Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 570DB200C1A for ; Mon, 13 Feb 2017 12:36:23 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 559BD160B79; Mon, 13 Feb 2017 11:36:23 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id 61B8A160B72 for ; Mon, 13 Feb 2017 12:36:21 +0100 (CET) Received: (qmail 87470 invoked by uid 500); 13 Feb 2017 11:36:19 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 86688 invoked by uid 99); 13 Feb 2017 11:36:18 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Feb 2017 11:36:18 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id D4496E053E; Mon, 13 Feb 2017 11:36:17 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Mon, 13 Feb 2017 11:36:29 -0000 Message-Id: <9938d295185f4d85b93f68a982d1d390@git.apache.org> In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [13/18] cxf-fediz git commit: Whitespace cleanup archived-at: Mon, 13 Feb 2017 11:36:23 -0000 http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java index d09e7df..33b5f47 100644 --- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java +++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java @@ -57,29 +57,29 @@ public class SAMLRequestTest { static final String TEST_REQUEST_URI = "/fedizhelloworld"; static final String TEST_IDP_ISSUER = "http://url_to_the_issuer"; static final String TEST_CLIENT_ADDRESS = "https://127.0.0.1"; - + private static final String CONFIG_FILE = "fediz_test_config_saml.xml"; - + private static FedizConfigurator configurator; private static DocumentBuilderFactory docBuilderFactory; - + static { docBuilderFactory = DocumentBuilderFactory.newInstance(); docBuilderFactory.setNamespaceAware(true); } - - + + @BeforeClass public static void init() { getFederationConfigurator(); Assert.assertNotNull(configurator); } - + @AfterClass public static void cleanup() { SecurityTestUtil.cleanup(); } - + private static FedizConfigurator getFederationConfigurator() { if (configurator != null) { @@ -97,78 +97,78 @@ public class SAMLRequestTest { return null; } } - + @org.junit.Test public void createSAMLAuthnRequest() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2); EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI); EasyMock.expect(req.getRequestURI()).andReturn(TEST_REQUEST_URI).times(1, 2); EasyMock.replay(req); - + FedizProcessor wfProc = new SAMLProcessorImpl(); RedirectionResponse response = wfProc.createSignInRequest(req, config); - + String redirectionURL = response.getRedirectionURL(); Assert.assertTrue(redirectionURL.startsWith(TEST_IDP_ISSUER)); Assert.assertTrue(redirectionURL.contains("SAMLRequest=")); Assert.assertTrue(redirectionURL.contains("RelayState=")); - + Map headers = response.getHeaders(); Assert.assertNotNull(headers); Assert.assertFalse(headers.isEmpty()); Assert.assertTrue("no-cache, no-store".equals(headers.get("Cache-Control"))); Assert.assertTrue("no-cache".equals(headers.get("Pragma"))); } - + @org.junit.Test public void testAuthnRelayState() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2); EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI); EasyMock.expect(req.getRequestURI()).andReturn(TEST_REQUEST_URI).times(1, 2); EasyMock.replay(req); - + FedizProcessor wfProc = new SAMLProcessorImpl(); RedirectionResponse response = wfProc.createSignInRequest(req, config); - + String redirectionURL = response.getRedirectionURL(); - String relayState = + String relayState = redirectionURL.substring(redirectionURL.indexOf("RelayState=") + "RelayState=".length()); Assert.assertNotNull(relayState); - + RequestState requestState = response.getRequestState(); - + Assert.assertEquals(TEST_IDP_ISSUER, requestState.getIdpServiceAddress()); Assert.assertEquals(TEST_REQUEST_URL, requestState.getIssuerId()); Assert.assertEquals(TEST_REQUEST_URL, requestState.getTargetAddress()); } - + @org.junit.Test public void testSAMLAuthnRequest() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2); EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI); EasyMock.expect(req.getRequestURI()).andReturn(TEST_REQUEST_URI).times(1, 2); EasyMock.replay(req); - + FedizProcessor wfProc = new SAMLProcessorImpl(); RedirectionResponse response = wfProc.createSignInRequest(req, config); - + String redirectionURL = response.getRedirectionURL(); - String samlRequest = + String samlRequest = redirectionURL.substring(redirectionURL.indexOf("SAMLRequest=") + "SAMLRequest=".length(), redirectionURL.indexOf("RelayState=") - 1); - + byte[] deflatedToken = Base64.decode(URLDecoder.decode(samlRequest, "UTF-8")); InputStream tokenStream = CompressionUtils.inflate(deflatedToken); @@ -179,46 +179,46 @@ public class SAMLRequestTest { Assert.assertEquals(TEST_REQUEST_URL, request.getIssuer().getValue()); Assert.assertEquals(TEST_REQUEST_URL, request.getAssertionConsumerServiceURL()); } - + @org.junit.Test public void testSignedSAMLAuthnRequest() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("SIGNED_ROOT"); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2); EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI); EasyMock.expect(req.getRequestURI()).andReturn(TEST_REQUEST_URI).times(1, 2); EasyMock.replay(req); - + FedizProcessor wfProc = new SAMLProcessorImpl(); RedirectionResponse response = wfProc.createSignInRequest(req, config); - + String redirectionURL = response.getRedirectionURL(); - String signature = + String signature = redirectionURL.substring(redirectionURL.indexOf("Signature=") + "Signature=".length()); Assert.assertTrue(signature != null && signature.length() > 0); } - + @org.junit.Test public void createSAMLLogoutRequest() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2); EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI); EasyMock.expect(req.getRequestURI()).andReturn(TEST_REQUEST_URI).times(1, 2); EasyMock.replay(req); - + FedizProcessor wfProc = new SAMLProcessorImpl(); RedirectionResponse response = wfProc.createSignOutRequest(req, null, config); - + String redirectionURL = response.getRedirectionURL(); - String samlRequest = + String samlRequest = redirectionURL.substring(redirectionURL.indexOf("SAMLRequest=") + "SAMLRequest=".length(), redirectionURL.indexOf("RelayState=") - 1); - + byte[] deflatedToken = Base64.decode(URLDecoder.decode(samlRequest, "UTF-8")); InputStream tokenStream = CompressionUtils.inflate(deflatedToken); @@ -228,23 +228,23 @@ public class SAMLRequestTest { Assert.assertEquals(TEST_REQUEST_URL, request.getIssuer().getValue()); } - + @org.junit.Test public void testSignedSAMLLogoutRequest() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("SIGNED_ROOT"); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2); EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI); EasyMock.expect(req.getRequestURI()).andReturn(TEST_REQUEST_URI).times(1, 2); EasyMock.replay(req); - + FedizProcessor wfProc = new SAMLProcessorImpl(); RedirectionResponse response = wfProc.createSignOutRequest(req, null, config); - + String redirectionURL = response.getRedirectionURL(); - String signature = + String signature = redirectionURL.substring(redirectionURL.indexOf("Signature=") + "Signature=".length()); Assert.assertTrue(signature != null && signature.length() > 0); } http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java ---------------------------------------------------------------------- diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java index 3df4cc8..5e93cc7 100644 --- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java +++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseConformanceTest.java @@ -84,20 +84,20 @@ public class SAMLResponseConformanceTest { static final String TEST_REQUEST_URI = "/fedizhelloworld"; static final String TEST_IDP_ISSUER = "http://url_to_the_issuer"; static final String TEST_CLIENT_ADDRESS = "https://127.0.0.1"; - + private static final String CONFIG_FILE = "fediz_test_config_saml.xml"; - + private static Crypto crypto; private static CallbackHandler cbPasswordHandler; private static FedizConfigurator configurator; private static DocumentBuilderFactory docBuilderFactory; - + static { docBuilderFactory = DocumentBuilderFactory.newInstance(); docBuilderFactory.setNamespaceAware(true); } - - + + @BeforeClass public static void init() { try { @@ -110,12 +110,12 @@ public class SAMLResponseConformanceTest { Assert.assertNotNull(configurator); } - + @AfterClass public static void cleanup() { SecurityTestUtil.cleanup(); } - + private static FedizConfigurator getFederationConfigurator() { if (configurator != null) { @@ -133,14 +133,14 @@ public class SAMLResponseConformanceTest { return null; } } - + @org.junit.Test public void testWrongIssuerFormat() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); - + String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); RequestState requestState = new RequestState(TEST_REQUEST_URL, TEST_IDP_ISSUER, @@ -150,7 +150,7 @@ public class SAMLResponseConformanceTest { null, relayState, System.currentTimeMillis()); - + // Create SAML Response SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setAlsoAddAuthnStatement(true); @@ -158,13 +158,13 @@ public class SAMLResponseConformanceTest { callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); callbackHandler.setIssuer(TEST_IDP_ISSUER); callbackHandler.setSubjectName(TEST_USER); - + ConditionsBean cp = new ConditionsBean(); AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean(); audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL); cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction)); callbackHandler.setConditions(cp); - + // Subject Confirmation Data SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean(); subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS); @@ -172,31 +172,31 @@ public class SAMLResponseConformanceTest { subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5)); subjectConfirmationData.setRecipient(TEST_REQUEST_URL); callbackHandler.setSubjectConfirmationData(subjectConfirmationData); - + SAMLCallback samlCallback = new SAMLCallback(); SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback); - + // The Issuer NameFormat must be "entity" if it is used at all String issuerNameFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:kerberos"; Issuer issuer = - SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString(), + SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString(), issuerNameFormat); - + Element response = createSamlResponse(assertion, "mystskey", true, requestId, issuer); String responseStr = encodeResponse(response); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS); EasyMock.replay(req); - + FedizRequest wfReq = new FedizRequest(); wfReq.setResponseToken(responseStr); wfReq.setState(relayState); wfReq.setRequest(req); wfReq.setRequestState(requestState); - + FedizProcessor wfProc = new SAMLProcessorImpl(); try { wfProc.processRequest(wfReq, config); @@ -207,14 +207,14 @@ public class SAMLResponseConformanceTest { } } } - + @org.junit.Test public void testRightIssuerFormat() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); - + String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); RequestState requestState = new RequestState(TEST_REQUEST_URL, TEST_IDP_ISSUER, @@ -224,7 +224,7 @@ public class SAMLResponseConformanceTest { null, relayState, System.currentTimeMillis()); - + // Create SAML Response SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setAlsoAddAuthnStatement(true); @@ -232,13 +232,13 @@ public class SAMLResponseConformanceTest { callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); callbackHandler.setIssuer(TEST_IDP_ISSUER); callbackHandler.setSubjectName(TEST_USER); - + ConditionsBean cp = new ConditionsBean(); AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean(); audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL); cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction)); callbackHandler.setConditions(cp); - + // Subject Confirmation Data SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean(); subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS); @@ -246,34 +246,34 @@ public class SAMLResponseConformanceTest { subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5)); subjectConfirmationData.setRecipient(TEST_REQUEST_URL); callbackHandler.setSubjectConfirmationData(subjectConfirmationData); - + SAMLCallback samlCallback = new SAMLCallback(); SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback); - + // The Issuer NameFormat must be "entity" if it is used at all String issuerNameFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:entity"; Issuer issuer = - SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString(), + SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString(), issuerNameFormat); - + Element response = createSamlResponse(assertion, "mystskey", true, requestId, issuer); String responseStr = encodeResponse(response); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS); EasyMock.replay(req); - + FedizRequest wfReq = new FedizRequest(); wfReq.setResponseToken(responseStr); wfReq.setState(relayState); wfReq.setRequest(req); wfReq.setRequestState(requestState); - + FedizProcessor wfProc = new SAMLProcessorImpl(); FedizResponse wfRes = wfProc.processRequest(wfReq, config); - + Assert.assertEquals("Principal name wrong", TEST_USER, wfRes.getUsername()); Assert.assertEquals("Issuer wrong", TEST_IDP_ISSUER, wfRes.getIssuer()); @@ -281,14 +281,14 @@ public class SAMLResponseConformanceTest { .size()); Assert.assertEquals("Audience wrong", TEST_REQUEST_URL, wfRes.getAudience()); } - + @org.junit.Test public void testNoAuthnStatement() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); - + String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); RequestState requestState = new RequestState(TEST_REQUEST_URL, TEST_IDP_ISSUER, @@ -298,20 +298,20 @@ public class SAMLResponseConformanceTest { null, relayState, System.currentTimeMillis()); - + // Create SAML Response SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR); callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); callbackHandler.setIssuer(TEST_IDP_ISSUER); callbackHandler.setSubjectName(TEST_USER); - + ConditionsBean cp = new ConditionsBean(); AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean(); audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL); cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction)); callbackHandler.setConditions(cp); - + // Subject Confirmation Data SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean(); subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS); @@ -319,24 +319,24 @@ public class SAMLResponseConformanceTest { subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5)); subjectConfirmationData.setRecipient(TEST_REQUEST_URL); callbackHandler.setSubjectConfirmationData(subjectConfirmationData); - + SAMLCallback samlCallback = new SAMLCallback(); SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback); Element response = createSamlResponse(assertion, "mystskey", true, requestId, null); String responseStr = encodeResponse(response); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS); EasyMock.replay(req); - + FedizRequest wfReq = new FedizRequest(); wfReq.setResponseToken(responseStr); wfReq.setState(relayState); wfReq.setRequest(req); wfReq.setRequestState(requestState); - + FedizProcessor wfProc = new SAMLProcessorImpl(); try { wfProc.processRequest(wfReq, config); @@ -347,14 +347,14 @@ public class SAMLResponseConformanceTest { } } } - + @org.junit.Test public void testAudienceRestriction() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); - + String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); RequestState requestState = new RequestState(TEST_REQUEST_URL, TEST_IDP_ISSUER, @@ -364,7 +364,7 @@ public class SAMLResponseConformanceTest { null, relayState, System.currentTimeMillis()); - + // Create SAML Response SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setAlsoAddAuthnStatement(true); @@ -372,10 +372,10 @@ public class SAMLResponseConformanceTest { callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); callbackHandler.setIssuer(TEST_IDP_ISSUER); callbackHandler.setSubjectName(TEST_USER); - + ConditionsBean cp = new ConditionsBean(); callbackHandler.setConditions(cp); - + // Subject Confirmation Data SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean(); subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS); @@ -383,24 +383,24 @@ public class SAMLResponseConformanceTest { subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5)); subjectConfirmationData.setRecipient(TEST_REQUEST_URL); callbackHandler.setSubjectConfirmationData(subjectConfirmationData); - + SAMLCallback samlCallback = new SAMLCallback(); SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback); Element response = createSamlResponse(assertion, "mystskey", true, requestId, null); String responseStr = encodeResponse(response); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS); EasyMock.replay(req); - + FedizRequest wfReq = new FedizRequest(); wfReq.setResponseToken(responseStr); wfReq.setState(relayState); wfReq.setRequest(req); wfReq.setRequestState(requestState); - + FedizProcessor wfProc = new SAMLProcessorImpl(); try { wfProc.processRequest(wfReq, config); @@ -411,14 +411,14 @@ public class SAMLResponseConformanceTest { } } } - + @org.junit.Test public void testNonMatchingAudienceRestriction() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); - + String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); RequestState requestState = new RequestState(TEST_REQUEST_URL, TEST_IDP_ISSUER, @@ -428,7 +428,7 @@ public class SAMLResponseConformanceTest { null, relayState, System.currentTimeMillis()); - + // Create SAML Response SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setAlsoAddAuthnStatement(true); @@ -436,13 +436,13 @@ public class SAMLResponseConformanceTest { callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); callbackHandler.setIssuer(TEST_IDP_ISSUER); callbackHandler.setSubjectName(TEST_USER); - + ConditionsBean cp = new ConditionsBean(); AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean(); audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL + "asf"); cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction)); callbackHandler.setConditions(cp); - + // Subject Confirmation Data SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean(); subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS); @@ -450,24 +450,24 @@ public class SAMLResponseConformanceTest { subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5)); subjectConfirmationData.setRecipient(TEST_REQUEST_URL); callbackHandler.setSubjectConfirmationData(subjectConfirmationData); - + SAMLCallback samlCallback = new SAMLCallback(); SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback); Element response = createSamlResponse(assertion, "mystskey", true, requestId, null); String responseStr = encodeResponse(response); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS); EasyMock.replay(req); - + FedizRequest wfReq = new FedizRequest(); wfReq.setResponseToken(responseStr); wfReq.setState(relayState); wfReq.setRequest(req); wfReq.setRequestState(requestState); - + FedizProcessor wfProc = new SAMLProcessorImpl(); try { wfProc.processRequest(wfReq, config); @@ -478,14 +478,14 @@ public class SAMLResponseConformanceTest { } } } - + @org.junit.Test public void testNoBearerSubjectConfirmation() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); - + String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); RequestState requestState = new RequestState(TEST_REQUEST_URL, TEST_IDP_ISSUER, @@ -495,7 +495,7 @@ public class SAMLResponseConformanceTest { null, relayState, System.currentTimeMillis()); - + // Create SAML Response SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setAlsoAddAuthnStatement(true); @@ -503,13 +503,13 @@ public class SAMLResponseConformanceTest { callbackHandler.setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES); callbackHandler.setIssuer(TEST_IDP_ISSUER); callbackHandler.setSubjectName(TEST_USER); - + ConditionsBean cp = new ConditionsBean(); AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean(); audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL); cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction)); callbackHandler.setConditions(cp); - + // Subject Confirmation Data SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean(); subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS); @@ -517,24 +517,24 @@ public class SAMLResponseConformanceTest { subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5)); subjectConfirmationData.setRecipient(TEST_REQUEST_URL); callbackHandler.setSubjectConfirmationData(subjectConfirmationData); - + SAMLCallback samlCallback = new SAMLCallback(); SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback); Element response = createSamlResponse(assertion, "mystskey", true, requestId, null); String responseStr = encodeResponse(response); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS); EasyMock.replay(req); - + FedizRequest wfReq = new FedizRequest(); wfReq.setResponseToken(responseStr); wfReq.setState(relayState); wfReq.setRequest(req); wfReq.setRequestState(requestState); - + FedizProcessor wfProc = new SAMLProcessorImpl(); try { wfProc.processRequest(wfReq, config); @@ -545,14 +545,14 @@ public class SAMLResponseConformanceTest { } } } - + @org.junit.Test public void testNonMatchingRecipient() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); - + String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); RequestState requestState = new RequestState(TEST_REQUEST_URL, TEST_IDP_ISSUER, @@ -562,7 +562,7 @@ public class SAMLResponseConformanceTest { null, relayState, System.currentTimeMillis()); - + // Create SAML Response SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setAlsoAddAuthnStatement(true); @@ -570,13 +570,13 @@ public class SAMLResponseConformanceTest { callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); callbackHandler.setIssuer(TEST_IDP_ISSUER); callbackHandler.setSubjectName(TEST_USER); - + ConditionsBean cp = new ConditionsBean(); AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean(); audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL); cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction)); callbackHandler.setConditions(cp); - + // Subject Confirmation Data SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean(); subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS); @@ -584,24 +584,24 @@ public class SAMLResponseConformanceTest { subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5)); subjectConfirmationData.setRecipient(TEST_REQUEST_URL + "asf"); callbackHandler.setSubjectConfirmationData(subjectConfirmationData); - + SAMLCallback samlCallback = new SAMLCallback(); SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback); Element response = createSamlResponse(assertion, "mystskey", true, requestId, null); String responseStr = encodeResponse(response); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS); EasyMock.replay(req); - + FedizRequest wfReq = new FedizRequest(); wfReq.setResponseToken(responseStr); wfReq.setState(relayState); wfReq.setRequest(req); wfReq.setRequestState(requestState); - + FedizProcessor wfProc = new SAMLProcessorImpl(); try { wfProc.processRequest(wfReq, config); @@ -612,14 +612,14 @@ public class SAMLResponseConformanceTest { } } } - + @org.junit.Test public void testNonMatchingInResponseTo() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); - + String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); RequestState requestState = new RequestState(TEST_REQUEST_URL, TEST_IDP_ISSUER, @@ -629,7 +629,7 @@ public class SAMLResponseConformanceTest { null, relayState, System.currentTimeMillis()); - + // Create SAML Response SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setAlsoAddAuthnStatement(true); @@ -637,13 +637,13 @@ public class SAMLResponseConformanceTest { callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); callbackHandler.setIssuer(TEST_IDP_ISSUER); callbackHandler.setSubjectName(TEST_USER); - + ConditionsBean cp = new ConditionsBean(); AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean(); audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL); cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction)); callbackHandler.setConditions(cp); - + // Subject Confirmation Data SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean(); subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS); @@ -651,24 +651,24 @@ public class SAMLResponseConformanceTest { subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5)); subjectConfirmationData.setRecipient(TEST_REQUEST_URL); callbackHandler.setSubjectConfirmationData(subjectConfirmationData); - + SAMLCallback samlCallback = new SAMLCallback(); SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback); Element response = createSamlResponse(assertion, "mystskey", true, requestId, null); String responseStr = encodeResponse(response); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS); EasyMock.replay(req); - + FedizRequest wfReq = new FedizRequest(); wfReq.setResponseToken(responseStr); wfReq.setState(relayState); wfReq.setRequest(req); wfReq.setRequestState(requestState); - + FedizProcessor wfProc = new SAMLProcessorImpl(); try { wfProc.processRequest(wfReq, config); @@ -679,14 +679,14 @@ public class SAMLResponseConformanceTest { } } } - + @org.junit.Test public void testNonMatchingAddress() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); - + String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); RequestState requestState = new RequestState(TEST_REQUEST_URL, TEST_IDP_ISSUER, @@ -696,7 +696,7 @@ public class SAMLResponseConformanceTest { null, relayState, System.currentTimeMillis()); - + // Create SAML Response SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setAlsoAddAuthnStatement(true); @@ -704,13 +704,13 @@ public class SAMLResponseConformanceTest { callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); callbackHandler.setIssuer(TEST_IDP_ISSUER); callbackHandler.setSubjectName(TEST_USER); - + ConditionsBean cp = new ConditionsBean(); AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean(); audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL); cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction)); callbackHandler.setConditions(cp); - + // Subject Confirmation Data SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean(); subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS + "xyz"); @@ -718,24 +718,24 @@ public class SAMLResponseConformanceTest { subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5)); subjectConfirmationData.setRecipient(TEST_REQUEST_URL); callbackHandler.setSubjectConfirmationData(subjectConfirmationData); - + SAMLCallback samlCallback = new SAMLCallback(); SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback); Element response = createSamlResponse(assertion, "mystskey", true, requestId, null); String responseStr = encodeResponse(response); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS); EasyMock.replay(req); - + FedizRequest wfReq = new FedizRequest(); wfReq.setResponseToken(responseStr); wfReq.setState(relayState); wfReq.setRequest(req); wfReq.setRequestState(requestState); - + FedizProcessor wfProc = new SAMLProcessorImpl(); try { wfProc.processRequest(wfReq, config); @@ -746,14 +746,14 @@ public class SAMLResponseConformanceTest { } } } - + @org.junit.Test public void testNotBefore() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); - + String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); RequestState requestState = new RequestState(TEST_REQUEST_URL, TEST_IDP_ISSUER, @@ -763,7 +763,7 @@ public class SAMLResponseConformanceTest { null, relayState, System.currentTimeMillis()); - + // Create SAML Response SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setAlsoAddAuthnStatement(true); @@ -771,13 +771,13 @@ public class SAMLResponseConformanceTest { callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); callbackHandler.setIssuer(TEST_IDP_ISSUER); callbackHandler.setSubjectName(TEST_USER); - + ConditionsBean cp = new ConditionsBean(); AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean(); audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL); cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction)); callbackHandler.setConditions(cp); - + // Subject Confirmation Data SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean(); subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS); @@ -786,24 +786,24 @@ public class SAMLResponseConformanceTest { subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5)); subjectConfirmationData.setRecipient(TEST_REQUEST_URL); callbackHandler.setSubjectConfirmationData(subjectConfirmationData); - + SAMLCallback samlCallback = new SAMLCallback(); SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback); Element response = createSamlResponse(assertion, "mystskey", true, requestId, null); String responseStr = encodeResponse(response); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS); EasyMock.replay(req); - + FedizRequest wfReq = new FedizRequest(); wfReq.setResponseToken(responseStr); wfReq.setState(relayState); wfReq.setRequest(req); wfReq.setRequestState(requestState); - + FedizProcessor wfProc = new SAMLProcessorImpl(); try { wfProc.processRequest(wfReq, config); @@ -814,14 +814,14 @@ public class SAMLResponseConformanceTest { } } } - + @org.junit.Test public void testNotOnOfAfter() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); - + String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); RequestState requestState = new RequestState(TEST_REQUEST_URL, TEST_IDP_ISSUER, @@ -831,7 +831,7 @@ public class SAMLResponseConformanceTest { null, relayState, System.currentTimeMillis()); - + // Create SAML Response SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setAlsoAddAuthnStatement(true); @@ -839,37 +839,37 @@ public class SAMLResponseConformanceTest { callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); callbackHandler.setIssuer(TEST_IDP_ISSUER); callbackHandler.setSubjectName(TEST_USER); - + ConditionsBean cp = new ConditionsBean(); AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean(); audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL); cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction)); callbackHandler.setConditions(cp); - + // Subject Confirmation Data SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean(); subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS); subjectConfirmationData.setInResponseTo(requestId); subjectConfirmationData.setRecipient(TEST_REQUEST_URL); callbackHandler.setSubjectConfirmationData(subjectConfirmationData); - + SAMLCallback samlCallback = new SAMLCallback(); SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback); Element response = createSamlResponse(assertion, "mystskey", true, requestId, null); String responseStr = encodeResponse(response); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS); EasyMock.replay(req); - + FedizRequest wfReq = new FedizRequest(); wfReq.setResponseToken(responseStr); wfReq.setState(relayState); wfReq.setRequest(req); wfReq.setRequestState(requestState); - + FedizProcessor wfProc = new SAMLProcessorImpl(); try { wfProc.processRequest(wfReq, config); @@ -880,14 +880,14 @@ public class SAMLResponseConformanceTest { } } } - + @org.junit.Test public void testFailingStatusWithValidAssertion() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); - + String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); RequestState requestState = new RequestState(TEST_REQUEST_URL, TEST_IDP_ISSUER, @@ -897,7 +897,7 @@ public class SAMLResponseConformanceTest { null, relayState, System.currentTimeMillis()); - + // Create SAML Response SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setAlsoAddAuthnStatement(true); @@ -905,13 +905,13 @@ public class SAMLResponseConformanceTest { callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); callbackHandler.setIssuer(TEST_IDP_ISSUER); callbackHandler.setSubjectName(TEST_USER); - + ConditionsBean cp = new ConditionsBean(); AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean(); audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL); cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction)); callbackHandler.setConditions(cp); - + // Subject Confirmation Data SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean(); subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS); @@ -919,11 +919,11 @@ public class SAMLResponseConformanceTest { subjectConfirmationData.setRecipient(TEST_REQUEST_URL); subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5)); callbackHandler.setSubjectConfirmationData(subjectConfirmationData); - + SAMLCallback samlCallback = new SAMLCallback(); SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback); - + WSPasswordCallback[] cb = { new WSPasswordCallback("mystskey", WSPasswordCallback.SIGNATURE) }; @@ -939,12 +939,12 @@ public class SAMLResponseConformanceTest { "urn:oasis:names:tc:SAML:2.0:status:Failure", null ); - Issuer responseIssuer = + Issuer responseIssuer = SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString()); Response response = - SAML2PResponseComponentBuilder.createSAMLResponse(requestId, - responseIssuer, + SAML2PResponseComponentBuilder.createSAMLResponse(requestId, + responseIssuer, status); response.getAssertions().add(assertion.getSaml2()); @@ -953,18 +953,18 @@ public class SAMLResponseConformanceTest { doc.appendChild(policyElement); String responseStr = encodeResponse(policyElement); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS); EasyMock.replay(req); - + FedizRequest wfReq = new FedizRequest(); wfReq.setResponseToken(responseStr); wfReq.setState(relayState); wfReq.setRequest(req); wfReq.setRequestState(requestState); - + FedizProcessor wfProc = new SAMLProcessorImpl(); try { wfProc.processRequest(wfReq, config); @@ -975,14 +975,14 @@ public class SAMLResponseConformanceTest { } } } - + @org.junit.Test public void testIssuerEnforcementFailure() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); - + String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); RequestState requestState = new RequestState(TEST_REQUEST_URL, TEST_IDP_ISSUER, @@ -992,7 +992,7 @@ public class SAMLResponseConformanceTest { null, relayState, System.currentTimeMillis()); - + // Create SAML Response SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setAlsoAddAuthnStatement(true); @@ -1000,13 +1000,13 @@ public class SAMLResponseConformanceTest { callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); callbackHandler.setIssuer(TEST_IDP_ISSUER + "/other-issuer"); callbackHandler.setSubjectName(TEST_USER); - + ConditionsBean cp = new ConditionsBean(); AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean(); audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL); cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction)); callbackHandler.setConditions(cp); - + // Subject Confirmation Data SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean(); subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS); @@ -1014,28 +1014,28 @@ public class SAMLResponseConformanceTest { subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5)); subjectConfirmationData.setRecipient(TEST_REQUEST_URL); callbackHandler.setSubjectConfirmationData(subjectConfirmationData); - + SAMLCallback samlCallback = new SAMLCallback(); SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback); - + Issuer issuer = SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString()); - + Element response = createSamlResponse(assertion, "mystskey", true, requestId, issuer); String responseStr = encodeResponse(response); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS); EasyMock.replay(req); - + FedizRequest wfReq = new FedizRequest(); wfReq.setResponseToken(responseStr); wfReq.setState(relayState); wfReq.setRequest(req); wfReq.setRequestState(requestState); - + // Failure expected on an unknown issuer value FedizProcessor wfProc = new SAMLProcessorImpl(); try { @@ -1047,14 +1047,14 @@ public class SAMLResponseConformanceTest { } } } - + @org.junit.Test public void testIssuerEnforcementDisable() throws Exception { // Mock up a Request FedizContext config = getFederationConfigurator().getFedizContext("ROOT"); - + String requestId = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); - + String relayState = URLEncoder.encode(UUID.randomUUID().toString(), "UTF-8"); RequestState requestState = new RequestState(TEST_REQUEST_URL, TEST_IDP_ISSUER, @@ -1064,7 +1064,7 @@ public class SAMLResponseConformanceTest { null, relayState, System.currentTimeMillis()); - + // Create SAML Response SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); callbackHandler.setAlsoAddAuthnStatement(true); @@ -1072,13 +1072,13 @@ public class SAMLResponseConformanceTest { callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER); callbackHandler.setIssuer(TEST_IDP_ISSUER + "/other-issuer"); callbackHandler.setSubjectName(TEST_USER); - + ConditionsBean cp = new ConditionsBean(); AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean(); audienceRestriction.getAudienceURIs().add(TEST_REQUEST_URL); cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction)); callbackHandler.setConditions(cp); - + // Subject Confirmation Data SubjectConfirmationDataBean subjectConfirmationData = new SubjectConfirmationDataBean(); subjectConfirmationData.setAddress(TEST_CLIENT_ADDRESS); @@ -1086,38 +1086,38 @@ public class SAMLResponseConformanceTest { subjectConfirmationData.setNotAfter(new DateTime().plusMinutes(5)); subjectConfirmationData.setRecipient(TEST_REQUEST_URL); callbackHandler.setSubjectConfirmationData(subjectConfirmationData); - + SAMLCallback samlCallback = new SAMLCallback(); SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback); - + Issuer issuer = SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString()); - + Element response = createSamlResponse(assertion, "mystskey", true, requestId, issuer); String responseStr = encodeResponse(response); - + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)); EasyMock.expect(req.getRemoteAddr()).andReturn(TEST_CLIENT_ADDRESS); EasyMock.replay(req); - + FedizRequest wfReq = new FedizRequest(); wfReq.setResponseToken(responseStr); wfReq.setState(relayState); wfReq.setRequest(req); wfReq.setRequestState(requestState); - + // Disable the issuer enforcement check FedizProcessor wfProc = new SAMLProcessorImpl(); ((SAMLProtocol)config.getProtocol()).setDoNotEnforceKnownIssuer(true); Assert.assertTrue(((SAMLProtocol)config.getProtocol()).isDoNotEnforceKnownIssuer()); FedizResponse wfRes = wfProc.processRequest(wfReq, config); Assert.assertEquals("Principal name wrong", TEST_USER, wfRes.getUsername()); - + } - - private Element createSamlResponse(SamlAssertionWrapper assertion, String alias, + + private Element createSamlResponse(SamlAssertionWrapper assertion, String alias, boolean sign, String requestID, Issuer issuer) throws IOException, UnsupportedCallbackException, WSSecurityException, Exception { WSPasswordCallback[] cb = { @@ -1129,7 +1129,7 @@ public class SAMLResponseConformanceTest { if (sign) { assertion.signAssertion(alias, password, crypto, false); } - + DocumentBuilder docBuilder = docBuilderFactory.newDocumentBuilder(); Document doc = docBuilder.newDocument(); @@ -1137,31 +1137,31 @@ public class SAMLResponseConformanceTest { SAML2PResponseComponentBuilder.createStatus( "urn:oasis:names:tc:SAML:2.0:status:Success", null ); - + Issuer responseIssuer = issuer; if (responseIssuer == null) { responseIssuer = SAML2PResponseComponentBuilder.createIssuer(assertion.getIssuerString()); } Response response = - SAML2PResponseComponentBuilder.createSAMLResponse(requestID, - responseIssuer, + SAML2PResponseComponentBuilder.createSAMLResponse(requestID, + responseIssuer, status); response.getAssertions().add(assertion.getSaml2()); Element policyElement = OpenSAMLUtil.toDom(response, doc); doc.appendChild(policyElement); - + return policyElement; } - + /** * Returns the first element that matches name and * namespace.

This is a replacement for a XPath lookup * //name with the given namespace. It's somewhat faster than * XPath, and we do not deal with prefixes, just with the real namespace URI - * + * * @param startNode Where to start the search * @param name Local name of the element * @param namespace Namespace URI of the element