Example 11 with SamlSecurity
use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.
the class LogoutRequestServiceTest method testGetLogoutRequestResponseInvalidSignature.
@Test
public void testGetLogoutRequestResponseInvalidSignature() throws Exception {
SamlSecurity samlSecurity = new SamlSecurity();
String deflatedSamlResponse = samlSecurity.deflateAndBase64Encode(UNENCODED_SAML_RESPONSE);
LogoutResponse logoutResponse = mock(LogoutResponse.class);
LogoutWrapper<LogoutResponse> responseLogoutWrapper = new LogoutWrapperImpl<>(logoutResponse);
when(logoutMessage.extractSamlLogoutResponse(eq(UNENCODED_SAML_RESPONSE))).thenReturn(responseLogoutWrapper);
logoutRequestService.setLogoutMessage(logoutMessage);
LogoutRequestService lrs = new LogoutRequestService(simpleSign, idpMetadata, relayStates);
lrs.setEncryptionService(encryptionService);
lrs.setLogOutPageTimeOut(LOGOUT_PAGE_TIMEOUT);
lrs.setLogoutMessage(logoutMessage);
lrs.setRequest(request);
lrs.setSessionFactory(sessionFactory);
lrs.setSamlSecurity(samlSecurity);
lrs.init();
Response response = lrs.getLogoutRequest(null, deflatedSamlResponse, relayState, SIGNATURE_ALGORITHM, SIGNATURE);
assertEquals(Response.Status.SEE_OTHER.getStatusCode(), response.getStatus());
String msg = "Unable to validate".replaceAll(" ", "+");
assertTrue("Expected message containing " + msg, response.getLocation().getQuery().contains(msg));
}
Also used :
Response(javax.ws.rs.core.Response)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
LogoutWrapperImpl(ddf.security.samlp.impl.LogoutWrapperImpl)
LogoutResponse(org.opensaml.saml.saml2.core.LogoutResponse)
CoreMatchers.containsString(org.hamcrest.CoreMatchers.containsString)
ArgumentMatchers.anyString(org.mockito.ArgumentMatchers.anyString)
SamlSecurity(org.codice.ddf.security.jaxrs.impl.SamlSecurity)
Test(org.junit.Test)
Example 12 with SamlSecurity
use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.
the class LogoutMessageImpl method signSamlGet.
private URI signSamlGet(LogoutWrapper samlObject, URI target, String relayState, String requestType) throws LogoutSecurityException, SignatureException, IOException {
try {
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
SamlSecurity samlSecurity = new SamlSecurity();
String encodedResponse = URLEncoder.encode(samlSecurity.deflateAndBase64Encode(DOM2Writer.nodeToString(OpenSAMLUtil.toDom((XMLObject) samlObject.getMessage(), doc, false))), "UTF-8");
String requestToSign = String.format("%s=%s&%s=%s", requestType, encodedResponse, SSOConstants.RELAY_STATE, relayState);
UriBuilder uriBuilder = UriBuilder.fromUri(target);
uriBuilder.queryParam(requestType, encodedResponse);
uriBuilder.queryParam(SSOConstants.RELAY_STATE, relayState);
new SimpleSign(systemCrypto).signUriString(requestToSign, uriBuilder);
return uriBuilder.build();
} catch (WSSecurityException e) {
throw new LogoutSecurityException(e);
}
}
Also used :
XMLObject(org.opensaml.core.xml.XMLObject)
WSSecurityException(org.apache.wss4j.common.ext.WSSecurityException)
Document(org.w3c.dom.Document)
SamlSecurity(org.codice.ddf.security.jaxrs.impl.SamlSecurity)
UriBuilder(javax.ws.rs.core.UriBuilder)
LogoutSecurityException(ddf.security.samlp.LogoutSecurityException)
Example 13 with SamlSecurity
use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.
the class PaosInInterceptorTest method getHttpUnsuccessfulResponseHandlerHeaderTest.
@Test
public void getHttpUnsuccessfulResponseHandlerHeaderTest() throws IOException {
Message message = new MessageImpl();
message.put(Message.HTTP_REQUEST_METHOD, "GET");
HashMap<String, List> protocolHeaders = new HashMap<>();
message.put(Message.PROTOCOL_HEADERS, protocolHeaders);
protocolHeaders.put("X-Custom-Header", Collections.singletonList("Custom"));
PaosInInterceptor paosInInterceptor = spy(new PaosInInterceptor(Phase.RECEIVE, new SamlSecurity()));
doReturn(true).when(paosInInterceptor).isRedirect(any(HttpRequest.class), any(HttpResponse.class), any(String.class));
GenericUrl url = new GenericUrl("https://localhost:8993/PAOSConsumer");
HttpRequest request = new MockHttpTransport().createRequestFactory().buildGetRequest(url);
request.getUrl().set("url", "https://localhost:8993/PAOSConsumer");
// Using request.execute to create an HttpResponse since it's final and cannot be mocked
HttpResponse response = request.execute();
response.getHeaders().setLocation("https://localhost:8993/PAOSConsumer");
response.getHeaders().set("set-cookie", Collections.singletonList("cookie"));
HttpUnsuccessfulResponseHandler responseHandler = paosInInterceptor.getHttpUnsuccessfulResponseHandler(message);
boolean returned = responseHandler.handleResponse(request, response, true);
assertThat(returned, is(true));
// HttpHeaders ignores header case
assertThat(request.getHeaders().containsKey("x-custom-header"), is(true));
assertThat(request.getHeaders().get("x-custom-header"), is(Collections.singletonList("Custom")));
}
Also used :
HttpRequest(com.google.api.client.http.HttpRequest)
MockHttpTransport(com.google.api.client.testing.http.MockHttpTransport)
Message(org.apache.cxf.message.Message)
HashMap(java.util.HashMap)
HttpResponse(com.google.api.client.http.HttpResponse)
HttpUnsuccessfulResponseHandler(com.google.api.client.http.HttpUnsuccessfulResponseHandler)
GenericUrl(com.google.api.client.http.GenericUrl)
ImmutableList(com.google.common.collect.ImmutableList)
List(java.util.List)
SamlSecurity(org.codice.ddf.security.jaxrs.impl.SamlSecurity)
MessageImpl(org.apache.cxf.message.MessageImpl)
Test(org.junit.Test)
Example 14 with SamlSecurity
use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.
the class PaosInInterceptorTest method handleMessagePaosResponseBasicBad.
@Test(expected = Fault.class)
public void handleMessagePaosResponseBasicBad() throws IOException {
Message message = new MessageImpl();
message.setContent(InputStream.class, PaosInInterceptorTest.class.getClassLoader().getResource("ecprequest.xml").openStream());
message.put(Message.CONTENT_TYPE, "application/vnd.paos+xml");
Message outMessage = new MessageImpl();
HashMap<String, List> protocolHeaders = new HashMap<>();
outMessage.put(Message.PROTOCOL_HEADERS, protocolHeaders);
outMessage.put(Message.HTTP_REQUEST_METHOD, "GET");
protocolHeaders.put("Authorization", Collections.singletonList("BASIC dGVzdDp0ZXN0"));
ExchangeImpl exchange = new ExchangeImpl();
exchange.setOutMessage(outMessage);
message.setExchange(exchange);
PaosInInterceptor paosInInterceptor = new PaosInInterceptor(Phase.RECEIVE, new SamlSecurity()) {
HttpResponseWrapper getHttpResponse(String responseConsumerURL, String soapResponse, Message message) throws IOException {
HttpResponseWrapper httpResponseWrapper = new HttpResponseWrapper();
if (responseConsumerURL.equals("https://sp.example.org/PAOSConsumer")) {
httpResponseWrapper.statusCode = 400;
httpResponseWrapper.content = new ByteArrayInputStream("actual content".getBytes());
} else if (responseConsumerURL.equals("https://idp.example.org/saml2/sso")) {
httpResponseWrapper.statusCode = 200;
httpResponseWrapper.content = PaosInInterceptorTest.class.getClassLoader().getResource("idpresponse.xml").openStream();
}
return httpResponseWrapper;
}
};
paosInInterceptor.handleMessage(message);
}
Also used :
Message(org.apache.cxf.message.Message)
HashMap(java.util.HashMap)
ByteArrayInputStream(java.io.ByteArrayInputStream)
ImmutableList(com.google.common.collect.ImmutableList)
List(java.util.List)
SamlSecurity(org.codice.ddf.security.jaxrs.impl.SamlSecurity)
MessageImpl(org.apache.cxf.message.MessageImpl)
ExchangeImpl(org.apache.cxf.message.ExchangeImpl)
Test(org.junit.Test)
Example 15 with SamlSecurity
use of org.codice.ddf.security.jaxrs.impl.SamlSecurity in project ddf by codice.
the class PaosInInterceptorTest method handleMessagePaosResponseBasicNoIdp.
@Test(expected = Fault.class)
public void handleMessagePaosResponseBasicNoIdp() throws IOException {
Message message = new MessageImpl();
message.setContent(InputStream.class, PaosInInterceptorTest.class.getClassLoader().getResource("ecprequest_noidp.xml").openStream());
message.put(Message.CONTENT_TYPE, "application/vnd.paos+xml");
Message outMessage = new MessageImpl();
HashMap<String, List> protocolHeaders = new HashMap<>();
outMessage.put(Message.PROTOCOL_HEADERS, protocolHeaders);
outMessage.put(Message.HTTP_REQUEST_METHOD, "GET");
protocolHeaders.put("Authorization", Collections.singletonList("BASIC dGVzdDp0ZXN0"));
ExchangeImpl exchange = new ExchangeImpl();
exchange.setOutMessage(outMessage);
message.setExchange(exchange);
PaosInInterceptor paosInInterceptor = new PaosInInterceptor(Phase.RECEIVE, new SamlSecurity());
paosInInterceptor.handleMessage(message);
}
Also used :
Message(org.apache.cxf.message.Message)
HashMap(java.util.HashMap)
ImmutableList(com.google.common.collect.ImmutableList)
List(java.util.List)
SamlSecurity(org.codice.ddf.security.jaxrs.impl.SamlSecurity)
MessageImpl(org.apache.cxf.message.MessageImpl)
ExchangeImpl(org.apache.cxf.message.ExchangeImpl)
Test(org.junit.Test)
Aggregations
SamlSecurity (org.codice.ddf.security.jaxrs.impl.SamlSecurity)16
Test (org.junit.Test)12
ArgumentMatchers.anyString (org.mockito.ArgumentMatchers.anyString)8
Response (javax.ws.rs.core.Response)7
CoreMatchers.containsString (org.hamcrest.CoreMatchers.containsString)7
LogoutResponse (org.opensaml.saml.saml2.core.LogoutResponse)7
ImmutableList (com.google.common.collect.ImmutableList)5
LogoutWrapperImpl (ddf.security.samlp.impl.LogoutWrapperImpl)5
HashMap (java.util.HashMap)5
List (java.util.List)5
Message (org.apache.cxf.message.Message)5
MessageImpl (org.apache.cxf.message.MessageImpl)5
ExchangeImpl (org.apache.cxf.message.ExchangeImpl)4
LogoutWrapper (ddf.security.samlp.LogoutWrapper)3
ByteArrayInputStream (java.io.ByteArrayInputStream)3
URI (java.net.URI)3
SecurityLogger (ddf.security.audit.SecurityLogger)2
SimpleSign (ddf.security.samlp.impl.SimpleSign)2
SystemCrypto (ddf.security.samlp.impl.SystemCrypto)2
HttpServletRequest (javax.servlet.http.HttpServletRequest)2
