You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cxf.apache.org by co...@apache.org on 2017/02/13 11:36:19 UTC
[03/18] cxf-fediz git commit: Whitespace cleanup
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
----------------------------------------------------------------------
diff --git a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
index c805467..556e966 100644
--- a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
+++ b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java
@@ -82,13 +82,13 @@ public class OIDCTest {
static String idpHttpsPort;
static String rpHttpsPort;
-
+
private static Tomcat idpServer;
private static Tomcat rpServer;
-
+
private static String storedClientId;
private static String storedClient2Id;
-
+
@BeforeClass
public static void init() throws Exception {
System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog");
@@ -98,8 +98,8 @@ public class OIDCTest {
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info");
System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info");
- System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
-
+ System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info");
+
idpHttpsPort = System.getProperty("idp.https.port");
Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort);
rpHttpsPort = System.getProperty("rp.https.port");
@@ -107,11 +107,11 @@ public class OIDCTest {
idpServer = startServer(true, idpHttpsPort);
rpServer = startServer(false, rpHttpsPort);
-
+
loginToClientsPage(rpHttpsPort, idpHttpsPort);
}
-
- private static Tomcat startServer(boolean idp, String port)
+
+ private static Tomcat startServer(boolean idp, String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -146,13 +146,13 @@ public class OIDCTest {
if (idp) {
File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts");
server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath());
-
+
File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp");
server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath());
} else {
File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-oidc");
Context cxt = server.addWebapp("/fediz-oidc", rpWebapp.getAbsolutePath());
-
+
// Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem
// to work
File f = new File(currentDir + "/src/test/resources/fediz_config.xml");
@@ -161,13 +161,13 @@ public class OIDCTest {
inputStream.close();
if (content.contains("idp.https.port")) {
content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort);
-
+
File f2 = new File(baseDir + "/test-classes/fediz_config.xml");
try (FileOutputStream outputStream = new FileOutputStream(f2)) {
IOUtils.write(content, outputStream, "UTF-8");
}
}
-
+
FederationAuthenticator fa = new FederationAuthenticator();
fa.setConfigFile(currentDir + File.separator + "target" + File.separator
+ "test-classes" + File.separator + "fediz_config.xml");
@@ -178,7 +178,7 @@ public class OIDCTest {
return server;
}
-
+
@AfterClass
public static void cleanup() throws Exception {
try {
@@ -188,7 +188,7 @@ public class OIDCTest {
shutdownServer(rpServer);
}
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -210,38 +210,38 @@ public class OIDCTest {
public String getRpHttpsPort() {
return rpHttpsPort;
}
-
+
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
// Runs as BeforeClass: Login to the OIDC Clients page + create two new clients
private static void loginToClientsPage(String rpPort, String idpPort) throws Exception {
String url = "https://localhost:" + rpPort + "/fediz-oidc/console/clients";
String user = "alice";
String password = "ecila";
-
+
// Login to the client page successfully
WebClient webClient = setupWebClient(user, password, idpPort);
HtmlPage loginPage = login(url, webClient);
final String bodyTextContent = loginPage.getBody().getTextContent();
Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
-
+
// Now try to register a new client
- HtmlPage registeredClientPage =
+ HtmlPage registeredClientPage =
registerNewClient(webClient, url, "new-client", "https://127.0.0.1",
"https://cxf.apache.org");
String registeredClientPageBody = registeredClientPage.getBody().getTextContent();
Assert.assertTrue(registeredClientPageBody.contains("Registered Clients"));
Assert.assertTrue(registeredClientPageBody.contains("new-client"));
Assert.assertTrue(registeredClientPageBody.contains("https://127.0.0.1"));
-
+
HtmlTable table = registeredClientPage.getHtmlElementById("registered_clients");
storedClientId = table.getCellAt(1, 1).asText().trim();
Assert.assertNotNull(storedClientId);
-
+
// Try to register another new client
- registeredClientPage =
+ registeredClientPage =
registerNewClient(webClient, url, "new-client2", "https://127.0.1.1",
"https://ws.apache.org");
registeredClientPageBody = registeredClientPage.getBody().getTextContent();
@@ -250,24 +250,24 @@ public class OIDCTest {
Assert.assertTrue(registeredClientPageBody.contains("https://127.0.0.1"));
Assert.assertTrue(registeredClientPageBody.contains("new-client2"));
Assert.assertTrue(registeredClientPageBody.contains("https://127.0.1.1"));
-
+
table = registeredClientPage.getHtmlElementById("registered_clients");
storedClient2Id = table.getCellAt(2, 1).asText().trim();
if (storedClient2Id.equals(storedClientId)) {
storedClient2Id = table.getCellAt(1, 1).asText().trim();
}
Assert.assertNotNull(storedClient2Id);
-
+
webClient.close();
}
-
+
private static HtmlPage registerNewClient(WebClient webClient, String url,
String clientName, String redirectURI,
String clientAudience) throws Exception {
HtmlPage registerPage = webClient.getPage(url + "/register");
-
+
final HtmlForm form = registerPage.getForms().get(0);
-
+
// Set new client values
final HtmlTextInput clientNameInput = form.getInputByName("client_name");
clientNameInput.setValueAttribute(clientName);
@@ -281,113 +281,113 @@ public class OIDCTest {
final HtmlButton button = form.getButtonByName("submit_button");
return button.click();
}
-
+
// Runs as AfterClass: Login to the OIDC Clients page + delete the created clients!
private static void loginToClientsPageAndDeleteClient(String rpPort, String idpPort) throws Exception {
String url = "https://localhost:" + rpPort + "/fediz-oidc/console/clients";
String user = "alice";
String password = "ecila";
-
+
// Login to the client page successfully
WebClient webClient = setupWebClient(user, password, idpPort);
HtmlPage loginPage = login(url, webClient);
final String bodyTextContent = loginPage.getBody().getTextContent();
Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
-
+
// Get the client identifier
HtmlTable table = loginPage.getHtmlElementById("registered_clients");
String clientId = table.getCellAt(1, 1).asText().trim();
Assert.assertNotNull(clientId);
String clientId2 = table.getCellAt(2, 1).asText().trim();
Assert.assertNotNull(clientId2);
-
+
// Now go to the specific client page
HtmlPage registeredClientsPage = deleteClient(webClient, url, clientId);
// Check we have one more registered clients
table = registeredClientsPage.getHtmlElementById("registered_clients");
Assert.assertEquals(2, table.getRowCount());
-
+
// Now delete the other client
registeredClientsPage = deleteClient(webClient, url, clientId2);
// Check we have no more registered clients
table = registeredClientsPage.getHtmlElementById("registered_clients");
Assert.assertEquals(1, table.getRowCount());
-
+
webClient.close();
}
-
+
private static HtmlPage deleteClient(WebClient webClient, String url, String clientId) throws Exception {
HtmlPage clientPage = webClient.getPage(url + "/" + clientId);
-
+
final HtmlForm deleteForm = clientPage.getFormByName("deleteForm");
Assert.assertNotNull(deleteForm);
-
+
// Delete the client
final HtmlButton button = deleteForm.getButtonByName("submit_delete_button");
return button.click();
}
-
+
// Test that we managed to create the clients ok
@org.junit.Test
public void testCreatedClients() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
String user = "alice";
String password = "ecila";
-
+
// Login to the client page successfully
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
HtmlPage loginPage = login(url, webClient);
final String bodyTextContent = loginPage.getBody().getTextContent();
Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
-
+
// Get the new client identifier
HtmlTable table = loginPage.getHtmlElementById("registered_clients");
-
+
// 2 clients
Assert.assertEquals(table.getRows().size(), 3);
-
+
// Now check the first client
String clientId = table.getCellAt(1, 1).asText().trim();
Assert.assertNotNull(clientId);
-
+
// Check the Date
String date = table.getCellAt(1, 2).asText().trim();
SimpleDateFormat dateFormat = new SimpleDateFormat("dd MMM yyyy", Locale.US);
dateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
Assert.assertEquals(dateFormat.format(new Date()), date);
-
+
// Check the redirect URI
String redirectURI = table.getCellAt(1, 3).asText().trim();
Assert.assertTrue("https://127.0.0.1".equals(redirectURI)
|| "https://127.0.1.1".equals(redirectURI));
-
+
// Now check the specific client page
HtmlPage clientPage = webClient.getPage(url + "/" + clientId);
HtmlTable clientTable = clientPage.getHtmlElementById("client");
Assert.assertEquals(clientId, clientTable.getCellAt(1, 0).asText().trim());
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testOIDCLoginForClient1() throws Exception {
-
+
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
url += "client_id=" + storedClientId;
url += "&response_type=code";
url += "&scope=openid";
String user = "alice";
String password = "ecila";
-
+
// Login to the OIDC token endpoint + get the authorization code
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
Assert.assertNotNull(authorizationCode);
-
+
// Now use the code to get an IdToken
-
+
url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
@@ -395,7 +395,7 @@ public class OIDCTest {
request.getRequestParameters().add(new NameValuePair("client_id", storedClientId));
request.getRequestParameters().add(new NameValuePair("grant_type", "authorization_code"));
request.getRequestParameters().add(new NameValuePair("code", authorizationCode));
-
+
webClient.getOptions().setJavaScriptEnabled(false);
final UnexpectedPage responsePage = webClient.getPage(request);
String response = responsePage.getWebResponse().getContentAsString();
@@ -404,27 +404,27 @@ public class OIDCTest {
String idToken = getIdToken(response);
Assert.assertNotNull(idToken);
validateIdToken(idToken, storedClientId);
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testOIDCLoginForClient2() throws Exception {
-
+
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
url += "client_id=" + storedClient2Id;
url += "&response_type=code";
url += "&scope=openid";
String user = "alice";
String password = "ecila";
-
+
// Login to the OIDC token endpoint + get the authorization code
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
Assert.assertNotNull(authorizationCode);
-
+
// Now use the code to get an IdToken
-
+
url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
@@ -432,7 +432,7 @@ public class OIDCTest {
request.getRequestParameters().add(new NameValuePair("client_id", storedClient2Id));
request.getRequestParameters().add(new NameValuePair("grant_type", "authorization_code"));
request.getRequestParameters().add(new NameValuePair("code", authorizationCode));
-
+
webClient.getOptions().setJavaScriptEnabled(false);
final UnexpectedPage responsePage = webClient.getPage(request);
String response = responsePage.getWebResponse().getContentAsString();
@@ -441,10 +441,10 @@ public class OIDCTest {
String idToken = getIdToken(response);
Assert.assertNotNull(idToken);
validateIdToken(idToken, storedClient2Id);
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testUsingCodeForOtherClient() throws Exception {
// Get the code for the first client
@@ -454,12 +454,12 @@ public class OIDCTest {
url += "&scope=openid";
String user = "alice";
String password = "ecila";
-
+
// Login to the OIDC token endpoint + get the authorization code
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
Assert.assertNotNull(authorizationCode);
-
+
// Now try and get a token for the second client
url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
@@ -468,7 +468,7 @@ public class OIDCTest {
request.getRequestParameters().add(new NameValuePair("client_id", storedClient2Id));
request.getRequestParameters().add(new NameValuePair("grant_type", "authorization_code"));
request.getRequestParameters().add(new NameValuePair("code", authorizationCode));
-
+
webClient.getOptions().setJavaScriptEnabled(false);
try {
webClient.getPage(request);
@@ -477,48 +477,48 @@ public class OIDCTest {
// expected
}
}
-
+
@org.junit.Test
public void testBadClientId() throws Exception {
-
+
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
url += "client_id=" + storedClientId + 2;
url += "&response_type=code";
url += "&scope=openid";
String user = "alice";
String password = "ecila";
-
+
// Login to the OIDC token endpoint + get the authorization code
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
-
+
String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
Assert.assertNull(authorizationCode);
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testEmptyClientId() throws Exception {
-
+
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
url += "client_id=";
url += "&response_type=code";
url += "&scope=openid";
String user = "alice";
String password = "ecila";
-
+
// Login to the OIDC token endpoint + get the authorization code
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
-
+
String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
Assert.assertNull(authorizationCode);
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testIncorrectRedirectURI() throws Exception {
-
+
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?";
url += "client_id=" + storedClientId;
url += "&response_type=code";
@@ -526,28 +526,28 @@ public class OIDCTest {
url += "&redirect_uri=https://127.0.0.5";
String user = "alice";
String password = "ecila";
-
+
// Login to the OIDC token endpoint + get the authorization code
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
-
+
String authorizationCode = loginAndGetAuthorizationCode(url, webClient);
Assert.assertNull(authorizationCode);
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testCreateClientWithInvalidRegistrationURI() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
String user = "alice";
String password = "ecila";
-
+
// Login to the client page successfully
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
HtmlPage loginPage = login(url, webClient);
final String bodyTextContent = loginPage.getBody().getTextContent();
Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
-
+
// Now try to register a new client
try {
HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1//",
@@ -556,22 +556,22 @@ public class OIDCTest {
} catch (Exception ex) {
// expected
}
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testCreateClientWithRegistrationURIFragment() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
String user = "alice";
String password = "ecila";
-
+
// Login to the client page successfully
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
HtmlPage loginPage = login(url, webClient);
final String bodyTextContent = loginPage.getBody().getTextContent();
Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
-
+
// Now try to register a new client
try {
HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1#fragment",
@@ -580,22 +580,22 @@ public class OIDCTest {
} catch (Exception ex) {
// expected
}
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testCreateClientWithInvalidAudienceURI() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
String user = "alice";
String password = "ecila";
-
+
// Login to the client page successfully
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
HtmlPage loginPage = login(url, webClient);
final String bodyTextContent = loginPage.getBody().getTextContent();
Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
-
+
// Now try to register a new client
try {
HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1/",
@@ -604,22 +604,22 @@ public class OIDCTest {
} catch (Exception ex) {
// expected
}
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testCreateClientWithAudienceURIFragment() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients";
String user = "alice";
String password = "ecila";
-
+
// Login to the client page successfully
WebClient webClient = setupWebClient(user, password, getIdpHttpsPort());
HtmlPage loginPage = login(url, webClient);
final String bodyTextContent = loginPage.getBody().getTextContent();
Assert.assertTrue(bodyTextContent.contains("Registered Clients"));
-
+
// Now try to register a new client
try {
HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1",
@@ -628,10 +628,10 @@ public class OIDCTest {
} catch (Exception ex) {
// expected
}
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testClientCredentialsSTS() throws Exception {
String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token";
@@ -641,7 +641,7 @@ public class OIDCTest {
request.getRequestParameters().add(new NameValuePair("client_id", "alice"));
request.getRequestParameters().add(new NameValuePair("client_secret", "ecila"));
request.getRequestParameters().add(new NameValuePair("grant_type", "client_credentials"));
-
+
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.getOptions().setJavaScriptEnabled(false);
@@ -649,10 +649,10 @@ public class OIDCTest {
String response = responsePage.getWebResponse().getContentAsString();
Assert.assertTrue(response.contains("access_token"));
-
+
webClient.close();
}
-
+
private static WebClient setupWebClient(String user, String password, String idpPort) {
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
@@ -661,10 +661,10 @@ public class OIDCTest {
new UsernamePasswordCredentials(user, password));
webClient.getOptions().setJavaScriptEnabled(false);
-
+
return webClient;
}
-
+
private static HtmlPage login(String url, WebClient webClient) throws IOException {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
@@ -681,7 +681,7 @@ public class OIDCTest {
break;
}
}
- Assert.assertTrue(wresult != null
+ Assert.assertTrue(wresult != null
&& wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:bearer"));
final HtmlForm form = idpPage.getFormByName("signinresponseform");
@@ -689,7 +689,7 @@ public class OIDCTest {
return button.click();
}
-
+
private static String loginAndGetAuthorizationCode(
String url, WebClient webClient
) throws Exception {
@@ -697,7 +697,7 @@ public class OIDCTest {
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
String wresult = null;
@@ -707,7 +707,7 @@ public class OIDCTest {
break;
}
}
- Assert.assertTrue(wresult != null
+ Assert.assertTrue(wresult != null
&& wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:bearer"));
final HtmlForm form = idpPage.getFormByName("signinresponseform");
@@ -716,7 +716,7 @@ public class OIDCTest {
// Bit of a hack here to get the authorization code - necessary as HtmlUnit tries
// to follow the server redirect to "https://127.0.0.1" - the redirect URI
CodeWebConnectionWrapper wrapper = new CodeWebConnectionWrapper(webClient);
-
+
try {
button.click();
} catch (Throwable t) {
@@ -726,10 +726,10 @@ public class OIDCTest {
wrapper.close();
return wrapper.getCode();
}
-
+
private String getIdToken(String parentString) {
String foundString =
- parentString.substring(parentString.indexOf("id_token")
+ parentString.substring(parentString.indexOf("id_token")
+ ("id_token" + "\":\"").length());
int ampersandIndex = foundString.indexOf('\"');
if (ampersandIndex < 1) {
@@ -737,7 +737,7 @@ public class OIDCTest {
}
return foundString.substring(0, ampersandIndex);
}
-
+
private void validateIdToken(String idToken, String audience)
throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken);
@@ -755,32 +755,32 @@ public class OIDCTest {
Certificate cert = keystore.getCertificate("alice");
Assert.assertNotNull(cert);
- Assert.assertTrue(jwtConsumer.verifySignatureWith((X509Certificate)cert,
+ Assert.assertTrue(jwtConsumer.verifySignatureWith((X509Certificate)cert,
SignatureAlgorithm.RS256));
}
-
+
private static class CodeWebConnectionWrapper extends WebConnectionWrapper {
private String code;
-
+
CodeWebConnectionWrapper(WebClient webClient) throws IllegalArgumentException {
super(webClient);
}
-
+
public WebResponse getResponse(WebRequest request) throws IOException {
WebResponse response = super.getResponse(request);
String location = response.getResponseHeaderValue("Location");
if (location != null && location.contains("code=")) {
code = getSubstring(location, "code");
}
-
+
return response;
}
-
+
public String getCode() {
return code;
}
-
+
private String getSubstring(String parentString, String substringName) {
String foundString =
parentString.substring(parentString.indexOf(substringName + "=") + (substringName + "=").length());
http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
----------------------------------------------------------------------
diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
index 00a8b78..9e0a4f9 100644
--- a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
+++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java
@@ -118,7 +118,7 @@ public class IdpTest {
WSSConfig.init();
}
- private static Tomcat startServer(String port)
+ private static Tomcat startServer(String port)
throws ServletException, LifecycleException, IOException {
Tomcat server = new Tomcat();
server.setPort(0);
@@ -161,7 +161,7 @@ public class IdpTest {
public static void cleanup() {
shutdownServer(idpServer);
}
-
+
private static void shutdownServer(Tomcat server) {
try {
if (server != null && server.getServer() != null
@@ -187,7 +187,7 @@ public class IdpTest {
public String getServletContextName() {
return "fedizhelloworld";
}
-
+
//
// Successful tests
//
@@ -195,20 +195,20 @@ public class IdpTest {
@org.junit.Test
public void testBrowser() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -218,9 +218,9 @@ public class IdpTest {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
-
+
System.out.println("URL: " + url);
-
+
Thread.sleep(60 * 1000);
}
@@ -228,20 +228,20 @@ public class IdpTest {
@org.junit.Test
public void testSuccessfulInvokeOnIdP() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -265,12 +265,12 @@ public class IdpTest {
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
@@ -282,26 +282,26 @@ public class IdpTest {
webClient.close();
}
-
+
@org.junit.Test
public void testSuccessfulInvokeOnIdPUsingPOST() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
-
+
// Don't inflate the token...
String requestMessage = DOM2Writer.nodeToString(authnRequestElement);
String authnRequestEncoded = Base64Utility.encode(requestMessage.getBytes("UTF-8"));
@@ -319,24 +319,24 @@ public class IdpTest {
new UsernamePasswordCredentials(user, password));
webClient.getOptions().setJavaScriptEnabled(false);
-
+
WebRequest request = new WebRequest(new URL(url), HttpMethod.POST);
request.setRequestParameters(new ArrayList<NameValuePair>());
request.getRequestParameters().add(new NameValuePair(SSOConstants.RELAY_STATE, relayState));
request.getRequestParameters().add(new NameValuePair(SSOConstants.SAML_REQUEST, authnRequestEncoded));
-
+
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(request);
-
+
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
@@ -348,52 +348,52 @@ public class IdpTest {
webClient.close();
}
-
+
@org.junit.Test
public void testSeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
String relayState = UUID.randomUUID().toString();
-
+
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
-
+
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
-
+
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
-
+
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState;
- requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name());
-
+
signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
byte[] signBytes = signature.sign();
-
+
String encodedSignature = Base64.encode(signBytes);
-
+
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
@@ -412,12 +412,12 @@ public class IdpTest {
final HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
@@ -429,24 +429,24 @@ public class IdpTest {
webClient.close();
}
-
+
@org.junit.Test
public void testSuccessfulSSOInvokeOnIdP() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -463,7 +463,7 @@ public class IdpTest {
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.addRequestHeader("Authorization", "Basic " + Base64.encode((user + ":" + password).getBytes()));
-
+
//
// First invocation
//
@@ -472,12 +472,12 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
@@ -486,23 +486,23 @@ public class IdpTest {
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
-
+
//
// Second invocation - change the credentials to make sure the session is set up correctly
//
-
+
webClient.removeRequestHeader("Authorization");
webClient.addRequestHeader("Authorization", "Basic " + Base64.encode(("mallory" + ":" + password).getBytes()));
-
+
webClient.getOptions().setJavaScriptEnabled(false);
idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
claim = ClaimTypes.FIRSTNAME.toString();
@@ -514,25 +514,25 @@ public class IdpTest {
webClient.close();
}
-
+
@org.junit.Test
public void testSuccessfulSSOInvokeOnIdPWithForceAuthn() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setForceAuthn(Boolean.TRUE);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -542,7 +542,7 @@ public class IdpTest {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
-
+
String user = "alice";
String password = "ecila";
@@ -553,7 +553,7 @@ public class IdpTest {
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(user, password));
-
+
//
// First invocation
//
@@ -562,12 +562,12 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
@@ -576,20 +576,20 @@ public class IdpTest {
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
-
+
//
// Second invocation
//
-
+
webClient.getOptions().setJavaScriptEnabled(false);
idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
claim = ClaimTypes.FIRSTNAME.toString();
@@ -598,80 +598,80 @@ public class IdpTest {
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
-
+
webClient.close();
-
+
//
// Third invocation - create a new WebClient with no credentials (but with the same CookieManager)
// ...this should fail
//
-
+
WebClient newWebClient = new WebClient();
newWebClient.setCookieManager(cookieManager);
newWebClient.getOptions().setUseInsecureSSL(true);
newWebClient.getOptions().setJavaScriptEnabled(false);
-
+
try {
newWebClient.getPage(url);
Assert.fail("Failure expected on no credentials");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 401);
}
-
+
newWebClient.close();
}
-
+
@org.junit.Test
public void testSuccessfulSSOInvokeOnIdPWithForceAuthnSeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setForceAuthn(Boolean.TRUE);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
String relayState = UUID.randomUUID().toString();
-
+
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
-
+
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
-
+
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
-
+
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState;
- requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name());
-
+
signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
byte[] signBytes = signature.sign();
-
+
String encodedSignature = Base64.encode(signBytes);
-
+
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
url += "&" + SSOConstants.SIGNATURE + "=" + URLEncoder.encode(encodedSignature, StandardCharsets.UTF_8.name());
-
+
String user = "alice";
String password = "ecila";
@@ -682,7 +682,7 @@ public class IdpTest {
webClient.getCredentialsProvider().setCredentials(
new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
new UsernamePasswordCredentials(user, password));
-
+
//
// First invocation
//
@@ -691,12 +691,12 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
@@ -705,20 +705,20 @@ public class IdpTest {
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
-
+
//
// Second invocation
//
-
+
webClient.getOptions().setJavaScriptEnabled(false);
idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
claim = ClaimTypes.FIRSTNAME.toString();
@@ -729,48 +729,48 @@ public class IdpTest {
Assert.assertTrue(parsedResponse.contains(claim));
webClient.close();
-
+
//
// Third invocation - create a new WebClient with no credentials (but with the same CookieManager)
// ...this should fail
//
-
+
WebClient newWebClient = new WebClient();
newWebClient.setCookieManager(cookieManager);
newWebClient.getOptions().setUseInsecureSSL(true);
newWebClient.getOptions().setJavaScriptEnabled(false);
-
+
try {
newWebClient.getPage(url);
Assert.fail("Failure expected on no credentials");
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 401);
}
-
+
newWebClient.close();
}
-
+
//
// Negative tests
//
-
+
@org.junit.Test
public void testBadIssuer() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld-xyz", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -792,32 +792,32 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testNoIssuer() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, null, consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -839,35 +839,35 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testBadIssuerFormat() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
-
+
String issuerId = "urn:org:apache:cxf:fediz:fedizhelloworld";
Issuer issuer =
SamlpRequestComponentBuilder.createIssuer(issuerId);
issuer.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
-
+
String nameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent";
NameIDPolicy nameIDPolicy =
SamlpRequestComponentBuilder.createNameIDPolicy(true, nameIDFormat, issuerId);
-
+
AuthnContextClassRef authnCtxClassRef =
SamlpRequestComponentBuilder.createAuthnCtxClassRef(
"urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport"
@@ -877,22 +877,22 @@ public class IdpTest {
AuthnContextComparisonTypeEnumeration.EXACT,
Collections.singletonList(authnCtxClassRef), null
);
-
+
String protocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST";
AuthnRequest authnRequest = SamlpRequestComponentBuilder.createAuthnRequest(
- consumerURL,
- false,
+ consumerURL,
false,
- protocolBinding,
+ false,
+ protocolBinding,
SAMLVersion.VERSION_20,
- issuer,
- nameIDPolicy,
+ issuer,
+ nameIDPolicy,
authnCtx
);
-
+
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -914,31 +914,31 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testMissingDestination() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -960,32 +960,32 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
webClient.close();
}
-
+
@org.junit.Ignore
public void testMissingRelayState() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -1010,26 +1010,26 @@ public class IdpTest {
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 400);
}
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testUnsignedRequest() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -1051,38 +1051,38 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testEmptySeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
String relayState = UUID.randomUUID().toString();
-
+
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
@@ -1099,60 +1099,60 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
-
+
@org.junit.Test
public void testBase64DecodingErrorSeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
String relayState = UUID.randomUUID().toString();
-
+
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
-
+
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
-
+
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
-
+
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState;
- requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name());
-
+
signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
byte[] signBytes = signature.sign();
-
+
String encodedSignature = Base64.encode(signBytes);
-
+
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
@@ -1170,55 +1170,55 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
-
+
@org.junit.Test
public void testChangedSeparateSignature() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
String relayState = UUID.randomUUID().toString();
-
+
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
-
+
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
-
+
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
-
+
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState;
- requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name());
-
+
signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
byte[] signBytes = signature.sign();
if (signBytes[1] != (byte)1) {
@@ -1226,9 +1226,9 @@ public class IdpTest {
} else {
signBytes[1] = (byte)2;
}
-
+
String encodedSignature = Base64.encode(signBytes);
-
+
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
@@ -1245,61 +1245,61 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
-
+
@org.junit.Test
public void testSeparateSignatureWrongSignedContent() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8");
String relayState = UUID.randomUUID().toString();
-
+
// Sign request
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
-
+
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
-
+
java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA");
signature.initSign(privateKey);
-
+
String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState;
- requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ requestToSign += "&" + SSOConstants.SIG_ALG + "="
+ URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name())
+ "asf=xyz";
-
+
signature.update(requestToSign.getBytes(StandardCharsets.UTF_8));
byte[] signBytes = signature.sign();
-
+
String encodedSignature = Base64.encode(signBytes);
-
+
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
@@ -1316,32 +1316,32 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
webClient.close();
}
-
+
@org.junit.Test
public void testUnknownRACS() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/insecure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -1363,34 +1363,34 @@ public class IdpTest {
webClient.getOptions().setJavaScriptEnabled(false);
final HtmlPage idpPage = webClient.getPage(url);
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testProblemWithParsingRequest() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld-xyz", consumerURL
);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
-
+
// Don't inflate the token...
String requestMessage = DOM2Writer.nodeToString(authnRequestElement);
String authnRequestEncoded = Base64Utility.encode(requestMessage.getBytes("UTF-8"));
@@ -1418,28 +1418,28 @@ public class IdpTest {
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 400);
}
-
+
webClient.close();
}
-
+
@org.junit.Test
public void testForceAuthnWrongCredentials() throws Exception {
OpenSAMLUtil.initSamlEngine();
-
+
// Create SAML AuthnRequest
Document doc = DOMUtils.createDocument();
doc.appendChild(doc.createElement("root"));
// Create the AuthnRequest
- String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ String consumerURL = "https://localhost:" + getRpHttpsPort() + "/"
+ getServletContextName() + "/secure/fedservlet";
- AuthnRequest authnRequest =
+ AuthnRequest authnRequest =
new DefaultAuthnRequestBuilder().createAuthnRequest(
null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL
);
authnRequest.setForceAuthn(Boolean.TRUE);
authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml");
signAuthnRequest(authnRequest);
-
+
Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc);
String authnRequestEncoded = encodeAuthnRequest(authnRequestElement);
@@ -1449,14 +1449,14 @@ public class IdpTest {
String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?";
url += SSOConstants.RELAY_STATE + "=" + relayState;
url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest;
-
+
String user = "alice";
String password = "ecila";
final WebClient webClient = new WebClient();
webClient.getOptions().setUseInsecureSSL(true);
webClient.addRequestHeader("Authorization", "Basic " + Base64.encode((user + ":" + password).getBytes()));
-
+
//
// First invocation
//
@@ -1465,12 +1465,12 @@ public class IdpTest {
HtmlPage idpPage = webClient.getPage(url);
webClient.getOptions().setJavaScriptEnabled(true);
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
- org.opensaml.saml.saml2.core.Response samlResponse =
+
+ org.opensaml.saml.saml2.core.Response samlResponse =
parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID());
String expected = "urn:oasis:names:tc:SAML:2.0:status:Success";
Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue());
-
+
// Check claims
String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument());
String claim = ClaimTypes.FIRSTNAME.toString();
@@ -1479,14 +1479,14 @@ public class IdpTest {
Assert.assertTrue(parsedResponse.contains(claim));
claim = ClaimTypes.EMAILADDRESS.toString();
Assert.assertTrue(parsedResponse.contains(claim));
-
+
//
// Second invocation - change the credentials, this should fail
//
-
+
webClient.removeRequestHeader("Authorization");
webClient.addRequestHeader("Authorization", "Basic " + Base64.encode(("mallory" + ":" + password).getBytes()));
-
+
webClient.getOptions().setJavaScriptEnabled(false);
try {
webClient.getPage(url);
@@ -1494,43 +1494,43 @@ public class IdpTest {
} catch (FailingHttpStatusCodeException ex) {
Assert.assertEquals(ex.getStatusCode(), 401);
}
-
+
webClient.close();
}
-
+
private String encodeAuthnRequest(Element authnRequest) throws IOException {
String requestMessage = DOM2Writer.nodeToString(authnRequest);
-
+
DeflateEncoderDecoder encoder = new DeflateEncoderDecoder();
byte[] deflatedBytes = encoder.deflateToken(requestMessage.getBytes("UTF-8"));
return Base64Utility.encode(deflatedBytes);
}
-
+
private void signAuthnRequest(AuthnRequest authnRequest) throws Exception {
Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties");
-
+
CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
cryptoType.setAlias("realma");
X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType);
String sigAlgo = SSOConstants.RSA_SHA1;
-
+
// Get the private key
PrivateKey privateKey = crypto.getPrivateKey("realma", "realma");
-
+
// Create the signature
Signature signature = OpenSAMLUtil.buildSignature();
signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS);
signature.setSignatureAlgorithm(sigAlgo);
-
+
BasicX509Credential signingCredential = new BasicX509Credential(issuerCerts[0], privateKey);
signature.setSigningCredential(signingCredential);
X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory();
kiFactory.setEmitEntityCertificate(true);
-
+
try {
KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
signature.setKeyInfo(keyInfo);
@@ -1538,21 +1538,21 @@ public class IdpTest {
throw new Exception(
"Error generating KeyInfo from signing credential", ex);
}
-
+
SignableSAMLObject signableObject = (SignableSAMLObject) authnRequest;
signableObject.setSignature(signature);
signableObject.releaseDOM();
signableObject.releaseChildrenDOM(true);
-
+
}
-
- private org.opensaml.saml.saml2.core.Response parseSAMLResponse(HtmlPage idpPage,
- String relayState,
+
+ private org.opensaml.saml.saml2.core.Response parseSAMLResponse(HtmlPage idpPage,
+ String relayState,
String consumerURL,
String authnRequestId
) throws Exception {
Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());
-
+
// Parse the form to get the token (SAMLResponse)
DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");
@@ -1569,28 +1569,28 @@ public class IdpTest {
Assert.assertNotNull(samlResponse);
Assert.assertTrue(foundRelayState);
-
+
// Check the "action"
DomNodeList<DomElement> formResults = idpPage.getElementsByTagName("form");
Assert.assertFalse(formResults.isEmpty());
-
+
DomElement formResult = formResults.get(0);
String action = formResult.getAttributeNS(null, "action");
Assert.assertTrue(action.equals(consumerURL));
-
+
// Decode + verify response
byte[] deflatedToken = Base64Utility.decode(samlResponse);
InputStream inputStream = new ByteArrayInputStream(deflatedToken);
-
+
Document responseDoc = StaxUtils.read(new InputStreamReader(inputStream, "UTF-8"));
-
+
XMLObject responseObject = OpenSAMLUtil.fromDom(responseDoc.getDocumentElement());
Assert.assertTrue(responseObject instanceof org.opensaml.saml.saml2.core.Response);
-
- org.opensaml.saml.saml2.core.Response samlResponseObject =
+
+ org.opensaml.saml.saml2.core.Response samlResponseObject =
(org.opensaml.saml.saml2.core.Response)responseObject;
Assert.assertTrue(authnRequestId.equals(samlResponseObject.getInResponseTo()));
-
+
return samlResponseObject;
}
}