use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.
the class AssertionConsumerServiceTest method setup.
@Before
public void setup() throws Exception {
MockitoAnnotations.initMocks(this);
systemCrypto = new SystemCrypto("encryption.properties", "signature.properties", encryptionService);
simpleSign = new SimpleSign(systemCrypto);
idpMetadata = new IdpMetadata();
idpMetadata.setMetadata(metadata);
// stubs
when(relayStates.encode(REQUEST_URL)).thenReturn(RELAY_STATE_VAL);
when(relayStates.decode(RELAY_STATE_VAL)).thenReturn(LOCATION);
when(principal.getName()).thenReturn(SUBJECT_NAME);
when(securityToken.getPrincipal()).thenReturn(principal);
when(principalHolder.getPrincipals()).thenReturn(null);
when(session.getAttribute(SAML_PROPERTY_KEY)).thenReturn(principalHolder);
when(session.getId()).thenReturn(SESSION_ID);
when(sessionFactory.getOrCreateSession(any(HttpServletRequest.class))).thenReturn(session);
when(httpRequest.getServerName()).thenReturn(HOST);
when(httpRequest.getRequestURL()).thenReturn(new StringBuffer(REQUEST_URL));
when(httpRequest.isSecure()).thenReturn(true);
when(securityAssertion.getToken()).thenReturn(securityToken);
List<Object> principalList = Arrays.asList(securityAssertion);
when(principalCollection.asList()).thenReturn(principalList);
when(subject.getPrincipals()).thenReturn(principalCollection);
assertionConsumerService = new AssertionConsumerService(simpleSign, idpMetadata, systemCrypto, relayStates);
assertionConsumerService.setRequest(httpRequest);
assertionConsumerService.setLoginFilter(loginFilter);
assertionConsumerService.setSessionFactory(sessionFactory);
assertionConsumerService.setContextPolicyManager(contextPolicyManager);
assertionConsumerService.setSamlSecurity(new SamlSecurity());
}
use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.
the class LogoutRequestServiceTest method testGetLogoutRequestInvalidSignature.
@Test
public void testGetLogoutRequestInvalidSignature() throws Exception {
SamlSecurity samlSecurity = new SamlSecurity();
String deflatedSamlRequest = samlSecurity.deflateAndBase64Encode(UNENCODED_SAML_REQUEST);
LogoutRequest logoutRequest = mock(LogoutRequest.class);
LogoutWrapper<LogoutRequest> requestLogoutWrapper = new LogoutWrapperImpl<>(logoutRequest);
when(logoutMessage.extractSamlLogoutRequest(eq(UNENCODED_SAML_REQUEST))).thenReturn(requestLogoutWrapper);
logoutRequestService.setLogoutMessage(logoutMessage);
LogoutRequestService lrs = new LogoutRequestService(simpleSign, idpMetadata, relayStates);
lrs.setEncryptionService(encryptionService);
lrs.setLogOutPageTimeOut(LOGOUT_PAGE_TIMEOUT);
lrs.setLogoutMessage(logoutMessage);
lrs.setRequest(request);
lrs.setSessionFactory(sessionFactory);
lrs.setSamlSecurity(samlSecurity);
lrs.init();
doReturn(new URI(redirectLogoutUrl)).when(logoutMessage).signSamlGetResponse(any(LogoutWrapper.class), any(URI.class), anyString());
insertLogoutRequest();
Response response = lrs.getLogoutRequest(deflatedSamlRequest, null, relayState, SIGNATURE_ALGORITHM, SIGNATURE);
assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
String msg = UNABLE_TO_VALIDATE_LOGOUT_REQUEST.replaceAll(" ", "+");
assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}
use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.
the class LogoutRequestServiceTest method testGetLogoutRequestNotParsable.
@Test
public void testGetLogoutRequestNotParsable() throws Exception {
SamlSecurity samlSecurity = new SamlSecurity();
String deflatedSamlRequest = samlSecurity.deflateAndBase64Encode(UNENCODED_SAML_REQUEST);
when(logoutMessage.extractSamlLogoutRequest(eq(UNENCODED_SAML_REQUEST))).thenReturn(null);
logoutRequestService.setLogoutMessage(logoutMessage);
Response response = logoutRequestService.getLogoutRequest(deflatedSamlRequest, null, relayState, SIGNATURE_ALGORITHM, SIGNATURE);
assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
String msg = LogoutRequestService.UNABLE_TO_PARSE_LOGOUT_REQUEST.replaceAll(" ", "+");
assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}
use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.
the class LogoutRequestServiceTest method testGetLogoutRequestResponse.
@Test
public void testGetLogoutRequestResponse() throws Exception {
SamlSecurity samlSecurity = new SamlSecurity();
String deflatedSamlResponse = samlSecurity.deflateAndBase64Encode(UNENCODED_SAML_RESPONSE);
LogoutResponse logoutResponse = mock(LogoutResponse.class);
when(logoutResponse.getIssueInstant()).thenReturn(new DateTime());
when(logoutResponse.getVersion()).thenReturn(SAMLVersion.VERSION_20);
when(logoutResponse.getID()).thenReturn("id");
LogoutWrapper<LogoutResponse> responseLogoutWrapper = new LogoutWrapperImpl<>(logoutResponse);
when(logoutMessage.extractSamlLogoutResponse(eq(UNENCODED_SAML_RESPONSE))).thenReturn(responseLogoutWrapper);
logoutRequestService.setLogoutMessage(logoutMessage);
doReturn(true).when(simpleSign).validateSignature(anyString(), anyString(), anyString(), anyString());
Response response = logoutRequestService.getLogoutRequest(null, deflatedSamlResponse, relayState, SIGNATURE_ALGORITHM, SIGNATURE);
initializeLogoutRequestService();
assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
assertTrue("Expected a successful logout message", response.getLocation().toString().contains("logged+out+successfully."));
}
use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.
the class LogoutRequestServiceTest method testGetLogoutRequestNoSessionIndex.
@Test
public void testGetLogoutRequestNoSessionIndex() throws Exception {
SamlSecurity samlSecurity = new SamlSecurity();
String deflatedSamlRequest = samlSecurity.deflateAndBase64Encode(UNENCODED_SAML_REQUEST);
doReturn(true).when(simpleSign).validateSignature(anyString(), anyString(), anyString(), any());
initializeLogoutRequestService();
LogoutRequest logoutRequest = mock(LogoutRequest.class);
LogoutWrapper logoutRequestWrapper = mock(LogoutWrapper.class);
doReturn(logoutRequest).when(logoutRequestWrapper).getMessage();
// No session index
doReturn(Collections.EMPTY_LIST).when(logoutRequest).getSessionIndexes();
doReturn(DateTime.now()).when(logoutRequest).getIssueInstant();
doReturn(SAMLVersion.VERSION_20).when(logoutRequest).getVersion();
doReturn(ID).when(logoutRequest).getID();
doReturn(logoutRequestWrapper).when(logoutMessage).extractSamlLogoutRequest(eq(UNENCODED_SAML_REQUEST));
LogoutResponse logoutResponse = mock(LogoutResponse.class);
LogoutWrapper<LogoutResponse> responseLogoutWrapper = new LogoutWrapperImpl<>(logoutResponse);
when(logoutMessage.buildLogoutResponse(anyString(), anyString(), anyString())).thenReturn(responseLogoutWrapper);
when(logoutMessage.signSamlGetResponse(any(LogoutWrapper.class), any(URI.class), anyString())).thenReturn(new URI(redirectLogoutUrl));
logoutRequestService.setLogoutMessage(logoutMessage);
Response response = logoutRequestService.getLogoutRequest(deflatedSamlRequest, null, relayState, SIGNATURE_ALGORITHM, SIGNATURE);
assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
assertTrue("Expected logout url of " + redirectLogoutUrl, response.getEntity().toString().contains(redirectLogoutUrl));
}
Aggregations