Regarding UDAP testing.

54 views
Skip to first unread message

Sumant Shintre

unread,
Oct 23, 2020, 3:21:44 AM10/23/20
to UDAP
Hi Team,

Using https://www.udap.org/UDAPTestTool/ we are validating the dynamic client registration but we are seeing some of the test cases are failed. Need some clarifications, we have followed the below steps
1. We passed the test case IIA2c where it accepts the POST request for the registration endpoint and we are getting the valid response
2.  But for the other test case  IIA3a2, since the request doesn't have an "x5c" header the response should be an error response but when we send the error response test script is expecting other parameters also in the response like "client_id", "software_statement" with all the 9 parameters. Is this the expected behaviour? if Yes, what should be parameter value for this.
3. Can you guide us on any kind of document for this test cases workflow or is there any sequence si defined to execute these test cases.

Regards,
Sumant RS




UDAP Test Tool Team

unread,
Oct 23, 2020, 3:50:11 PM10/23/20
to udap-d...@googlegroups.com
Yes, an error response is expected for test case IIA3a2. The other errors regarding missing parameters likely relate to other tests that preceded or followed. You are welcome to include a screen shot of the relevant sections if this is not clear and we will add that into our documentation, if appropriate. 

All of the test cases are listed on the test report, whether they are executed or not. The Test Tool largely executes these tests in sequence, except where "happy path" tests are run first, in some cases. If the Test Tool does not complete the tests, the tests that were not run are listed as such in the test report.

Thank you,
The UDAP Team
UDAP.org

--
You received this message because you are subscribed to the Google Groups "UDAP" group.
To unsubscribe from this group and stop receiving emails from it, send an email to udap-discuss...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/udap-discuss/36cf3866-7944-4b9b-81cd-31913cd6e1e9n%40googlegroups.com.

UDAP

unread,
Oct 23, 2020, 4:00:39 PM10/23/20
to UDAP
Additionally,  the error response you ask about should conform to section 3.2.2 of rfc 7591; see section 5.2 of udap DCR for more details.  

Sumant Shintre

unread,
Oct 27, 2020, 10:38:40 AM10/27/20
to UDAP
Hi Team,

As part of UDAP registration process, we have got two files udap-sandbox-zeomega.crt and udap-sandbox-zeomega.p12.
We are using https://www.udap.org/UDAPTestTool/ for validating dynamic client registration. We are running server tests.

We are following the steps mentioned in your documentation, but still below test cases are failing(please find the attachment). We are a bit confused about whether to use the .p12 or .cert certificate public_key to validate the signature. Can you please provide some input on this
TestResult.jpg

UDAP

unread,
Oct 27, 2020, 1:24:01 PM10/27/20
to UDAP
Hi Sumant, 
The .crt and .p12 files are for the Client App Tests only and are not used for the Server Tests. Per section 4.1 of the UDAP DCR spec, you should validate the signatures in the software statements that your server receives using the public key in the leaf certificate included in the x5c header. Please see sections 4.1-4.5 in the UDAP DCR profile for complete information on how to validate the registration request. For the anchor certificate required in step 4.2, you will use the anchor certificate that you download directly from the test tool (there is a download link in the box where you enter your FHIR base URL).     

Sumant Shintre

unread,
Oct 27, 2020, 2:15:01 PM10/27/20
to UDAP
Hi Team,

Thanks for clarifying our doubts. Further, we tried with the same steps as you mentioned in section 4.1-4.5 and also did the correction on the certificate part. But still, we are seeing the below exception "ValueError: Could not deserialize key data." Please check the attachment for the code snippet. Are we doing it in the right way or any correction is required. Please suggest, Also, it will be good if you help us with some reference.

Thanks & Regards,
Sumant.

Code1.png

UDAP Test Tool Team

unread,
Oct 27, 2020, 5:49:49 PM10/27/20
to udap-d...@googlegroups.com
Hi Sumant,
It sounds like this error message relates to your JWT library. Which method to use and which parameters are needed to validate a JWT signature depend on which library you choose and if it can handle X.509 certs as a parameter directly or requires you to extract the public key from the certificate first.

You can find several useful references at the end of each UDAP profile document.

Thanks,
The UDAP Team
Reply all
Reply to author
Forward
0 new messages