Search in sources :

Example 31 with Subject

use of ddf.security.Subject in project ddf by codice.

the class IdpEndpointTest method testPassiveLoginPkiUnsupported.

@Test
public void testPassiveLoginPkiUnsupported() throws SecurityServiceException, WSSecurityException, CertificateEncodingException, IOException {
    String samlRequest = authNRequestPassivePkiGet;
    HttpServletRequest request = mock(HttpServletRequest.class);
    X509Certificate x509Certificate = mock(X509Certificate.class);
    Subject subject = mock(Subject.class);
    PrincipalCollection principalCollection = mock(PrincipalCollection.class);
    SecurityAssertion securityAssertion = mock(SecurityAssertion.class);
    SecurityToken securityToken = mock(SecurityToken.class);
    SecurityManager securityManager = mock(SecurityManager.class);
    when(subject.getPrincipals()).thenReturn(principalCollection);
    when(principalCollection.asList()).thenReturn(Collections.singletonList(securityAssertion));
    when(securityAssertion.getSecurityToken()).thenReturn(securityToken);
    //this mock element is what will cause the signature error
    when(securityToken.getToken()).thenReturn(mock(Element.class));
    when(securityManager.getSubject(anyObject())).thenReturn(subject);
    idpEndpoint.setSecurityManager(securityManager);
    idpEndpoint.setStrictSignature(false);
    when(request.isSecure()).thenReturn(true);
    when(request.getRequestURL()).thenReturn(requestURL);
    when(request.getAttribute(ContextPolicy.ACTIVE_REALM)).thenReturn("*");
    //dummy cert
    when((X509Certificate[]) request.getAttribute(requestCertificateAttributeName)).thenReturn(new X509Certificate[] { x509Certificate });
    when(x509Certificate.getEncoded()).thenReturn(new byte[48]);
    Response response = idpEndpoint.showGetLogin(samlRequest, relayState, signatureAlgorithm, signature, request);
    String responseStr = StringUtils.substringBetween(response.getEntity().toString(), "SAMLResponse=", "&RelayState");
    responseStr = URLDecoder.decode(responseStr, "UTF-8");
    responseStr = RestSecurity.inflateBase64(responseStr);
    //the only cookie that should exist is the "1" cookie so "2" should send us to the login webapp
    assertThat(responseStr, containsString("status:RequestUnsupported"));
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Response(javax.ws.rs.core.Response) SecurityManager(ddf.security.service.SecurityManager) Element(org.w3c.dom.Element) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) Matchers.containsString(org.hamcrest.Matchers.containsString) Matchers.anyString(org.mockito.Matchers.anyString) SecurityAssertion(ddf.security.assertion.SecurityAssertion) X509Certificate(java.security.cert.X509Certificate) Subject(ddf.security.Subject) Test(org.junit.Test)

Example 32 with Subject

use of ddf.security.Subject in project ddf by codice.

the class SecurityTest method testTokenAboutToExpire.

@Test
public void testTokenAboutToExpire() throws Exception {
    Subject subject = mock(Subject.class);
    SecurityAssertion assertion = mock(SecurityAssertion.class);
    PrincipalCollection pc = mock(PrincipalCollection.class);
    SecurityToken st = mock(SecurityToken.class);
    when(st.isAboutToExpire(anyLong())).thenReturn(true);
    assertThat(security.tokenAboutToExpire(null), equalTo(true));
    assertThat(security.tokenAboutToExpire(subject), equalTo(true));
    when(subject.getPrincipals()).thenReturn(pc);
    assertThat(security.tokenAboutToExpire(subject), equalTo(true));
    when(pc.oneByType(any(Class.class))).thenReturn(assertion);
    when(assertion.getSecurityToken()).thenReturn(st);
    assertThat(security.tokenAboutToExpire(subject), equalTo(true));
    when(st.isAboutToExpire(anyLong())).thenReturn(false);
    assertThat(security.tokenAboutToExpire(subject), equalTo(false));
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) PrincipalCollection(org.apache.shiro.subject.PrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) Subject(ddf.security.Subject) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 33 with Subject

use of ddf.security.Subject in project ddf by codice.

the class SecurityTest method testGetSubjectNoSecurityManager.

@Test
public void testGetSubjectNoSecurityManager() throws Exception {
    configureMockForSecurityManager(null);
    Subject subject = security.getSubject("username", "password");
    assertThat(subject, is(equalTo(null)));
}
Also used : Subject(ddf.security.Subject) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 34 with Subject

use of ddf.security.Subject in project ddf by codice.

the class SecurityTest method testGetSubject.

@Test
public void testGetSubject() throws Exception {
    SecurityManager sm = mock(SecurityManager.class);
    Subject smSubject = mock(Subject.class);
    when(sm.getSubject(any())).thenReturn(smSubject);
    configureMockForSecurityManager(sm);
    Subject subject = security.getSubject("username", "password");
    assertThat(subject, not(equalTo(null)));
}
Also used : SecurityManager(ddf.security.service.SecurityManager) Subject(ddf.security.Subject) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 35 with Subject

use of ddf.security.Subject in project ddf by codice.

the class RestSecurityTest method testSetSubjectOnClient.

@Test
public void testSetSubjectOnClient() throws Exception {
    Element samlToken = readDocument("/saml.xml").getDocumentElement();
    Subject subject = mock(Subject.class);
    SecurityAssertion assertion = mock(SecurityAssertion.class);
    SecurityToken token = new SecurityToken(UUID.randomUUID().toString(), samlToken, new Date(), new Date());
    when(assertion.getSecurityToken()).thenReturn(token);
    when(subject.getPrincipals()).thenReturn(new SimplePrincipalCollection(assertion, "sts"));
    WebClient client = WebClient.create("https://example.org");
    RestSecurity.setSubjectOnClient(subject, client);
    assertNotNull(client.getHeaders().get(RestSecurity.AUTH_HEADER));
    ArrayList headers = (ArrayList) client.getHeaders().get(RestSecurity.AUTH_HEADER);
    boolean containsSaml = false;
    for (Object header : headers) {
        if (StringUtils.contains(header.toString(), RestSecurity.SAML_HEADER_PREFIX)) {
            containsSaml = true;
        }
    }
    assertTrue(containsSaml);
}
Also used : SecurityToken(org.apache.cxf.ws.security.tokenstore.SecurityToken) Element(org.w3c.dom.Element) ArrayList(java.util.ArrayList) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SecurityAssertion(ddf.security.assertion.SecurityAssertion) WebClient(org.apache.cxf.jaxrs.client.WebClient) Subject(ddf.security.Subject) Date(java.util.Date) Test(org.junit.Test)

Aggregations

Subject (ddf.security.Subject)94 Test (org.junit.Test)47 SecurityAssertion (ddf.security.assertion.SecurityAssertion)23 SecurityToken (org.apache.cxf.ws.security.tokenstore.SecurityToken)23 HashMap (java.util.HashMap)20 Metacard (ddf.catalog.data.Metacard)18 SecurityManager (ddf.security.service.SecurityManager)14 IOException (java.io.IOException)14 Serializable (java.io.Serializable)14 CollectionPermission (ddf.security.permission.CollectionPermission)13 ArrayList (java.util.ArrayList)12 Map (java.util.Map)12 CreateRequest (ddf.catalog.operation.CreateRequest)11 CreateRequestImpl (ddf.catalog.operation.impl.CreateRequestImpl)11 UnsupportedQueryException (ddf.catalog.source.UnsupportedQueryException)10 SecurityServiceException (ddf.security.service.SecurityServiceException)10 HashSet (java.util.HashSet)10 PrincipalCollection (org.apache.shiro.subject.PrincipalCollection)9 Before (org.junit.Before)9 HttpServletRequest (javax.servlet.http.HttpServletRequest)8