Search in sources :

Example 11 with SecurityAssertionSaml

use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.

the class SecurityAssertionSamlTest method testIsPresentlyValidAfterNotOnOrAfter.

@Test
public void testIsPresentlyValidAfterNotOnOrAfter() throws Exception {
    Element issuedAssertion = this.readDocument("/saml.xml").getDocumentElement();
    // Change the NotOnOrAfter Date on the SAML Assertion to be before "now"
    issuedAssertion.getElementsByTagName("saml2:Conditions").item(0).getAttributes().getNamedItem("NotOnOrAfter").setNodeValue(getNowWithOffset(-1));
    SecurityAssertionSaml assertion = getSecurityAssertion(issuedAssertion);
    assertFalse(assertion.isPresentlyValid());
}
Also used : Element(org.w3c.dom.Element) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) Test(org.junit.Test)

Example 12 with SecurityAssertionSaml

use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.

the class SecurityAssertionSamlTest method testIsPresentlyValidBeforeNotBefore.

@Test
public void testIsPresentlyValidBeforeNotBefore() throws Exception {
    Element issuedAssertion = this.readDocument("/saml.xml").getDocumentElement();
    // Change the NotBefore Date on the SAML Assertion to be after "now"
    issuedAssertion.getElementsByTagName("saml2:Conditions").item(0).getAttributes().getNamedItem("NotBefore").setNodeValue(getNowWithOffset(1));
    SecurityAssertionSaml assertion = getSecurityAssertion(issuedAssertion);
    assertFalse(assertion.isPresentlyValid());
}
Also used : Element(org.w3c.dom.Element) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) Test(org.junit.Test)

Example 13 with SecurityAssertionSaml

use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.

the class SamlAssertionValidatorImplTest method testValidateInvalidSignature.

@Test(expected = AuthenticationFailureException.class)
public void testValidateInvalidSignature() throws Exception {
    Assertion assertion = createAssertion(false, false, "WRONG", new DateTime().minusSeconds(10));
    Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
    SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
    simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
    SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
    samlAssertionValidator.validate(samlAuthenticationToken);
}
Also used : Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) DateTime(org.joda.time.DateTime) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) Test(org.junit.Test)

Example 14 with SecurityAssertionSaml

use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.

the class SamlAssertionValidatorImplTest method testValidateIncorrectSamlVersion.

@Test(expected = AuthenticationFailureException.class)
public void testValidateIncorrectSamlVersion() throws Exception {
    org.opensaml.saml.saml1.core.Assertion assertion = new org.opensaml.saml.saml1.core.impl.AssertionBuilder().buildObject();
    Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
    SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
    simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
    SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
    samlAssertionValidator.validate(samlAuthenticationToken);
}
Also used : Element(org.w3c.dom.Element) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) Test(org.junit.Test)

Example 15 with SecurityAssertionSaml

use of ddf.security.assertion.saml.impl.SecurityAssertionSaml in project ddf by codice.

the class SamlAssertionValidatorImplTest method testValidateBearerAssertion.

@Test
public void testValidateBearerAssertion() throws Exception {
    Assertion assertion = createAssertion(true, true, ISSUER, new DateTime().plusDays(3));
    Element securityToken = SAMLUtils.getInstance().getSecurityTokenFromSAMLAssertion(samlObjectToString(assertion));
    SimplePrincipalCollection simplePrincipalCollection = new SimplePrincipalCollection();
    simplePrincipalCollection.add(new SecurityAssertionSaml(securityToken), "default");
    SAMLAuthenticationToken samlAuthenticationToken = new SAMLAuthenticationToken(simplePrincipalCollection, simplePrincipalCollection, "127.0.0.1");
    X509Certificate[] certs = { certificate };
    samlAuthenticationToken.setX509Certs(certs);
    samlAssertionValidator.validate(samlAuthenticationToken);
}
Also used : Element(org.w3c.dom.Element) Assertion(org.opensaml.saml.saml2.core.Assertion) SimplePrincipalCollection(org.apache.shiro.subject.SimplePrincipalCollection) SAMLAuthenticationToken(org.codice.ddf.security.handler.SAMLAuthenticationToken) DateTime(org.joda.time.DateTime) SecurityAssertionSaml(ddf.security.assertion.saml.impl.SecurityAssertionSaml) X509Certificate(java.security.cert.X509Certificate) Test(org.junit.Test)

Aggregations

SecurityAssertionSaml (ddf.security.assertion.saml.impl.SecurityAssertionSaml)19 Element (org.w3c.dom.Element)15 Test (org.junit.Test)14 SimplePrincipalCollection (org.apache.shiro.subject.SimplePrincipalCollection)10 SAMLAuthenticationToken (org.codice.ddf.security.handler.SAMLAuthenticationToken)9 Assertion (org.opensaml.saml.saml2.core.Assertion)6 DateTime (org.joda.time.DateTime)5 IOException (java.io.IOException)2 Principal (java.security.Principal)2 X509Certificate (java.security.cert.X509Certificate)2 Cookie (javax.servlet.http.Cookie)2 HandlerResultImpl (org.codice.ddf.security.handler.HandlerResultImpl)2 HandlerResult (org.codice.ddf.security.handler.api.HandlerResult)2 AuthenticationStatement (ddf.security.assertion.AuthenticationStatement)1 SecurityAssertion (ddf.security.assertion.SecurityAssertion)1 SecurityAssertionPrincipal (ddf.security.assertion.SecurityAssertionPrincipal)1 StringReader (java.io.StringReader)1 Instant (java.time.Instant)1 Objects (java.util.Objects)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1