• No results found

Test procedures for LSS

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Test procedures for LSS"

Copied!
13
0
0

Loading.... (view fulltext now)

Download now ( 13 Page )

Full text

(1)

Signaturgruppen 2014 Side 1 af 13

(2)

Signaturgruppen 2014 Side 2 af 13

Table of contents

1 The purpose and audience of the document ... 4

2 Introduction ... 5

3 Test steps ... 6

4 Part one – the functional tests ... 7

4.1 Test of HTML5 Web Messaging setup ... 7

4.2 Handling the /<random digits> in the request ... 7

4.3 Identify erroneous JSON ... 7

4.4 Missing parameter error code ... 7

4.5 Parameter case-insensitivity ... 7

4.6 Validate Timestamp ... 8

4.7 Validate Signature on parameters ... 8

4.8 Validate Digest over parameters ... 8

4.9 Error codes ... 8

4.10 Test of XML-DSig returned to the service provider ... 8

5 Test integration page ... 9

6 Use case tests ... 11

(3)

Signaturgruppen 2014 Side 3 af 13

Version history

2014 Version 0.9 TSS

(4)

Signaturgruppen 2014 Side 4 af 13

1 The purpose and audience of the document

Summary of all documents in the LSS for NemID Package:

Implementation documentation

 Technical specification for LSS

 Implementation guide for LSS

Test documentation

 Guidelines on the use of LSS for NemID test tools  Test procedures for LSS

Solution documentation

 Requirements feedback form for LSS

 End-customer documentation for LSS

This document lists the test procedures that must be followed and reported by a LSS vendor implementing and integrating with the LSS for NemID API.

The document is aimed at the testers of a LSS for NemID implementation and integration setup.

(5)

Signaturgruppen 2014 Side 5 af 13 In order for a Local Signature Server (LSS) supplier to be able to offer

LSS for NemID for its users, the supplier has to implement, setup and maintain a LSS for NemID backend on the users’ local network. This document describes the test procedure for a LSS supplier integrating to the LSS for NemID setup.

The LSS supplier’s tests are divided into three parts. The first part is a functional test with purpose to verify whether the integration has been completed successfully and works as intended. The second part is test focused on a set of user-scenarios testing parts of the integration. It is a requirement for the second part that the first functional tests have been completed successfully.

In the last part of the tests the bootstrap setup is tested. Prerequisites for these tests is that the DNS for https://nemlogincss.dk is working on the end-user’s local network and that the trust for the (custom) SSL-certificate has been set up on end user devices.

(6)

Signaturgruppen 2014 Side 6 af 13 The service provider package has a fully working example of an example

service provider page, containing a demonstration of the integration to NemID Private, NemID Business and LSS for NemID. The URL used for the iFrame is configurable in the web application configuration. This can be used to setup a working service provider example integrating to the LSS supplier’s iFrame while testing the setup. Refer to the

documentation for the service provider demo web application (the LSS for NemID service provider example source) for more details on this. The recommended test steps are outlined as follows:

1. Setup an example service provider page using the service provider package.

2. Use the reference implementation of a LSS to make the flow work from end-to-end.

3. Switch the LSS backend from the reference implementation to your LSS backend implementation.

4. Optional, the service provider example web application contains a test page tailored to test the response from a LSS backend

iFrame. This can be used to test the integration. 5. Complete the tests described in this document.

6. Test the production setup on the network. This includes DNS to the bootstrap address and SSL-trust on end user devices.

(7)

Signaturgruppen 2014 Side 7 af 13 This section describes the test procedure to verify the technical parts of

the NemID integration.

4.1 Test of HTML5 Web Messaging setup

The communication between the LSS backend and the service provider, through the iFrame hosting the LSS backend web entry point, is handled in JavaScript and by using the HTML5 Web Messaging standard. The LSS supplier must test and verify that the JavaScript API function

"Parameters” has been setup and is working, and that the iFrame entry

point is sending the “SendParameters” command when the page is loaded

and ready to receive the "Parameters” command.

In addition the LSS supplier tests that the backend is able to parse the JSON packages received.

4.2 Handling the /<random digits> in the request

The service provider will request

https://nemlogincss.dk/<random-digists>

Test that the web server handling the requests are able to handle this. The random digits should just be ignored.

4.3 Identify erroneous JSON

Return the correct error code to the service provider when the

commands received contains improperly constructed JSON structures.

4.4 Missing parameter error code

Return the appropriate error code to the service provider when a required parameter is missing.

As an example, when signing a document a sign text parameter is required.

4.5 Parameter case-insensitivity

The parameters received in the JSON structure are mapped in name-value pairs. The names of the name-values are case-insensitive. Test that this is handled correctly.

(8)

Signaturgruppen 2014 Side 8 af 13

4.6 Validate Timestamp

One of the parameters received from the service provider is a timestamp. Respond correctly on invalid values.

4.7 Validate Signature on parameters

The service provider provides a signature on the parameters sent to the LSS. The LSS backend should validate the signature.

Test and verify that your setup is able to validate the signature.

4.8 Validate Digest over parameters

The LSS backend must be able to calculate the exact same digest over the received parameters as the one generated by the service provider.

4.9 Error codes

Test that the correct error codes are returned for all specific error codes. To this end setup and test scenarios for all error codes specified in the LSS technical specification documentation.

The LSSGLB001 error code scenario is not tested. This should never be

returned by the LSS supplier.

4.10

Test of XML-DSig returned to the service

provider

Use OOAPI to verify that the XML-DSig documents returned to the service provider validates. The service provider package example demo web application can be used as a reference.

(9)

Signaturgruppen 2014 Side 9 af 13 The service provider package example demo web application includes a

test page tailored for integration testing various scenarios of the integration.

The .Net example can be found in /testing/TestFrameIntegration.aspx. It is illustrated below.

The web example has to be setup and working with a valid test-certificate to sign the parameters.

The page generates valid parameters for login and signing a simple text, which can be used as a reference. The “login” and “Sign text” buttons demonstrate these two flows.

The page is trying to communicate through the API setting up an iFrame using the URL specified in the “Iframe to test:” text-field. Use this to point at your own end-point.

(10)

Signaturgruppen 2014 Side 10 af 13 There are buttons for various flows which are expected to fail. The text

area in the right bottom area shows the result returned to the service provider and is lit up green when the return code is as expected. A text-area for testing with custom parameters is available.

A “[SendParameters received” is lit up if the test page successfully receives the “SendParameters” command from the iFrame.

(11)

Signaturgruppen 2014 Side 11 af 13 Complete the same use cases described in “SP Recommended test

procedures”. The same outcome is expected for all cases.

(12)

Signaturgruppen 2014 Side 12 af 13 [Not resolved yet. Current documentation on this is subject to change]

(13)

Signaturgruppen 2014 Side 13 af 13 In order for a user to use LSS for NemID he or she must be connected

to a local network with local DNS for the bootstrap address https://nemlogincss.dk.

Test that DNS is setup and working as intended.

The setup requires SSL. So the LSS backend iFrame must be hosted using custom SSL certificates for nemlogincss.dk. Trust for this certificate must be setup on the users’ devices.

References

Download now ( PDF - 13 Page - 344.34 KB )

Related documents

Strategies identified by program directors to improve adoption of the CanMEDS framework

(Participant 2, Group 3) Challenges underlying the adoption of the CanMEDS framework and common strategies to address these Despite adhering to the principles of the CanMEDS

TG0029en-Ed04

by &#34;NMC Service Manager&#34; • NMC Alarm Server • NMC Audit Server • NMC CMISE Server • NMC Communication Server • NMC executables launcher • NMC extractor •

Family Matters: The Implications of Family Support on Multiracial Identity

Correlations indicated a connection between family attachment and personal identity, which reinforces current research on ethnic-racial socialization and ecological systems

Making Money Off the Comfort of Your Own Home

The naïve methodology applies the same weights to all elements at each le- vel, the statistical methodology extracts the weights from the data, the fuzzy logic methodology

Pesach: Personal Slavery and Freedom

When Hashem told Moshe that He will destroy the Jewish people and only save him and make a nation of him (exactly like He did to Noach) Moshe said “macheni” which means erase my

Productivity and Firm Selection: Quantifying the “New” Gains from Trade

Accordingly, we can reasonably approximate trade freeness between French regions as well as between a French region and a foreign country by applying our previously

Alternatives to Nursing Home Care

The Older Americans Act funds more than 10,000 senior centers and makes grants to State and Area Agencies on Aging to provide services to seniors that include