Search in sources :

Example 1 with SamlSecurity

use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.

the class AssertionConsumerServiceTest method setup.

@Before
public void setup() throws Exception {
    MockitoAnnotations.initMocks(this);
    systemCrypto = new SystemCrypto("encryption.properties", "signature.properties", encryptionService);
    simpleSign = new SimpleSign(systemCrypto);
    idpMetadata = new IdpMetadata();
    idpMetadata.setMetadata(metadata);
    // stubs
    when(relayStates.encode(REQUEST_URL)).thenReturn(RELAY_STATE_VAL);
    when(relayStates.decode(RELAY_STATE_VAL)).thenReturn(LOCATION);
    when(principal.getName()).thenReturn(SUBJECT_NAME);
    when(securityToken.getPrincipal()).thenReturn(principal);
    when(principalHolder.getPrincipals()).thenReturn(null);
    when(session.getAttribute(SAML_PROPERTY_KEY)).thenReturn(principalHolder);
    when(session.getId()).thenReturn(SESSION_ID);
    when(sessionFactory.getOrCreateSession(any(HttpServletRequest.class))).thenReturn(session);
    when(httpRequest.getServerName()).thenReturn(HOST);
    when(httpRequest.getRequestURL()).thenReturn(new StringBuffer(REQUEST_URL));
    when(httpRequest.isSecure()).thenReturn(true);
    when(securityAssertion.getToken()).thenReturn(securityToken);
    List<Object> principalList = Arrays.asList(securityAssertion);
    when(principalCollection.asList()).thenReturn(principalList);
    when(subject.getPrincipals()).thenReturn(principalCollection);
    assertionConsumerService = new AssertionConsumerService(simpleSign, idpMetadata, systemCrypto, relayStates);
    assertionConsumerService.setRequest(httpRequest);
    assertionConsumerService.setLoginFilter(loginFilter);
    assertionConsumerService.setSessionFactory(sessionFactory);
    assertionConsumerService.setContextPolicyManager(contextPolicyManager);
    assertionConsumerService.setSamlSecurity(new SamlSecurity());
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) SimpleSign(ddf.security.samlp.impl.SimpleSign) SystemCrypto(ddf.security.samlp.impl.SystemCrypto) SamlSecurity(org.codice.ddf.security.jaxrs.impl.SamlSecurity) Before(org.junit.Before)

Example 2 with SamlSecurity

use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.

the class LogoutRequestServiceTest method testGetLogoutRequestInvalidSignature.

@Test
public void testGetLogoutRequestInvalidSignature() throws Exception {
    SamlSecurity samlSecurity = new SamlSecurity();
    String deflatedSamlRequest = samlSecurity.deflateAndBase64Encode(UNENCODED_SAML_REQUEST);
    LogoutRequest logoutRequest = mock(LogoutRequest.class);
    LogoutWrapper<LogoutRequest> requestLogoutWrapper = new LogoutWrapperImpl<>(logoutRequest);
    when(logoutMessage.extractSamlLogoutRequest(eq(UNENCODED_SAML_REQUEST))).thenReturn(requestLogoutWrapper);
    logoutRequestService.setLogoutMessage(logoutMessage);
    LogoutRequestService lrs = new LogoutRequestService(simpleSign, idpMetadata, relayStates);
    lrs.setEncryptionService(encryptionService);
    lrs.setLogOutPageTimeOut(LOGOUT_PAGE_TIMEOUT);
    lrs.setLogoutMessage(logoutMessage);
    lrs.setRequest(request);
    lrs.setSessionFactory(sessionFactory);
    lrs.setSamlSecurity(samlSecurity);
    lrs.init();
    doReturn(new URI(redirectLogoutUrl)).when(logoutMessage).signSamlGetResponse(any(LogoutWrapper.class), any(URI.class), anyString());
    insertLogoutRequest();
    Response response = lrs.getLogoutRequest(deflatedSamlRequest, null, relayState, SIGNATURE_ALGORITHM, SIGNATURE);
    assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
    String msg = UNABLE_TO_VALIDATE_LOGOUT_REQUEST.replaceAll(" ", "+");
    assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}
Also used : LogoutWrapper(ddf.security.samlp.LogoutWrapper) Response(javax.ws.rs.core.Response) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) LogoutWrapperImpl(ddf.security.samlp.impl.LogoutWrapperImpl) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SamlSecurity(org.codice.ddf.security.jaxrs.impl.SamlSecurity) URI(java.net.URI) Test(org.junit.Test)

Example 3 with SamlSecurity

use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.

the class LogoutRequestServiceTest method testGetLogoutRequestNotParsable.

@Test
public void testGetLogoutRequestNotParsable() throws Exception {
    SamlSecurity samlSecurity = new SamlSecurity();
    String deflatedSamlRequest = samlSecurity.deflateAndBase64Encode(UNENCODED_SAML_REQUEST);
    when(logoutMessage.extractSamlLogoutRequest(eq(UNENCODED_SAML_REQUEST))).thenReturn(null);
    logoutRequestService.setLogoutMessage(logoutMessage);
    Response response = logoutRequestService.getLogoutRequest(deflatedSamlRequest, null, relayState, SIGNATURE_ALGORITHM, SIGNATURE);
    assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
    String msg = LogoutRequestService.UNABLE_TO_PARSE_LOGOUT_REQUEST.replaceAll(" ", "+");
    assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}
Also used : Response(javax.ws.rs.core.Response) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SamlSecurity(org.codice.ddf.security.jaxrs.impl.SamlSecurity) Test(org.junit.Test)

Example 4 with SamlSecurity

use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.

the class LogoutRequestServiceTest method testGetLogoutRequestResponse.

@Test
public void testGetLogoutRequestResponse() throws Exception {
    SamlSecurity samlSecurity = new SamlSecurity();
    String deflatedSamlResponse = samlSecurity.deflateAndBase64Encode(UNENCODED_SAML_RESPONSE);
    LogoutResponse logoutResponse = mock(LogoutResponse.class);
    when(logoutResponse.getIssueInstant()).thenReturn(new DateTime());
    when(logoutResponse.getVersion()).thenReturn(SAMLVersion.VERSION_20);
    when(logoutResponse.getID()).thenReturn("id");
    LogoutWrapper<LogoutResponse> responseLogoutWrapper = new LogoutWrapperImpl<>(logoutResponse);
    when(logoutMessage.extractSamlLogoutResponse(eq(UNENCODED_SAML_RESPONSE))).thenReturn(responseLogoutWrapper);
    logoutRequestService.setLogoutMessage(logoutMessage);
    doReturn(true).when(simpleSign).validateSignature(anyString(), anyString(), anyString(), anyString());
    Response response = logoutRequestService.getLogoutRequest(null, deflatedSamlResponse, relayState, SIGNATURE_ALGORITHM, SIGNATURE);
    initializeLogoutRequestService();
    assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
    assertTrue("Expected a successful logout message", response.getLocation().toString().contains("logged+out+successfully."));
}
Also used : Response(javax.ws.rs.core.Response) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) LogoutWrapperImpl(ddf.security.samlp.impl.LogoutWrapperImpl) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SamlSecurity(org.codice.ddf.security.jaxrs.impl.SamlSecurity) DateTime(org.joda.time.DateTime) Test(org.junit.Test)

Example 5 with SamlSecurity

use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.

the class LogoutRequestServiceTest method testGetLogoutRequestNoSessionIndex.

@Test
public void testGetLogoutRequestNoSessionIndex() throws Exception {
    SamlSecurity samlSecurity = new SamlSecurity();
    String deflatedSamlRequest = samlSecurity.deflateAndBase64Encode(UNENCODED_SAML_REQUEST);
    doReturn(true).when(simpleSign).validateSignature(anyString(), anyString(), anyString(), any());
    initializeLogoutRequestService();
    LogoutRequest logoutRequest = mock(LogoutRequest.class);
    LogoutWrapper logoutRequestWrapper = mock(LogoutWrapper.class);
    doReturn(logoutRequest).when(logoutRequestWrapper).getMessage();
    // No session index
    doReturn(Collections.EMPTY_LIST).when(logoutRequest).getSessionIndexes();
    doReturn(DateTime.now()).when(logoutRequest).getIssueInstant();
    doReturn(SAMLVersion.VERSION_20).when(logoutRequest).getVersion();
    doReturn(ID).when(logoutRequest).getID();
    doReturn(logoutRequestWrapper).when(logoutMessage).extractSamlLogoutRequest(eq(UNENCODED_SAML_REQUEST));
    LogoutResponse logoutResponse = mock(LogoutResponse.class);
    LogoutWrapper<LogoutResponse> responseLogoutWrapper = new LogoutWrapperImpl<>(logoutResponse);
    when(logoutMessage.buildLogoutResponse(anyString(), anyString(), anyString())).thenReturn(responseLogoutWrapper);
    when(logoutMessage.signSamlGetResponse(any(LogoutWrapper.class), any(URI.class), anyString())).thenReturn(new URI(redirectLogoutUrl));
    logoutRequestService.setLogoutMessage(logoutMessage);
    Response response = logoutRequestService.getLogoutRequest(deflatedSamlRequest, null, relayState, SIGNATURE_ALGORITHM, SIGNATURE);
    assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
    assertTrue("Expected logout url of " + redirectLogoutUrl, response.getEntity().toString().contains(redirectLogoutUrl));
}
Also used : LogoutWrapper(ddf.security.samlp.LogoutWrapper) Response(javax.ws.rs.core.Response) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) LogoutWrapperImpl(ddf.security.samlp.impl.LogoutWrapperImpl) LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse) LogoutRequest(org.opensaml.saml.saml2.core.LogoutRequest) CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString) ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString) SamlSecurity(org.codice.ddf.security.jaxrs.impl.SamlSecurity) URI(java.net.URI) Test(org.junit.Test)

Aggregations

SamlSecurity (org.codice.ddf.security.jaxrs.impl.SamlSecurity)16 Test (org.junit.Test)12 ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)8 Response (javax.ws.rs.core.Response)7 CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)7 LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)7 ImmutableList (com.google.common.collect.ImmutableList)5 LogoutWrapperImpl (ddf.security.samlp.impl.LogoutWrapperImpl)5 HashMap (java.util.HashMap)5 List (java.util.List)5 Message (org.apache.cxf.message.Message)5 MessageImpl (org.apache.cxf.message.MessageImpl)5 ExchangeImpl (org.apache.cxf.message.ExchangeImpl)4 LogoutWrapper (ddf.security.samlp.LogoutWrapper)3 ByteArrayInputStream (java.io.ByteArrayInputStream)3 URI (java.net.URI)3 SecurityLogger (ddf.security.audit.SecurityLogger)2 SimpleSign (ddf.security.samlp.impl.SimpleSign)2 SystemCrypto (ddf.security.samlp.impl.SystemCrypto)2 HttpServletRequest (javax.servlet.http.HttpServletRequest)2