Examples with SamlSecurity org.codice.ddf.security.jaxrs.impl.SamlSecurity used on opensource projects

Example 6 with SamlSecurity

use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.

the class PaosInInterceptorTest method handleMessagePaosResponseBasicGood.

@Test
public void handleMessagePaosResponseBasicGood() throws IOException {
    Message message = new MessageImpl();
    message.setContent(InputStream.class, PaosInInterceptorTest.class.getClassLoader().getResource("ecprequest.xml").openStream());
    final String testHeaderKey = "X-Test-Header";
    final String correctHeaderToBeForwarded = "correct header that needs to be forwarded";
    final String listOfIntsHeaderKey = "X-Test-IntList-Header";
    final List<Object> listOfIntsHeader = ImmutableList.of(1, 2, 3);
    message.put(Message.CONTENT_TYPE, "application/vnd.paos+xml");
    HashMap<String, List<String>> messageHeaders = new HashMap<>();
    messageHeaders.put(testHeaderKey, ImmutableList.of("original, incorrect header value"));
    message.put(Message.PROTOCOL_HEADERS, messageHeaders);
    Message outMessage = new MessageImpl();
    HashMap<String, List> protocolHeaders = new HashMap<>();
    outMessage.put(Message.PROTOCOL_HEADERS, protocolHeaders);
    outMessage.put(Message.HTTP_REQUEST_METHOD, "GET");
    protocolHeaders.put("Authorization", Collections.singletonList("BASIC dGVzdDp0ZXN0"));
    ExchangeImpl exchange = new ExchangeImpl();
    exchange.setOutMessage(outMessage);
    message.setExchange(exchange);
    PaosInInterceptor paosInInterceptor = new PaosInInterceptor(Phase.RECEIVE, new SamlSecurity()) {

        HttpResponseWrapper getHttpResponse(String responseConsumerURL, String soapResponse, Message message) throws IOException {
            HttpResponseWrapper httpResponseWrapper = new HttpResponseWrapper();
            if (responseConsumerURL.equals("https://sp.example.org/PAOSConsumer")) {
                httpResponseWrapper.statusCode = 200;
                httpResponseWrapper.content = new ByteArrayInputStream("actual content".getBytes());
                httpResponseWrapper.headers = ImmutableMap.of(testHeaderKey, (Object) ImmutableList.of(correctHeaderToBeForwarded), listOfIntsHeaderKey, listOfIntsHeader).entrySet();
            } else if (responseConsumerURL.equals("https://idp.example.org/saml2/sso")) {
                httpResponseWrapper.statusCode = 200;
                httpResponseWrapper.content = PaosInInterceptorTest.class.getClassLoader().getResource("idpresponse.xml").openStream();
            }
            return httpResponseWrapper;
        }
    };
    paosInInterceptor.handleMessage(message);
    assertThat(IOUtils.toString(message.getContent(InputStream.class)), is("actual content"));
    Map<String, List<String>> headers = (Map) message.get(Message.PROTOCOL_HEADERS);
    assertThat(headers.get(testHeaderKey), hasItem(correctHeaderToBeForwarded));
    assertThat(headers.get(listOfIntsHeaderKey), hasItems("1", "2", "3"));
}

Example 7 with SamlSecurity

use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.

the class IdpHandlerTest method setUp.

@Before
public void setUp() throws Exception {
    encryptionService = mock(EncryptionService.class);
    systemCrypto = new SystemCrypto("encryption.properties", "signature.properties", encryptionService);
    simpleSign = new SimpleSign(systemCrypto);
    idpMetadata = new IdpMetadata();
    relayStates = (RelayStates<String>) mock(RelayStates.class);
    when(relayStates.encode(anyString())).thenReturn(RELAY_STATE_VAL);
    when(relayStates.decode(RELAY_STATE_VAL)).thenReturn(LOCATION);
    httpRequest = mock(HttpServletRequest.class);
    when(httpRequest.getRequestURL()).thenReturn(new StringBuffer("https://localhost:8993"));
    when(httpRequest.getMethod()).thenReturn("GET");
    httpResponse = mock(HttpServletResponse.class);
    idpHandler = new IdpHandler(simpleSign, idpMetadata, relayStates);
    idpHandler.setSamlSecurity(new SamlSecurity());
    idpHandler.setAuthContextClasses(Arrays.asList("urn:oasis:names:tc:SAML:2.0:ac:classes:Password", "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", "urn:oasis:names:tc:SAML:2.0:ac:classes:X509", "urn:oasis:names:tc:SAML:2.0:ac:classes:TLSClient"));
    idpHandler.setSecurityLogger(mock(SecurityLogger.class));
    StringWriter writer = new StringWriter();
    InputStream inputStream = this.getClass().getResourceAsStream("/IDPmetadata.xml");
    IOUtils.copy(inputStream, writer, "UTF-8");
    metadata = writer.toString();
    idpMetadata.setMetadata(metadata);
}

Example 8 with SamlSecurity

use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.

the class LogoutRequestServiceTest method testGetLogoutRequestResponseNotParsable.

@Test
public void testGetLogoutRequestResponseNotParsable() throws Exception {
    insertLogoutRequest();
    SamlSecurity samlSecurity = new SamlSecurity();
    String deflatedSamlResponse = samlSecurity.deflateAndBase64Encode(UNENCODED_SAML_RESPONSE);
    when(logoutMessage.extractSamlLogoutResponse(eq(UNENCODED_SAML_RESPONSE))).thenReturn(null);
    logoutRequestService.setLogoutMessage(logoutMessage);
    insertLogoutRequest();
    Response response = logoutRequestService.getLogoutRequest(null, deflatedSamlResponse, relayState, SIGNATURE_ALGORITHM, SIGNATURE);
    assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
    String msg = LogoutRequestService.UNABLE_TO_PARSE_LOGOUT_RESPONSE.replaceAll(" ", "+");
    assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}

Example 9 with SamlSecurity

use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.

the class LogoutRequestServiceTest method testGetLogoutRequest.

@Test
public void testGetLogoutRequest() throws Exception {
    SamlSecurity samlSecurity = new SamlSecurity();
    String deflatedSamlRequest = samlSecurity.deflateAndBase64Encode(UNENCODED_SAML_REQUEST);
    doReturn(true).when(simpleSign).validateSignature(anyString(), anyString(), anyString(), any());
    initializeLogoutRequestService();
    insertLogoutRequest();
    LogoutResponse logoutResponse = mock(LogoutResponse.class);
    LogoutWrapper<LogoutResponse> responseLogoutWrapper = new LogoutWrapperImpl<>(logoutResponse);
    when(logoutMessage.buildLogoutResponse(anyString(), anyString(), anyString())).thenReturn(responseLogoutWrapper);
    when(logoutMessage.signSamlGetResponse(any(LogoutWrapper.class), any(URI.class), anyString())).thenReturn(new URI(redirectLogoutUrl));
    logoutRequestService.setLogoutMessage(logoutMessage);
    Response response = logoutRequestService.getLogoutRequest(deflatedSamlRequest, null, relayState, SIGNATURE_ALGORITHM, SIGNATURE);
    assertEquals(Response.Status.OK.getStatusCode(), response.getStatus());
    assertTrue("Expected logout url of " + redirectLogoutUrl, response.getEntity().toString().contains(redirectLogoutUrl));
}

Example 10 with SamlSecurity

use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.

the class LogoutRequestServiceTest method initializeLogoutRequestService.

private void initializeLogoutRequestService() {
    logoutRequestService = new LogoutRequestService(simpleSign, idpMetadata, relayStates);
    logoutRequestService.setEncryptionService(encryptionService);
    logoutRequestService.setLogOutPageTimeOut(LOGOUT_PAGE_TIMEOUT);
    logoutRequestService.setRequest(request);
    logoutRequestService.setSessionFactory(sessionFactory);
    logoutRequestService.setSamlSecurity(new SamlSecurity());
    logoutRequestService.setSecurityLogger(mock(SecurityLogger.class));
    logoutRequestService.init();
}