Newer
Older
# Test Plan for CAPIF Api Security Service
At this documentation you will have all information and related files and examples of test plan for this API.
## Test Case 1: Create a security context for an API invoker
**Test ID**: ***capif_security_api-1***
**Description**:
This test case will check that an API Invoker can create a Security context
**Pre-Conditions**:
* API Invoker is pre-authorised (has valid apiInvokerID from CAPIF Authority)
**Execution Steps**:
1. Register and onboard Invoker at CCF
2. Store signed Certificate
3. Create Security Context
**Information of Test**:
1. Perform [Invoker Onboarding]
2. Create Security Context for this Invoker
Jorge Moratinos
committed
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
Jorge Moratinos
committed
* Use **Invoker Certificate**
**Expected Result**:
1. Create security context:
1. **201 Created** response.
2. body returned must accomplish **ServiceSecurity** data structure.
Jorge Moratinos
committed
3. Location Header must contain the new resource URL **{apiRoot}/capif-security/v1/trustedInvokers/{apiInvokerId}**
## Test Case 2: Create a security context for an API invoker with Provider role
**Test ID**:: ***capif_security_api-2***
**Description**:
This test case will check that an Provider cannot create a Security context with valid apiInvokerId.
**Pre-Conditions**:
* API Invoker is pre-authorised (has valid apiInvokerID), but user that create Security Context with Provider role
**Execution Steps**:
1. Register and onboard Invoker at CCF
2. Register Provider at CCF
3. Create Security Context using Provider certificate
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Create Security Context for this Invoker but using Provider certificate.
Jorge Moratinos
committed
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
Jorge Moratinos
committed
* Using **AEF Certificate**
**Expected Result**:
1. Create security context using Provider certificate:
1. **401 Unauthorized** response.
2. body returned must accomplish **ProblemDetails** data structure, with:
* status **401**
* title with message "Unauthorized"
* detail with message "Role not authorized for this API route".
* cause with message "User role must be invoker".
2. No context stored at DB
## Test Case 3: Create a security context for an API invoker with Provider entity role and invalid apiInvokerId
**Test ID**:: ***capif_security_api-3***
**Description**:
This test case will check that an Provider cannot create a Security context with invalid apiInvokerID.
**Pre-Conditions**:
* API Invoker is pre-authorised (has valid apiInvokerID), but user that create Security Context with Provider role
**Execution Steps**:
1. Register Provider at CCF
2. Create Security Context using Provider certificate
**Information of Test**:
1. Perform [Provider Registration]
2. Create Security Context for this not valid apiInvokerId and using Provider certificate.
Jorge Moratinos
committed
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
Jorge Moratinos
committed
* Using **AEF Certificate**
**Expected Result**:
1. Create security context using Provider certificate:
1. **401 Unauthorized** response.
2. body returned must accomplish **ProblemDetails** data structure, with:
* status **401**
* title with message "Unauthorized"
* detail with message "Role not authorized for this API route".
* cause with message "User role must be invoker".
2. No context stored at DB
## Test Case 4: Create a security context for an API invoker with Invoker entity role and invalid apiInvokerId
**Test ID**:: ***capif_security_api-4***
**Description**:
This test case will check that an Invoker cannot create a Security context with valid apiInvokerId.
**Pre-Conditions**:
* API Invoker is pre-authorised (has valid apiInvokerID), but user that create Security Context with invalid apiInvokerId
**Execution Steps**:
1. Register and onboard Invoker at CCF
2. Create Security Context using Provider certificate
**Information of Test**:
1. Perform [Invoker Onboarding]
2. Create Security Context for this Invoker:
Jorge Moratinos
committed
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{API_INVOKER_NOT_VALID}**
Jorge Moratinos
committed
* Use **Invoker Certificate**
**Expected Result**:
1. Create security context using Provider certificate:
1. **404 Not Found** response.
2. body returned must accomplish **ProblemDetails** data structure, with:
* status **404**
* title with message "Not Found"
* detail with message "Invoker not found".
* cause with message "API Invoker not exists or invalid ID".
2. No context stored at DB
## Test Case 5: Retrieve the Security Context of an API Invoker
**Test ID**:: ***capif_security_api-5***
**Description**:
This test case will check that an provider can retrieve the Security context of an API Invoker
**Pre-Conditions**:
* Provider is pre-authorised (has valid apfId from CAPIF Authority) and API Invoker has created a valid Security Context
**Execution Steps**:
1. Register and onboard Invoker at CCF
2. Register Provider at CCF
3. Create Security Context using Provider certificate
4. Retrieve Security Context by Provider
**Information of Test**:
1. Perform [Provider Registration] and [Invoker Onboarding]
2. Create Security Context for this Invoker.
Jorge Moratinos
committed
* Send **PUT** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
Jorge Moratinos
committed
* Using **Invoker Certificate**
3. Retrieve Security Context of Invoker by Provider:
Jorge Moratinos
committed
* Send **GET** **https://{CAPIF_HOSTNAME}/trustedInvokers/{apiInvokerId}**
* Using **AEF Certificate**
**Expected Result**:
1. Retrieve security context:
1. **200 OK** response.
2. body returned must accomplish **ServiceSecurity** data structure.
## Test Case 6: Retrieve the Security Context of an API Invoker with invalid apiInvokerID
**Test ID**:: ***capif_security_api-6***
**Description**:
This test case will check that an provider can retrieve the Security context of an API Invoker
Loading
Loading full blame…