": "body",
+                "decode param": "[^\\r\\n]*",
+                "type": "jwt",
+                "checks": [
+                  {
+                    "in": "payload",
+                    "check": "$.exp",
+                    "is present": "true"
+                  }
+                ]
+              }
+            ]
+          }
+        ],
+        "result": "correct flow s1"
+      }
+    }
+  ]
+}

testplans/spid-cie-oidc/implementations/spid-cie-oidc-django/input/mig-t/tests/single/AA/ALL-Entity Configuration response-exposed.json

@@ -0,0 +1,32 @@
+{
+  "test suite": {
+    "name": "Single test",
+    "description": "One test only",
+    "filter messages": true
+  },
+  "tests": [
+    {
+      "test": {
+        "name": "Does the Entity expose the /.well-known/openid-federation endpoint",
+        "description": "In order to check the presence and correctness of the /.well-known/openid-federation endpoint, an HTTP GET request to the entity's endpoint is done and its entity configuration is expected as response.",
+        "type": "passive",
+        "sessions": [
+          "s1"
+        ],
+        "operations": [
+          {
+            "message type": "Entity Configuration response AA",
+            "checks": [
+              {
+                "in": "head",
+                "check regex": "HTTP/?\\d?\\.?\\d?\\s200",
+                "is present": "true"
+              }
+            ]
+          }
+        ],
+        "result": "correct flow s1"
+      }
+    }
+  ]
+}