Example 1 with LogoutWrapper
use of ddf.security.samlp.LogoutWrapper in project ddf by codice.
the class LogoutRequestServiceTest method testGetLogoutRequestInvalidSignature.
@Test
public void testGetLogoutRequestInvalidSignature() throws Exception {
SamlSecurity samlSecurity = new SamlSecurity();
String deflatedSamlRequest = samlSecurity.deflateAndBase64Encode(UNENCODED_SAML_REQUEST);
LogoutRequest logoutRequest = mock(LogoutRequest.class);
LogoutWrapper<LogoutRequest> requestLogoutWrapper = new LogoutWrapperImpl<>(logoutRequest);
when(logoutMessage.extractSamlLogoutRequest(eq(UNENCODED_SAML_REQUEST))).thenReturn(requestLogoutWrapper);
logoutRequestService.setLogoutMessage(logoutMessage);
LogoutRequestService lrs = new LogoutRequestService(simpleSign, idpMetadata, relayStates);
lrs.setEncryptionService(encryptionService);
lrs.setLogOutPageTimeOut(LOGOUT_PAGE_TIMEOUT);
lrs.setLogoutMessage(logoutMessage);
lrs.setRequest(request);
lrs.setSessionFactory(sessionFactory);
lrs.setSamlSecurity(samlSecurity);
lrs.init();
doReturn(new URI(redirectLogoutUrl)).when(logoutMessage).signSamlGetResponse(any(LogoutWrapper.class), any(URI.class), anyString());
insertLogoutRequest();
Response response = lrs.getLogoutRequest(deflatedSamlRequest, null, relayState, SIGNATURE_ALGORITHM, SIGNATURE);
assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
String msg = UNABLE_TO_VALIDATE_LOGOUT_REQUEST.replaceAll(" ", "+");
assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}
Also used :
LogoutWrapper(ddf.security.samlp.LogoutWrapper)
Response(javax.ws.rs.core.Response)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
LogoutWrapperImpl(ddf.security.samlp.impl.LogoutWrapperImpl)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
SamlSecurity(org.codice.ddf.security.jaxrs.impl.SamlSecurity)
URI(java.net.URI)
Test(org.junit.Test)
Example 2 with LogoutWrapper
use of ddf.security.samlp.LogoutWrapper in project ddf by codice.
the class LogoutRequestServiceTest method testSoapLogoutRequestBadSignature.
@Test
public void testSoapLogoutRequestBadSignature() throws Exception {
HttpSessionInvalidator httpSessionInvalidator = mock(HttpSessionInvalidator.class);
logoutRequestService.setHttpSessionInvalidator(httpSessionInvalidator);
LogoutResponse logoutResponse = mock(LogoutResponse.class);
LogoutWrapper logoutResponseWrapper = mock(LogoutWrapper.class);
doReturn(logoutResponse).when(logoutResponseWrapper).getMessage();
doReturn(logoutResponseWrapper).when(logoutMessage).buildLogoutResponse(anyString(), anyString(), anyString());
logoutRequestService.setLogoutMessage(logoutMessage);
doThrow(SignatureException.class).when(simpleSign).validateSignature(any(Signature.class), any(Document.class));
InputStream requestStream = LogoutRequestServiceTest.class.getResourceAsStream("/SAMLSoapLogoutRequest-good.xml");
Response response = logoutRequestService.soapLogoutRequest(requestStream, null);
assertThat(response.getStatus(), is(Status.OK.getStatusCode()));
verify(httpSessionInvalidator, times(0)).invalidateSession(anyString(), any());
}
Also used :
LogoutWrapper(ddf.security.samlp.LogoutWrapper)
Response(javax.ws.rs.core.Response)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
InputStream(java.io.InputStream)
Signature(org.opensaml.xmlsec.signature.Signature)
Document(org.w3c.dom.Document)
HttpSessionInvalidator(org.codice.ddf.platform.session.api.HttpSessionInvalidator)
Test(org.junit.Test)
Example 3 with LogoutWrapper
use of ddf.security.samlp.LogoutWrapper in project ddf by codice.
the class LogoutRequestServiceTest method insertLogoutRequest.
private void insertLogoutRequest() throws XMLStreamException, LogoutSecurityException {
LogoutRequest logoutRequest = mock(LogoutRequest.class);
LogoutWrapper logoutRequestWrapper = mock(LogoutWrapper.class);
doReturn(logoutRequest).when(logoutRequestWrapper).getMessage();
SessionIndex sessionIndex = mock(SessionIndex.class);
doReturn(SESSION_INDEX).when(sessionIndex).getSessionIndex();
doReturn((Collections.singletonList(sessionIndex))).when(logoutRequest).getSessionIndexes();
doReturn(DateTime.now()).when(logoutRequest).getIssueInstant();
doReturn(SAMLVersion.VERSION_20).when(logoutRequest).getVersion();
doReturn(ID).when(logoutRequest).getID();
doReturn(logoutRequestWrapper).when(logoutMessage).extractSamlLogoutRequest(eq(UNENCODED_SAML_REQUEST));
}
Also used :
LogoutWrapper(ddf.security.samlp.LogoutWrapper)
SessionIndex(org.opensaml.saml.saml2.core.SessionIndex)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
Example 4 with LogoutWrapper
use of ddf.security.samlp.LogoutWrapper in project ddf by codice.
the class LogoutRequestServiceTest method testGetLogoutRequestNoSessionIndex.
@Test
public void testGetLogoutRequestNoSessionIndex() throws Exception {
SamlSecurity samlSecurity = new SamlSecurity();
String deflatedSamlRequest = samlSecurity.deflateAndBase64Encode(UNENCODED_SAML_REQUEST);
doReturn(true).when(simpleSign).validateSignature(anyString(), anyString(), anyString(), any());
initializeLogoutRequestService();
LogoutRequest logoutRequest = mock(LogoutRequest.class);
LogoutWrapper logoutRequestWrapper = mock(LogoutWrapper.class);
doReturn(logoutRequest).when(logoutRequestWrapper).getMessage();
// No session index
doReturn(Collections.EMPTY_LIST).when(logoutRequest).getSessionIndexes();
doReturn(DateTime.now()).when(logoutRequest).getIssueInstant();
doReturn(SAMLVersion.VERSION_20).when(logoutRequest).getVersion();
doReturn(ID).when(logoutRequest).getID();
doReturn(logoutRequestWrapper).when(logoutMessage).extractSamlLogoutRequest(eq(UNENCODED_SAML_REQUEST));
LogoutResponse logoutResponse = mock(LogoutResponse.class);
LogoutWrapper<LogoutResponse> responseLogoutWrapper = new LogoutWrapperImpl<>(logoutResponse);
when(logoutMessage.buildLogoutResponse(anyString(), anyString(), anyString())).thenReturn(responseLogoutWrapper);
when(logoutMessage.signSamlGetResponse(any(LogoutWrapper.class), any(URI.class), anyString())).thenReturn(new URI(redirectLogoutUrl));
logoutRequestService.setLogoutMessage(logoutMessage);
Response response = logoutRequestService.getLogoutRequest(deflatedSamlRequest, null, relayState, SIGNATURE_ALGORITHM, SIGNATURE);
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
assertTrue("Expected logout url of " + redirectLogoutUrl, response.getEntity().toString().contains(redirectLogoutUrl));
}
Also used :
LogoutWrapper(ddf.security.samlp.LogoutWrapper)
Response(javax.ws.rs.core.Response)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
LogoutWrapperImpl(ddf.security.samlp.impl.LogoutWrapperImpl)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
SamlSecurity(org.codice.ddf.security.jaxrs.impl.SamlSecurity)
URI(java.net.URI)
Test(org.junit.Test)
Example 5 with LogoutWrapper
use of ddf.security.samlp.LogoutWrapper in project ddf by codice.
the class LogoutRequestServiceTest method testSendLogoutRequestGetRedirectRequest.
@Test
public void testSendLogoutRequestGetRedirectRequest() throws Exception {
String encryptedNameIdWithTime = nameId + "\n" + time;
when(encryptionService.decrypt(any(String.class))).thenReturn(nameId + "\n" + time);
LogoutRequest logoutRequest = new LogoutRequestBuilder().buildObject();
LogoutWrapper<LogoutRequest> requestLogoutWrapper = new LogoutWrapperImpl<>(logoutRequest);
when(logoutMessage.buildLogoutRequest(eq(nameId), anyString(), anyList())).thenReturn(requestLogoutWrapper);
String logoutUrl = "https://www.logout.url/logout";
when(logoutMessage.signSamlGetRequest(any(LogoutWrapper.class), any(URI.class), anyString())).thenReturn(new URI(logoutUrl));
logoutRequestService.setLogoutMessage(logoutMessage);
when(relayStates.encode(nameId)).thenReturn("token");
Response response = logoutRequestService.sendLogoutRequest(encryptedNameIdWithTime);
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
assertTrue("Expected logout url of " + logoutUrl, response.getEntity().toString().contains(logoutUrl));
}
Also used :
LogoutWrapper(ddf.security.samlp.LogoutWrapper)
Response(javax.ws.rs.core.Response)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
LogoutRequestBuilder(org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder)
LogoutWrapperImpl(ddf.security.samlp.impl.LogoutWrapperImpl)
LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
URI(java.net.URI)
Test(org.junit.Test)
Aggregations
LogoutWrapper (ddf.security.samlp.LogoutWrapper)6
Response (javax.ws.rs.core.Response)5
Test (org.junit.Test)5
LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)5
LogoutWrapperImpl (ddf.security.samlp.impl.LogoutWrapperImpl)4
URI (java.net.URI)4
CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)4
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)4
LogoutRequest (org.opensaml.saml.saml2.core.LogoutRequest)4
SamlSecurity (org.codice.ddf.security.jaxrs.impl.SamlSecurity)3
InputStream (java.io.InputStream)1
HttpSessionInvalidator (org.codice.ddf.platform.session.api.HttpSessionInvalidator)1
SessionIndex (org.opensaml.saml.saml2.core.SessionIndex)1
LogoutRequestBuilder (org.opensaml.saml.saml2.core.impl.LogoutRequestBuilder)1
Signature (org.opensaml.xmlsec.signature.Signature)1
Document (org.w3c.dom.Document)1
