From 0657f59714e622f360f8d801a53fb8367b98f5a3 Mon Sep 17 00:00:00 2001 From: wkrop Date: Mon, 23 May 2022 07:15:10 -0700 Subject: [PATCH 1/2] REFAPP-1299 - Add support of multiple SSAs --- cmd/cli/config.go | 4 +- cmd/cli/main.go | 1 + pkg/compliant/auth/authoriser_builder.go | 29 +++++++++ pkg/compliant/dcr32.go | 82 +++++++++++++++++++----- pkg/compliant/dcr32_config.go | 11 +++- pkg/compliant/dcr32_config_test.go | 7 +- pkg/compliant/dcr32_test.go | 18 +++++- pkg/compliant/dcr33.go | 27 +++++--- 8 files changed, 144 insertions(+), 35 deletions(-) diff --git a/cmd/cli/config.go b/cmd/cli/config.go index 455a9b2..712101f 100644 --- a/cmd/cli/config.go +++ b/cmd/cli/config.go @@ -3,11 +3,12 @@ package main import ( "bytes" "encoding/json" - "github.com/OpenBankingUK/conformance-dcr/pkg/compliant" "io" "io/ioutil" "os" + "github.com/OpenBankingUK/conformance-dcr/pkg/compliant" + "github.com/pkg/errors" ) @@ -29,6 +30,7 @@ type Config struct { DeleteImplemented bool `json:"delete_implemented"` Environment string `json:"environment"` Brand string `json:"brand"` + SSAs []string `json:"ssas"` } func LoadConfig(configFilePath string) (Config, error) { diff --git a/cmd/cli/main.go b/cmd/cli/main.go index bd3fcc3..25392f4 100644 --- a/cmd/cli/main.go +++ b/cmd/cli/main.go @@ -83,6 +83,7 @@ func runCmd(flags flags) { cfg.DeleteImplemented, flags.tlsSkipVerify, cfg.SpecVersion, + cfg.SSAs, ) exitOnError(err) diff --git a/pkg/compliant/auth/authoriser_builder.go b/pkg/compliant/auth/authoriser_builder.go index f14b305..0a53dcd 100644 --- a/pkg/compliant/auth/authoriser_builder.go +++ b/pkg/compliant/auth/authoriser_builder.go @@ -20,6 +20,7 @@ type AuthoriserBuilder struct { jwtExpiration time.Duration transportCert *x509.Certificate transportCertSubjectDn string + ssas []string } func NewAuthoriserBuilder() AuthoriserBuilder { @@ -48,6 +49,11 @@ func (b AuthoriserBuilder) WithSSA(ssa string) AuthoriserBuilder { return b } +func (b AuthoriserBuilder) WithSSAs(ssas []string) AuthoriserBuilder { + b.ssas = ssas + return b +} + func (b AuthoriserBuilder) WithIssuer(issuer string) AuthoriserBuilder { b.issuer = issuer return b @@ -88,6 +94,29 @@ func (b AuthoriserBuilder) WithJwtExpiration(jwtExpiration time.Duration) Author return b } +func (b AuthoriserBuilder) popSsas(ssas *[]string) AuthoriserBuilder { + b.ssa = (*ssas)[0] + if len(*ssas) > 1 { + *ssas = (*ssas)[1:] + } else { + *ssas = []string{} + } + b.ssas = *ssas + return b +} + +// UpdateSsa - update the main ssa of the AuthoriserBuilder by popping the first one from ssas +func (b AuthoriserBuilder) UpdateSsa(ssas *[]string) AuthoriserBuilder { + // if ssas list is empty/doesn't exist then just return not modified AuthoriserBuilder + // if there are not enough ssas it's checked before at the early stage of dcr 32/33 + if len(*ssas) == 0 { + return b + } else { + b = b.popSsas(ssas) + return b + } +} + func (b AuthoriserBuilder) Build() (Authoriser, error) { if b.ssa == "" { return none{}, errors.New("missing ssa from authoriser") diff --git a/pkg/compliant/dcr32.go b/pkg/compliant/dcr32.go index 814324c..dd267d0 100644 --- a/pkg/compliant/dcr32.go +++ b/pkg/compliant/dcr32.go @@ -1,12 +1,14 @@ package compliant import ( + "errors" "fmt" - "github.com/OpenBankingUK/conformance-dcr/pkg/compliant/step" - "github.com/dgrijalva/jwt-go" "net/http" "time" + "github.com/OpenBankingUK/conformance-dcr/pkg/compliant/step" + "github.com/dgrijalva/jwt-go" + "github.com/OpenBankingUK/conformance-dcr/pkg/compliant/auth" "github.com/OpenBankingUK/conformance-dcr/pkg/compliant/schema" ) @@ -18,6 +20,7 @@ const ( specLinkDeleteSoftware = "https://openbanking.atlassian.net/wiki/spaces/DZ/pages/1078034771/Dynamic+Client+Registration+-+v3.2#DynamicClientRegistration-v3.2-DELETE/register/{ClientId}" specLinkRetrieveSoftware = "https://openbanking.atlassian.net/wiki/spaces/DZ/pages/1078034771/Dynamic+Client+Registration+-+v3.2#DynamicClientRegistration-v3.2-GET/register/{ClientId}" specLinkUpdateSoftware = "https://openbanking.atlassian.net/wiki/spaces/DZ/pages/1078034771/Dynamic+Client+Registration+-+v3.2#DynamicClientRegistration-v3.2-PUT/register/{ClientId}" + expectedSSAsLen32 = 15 ) func NewDCR32(cfg DCR32Config) (Manifest, error) { @@ -25,22 +28,35 @@ func NewDCR32(cfg DCR32Config) (Manifest, error) { authoriserBuilder := cfg.AuthoriserBuilder validator := cfg.SchemaValidator + ssas := &cfg.SSAs + if err := validateSSAsLen(*ssas, expectedSSAsLen32); err != nil { + return nil, err + } + scenarios := Scenarios{ DCR32ValidateOIDCConfigRegistrationURL(cfg), - DCR32CreateSoftwareClient(cfg, secureClient, authoriserBuilder), - DCR32DeleteSoftwareClient(cfg, secureClient, authoriserBuilder), - DCR32CreateInvalidRegistrationRequest(cfg, secureClient, authoriserBuilder), - DCR32RetrieveSoftwareClient(cfg, secureClient, authoriserBuilder, validator), - DCR32RetrieveWithInvalidCredentials(cfg, secureClient, authoriserBuilder), - DCR32UpdateSoftwareClient(cfg, secureClient, authoriserBuilder), - DCR32UpdateSoftwareClientWithWrongId(cfg, secureClient, authoriserBuilder), - DCR32RetrieveSoftwareClientWrongId(cfg, secureClient, authoriserBuilder), - DCR32RegisterSoftwareWrongResponseType(cfg, secureClient, authoriserBuilder), + DCR32CreateSoftwareClient(cfg, secureClient, authoriserBuilder, ssas), + DCR32DeleteSoftwareClient(cfg, secureClient, authoriserBuilder, ssas), + DCR32CreateInvalidRegistrationRequest(cfg, secureClient, authoriserBuilder, ssas), + DCR32RetrieveSoftwareClient(cfg, secureClient, authoriserBuilder, validator, ssas), + DCR32RetrieveWithInvalidCredentials(cfg, secureClient, authoriserBuilder, ssas), + DCR32UpdateSoftwareClient(cfg, secureClient, authoriserBuilder, ssas), + DCR32UpdateSoftwareClientWithWrongId(cfg, secureClient, authoriserBuilder, ssas), + DCR32RetrieveSoftwareClientWrongId(cfg, secureClient, authoriserBuilder, ssas), + DCR32RegisterSoftwareWrongResponseType(cfg, secureClient, authoriserBuilder, ssas), } return NewManifest("DCR32", "1.0", scenarios) } +func validateSSAsLen(ssas []string, expectedLen int) error { + ssasLen := len(ssas) + if ssasLen != 0 && ssasLen < expectedLen { + return errors.New("invalid amout of SSAs provided in the config") + } + return nil +} + func DCR32ValidateOIDCConfigRegistrationURL(cfg DCR32Config) Scenario { return NewBuilder( "DCR-001", @@ -57,7 +73,9 @@ func DCR32CreateSoftwareClient( cfg DCR32Config, secureClient *http.Client, authoriserBuilder auth.AuthoriserBuilder, + ssas *[]string, ) Scenario { + authoriserBuilder = authoriserBuilder.UpdateSsa(ssas) return NewBuilder( "DCR-002", "Dynamically create a new software client", @@ -109,6 +127,7 @@ func DCR32DeleteSoftwareClient( cfg DCR32Config, secureClient *http.Client, authoriserBuilder auth.AuthoriserBuilder, + ssas *[]string, ) Scenario { id := "DCR-003" name := "Delete software is supported" @@ -121,6 +140,8 @@ func DCR32DeleteSoftwareClient( ).Build() } + authoriserBuilder = authoriserBuilder.UpdateSsa(ssas) + return NewBuilder( id, name, @@ -141,7 +162,14 @@ func DCR32CreateInvalidRegistrationRequest( cfg DCR32Config, secureClient *http.Client, authoriserBuilder auth.AuthoriserBuilder, + ssas *[]string, ) Scenario { + authoriserBuilder0 := authoriserBuilder.UpdateSsa(ssas) + authoriserBuilder1 := authoriserBuilder0.UpdateSsa(ssas) + authoriserBuilder2 := authoriserBuilder1.UpdateSsa(ssas) + authoriserBuilder3 := authoriserBuilder2.UpdateSsa(ssas) + authoriserBuilder = authoriserBuilder3.UpdateSsa(ssas) + return NewBuilder( "DCR-004", "Dynamically create a new software client will fail on invalid registration request", @@ -151,7 +179,7 @@ func DCR32CreateInvalidRegistrationRequest( NewTestCaseBuilder("Register software client fails on expired claims"). WithHttpClient(secureClient). GenerateSignedClaims( - authoriserBuilder. + authoriserBuilder0. WithJwtExpiration(-time.Hour), ). PostClientRegister(cfg.OpenIDConfig.RegistrationEndpointAsString()). @@ -162,7 +190,7 @@ func DCR32CreateInvalidRegistrationRequest( NewTestCaseBuilder("Register software client fails on invalid issuer"). WithHttpClient(secureClient). GenerateSignedClaims( - authoriserBuilder. + authoriserBuilder1. WithIssuer("foo.is/invalid"), ). PostClientRegister(cfg.OpenIDConfig.RegistrationEndpointAsString()). @@ -173,7 +201,7 @@ func DCR32CreateInvalidRegistrationRequest( NewTestCaseBuilder("Register software client fails on invalid issuer too short"). WithHttpClient(secureClient). GenerateSignedClaims( - authoriserBuilder. + authoriserBuilder2. WithIssuer(""), ). PostClientRegister(cfg.OpenIDConfig.RegistrationEndpointAsString()). @@ -184,7 +212,7 @@ func DCR32CreateInvalidRegistrationRequest( NewTestCaseBuilder("Register software client fails on invalid issuer too long"). WithHttpClient(secureClient). GenerateSignedClaims( - authoriserBuilder. + authoriserBuilder3. WithIssuer("123456789012345678901234567890"), ). PostClientRegister(cfg.OpenIDConfig.RegistrationEndpointAsString()). @@ -206,7 +234,10 @@ func DCR32RetrieveSoftwareClient( secureClient *http.Client, authoriserBuilder auth.AuthoriserBuilder, validator schema.Validator, + ssas *[]string, ) Scenario { + authoriserBuilder = authoriserBuilder.UpdateSsa(ssas) + return NewBuilder( "DCR-005", "Dynamically retrieve a new software client", @@ -243,7 +274,10 @@ func DCR32RetrieveWithInvalidCredentials( cfg DCR32Config, secureClient *http.Client, authoriserBuilder auth.AuthoriserBuilder, + ssas *[]string, ) Scenario { + authoriserBuilder = authoriserBuilder.UpdateSsa(ssas) + return NewBuilder( "DCR-007", "I should not be able to retrieve a software client with invalid credentials", @@ -280,7 +314,11 @@ func DCR32UpdateSoftwareClient( cfg DCR32Config, secureClient *http.Client, authoriserBuilder auth.AuthoriserBuilder, + ssas *[]string, ) Scenario { + authoriserBuilder0 := authoriserBuilder.UpdateSsa(ssas) + authoriserBuilder = authoriserBuilder0.UpdateSsa(ssas) + id := "DCR-008" const name = "I should be able update a registered software" @@ -297,7 +335,7 @@ func DCR32UpdateSoftwareClient( name, specLinkUpdateSoftware, ). - TestCase(DCR32CreateSoftwareClientTestCases(cfg, secureClient, authoriserBuilder)...). + TestCase(DCR32CreateSoftwareClientTestCases(cfg, secureClient, authoriserBuilder0)...). TestCase( NewTestCaseBuilder("Update an existing software client"). WithHttpClient(secureClient). @@ -314,7 +352,11 @@ func DCR32UpdateSoftwareClientWithWrongId( cfg DCR32Config, secureClient *http.Client, authoriserBuilder auth.AuthoriserBuilder, + ssas *[]string, ) Scenario { + authoriserBuilder1 := authoriserBuilder.UpdateSsa(ssas) + authoriserBuilder = authoriserBuilder1.UpdateSsa(ssas) + id := "DCR-009" const name = "When I try to update a non existing software client I should be unauthorized" @@ -331,7 +373,7 @@ func DCR32UpdateSoftwareClientWithWrongId( name, specLinkUpdateSoftware, ). - TestCase(DCR32CreateSoftwareClientTestCases(cfg, secureClient, authoriserBuilder)...). + TestCase(DCR32CreateSoftwareClientTestCases(cfg, secureClient, authoriserBuilder1)...). TestCase(DCR32DeleteSoftwareClientTestCase(cfg, secureClient)). TestCase( NewTestCaseBuilder("Update a deleted software client"). @@ -347,10 +389,13 @@ func DCR32RetrieveSoftwareClientWrongId( cfg DCR32Config, secureClient *http.Client, authoriserBuilder auth.AuthoriserBuilder, + ssas *[]string, ) Scenario { id := "DCR-010" const name = "When I try to retrieve a non existing software client I should be unauthorized" + authoriserBuilder = authoriserBuilder.UpdateSsa(ssas) + return NewBuilder( id, name, @@ -371,10 +416,13 @@ func DCR32RegisterSoftwareWrongResponseType( cfg DCR32Config, secureClient *http.Client, authoriserBuilder auth.AuthoriserBuilder, + ssas *[]string, ) Scenario { id := "DCR-011" const name = "When I try to register a software with invalid response_types it should be fail" + authoriserBuilder = authoriserBuilder.UpdateSsa(ssas) + return NewBuilder( id, name, diff --git a/pkg/compliant/dcr32_config.go b/pkg/compliant/dcr32_config.go index 5045afb..05c5d2c 100644 --- a/pkg/compliant/dcr32_config.go +++ b/pkg/compliant/dcr32_config.go @@ -4,19 +4,20 @@ import ( "crypto/rsa" "crypto/x509" "encoding/pem" + http2 "net/http" + "github.com/OpenBankingUK/conformance-dcr/pkg/compliant/auth" "github.com/OpenBankingUK/conformance-dcr/pkg/compliant/schema" "github.com/OpenBankingUK/conformance-dcr/pkg/http" "github.com/dgrijalva/jwt-go" "github.com/pkg/errors" - http2 "net/http" "github.com/OpenBankingUK/conformance-dcr/pkg/compliant/openid" ) type DCR32Config struct { OpenIDConfig openid.Configuration - SSA string + SSAs []string KID string RedirectURIs []string TokenSigningMethod jwt.SigningMethod @@ -27,6 +28,7 @@ type DCR32Config struct { DeleteImplemented bool AuthoriserBuilder auth.AuthoriserBuilder SchemaValidator schema.Validator + SSA string } func NewDCR32Config( @@ -43,6 +45,7 @@ func NewDCR32Config( deleteImplemented bool, tlsSkipVerify bool, specVersion string, + ssas []string, ) (DCR32Config, error) { privateKey, err := jwt.ParseRSAPrivateKeyFromPEM([]byte(signingKeyPEM)) if err != nil { @@ -81,7 +84,8 @@ func NewDCR32Config( WithPrivateKey(privateKey). WithTokenEndpointAuthMethod(tokenSignMethod). WithTransportCert(transportCert). - WithTransportCertSubjectDn(transportCertSubjectDn) + WithTransportCertSubjectDn(transportCertSubjectDn). + WithSSAs(ssas) secureClient, err := http.NewBuilder(). WithRootCAs(transportRootCAs). @@ -104,6 +108,7 @@ func NewDCR32Config( DeleteImplemented: deleteImplemented, AuthoriserBuilder: authoriserBuilder, SchemaValidator: schemaValidator, + SSAs: ssas, }, nil } diff --git a/pkg/compliant/dcr32_config_test.go b/pkg/compliant/dcr32_config_test.go index b363927..f98b76f 100644 --- a/pkg/compliant/dcr32_config_test.go +++ b/pkg/compliant/dcr32_config_test.go @@ -1,11 +1,12 @@ package compliant import ( + "io/ioutil" + "testing" + "github.com/OpenBankingUK/conformance-dcr/pkg/compliant/openid" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "io/ioutil" - "testing" ) func TestNewDCR32Config(t *testing.T) { @@ -35,6 +36,7 @@ func TestNewDCR32Config(t *testing.T) { false, false, "3.2", + []string{"ssa"}, ) require.NoError(t, err) @@ -45,4 +47,5 @@ func TestNewDCR32Config(t *testing.T) { assert.True(t, config.GetImplemented) assert.False(t, config.PutImplemented) assert.False(t, config.DeleteImplemented) + assert.Equal(t, []string{"ssa"}, config.SSAs) } diff --git a/pkg/compliant/dcr32_test.go b/pkg/compliant/dcr32_test.go index f217889..39a57e5 100644 --- a/pkg/compliant/dcr32_test.go +++ b/pkg/compliant/dcr32_test.go @@ -1,17 +1,18 @@ package compliant import ( + "net/http" + "testing" + "github.com/OpenBankingUK/conformance-dcr/pkg/compliant/auth" "github.com/OpenBankingUK/conformance-dcr/pkg/compliant/schema" "github.com/OpenBankingUK/conformance-dcr/pkg/compliant/step" "github.com/stretchr/testify/assert" "github.com/stretchr/testify/require" - "net/http" - "testing" ) func TestNewDCR32(t *testing.T) { - manifest, err := NewDCR32(DCR32Config{}) + manifest, err := NewDCR32(DCR32Config{SSA: "ssa"}) require.NoError(t, err) assert.Equal(t, "1.0", manifest.Version()) @@ -35,6 +36,7 @@ func TestDCR32CreateSoftwareClient(t *testing.T) { DCR32Config{DeleteImplemented: true}, &http.Client{}, auth.NewAuthoriserBuilder(), + &[]string{}, ) assert.Equal(t, "DCR-002", scenario.Id()) @@ -48,6 +50,7 @@ func TestDCR32DeleteSoftwareClient(t *testing.T) { DCR32Config{DeleteImplemented: true}, &http.Client{}, auth.NewAuthoriserBuilder(), + &[]string{}, ) assert.Equal(t, "DCR-003", scenario.Id()) @@ -61,6 +64,7 @@ func TestDCR32DeleteSoftwareClient_DeleteNotImplemented(t *testing.T) { DCR32Config{DeleteImplemented: false}, &http.Client{}, auth.NewAuthoriserBuilder(), + &[]string{}, ) result := scenario.Run() @@ -77,6 +81,7 @@ func TestDCR32CreateInvalidRegistrationRequest(t *testing.T) { DCR32Config{GetImplemented: true}, &http.Client{}, auth.NewAuthoriserBuilder(), + &[]string{}, ) assert.Equal(t, "DCR-004", scenario.Id()) @@ -93,6 +98,7 @@ func TestDCR32RetrieveSoftwareClient(t *testing.T) { &http.Client{}, auth.NewAuthoriserBuilder(), validator, + &[]string{}, ) assert.Equal(t, "DCR-005", scenario.Id()) @@ -136,6 +142,7 @@ func TestDCR32RetrieveWithInvalidCredentials(t *testing.T) { DCR32Config{}, &http.Client{}, auth.NewAuthoriserBuilder(), + &[]string{}, ) assert.Equal(t, "DCR-007", scenario.Id()) @@ -149,6 +156,7 @@ func TestDCR32UpdateSoftwareClient(t *testing.T) { DCR32Config{PutImplemented: true}, &http.Client{}, auth.NewAuthoriserBuilder(), + &[]string{}, ) assert.Equal(t, "DCR-008", scenario.Id()) @@ -162,6 +170,7 @@ func TestDCR32UpdateSoftwareClientDisabled(t *testing.T) { DCR32Config{PutImplemented: false}, &http.Client{}, auth.NewAuthoriserBuilder(), + &[]string{}, ) assert.Equal(t, "DCR-008", scenario.Id()) @@ -174,6 +183,7 @@ func TestDCR32UpdateWrongId(t *testing.T) { DCR32Config{PutImplemented: true}, &http.Client{}, auth.NewAuthoriserBuilder(), + &[]string{}, ) assert.Equal(t, "DCR-009", scenario.Id()) @@ -187,6 +197,7 @@ func TestDCR32RetrieveWrongId(t *testing.T) { DCR32Config{}, &http.Client{}, auth.NewAuthoriserBuilder(), + &[]string{}, ) assert.Equal(t, "DCR-010", scenario.Id()) @@ -200,6 +211,7 @@ func TestDCR32RegisterWrongResponseTypes(t *testing.T) { DCR32Config{}, &http.Client{}, auth.NewAuthoriserBuilder(), + &[]string{}, ) assert.Equal(t, "DCR-011", scenario.Id()) diff --git a/pkg/compliant/dcr33.go b/pkg/compliant/dcr33.go index ab8d42f..f3db87a 100644 --- a/pkg/compliant/dcr33.go +++ b/pkg/compliant/dcr33.go @@ -1,21 +1,30 @@ package compliant +const ( + expectedSSAsLen33 = 15 +) + func NewDCR33(cfg DCR32Config) (Manifest, error) { secureClient := cfg.SecureClient authoriserBuilder := cfg.AuthoriserBuilder validator := cfg.SchemaValidator + ssas := &cfg.SSAs + if err := validateSSAsLen(*ssas, expectedSSAsLen33); err != nil { + return nil, err + } + scenarios := Scenarios{ DCR32ValidateOIDCConfigRegistrationURL(cfg), - DCR32CreateSoftwareClient(cfg, secureClient, authoriserBuilder), - DCR32DeleteSoftwareClient(cfg, secureClient, authoriserBuilder), - DCR32CreateInvalidRegistrationRequest(cfg, secureClient, authoriserBuilder), - DCR32RetrieveSoftwareClient(cfg, secureClient, authoriserBuilder, validator), - DCR32RetrieveWithInvalidCredentials(cfg, secureClient, authoriserBuilder), - DCR32UpdateSoftwareClient(cfg, secureClient, authoriserBuilder), - DCR32UpdateSoftwareClientWithWrongId(cfg, secureClient, authoriserBuilder), - DCR32RetrieveSoftwareClientWrongId(cfg, secureClient, authoriserBuilder), - DCR32RegisterSoftwareWrongResponseType(cfg, secureClient, authoriserBuilder), + DCR32CreateSoftwareClient(cfg, secureClient, authoriserBuilder, ssas), + DCR32DeleteSoftwareClient(cfg, secureClient, authoriserBuilder, ssas), + DCR32CreateInvalidRegistrationRequest(cfg, secureClient, authoriserBuilder, ssas), + DCR32RetrieveSoftwareClient(cfg, secureClient, authoriserBuilder, validator, ssas), + DCR32RetrieveWithInvalidCredentials(cfg, secureClient, authoriserBuilder, ssas), + DCR32UpdateSoftwareClient(cfg, secureClient, authoriserBuilder, ssas), + DCR32UpdateSoftwareClientWithWrongId(cfg, secureClient, authoriserBuilder, ssas), + DCR32RetrieveSoftwareClientWrongId(cfg, secureClient, authoriserBuilder, ssas), + DCR32RegisterSoftwareWrongResponseType(cfg, secureClient, authoriserBuilder, ssas), } return NewManifest("DCR33", "1.0", scenarios) From f539a5bbc713c645efcccff43c65e026a01daf2a Mon Sep 17 00:00:00 2001 From: wkrop Date: Wed, 25 May 2022 03:59:19 -0700 Subject: [PATCH 2/2] REFAPP-1299 - Add UpdateSsaAndGetSlice (SSAs) --- pkg/compliant/auth/authoriser_builder.go | 10 ++++++++ pkg/compliant/dcr32.go | 30 ++++++++++-------------- 2 files changed, 22 insertions(+), 18 deletions(-) diff --git a/pkg/compliant/auth/authoriser_builder.go b/pkg/compliant/auth/authoriser_builder.go index 0a53dcd..af4752c 100644 --- a/pkg/compliant/auth/authoriser_builder.go +++ b/pkg/compliant/auth/authoriser_builder.go @@ -117,6 +117,16 @@ func (b AuthoriserBuilder) UpdateSsa(ssas *[]string) AuthoriserBuilder { } } +// UpdateSsaAndGetSlice - UpdateSsa n times and return the generated slice of AuthoriserBuilders +func (b AuthoriserBuilder) UpdateSsaAndGetSlice(n int, ssas *[]string) []AuthoriserBuilder { + var authoriserBuilders []AuthoriserBuilder + for i := 0; i < n; i++ { + newAuthoriserBuilder := b.UpdateSsa(ssas) + authoriserBuilders = append(authoriserBuilders, newAuthoriserBuilder) + } + return authoriserBuilders +} + func (b AuthoriserBuilder) Build() (Authoriser, error) { if b.ssa == "" { return none{}, errors.New("missing ssa from authoriser") diff --git a/pkg/compliant/dcr32.go b/pkg/compliant/dcr32.go index dd267d0..f97cb7d 100644 --- a/pkg/compliant/dcr32.go +++ b/pkg/compliant/dcr32.go @@ -164,11 +164,7 @@ func DCR32CreateInvalidRegistrationRequest( authoriserBuilder auth.AuthoriserBuilder, ssas *[]string, ) Scenario { - authoriserBuilder0 := authoriserBuilder.UpdateSsa(ssas) - authoriserBuilder1 := authoriserBuilder0.UpdateSsa(ssas) - authoriserBuilder2 := authoriserBuilder1.UpdateSsa(ssas) - authoriserBuilder3 := authoriserBuilder2.UpdateSsa(ssas) - authoriserBuilder = authoriserBuilder3.UpdateSsa(ssas) + authoriserBuilders := authoriserBuilder.UpdateSsaAndGetSlice(5, ssas) return NewBuilder( "DCR-004", @@ -179,7 +175,7 @@ func DCR32CreateInvalidRegistrationRequest( NewTestCaseBuilder("Register software client fails on expired claims"). WithHttpClient(secureClient). GenerateSignedClaims( - authoriserBuilder0. + authoriserBuilders[0]. WithJwtExpiration(-time.Hour), ). PostClientRegister(cfg.OpenIDConfig.RegistrationEndpointAsString()). @@ -190,7 +186,7 @@ func DCR32CreateInvalidRegistrationRequest( NewTestCaseBuilder("Register software client fails on invalid issuer"). WithHttpClient(secureClient). GenerateSignedClaims( - authoriserBuilder1. + authoriserBuilders[1]. WithIssuer("foo.is/invalid"), ). PostClientRegister(cfg.OpenIDConfig.RegistrationEndpointAsString()). @@ -201,7 +197,7 @@ func DCR32CreateInvalidRegistrationRequest( NewTestCaseBuilder("Register software client fails on invalid issuer too short"). WithHttpClient(secureClient). GenerateSignedClaims( - authoriserBuilder2. + authoriserBuilders[2]. WithIssuer(""), ). PostClientRegister(cfg.OpenIDConfig.RegistrationEndpointAsString()). @@ -212,7 +208,7 @@ func DCR32CreateInvalidRegistrationRequest( NewTestCaseBuilder("Register software client fails on invalid issuer too long"). WithHttpClient(secureClient). GenerateSignedClaims( - authoriserBuilder3. + authoriserBuilders[3]. WithIssuer("123456789012345678901234567890"), ). PostClientRegister(cfg.OpenIDConfig.RegistrationEndpointAsString()). @@ -222,7 +218,7 @@ func DCR32CreateInvalidRegistrationRequest( TestCase( NewTestCaseBuilder("Register software client will fail with token endpoint auth method RS256"). WithHttpClient(secureClient). - GenerateSignedClaims(authoriserBuilder.WithTokenEndpointAuthMethod(jwt.SigningMethodRS256)). + GenerateSignedClaims(authoriserBuilders[4].WithTokenEndpointAuthMethod(jwt.SigningMethodRS256)). PostClientRegister(cfg.OpenIDConfig.RegistrationEndpointAsString()). AssertStatusCodeBadRequest(). Build(), @@ -316,8 +312,7 @@ func DCR32UpdateSoftwareClient( authoriserBuilder auth.AuthoriserBuilder, ssas *[]string, ) Scenario { - authoriserBuilder0 := authoriserBuilder.UpdateSsa(ssas) - authoriserBuilder = authoriserBuilder0.UpdateSsa(ssas) + authoriserBuilders := authoriserBuilder.UpdateSsaAndGetSlice(2, ssas) id := "DCR-008" const name = "I should be able update a registered software" @@ -335,11 +330,11 @@ func DCR32UpdateSoftwareClient( name, specLinkUpdateSoftware, ). - TestCase(DCR32CreateSoftwareClientTestCases(cfg, secureClient, authoriserBuilder0)...). + TestCase(DCR32CreateSoftwareClientTestCases(cfg, secureClient, authoriserBuilders[0])...). TestCase( NewTestCaseBuilder("Update an existing software client"). WithHttpClient(secureClient). - GenerateSignedClaims(authoriserBuilder). + GenerateSignedClaims(authoriserBuilders[1]). ClientUpdate(cfg.OpenIDConfig.RegistrationEndpointAsString()). AssertStatusCodeOk(). Build(), @@ -354,8 +349,7 @@ func DCR32UpdateSoftwareClientWithWrongId( authoriserBuilder auth.AuthoriserBuilder, ssas *[]string, ) Scenario { - authoriserBuilder1 := authoriserBuilder.UpdateSsa(ssas) - authoriserBuilder = authoriserBuilder1.UpdateSsa(ssas) + authoriserBuilders := authoriserBuilder.UpdateSsaAndGetSlice(2, ssas) id := "DCR-009" const name = "When I try to update a non existing software client I should be unauthorized" @@ -373,12 +367,12 @@ func DCR32UpdateSoftwareClientWithWrongId( name, specLinkUpdateSoftware, ). - TestCase(DCR32CreateSoftwareClientTestCases(cfg, secureClient, authoriserBuilder1)...). + TestCase(DCR32CreateSoftwareClientTestCases(cfg, secureClient, authoriserBuilders[0])...). TestCase(DCR32DeleteSoftwareClientTestCase(cfg, secureClient)). TestCase( NewTestCaseBuilder("Update a deleted software client"). WithHttpClient(secureClient). - GenerateSignedClaims(authoriserBuilder). + GenerateSignedClaims(authoriserBuilders[1]). ClientUpdate(cfg.OpenIDConfig.RegistrationEndpointAsString()). AssertStatusCodeUnauthorized(). Build(),