Return-Path: X-Original-To: archive-asf-public-internal@cust-asf2.ponee.io Delivered-To: archive-asf-public-internal@cust-asf2.ponee.io Received: from cust-asf.ponee.io (cust-asf.ponee.io [163.172.22.183]) by cust-asf2.ponee.io (Postfix) with ESMTP id 21757200C1A for ; Mon, 13 Feb 2017 12:36:21 +0100 (CET) Received: by cust-asf.ponee.io (Postfix) id 1FFEE160B4D; Mon, 13 Feb 2017 11:36:21 +0000 (UTC) Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by cust-asf.ponee.io (Postfix) with SMTP id D245E160B6C for ; Mon, 13 Feb 2017 12:36:18 +0100 (CET) Received: (qmail 86530 invoked by uid 500); 13 Feb 2017 11:36:18 -0000 Mailing-List: contact commits-help@cxf.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@cxf.apache.org Delivered-To: mailing list commits@cxf.apache.org Received: (qmail 86389 invoked by uid 99); 13 Feb 2017 11:36:17 -0000 Received: from git1-us-west.apache.org (HELO git1-us-west.apache.org) (140.211.11.23) by apache.org (qpsmtpd/0.29) with ESMTP; Mon, 13 Feb 2017 11:36:17 +0000 Received: by git1-us-west.apache.org (ASF Mail Server at git1-us-west.apache.org, from userid 33) id A87D5DFE93; Mon, 13 Feb 2017 11:36:17 +0000 (UTC) Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit From: coheigea@apache.org To: commits@cxf.apache.org Date: Mon, 13 Feb 2017 11:36:19 -0000 Message-Id: In-Reply-To: References: X-Mailer: ASF-Git Admin Mailer Subject: [03/18] cxf-fediz git commit: Whitespace cleanup archived-at: Mon, 13 Feb 2017 11:36:21 -0000 http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java ---------------------------------------------------------------------- diff --git a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java index c805467..556e966 100644 --- a/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java +++ b/systests/oidc/src/test/java/org/apache/cxf/fediz/systests/oidc/OIDCTest.java @@ -82,13 +82,13 @@ public class OIDCTest { static String idpHttpsPort; static String rpHttpsPort; - + private static Tomcat idpServer; private static Tomcat rpServer; - + private static String storedClientId; private static String storedClient2Id; - + @BeforeClass public static void init() throws Exception { System.setProperty("org.apache.commons.logging.Log", "org.apache.commons.logging.impl.SimpleLog"); @@ -98,8 +98,8 @@ public class OIDCTest { System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.webflow", "info"); System.setProperty("org.apache.commons.logging.simplelog.log.org.springframework.security.web", "info"); System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf.fediz", "info"); - System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info"); - + System.setProperty("org.apache.commons.logging.simplelog.log.org.apache.cxf", "info"); + idpHttpsPort = System.getProperty("idp.https.port"); Assert.assertNotNull("Property 'idp.https.port' null", idpHttpsPort); rpHttpsPort = System.getProperty("rp.https.port"); @@ -107,11 +107,11 @@ public class OIDCTest { idpServer = startServer(true, idpHttpsPort); rpServer = startServer(false, rpHttpsPort); - + loginToClientsPage(rpHttpsPort, idpHttpsPort); } - - private static Tomcat startServer(boolean idp, String port) + + private static Tomcat startServer(boolean idp, String port) throws ServletException, LifecycleException, IOException { Tomcat server = new Tomcat(); server.setPort(0); @@ -146,13 +146,13 @@ public class OIDCTest { if (idp) { File stsWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp-sts"); server.addWebapp("/fediz-idp-sts", stsWebapp.getAbsolutePath()); - + File idpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-idp"); server.addWebapp("/fediz-idp", idpWebapp.getAbsolutePath()); } else { File rpWebapp = new File(baseDir + File.separator + server.getHost().getAppBase(), "fediz-oidc"); Context cxt = server.addWebapp("/fediz-oidc", rpWebapp.getAbsolutePath()); - + // Substitute the IDP port. Necessary if running the test in eclipse where port filtering doesn't seem // to work File f = new File(currentDir + "/src/test/resources/fediz_config.xml"); @@ -161,13 +161,13 @@ public class OIDCTest { inputStream.close(); if (content.contains("idp.https.port")) { content = content.replaceAll("\\$\\{idp.https.port\\}", "" + idpHttpsPort); - + File f2 = new File(baseDir + "/test-classes/fediz_config.xml"); try (FileOutputStream outputStream = new FileOutputStream(f2)) { IOUtils.write(content, outputStream, "UTF-8"); } } - + FederationAuthenticator fa = new FederationAuthenticator(); fa.setConfigFile(currentDir + File.separator + "target" + File.separator + "test-classes" + File.separator + "fediz_config.xml"); @@ -178,7 +178,7 @@ public class OIDCTest { return server; } - + @AfterClass public static void cleanup() throws Exception { try { @@ -188,7 +188,7 @@ public class OIDCTest { shutdownServer(rpServer); } } - + private static void shutdownServer(Tomcat server) { try { if (server != null && server.getServer() != null @@ -210,38 +210,38 @@ public class OIDCTest { public String getRpHttpsPort() { return rpHttpsPort; } - + public String getServletContextName() { return "fedizhelloworld"; } - + // Runs as BeforeClass: Login to the OIDC Clients page + create two new clients private static void loginToClientsPage(String rpPort, String idpPort) throws Exception { String url = "https://localhost:" + rpPort + "/fediz-oidc/console/clients"; String user = "alice"; String password = "ecila"; - + // Login to the client page successfully WebClient webClient = setupWebClient(user, password, idpPort); HtmlPage loginPage = login(url, webClient); final String bodyTextContent = loginPage.getBody().getTextContent(); Assert.assertTrue(bodyTextContent.contains("Registered Clients")); - + // Now try to register a new client - HtmlPage registeredClientPage = + HtmlPage registeredClientPage = registerNewClient(webClient, url, "new-client", "https://127.0.0.1", "https://cxf.apache.org"); String registeredClientPageBody = registeredClientPage.getBody().getTextContent(); Assert.assertTrue(registeredClientPageBody.contains("Registered Clients")); Assert.assertTrue(registeredClientPageBody.contains("new-client")); Assert.assertTrue(registeredClientPageBody.contains("https://127.0.0.1")); - + HtmlTable table = registeredClientPage.getHtmlElementById("registered_clients"); storedClientId = table.getCellAt(1, 1).asText().trim(); Assert.assertNotNull(storedClientId); - + // Try to register another new client - registeredClientPage = + registeredClientPage = registerNewClient(webClient, url, "new-client2", "https://127.0.1.1", "https://ws.apache.org"); registeredClientPageBody = registeredClientPage.getBody().getTextContent(); @@ -250,24 +250,24 @@ public class OIDCTest { Assert.assertTrue(registeredClientPageBody.contains("https://127.0.0.1")); Assert.assertTrue(registeredClientPageBody.contains("new-client2")); Assert.assertTrue(registeredClientPageBody.contains("https://127.0.1.1")); - + table = registeredClientPage.getHtmlElementById("registered_clients"); storedClient2Id = table.getCellAt(2, 1).asText().trim(); if (storedClient2Id.equals(storedClientId)) { storedClient2Id = table.getCellAt(1, 1).asText().trim(); } Assert.assertNotNull(storedClient2Id); - + webClient.close(); } - + private static HtmlPage registerNewClient(WebClient webClient, String url, String clientName, String redirectURI, String clientAudience) throws Exception { HtmlPage registerPage = webClient.getPage(url + "/register"); - + final HtmlForm form = registerPage.getForms().get(0); - + // Set new client values final HtmlTextInput clientNameInput = form.getInputByName("client_name"); clientNameInput.setValueAttribute(clientName); @@ -281,113 +281,113 @@ public class OIDCTest { final HtmlButton button = form.getButtonByName("submit_button"); return button.click(); } - + // Runs as AfterClass: Login to the OIDC Clients page + delete the created clients! private static void loginToClientsPageAndDeleteClient(String rpPort, String idpPort) throws Exception { String url = "https://localhost:" + rpPort + "/fediz-oidc/console/clients"; String user = "alice"; String password = "ecila"; - + // Login to the client page successfully WebClient webClient = setupWebClient(user, password, idpPort); HtmlPage loginPage = login(url, webClient); final String bodyTextContent = loginPage.getBody().getTextContent(); Assert.assertTrue(bodyTextContent.contains("Registered Clients")); - + // Get the client identifier HtmlTable table = loginPage.getHtmlElementById("registered_clients"); String clientId = table.getCellAt(1, 1).asText().trim(); Assert.assertNotNull(clientId); String clientId2 = table.getCellAt(2, 1).asText().trim(); Assert.assertNotNull(clientId2); - + // Now go to the specific client page HtmlPage registeredClientsPage = deleteClient(webClient, url, clientId); // Check we have one more registered clients table = registeredClientsPage.getHtmlElementById("registered_clients"); Assert.assertEquals(2, table.getRowCount()); - + // Now delete the other client registeredClientsPage = deleteClient(webClient, url, clientId2); // Check we have no more registered clients table = registeredClientsPage.getHtmlElementById("registered_clients"); Assert.assertEquals(1, table.getRowCount()); - + webClient.close(); } - + private static HtmlPage deleteClient(WebClient webClient, String url, String clientId) throws Exception { HtmlPage clientPage = webClient.getPage(url + "/" + clientId); - + final HtmlForm deleteForm = clientPage.getFormByName("deleteForm"); Assert.assertNotNull(deleteForm); - + // Delete the client final HtmlButton button = deleteForm.getButtonByName("submit_delete_button"); return button.click(); } - + // Test that we managed to create the clients ok @org.junit.Test public void testCreatedClients() throws Exception { String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients"; String user = "alice"; String password = "ecila"; - + // Login to the client page successfully WebClient webClient = setupWebClient(user, password, getIdpHttpsPort()); HtmlPage loginPage = login(url, webClient); final String bodyTextContent = loginPage.getBody().getTextContent(); Assert.assertTrue(bodyTextContent.contains("Registered Clients")); - + // Get the new client identifier HtmlTable table = loginPage.getHtmlElementById("registered_clients"); - + // 2 clients Assert.assertEquals(table.getRows().size(), 3); - + // Now check the first client String clientId = table.getCellAt(1, 1).asText().trim(); Assert.assertNotNull(clientId); - + // Check the Date String date = table.getCellAt(1, 2).asText().trim(); SimpleDateFormat dateFormat = new SimpleDateFormat("dd MMM yyyy", Locale.US); dateFormat.setTimeZone(TimeZone.getTimeZone("GMT")); Assert.assertEquals(dateFormat.format(new Date()), date); - + // Check the redirect URI String redirectURI = table.getCellAt(1, 3).asText().trim(); Assert.assertTrue("https://127.0.0.1".equals(redirectURI) || "https://127.0.1.1".equals(redirectURI)); - + // Now check the specific client page HtmlPage clientPage = webClient.getPage(url + "/" + clientId); HtmlTable clientTable = clientPage.getHtmlElementById("client"); Assert.assertEquals(clientId, clientTable.getCellAt(1, 0).asText().trim()); - + webClient.close(); } - + @org.junit.Test public void testOIDCLoginForClient1() throws Exception { - + String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?"; url += "client_id=" + storedClientId; url += "&response_type=code"; url += "&scope=openid"; String user = "alice"; String password = "ecila"; - + // Login to the OIDC token endpoint + get the authorization code WebClient webClient = setupWebClient(user, password, getIdpHttpsPort()); String authorizationCode = loginAndGetAuthorizationCode(url, webClient); Assert.assertNotNull(authorizationCode); - + // Now use the code to get an IdToken - + url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token"; WebRequest request = new WebRequest(new URL(url), HttpMethod.POST); @@ -395,7 +395,7 @@ public class OIDCTest { request.getRequestParameters().add(new NameValuePair("client_id", storedClientId)); request.getRequestParameters().add(new NameValuePair("grant_type", "authorization_code")); request.getRequestParameters().add(new NameValuePair("code", authorizationCode)); - + webClient.getOptions().setJavaScriptEnabled(false); final UnexpectedPage responsePage = webClient.getPage(request); String response = responsePage.getWebResponse().getContentAsString(); @@ -404,27 +404,27 @@ public class OIDCTest { String idToken = getIdToken(response); Assert.assertNotNull(idToken); validateIdToken(idToken, storedClientId); - + webClient.close(); } - + @org.junit.Test public void testOIDCLoginForClient2() throws Exception { - + String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?"; url += "client_id=" + storedClient2Id; url += "&response_type=code"; url += "&scope=openid"; String user = "alice"; String password = "ecila"; - + // Login to the OIDC token endpoint + get the authorization code WebClient webClient = setupWebClient(user, password, getIdpHttpsPort()); String authorizationCode = loginAndGetAuthorizationCode(url, webClient); Assert.assertNotNull(authorizationCode); - + // Now use the code to get an IdToken - + url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token"; WebRequest request = new WebRequest(new URL(url), HttpMethod.POST); @@ -432,7 +432,7 @@ public class OIDCTest { request.getRequestParameters().add(new NameValuePair("client_id", storedClient2Id)); request.getRequestParameters().add(new NameValuePair("grant_type", "authorization_code")); request.getRequestParameters().add(new NameValuePair("code", authorizationCode)); - + webClient.getOptions().setJavaScriptEnabled(false); final UnexpectedPage responsePage = webClient.getPage(request); String response = responsePage.getWebResponse().getContentAsString(); @@ -441,10 +441,10 @@ public class OIDCTest { String idToken = getIdToken(response); Assert.assertNotNull(idToken); validateIdToken(idToken, storedClient2Id); - + webClient.close(); } - + @org.junit.Test public void testUsingCodeForOtherClient() throws Exception { // Get the code for the first client @@ -454,12 +454,12 @@ public class OIDCTest { url += "&scope=openid"; String user = "alice"; String password = "ecila"; - + // Login to the OIDC token endpoint + get the authorization code WebClient webClient = setupWebClient(user, password, getIdpHttpsPort()); String authorizationCode = loginAndGetAuthorizationCode(url, webClient); Assert.assertNotNull(authorizationCode); - + // Now try and get a token for the second client url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token"; WebRequest request = new WebRequest(new URL(url), HttpMethod.POST); @@ -468,7 +468,7 @@ public class OIDCTest { request.getRequestParameters().add(new NameValuePair("client_id", storedClient2Id)); request.getRequestParameters().add(new NameValuePair("grant_type", "authorization_code")); request.getRequestParameters().add(new NameValuePair("code", authorizationCode)); - + webClient.getOptions().setJavaScriptEnabled(false); try { webClient.getPage(request); @@ -477,48 +477,48 @@ public class OIDCTest { // expected } } - + @org.junit.Test public void testBadClientId() throws Exception { - + String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?"; url += "client_id=" + storedClientId + 2; url += "&response_type=code"; url += "&scope=openid"; String user = "alice"; String password = "ecila"; - + // Login to the OIDC token endpoint + get the authorization code WebClient webClient = setupWebClient(user, password, getIdpHttpsPort()); - + String authorizationCode = loginAndGetAuthorizationCode(url, webClient); Assert.assertNull(authorizationCode); - + webClient.close(); } - + @org.junit.Test public void testEmptyClientId() throws Exception { - + String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?"; url += "client_id="; url += "&response_type=code"; url += "&scope=openid"; String user = "alice"; String password = "ecila"; - + // Login to the OIDC token endpoint + get the authorization code WebClient webClient = setupWebClient(user, password, getIdpHttpsPort()); - + String authorizationCode = loginAndGetAuthorizationCode(url, webClient); Assert.assertNull(authorizationCode); - + webClient.close(); } - + @org.junit.Test public void testIncorrectRedirectURI() throws Exception { - + String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/idp/authorize?"; url += "client_id=" + storedClientId; url += "&response_type=code"; @@ -526,28 +526,28 @@ public class OIDCTest { url += "&redirect_uri=https://127.0.0.5"; String user = "alice"; String password = "ecila"; - + // Login to the OIDC token endpoint + get the authorization code WebClient webClient = setupWebClient(user, password, getIdpHttpsPort()); - + String authorizationCode = loginAndGetAuthorizationCode(url, webClient); Assert.assertNull(authorizationCode); - + webClient.close(); } - + @org.junit.Test public void testCreateClientWithInvalidRegistrationURI() throws Exception { String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients"; String user = "alice"; String password = "ecila"; - + // Login to the client page successfully WebClient webClient = setupWebClient(user, password, getIdpHttpsPort()); HtmlPage loginPage = login(url, webClient); final String bodyTextContent = loginPage.getBody().getTextContent(); Assert.assertTrue(bodyTextContent.contains("Registered Clients")); - + // Now try to register a new client try { HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1//", @@ -556,22 +556,22 @@ public class OIDCTest { } catch (Exception ex) { // expected } - + webClient.close(); } - + @org.junit.Test public void testCreateClientWithRegistrationURIFragment() throws Exception { String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients"; String user = "alice"; String password = "ecila"; - + // Login to the client page successfully WebClient webClient = setupWebClient(user, password, getIdpHttpsPort()); HtmlPage loginPage = login(url, webClient); final String bodyTextContent = loginPage.getBody().getTextContent(); Assert.assertTrue(bodyTextContent.contains("Registered Clients")); - + // Now try to register a new client try { HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1#fragment", @@ -580,22 +580,22 @@ public class OIDCTest { } catch (Exception ex) { // expected } - + webClient.close(); } - + @org.junit.Test public void testCreateClientWithInvalidAudienceURI() throws Exception { String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients"; String user = "alice"; String password = "ecila"; - + // Login to the client page successfully WebClient webClient = setupWebClient(user, password, getIdpHttpsPort()); HtmlPage loginPage = login(url, webClient); final String bodyTextContent = loginPage.getBody().getTextContent(); Assert.assertTrue(bodyTextContent.contains("Registered Clients")); - + // Now try to register a new client try { HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1/", @@ -604,22 +604,22 @@ public class OIDCTest { } catch (Exception ex) { // expected } - + webClient.close(); } - + @org.junit.Test public void testCreateClientWithAudienceURIFragment() throws Exception { String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/console/clients"; String user = "alice"; String password = "ecila"; - + // Login to the client page successfully WebClient webClient = setupWebClient(user, password, getIdpHttpsPort()); HtmlPage loginPage = login(url, webClient); final String bodyTextContent = loginPage.getBody().getTextContent(); Assert.assertTrue(bodyTextContent.contains("Registered Clients")); - + // Now try to register a new client try { HtmlPage errorPage = registerNewClient(webClient, url, "asfxyz", "https://127.0.0.1", @@ -628,10 +628,10 @@ public class OIDCTest { } catch (Exception ex) { // expected } - + webClient.close(); } - + @org.junit.Test public void testClientCredentialsSTS() throws Exception { String url = "https://localhost:" + getRpHttpsPort() + "/fediz-oidc/oauth2/token"; @@ -641,7 +641,7 @@ public class OIDCTest { request.getRequestParameters().add(new NameValuePair("client_id", "alice")); request.getRequestParameters().add(new NameValuePair("client_secret", "ecila")); request.getRequestParameters().add(new NameValuePair("grant_type", "client_credentials")); - + final WebClient webClient = new WebClient(); webClient.getOptions().setUseInsecureSSL(true); webClient.getOptions().setJavaScriptEnabled(false); @@ -649,10 +649,10 @@ public class OIDCTest { String response = responsePage.getWebResponse().getContentAsString(); Assert.assertTrue(response.contains("access_token")); - + webClient.close(); } - + private static WebClient setupWebClient(String user, String password, String idpPort) { final WebClient webClient = new WebClient(); webClient.getOptions().setUseInsecureSSL(true); @@ -661,10 +661,10 @@ public class OIDCTest { new UsernamePasswordCredentials(user, password)); webClient.getOptions().setJavaScriptEnabled(false); - + return webClient; } - + private static HtmlPage login(String url, WebClient webClient) throws IOException { webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); @@ -681,7 +681,7 @@ public class OIDCTest { break; } } - Assert.assertTrue(wresult != null + Assert.assertTrue(wresult != null && wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:bearer")); final HtmlForm form = idpPage.getFormByName("signinresponseform"); @@ -689,7 +689,7 @@ public class OIDCTest { return button.click(); } - + private static String loginAndGetAuthorizationCode( String url, WebClient webClient ) throws Exception { @@ -697,7 +697,7 @@ public class OIDCTest { final HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - + DomNodeList results = idpPage.getElementsByTagName("input"); String wresult = null; @@ -707,7 +707,7 @@ public class OIDCTest { break; } } - Assert.assertTrue(wresult != null + Assert.assertTrue(wresult != null && wresult.contains("urn:oasis:names:tc:SAML:2.0:cm:bearer")); final HtmlForm form = idpPage.getFormByName("signinresponseform"); @@ -716,7 +716,7 @@ public class OIDCTest { // Bit of a hack here to get the authorization code - necessary as HtmlUnit tries // to follow the server redirect to "https://127.0.0.1" - the redirect URI CodeWebConnectionWrapper wrapper = new CodeWebConnectionWrapper(webClient); - + try { button.click(); } catch (Throwable t) { @@ -726,10 +726,10 @@ public class OIDCTest { wrapper.close(); return wrapper.getCode(); } - + private String getIdToken(String parentString) { String foundString = - parentString.substring(parentString.indexOf("id_token") + parentString.substring(parentString.indexOf("id_token") + ("id_token" + "\":\"").length()); int ampersandIndex = foundString.indexOf('\"'); if (ampersandIndex < 1) { @@ -737,7 +737,7 @@ public class OIDCTest { } return foundString.substring(0, ampersandIndex); } - + private void validateIdToken(String idToken, String audience) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { JwsJwtCompactConsumer jwtConsumer = new JwsJwtCompactConsumer(idToken); @@ -755,32 +755,32 @@ public class OIDCTest { Certificate cert = keystore.getCertificate("alice"); Assert.assertNotNull(cert); - Assert.assertTrue(jwtConsumer.verifySignatureWith((X509Certificate)cert, + Assert.assertTrue(jwtConsumer.verifySignatureWith((X509Certificate)cert, SignatureAlgorithm.RS256)); } - + private static class CodeWebConnectionWrapper extends WebConnectionWrapper { private String code; - + CodeWebConnectionWrapper(WebClient webClient) throws IllegalArgumentException { super(webClient); } - + public WebResponse getResponse(WebRequest request) throws IOException { WebResponse response = super.getResponse(request); String location = response.getResponseHeaderValue("Location"); if (location != null && location.contains("code=")) { code = getSubstring(location, "code"); } - + return response; } - + public String getCode() { return code; } - + private String getSubstring(String parentString, String substringName) { String foundString = parentString.substring(parentString.indexOf(substringName + "=") + (substringName + "=").length()); http://git-wip-us.apache.org/repos/asf/cxf-fediz/blob/2ca31863/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java ---------------------------------------------------------------------- diff --git a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java index 00a8b78..9e0a4f9 100644 --- a/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java +++ b/systests/samlsso/src/test/java/org/apache/cxf/fediz/systests/idp/IdpTest.java @@ -118,7 +118,7 @@ public class IdpTest { WSSConfig.init(); } - private static Tomcat startServer(String port) + private static Tomcat startServer(String port) throws ServletException, LifecycleException, IOException { Tomcat server = new Tomcat(); server.setPort(0); @@ -161,7 +161,7 @@ public class IdpTest { public static void cleanup() { shutdownServer(idpServer); } - + private static void shutdownServer(Tomcat server) { try { if (server != null && server.getServer() != null @@ -187,7 +187,7 @@ public class IdpTest { public String getServletContextName() { return "fedizhelloworld"; } - + // // Successful tests // @@ -195,20 +195,20 @@ public class IdpTest { @org.junit.Test public void testBrowser() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); signAuthnRequest(authnRequest); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); @@ -218,9 +218,9 @@ public class IdpTest { String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"; url += SSOConstants.RELAY_STATE + "=" + relayState; url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; - + System.out.println("URL: " + url); - + Thread.sleep(60 * 1000); } @@ -228,20 +228,20 @@ public class IdpTest { @org.junit.Test public void testSuccessfulInvokeOnIdP() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); signAuthnRequest(authnRequest); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); @@ -265,12 +265,12 @@ public class IdpTest { final HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Success"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + // Check claims String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument()); String claim = ClaimTypes.FIRSTNAME.toString(); @@ -282,26 +282,26 @@ public class IdpTest { webClient.close(); } - + @org.junit.Test public void testSuccessfulInvokeOnIdPUsingPOST() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up"); signAuthnRequest(authnRequest); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); - + // Don't inflate the token... String requestMessage = DOM2Writer.nodeToString(authnRequestElement); String authnRequestEncoded = Base64Utility.encode(requestMessage.getBytes("UTF-8")); @@ -319,24 +319,24 @@ public class IdpTest { new UsernamePasswordCredentials(user, password)); webClient.getOptions().setJavaScriptEnabled(false); - + WebRequest request = new WebRequest(new URL(url), HttpMethod.POST); request.setRequestParameters(new ArrayList()); request.getRequestParameters().add(new NameValuePair(SSOConstants.RELAY_STATE, relayState)); request.getRequestParameters().add(new NameValuePair(SSOConstants.SAML_REQUEST, authnRequestEncoded)); - + webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(request); - + webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Success"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + // Check claims String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument()); String claim = ClaimTypes.FIRSTNAME.toString(); @@ -348,52 +348,52 @@ public class IdpTest { webClient.close(); } - + @org.junit.Test public void testSeparateSignature() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8"); String relayState = UUID.randomUUID().toString(); - + // Sign request Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties"); - + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); cryptoType.setAlias("realma"); // Get the private key PrivateKey privateKey = crypto.getPrivateKey("realma", "realma"); - + java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA"); signature.initSign(privateKey); - + String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState; - requestToSign += "&" + SSOConstants.SIG_ALG + "=" + requestToSign += "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name()); - + signature.update(requestToSign.getBytes(StandardCharsets.UTF_8)); byte[] signBytes = signature.sign(); - + String encodedSignature = Base64.encode(signBytes); - + String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"; url += SSOConstants.RELAY_STATE + "=" + relayState; url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; @@ -412,12 +412,12 @@ public class IdpTest { final HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Success"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + // Check claims String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument()); String claim = ClaimTypes.FIRSTNAME.toString(); @@ -429,24 +429,24 @@ public class IdpTest { webClient.close(); } - + @org.junit.Test public void testSuccessfulSSOInvokeOnIdP() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); signAuthnRequest(authnRequest); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); @@ -463,7 +463,7 @@ public class IdpTest { final WebClient webClient = new WebClient(); webClient.getOptions().setUseInsecureSSL(true); webClient.addRequestHeader("Authorization", "Basic " + Base64.encode((user + ":" + password).getBytes())); - + // // First invocation // @@ -472,12 +472,12 @@ public class IdpTest { HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Success"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + // Check claims String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument()); String claim = ClaimTypes.FIRSTNAME.toString(); @@ -486,23 +486,23 @@ public class IdpTest { Assert.assertTrue(parsedResponse.contains(claim)); claim = ClaimTypes.EMAILADDRESS.toString(); Assert.assertTrue(parsedResponse.contains(claim)); - + // // Second invocation - change the credentials to make sure the session is set up correctly // - + webClient.removeRequestHeader("Authorization"); webClient.addRequestHeader("Authorization", "Basic " + Base64.encode(("mallory" + ":" + password).getBytes())); - + webClient.getOptions().setJavaScriptEnabled(false); idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - + samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); expected = "urn:oasis:names:tc:SAML:2.0:status:Success"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + // Check claims parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument()); claim = ClaimTypes.FIRSTNAME.toString(); @@ -514,25 +514,25 @@ public class IdpTest { webClient.close(); } - + @org.junit.Test public void testSuccessfulSSOInvokeOnIdPWithForceAuthn() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setForceAuthn(Boolean.TRUE); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); signAuthnRequest(authnRequest); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); @@ -542,7 +542,7 @@ public class IdpTest { String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"; url += SSOConstants.RELAY_STATE + "=" + relayState; url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; - + String user = "alice"; String password = "ecila"; @@ -553,7 +553,7 @@ public class IdpTest { webClient.getCredentialsProvider().setCredentials( new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())), new UsernamePasswordCredentials(user, password)); - + // // First invocation // @@ -562,12 +562,12 @@ public class IdpTest { HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Success"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + // Check claims String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument()); String claim = ClaimTypes.FIRSTNAME.toString(); @@ -576,20 +576,20 @@ public class IdpTest { Assert.assertTrue(parsedResponse.contains(claim)); claim = ClaimTypes.EMAILADDRESS.toString(); Assert.assertTrue(parsedResponse.contains(claim)); - + // // Second invocation // - + webClient.getOptions().setJavaScriptEnabled(false); idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - + samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); expected = "urn:oasis:names:tc:SAML:2.0:status:Success"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + // Check claims parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument()); claim = ClaimTypes.FIRSTNAME.toString(); @@ -598,80 +598,80 @@ public class IdpTest { Assert.assertTrue(parsedResponse.contains(claim)); claim = ClaimTypes.EMAILADDRESS.toString(); Assert.assertTrue(parsedResponse.contains(claim)); - + webClient.close(); - + // // Third invocation - create a new WebClient with no credentials (but with the same CookieManager) // ...this should fail // - + WebClient newWebClient = new WebClient(); newWebClient.setCookieManager(cookieManager); newWebClient.getOptions().setUseInsecureSSL(true); newWebClient.getOptions().setJavaScriptEnabled(false); - + try { newWebClient.getPage(url); Assert.fail("Failure expected on no credentials"); } catch (FailingHttpStatusCodeException ex) { Assert.assertEquals(ex.getStatusCode(), 401); } - + newWebClient.close(); } - + @org.junit.Test public void testSuccessfulSSOInvokeOnIdPWithForceAuthnSeparateSignature() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setForceAuthn(Boolean.TRUE); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8"); String relayState = UUID.randomUUID().toString(); - + // Sign request Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties"); - + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); cryptoType.setAlias("realma"); // Get the private key PrivateKey privateKey = crypto.getPrivateKey("realma", "realma"); - + java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA"); signature.initSign(privateKey); - + String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState; - requestToSign += "&" + SSOConstants.SIG_ALG + "=" + requestToSign += "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name()); - + signature.update(requestToSign.getBytes(StandardCharsets.UTF_8)); byte[] signBytes = signature.sign(); - + String encodedSignature = Base64.encode(signBytes); - + String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"; url += SSOConstants.RELAY_STATE + "=" + relayState; url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; url += "&" + SSOConstants.SIGNATURE + "=" + URLEncoder.encode(encodedSignature, StandardCharsets.UTF_8.name()); - + String user = "alice"; String password = "ecila"; @@ -682,7 +682,7 @@ public class IdpTest { webClient.getCredentialsProvider().setCredentials( new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())), new UsernamePasswordCredentials(user, password)); - + // // First invocation // @@ -691,12 +691,12 @@ public class IdpTest { HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Success"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + // Check claims String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument()); String claim = ClaimTypes.FIRSTNAME.toString(); @@ -705,20 +705,20 @@ public class IdpTest { Assert.assertTrue(parsedResponse.contains(claim)); claim = ClaimTypes.EMAILADDRESS.toString(); Assert.assertTrue(parsedResponse.contains(claim)); - + // // Second invocation // - + webClient.getOptions().setJavaScriptEnabled(false); idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - + samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); expected = "urn:oasis:names:tc:SAML:2.0:status:Success"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + // Check claims parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument()); claim = ClaimTypes.FIRSTNAME.toString(); @@ -729,48 +729,48 @@ public class IdpTest { Assert.assertTrue(parsedResponse.contains(claim)); webClient.close(); - + // // Third invocation - create a new WebClient with no credentials (but with the same CookieManager) // ...this should fail // - + WebClient newWebClient = new WebClient(); newWebClient.setCookieManager(cookieManager); newWebClient.getOptions().setUseInsecureSSL(true); newWebClient.getOptions().setJavaScriptEnabled(false); - + try { newWebClient.getPage(url); Assert.fail("Failure expected on no credentials"); } catch (FailingHttpStatusCodeException ex) { Assert.assertEquals(ex.getStatusCode(), 401); } - + newWebClient.close(); } - + // // Negative tests // - + @org.junit.Test public void testBadIssuer() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld-xyz", consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); signAuthnRequest(authnRequest); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); @@ -792,32 +792,32 @@ public class IdpTest { webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + webClient.close(); } - + @org.junit.Test public void testNoIssuer() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, null, consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); signAuthnRequest(authnRequest); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); @@ -839,35 +839,35 @@ public class IdpTest { webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + webClient.close(); } - + @org.junit.Test public void testBadIssuerFormat() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - + String issuerId = "urn:org:apache:cxf:fediz:fedizhelloworld"; Issuer issuer = SamlpRequestComponentBuilder.createIssuer(issuerId); issuer.setFormat("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"); - + String nameIDFormat = "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"; NameIDPolicy nameIDPolicy = SamlpRequestComponentBuilder.createNameIDPolicy(true, nameIDFormat, issuerId); - + AuthnContextClassRef authnCtxClassRef = SamlpRequestComponentBuilder.createAuthnCtxClassRef( "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport" @@ -877,22 +877,22 @@ public class IdpTest { AuthnContextComparisonTypeEnumeration.EXACT, Collections.singletonList(authnCtxClassRef), null ); - + String protocolBinding = "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"; AuthnRequest authnRequest = SamlpRequestComponentBuilder.createAuthnRequest( - consumerURL, - false, + consumerURL, false, - protocolBinding, + false, + protocolBinding, SAMLVersion.VERSION_20, - issuer, - nameIDPolicy, + issuer, + nameIDPolicy, authnCtx ); - + authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); signAuthnRequest(authnRequest); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); @@ -914,31 +914,31 @@ public class IdpTest { webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + webClient.close(); } - + @org.junit.Test public void testMissingDestination() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); signAuthnRequest(authnRequest); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); @@ -960,32 +960,32 @@ public class IdpTest { webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + webClient.close(); } - + @org.junit.Ignore public void testMissingRelayState() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); signAuthnRequest(authnRequest); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); @@ -1010,26 +1010,26 @@ public class IdpTest { } catch (FailingHttpStatusCodeException ex) { Assert.assertEquals(ex.getStatusCode(), 400); } - + webClient.close(); } - + @org.junit.Test public void testUnsignedRequest() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); @@ -1051,38 +1051,38 @@ public class IdpTest { webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + webClient.close(); } - + @org.junit.Test public void testEmptySeparateSignature() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8"); String relayState = UUID.randomUUID().toString(); - + String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"; url += SSOConstants.RELAY_STATE + "=" + relayState; url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; @@ -1099,60 +1099,60 @@ public class IdpTest { webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); webClient.close(); } - + @org.junit.Test public void testBase64DecodingErrorSeparateSignature() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8"); String relayState = UUID.randomUUID().toString(); - + // Sign request Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties"); - + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); cryptoType.setAlias("realma"); // Get the private key PrivateKey privateKey = crypto.getPrivateKey("realma", "realma"); - + java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA"); signature.initSign(privateKey); - + String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState; - requestToSign += "&" + SSOConstants.SIG_ALG + "=" + requestToSign += "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name()); - + signature.update(requestToSign.getBytes(StandardCharsets.UTF_8)); byte[] signBytes = signature.sign(); - + String encodedSignature = Base64.encode(signBytes); - + String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"; url += SSOConstants.RELAY_STATE + "=" + relayState; url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; @@ -1170,55 +1170,55 @@ public class IdpTest { webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); webClient.close(); } - + @org.junit.Test public void testChangedSeparateSignature() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8"); String relayState = UUID.randomUUID().toString(); - + // Sign request Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties"); - + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); cryptoType.setAlias("realma"); // Get the private key PrivateKey privateKey = crypto.getPrivateKey("realma", "realma"); - + java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA"); signature.initSign(privateKey); - + String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState; - requestToSign += "&" + SSOConstants.SIG_ALG + "=" + requestToSign += "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name()); - + signature.update(requestToSign.getBytes(StandardCharsets.UTF_8)); byte[] signBytes = signature.sign(); if (signBytes[1] != (byte)1) { @@ -1226,9 +1226,9 @@ public class IdpTest { } else { signBytes[1] = (byte)2; } - + String encodedSignature = Base64.encode(signBytes); - + String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"; url += SSOConstants.RELAY_STATE + "=" + relayState; url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; @@ -1245,61 +1245,61 @@ public class IdpTest { webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); webClient.close(); } - + @org.junit.Test public void testSeparateSignatureWrongSignedContent() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); String urlEncodedRequest = URLEncoder.encode(authnRequestEncoded, "UTF-8"); String relayState = UUID.randomUUID().toString(); - + // Sign request Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties"); - + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); cryptoType.setAlias("realma"); // Get the private key PrivateKey privateKey = crypto.getPrivateKey("realma", "realma"); - + java.security.Signature signature = java.security.Signature.getInstance("SHA1withRSA"); signature.initSign(privateKey); - + String requestToSign = SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; requestToSign += "&" + SSOConstants.RELAY_STATE + "=" + relayState; - requestToSign += "&" + SSOConstants.SIG_ALG + "=" + requestToSign += "&" + SSOConstants.SIG_ALG + "=" + URLEncoder.encode(SSOConstants.RSA_SHA1, StandardCharsets.UTF_8.name()) + "asf=xyz"; - + signature.update(requestToSign.getBytes(StandardCharsets.UTF_8)); byte[] signBytes = signature.sign(); - + String encodedSignature = Base64.encode(signBytes); - + String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml/up?"; url += SSOConstants.RELAY_STATE + "=" + relayState; url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; @@ -1316,32 +1316,32 @@ public class IdpTest { webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); webClient.close(); } - + @org.junit.Test public void testUnknownRACS() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/insecure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); signAuthnRequest(authnRequest); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); @@ -1363,34 +1363,34 @@ public class IdpTest { webClient.getOptions().setJavaScriptEnabled(false); final HtmlPage idpPage = webClient.getPage(url); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Requester"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + webClient.close(); } - + @org.junit.Test public void testProblemWithParsingRequest() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld-xyz", consumerURL ); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); signAuthnRequest(authnRequest); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); - + // Don't inflate the token... String requestMessage = DOM2Writer.nodeToString(authnRequestElement); String authnRequestEncoded = Base64Utility.encode(requestMessage.getBytes("UTF-8")); @@ -1418,28 +1418,28 @@ public class IdpTest { } catch (FailingHttpStatusCodeException ex) { Assert.assertEquals(ex.getStatusCode(), 400); } - + webClient.close(); } - + @org.junit.Test public void testForceAuthnWrongCredentials() throws Exception { OpenSAMLUtil.initSamlEngine(); - + // Create SAML AuthnRequest Document doc = DOMUtils.createDocument(); doc.appendChild(doc.createElement("root")); // Create the AuthnRequest - String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + String consumerURL = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet"; - AuthnRequest authnRequest = + AuthnRequest authnRequest = new DefaultAuthnRequestBuilder().createAuthnRequest( null, "urn:org:apache:cxf:fediz:fedizhelloworld", consumerURL ); authnRequest.setForceAuthn(Boolean.TRUE); authnRequest.setDestination("https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml"); signAuthnRequest(authnRequest); - + Element authnRequestElement = OpenSAMLUtil.toDom(authnRequest, doc); String authnRequestEncoded = encodeAuthnRequest(authnRequestElement); @@ -1449,14 +1449,14 @@ public class IdpTest { String url = "https://localhost:" + getIdpHttpsPort() + "/fediz-idp/saml?"; url += SSOConstants.RELAY_STATE + "=" + relayState; url += "&" + SSOConstants.SAML_REQUEST + "=" + urlEncodedRequest; - + String user = "alice"; String password = "ecila"; final WebClient webClient = new WebClient(); webClient.getOptions().setUseInsecureSSL(true); webClient.addRequestHeader("Authorization", "Basic " + Base64.encode((user + ":" + password).getBytes())); - + // // First invocation // @@ -1465,12 +1465,12 @@ public class IdpTest { HtmlPage idpPage = webClient.getPage(url); webClient.getOptions().setJavaScriptEnabled(true); Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - - org.opensaml.saml.saml2.core.Response samlResponse = + + org.opensaml.saml.saml2.core.Response samlResponse = parseSAMLResponse(idpPage, relayState, consumerURL, authnRequest.getID()); String expected = "urn:oasis:names:tc:SAML:2.0:status:Success"; Assert.assertEquals(expected, samlResponse.getStatus().getStatusCode().getValue()); - + // Check claims String parsedResponse = DOM2Writer.nodeToString(samlResponse.getDOM().getOwnerDocument()); String claim = ClaimTypes.FIRSTNAME.toString(); @@ -1479,14 +1479,14 @@ public class IdpTest { Assert.assertTrue(parsedResponse.contains(claim)); claim = ClaimTypes.EMAILADDRESS.toString(); Assert.assertTrue(parsedResponse.contains(claim)); - + // // Second invocation - change the credentials, this should fail // - + webClient.removeRequestHeader("Authorization"); webClient.addRequestHeader("Authorization", "Basic " + Base64.encode(("mallory" + ":" + password).getBytes())); - + webClient.getOptions().setJavaScriptEnabled(false); try { webClient.getPage(url); @@ -1494,43 +1494,43 @@ public class IdpTest { } catch (FailingHttpStatusCodeException ex) { Assert.assertEquals(ex.getStatusCode(), 401); } - + webClient.close(); } - + private String encodeAuthnRequest(Element authnRequest) throws IOException { String requestMessage = DOM2Writer.nodeToString(authnRequest); - + DeflateEncoderDecoder encoder = new DeflateEncoderDecoder(); byte[] deflatedBytes = encoder.deflateToken(requestMessage.getBytes("UTF-8")); return Base64Utility.encode(deflatedBytes); } - + private void signAuthnRequest(AuthnRequest authnRequest) throws Exception { Crypto crypto = CryptoFactory.getInstance("stsKeystoreA.properties"); - + CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS); cryptoType.setAlias("realma"); X509Certificate[] issuerCerts = crypto.getX509Certificates(cryptoType); String sigAlgo = SSOConstants.RSA_SHA1; - + // Get the private key PrivateKey privateKey = crypto.getPrivateKey("realma", "realma"); - + // Create the signature Signature signature = OpenSAMLUtil.buildSignature(); signature.setCanonicalizationAlgorithm(SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS); signature.setSignatureAlgorithm(sigAlgo); - + BasicX509Credential signingCredential = new BasicX509Credential(issuerCerts[0], privateKey); signature.setSigningCredential(signingCredential); X509KeyInfoGeneratorFactory kiFactory = new X509KeyInfoGeneratorFactory(); kiFactory.setEmitEntityCertificate(true); - + try { KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential); signature.setKeyInfo(keyInfo); @@ -1538,21 +1538,21 @@ public class IdpTest { throw new Exception( "Error generating KeyInfo from signing credential", ex); } - + SignableSAMLObject signableObject = (SignableSAMLObject) authnRequest; signableObject.setSignature(signature); signableObject.releaseDOM(); signableObject.releaseChildrenDOM(true); - + } - - private org.opensaml.saml.saml2.core.Response parseSAMLResponse(HtmlPage idpPage, - String relayState, + + private org.opensaml.saml.saml2.core.Response parseSAMLResponse(HtmlPage idpPage, + String relayState, String consumerURL, String authnRequestId ) throws Exception { Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText()); - + // Parse the form to get the token (SAMLResponse) DomNodeList results = idpPage.getElementsByTagName("input"); @@ -1569,28 +1569,28 @@ public class IdpTest { Assert.assertNotNull(samlResponse); Assert.assertTrue(foundRelayState); - + // Check the "action" DomNodeList formResults = idpPage.getElementsByTagName("form"); Assert.assertFalse(formResults.isEmpty()); - + DomElement formResult = formResults.get(0); String action = formResult.getAttributeNS(null, "action"); Assert.assertTrue(action.equals(consumerURL)); - + // Decode + verify response byte[] deflatedToken = Base64Utility.decode(samlResponse); InputStream inputStream = new ByteArrayInputStream(deflatedToken); - + Document responseDoc = StaxUtils.read(new InputStreamReader(inputStream, "UTF-8")); - + XMLObject responseObject = OpenSAMLUtil.fromDom(responseDoc.getDocumentElement()); Assert.assertTrue(responseObject instanceof org.opensaml.saml.saml2.core.Response); - - org.opensaml.saml.saml2.core.Response samlResponseObject = + + org.opensaml.saml.saml2.core.Response samlResponseObject = (org.opensaml.saml.saml2.core.Response)responseObject; Assert.assertTrue(authnRequestId.equals(samlResponseObject.getInResponseTo())); - + return samlResponseObject; } }