ExternalSSOEnabledIT.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */

package org.apache.usergrid.rest.management;

import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import io.jsonwebtoken.impl.crypto.RsaProvider;
import org.apache.commons.collections4.map.HashedMap;
import org.apache.usergrid.cassandra.SpringResource;
import org.apache.usergrid.persistence.index.utils.UUIDUtils;
import org.apache.usergrid.rest.test.resource.AbstractRestIT;
import org.apache.usergrid.rest.test.resource.RestClient;
import org.apache.usergrid.rest.test.resource.model.ApiResponse;
import org.apache.usergrid.rest.test.resource.model.Entity;
import org.apache.usergrid.security.sso.ApigeeSSO2Provider;
import org.codehaus.jackson.JsonNode;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;

import java.security.*;
import java.util.HashMap;
import java.util.Map;

import static org.junit.Assert.*;

/**
 * Created by ayeshadastagiri on 7/20/16.
 */
@Ignore("Need to figure out a way to set the public key for Mock server.")
public class ExternalSSOEnabledIT extends AbstractRestIT {

    Key key;
    PublicKey publicKey;
    PrivateKey privateKey;
    String compactJws;
    String username = "SSOadminuser" + UUIDUtils.newTimeUUID();

    //SSO2 implementation
    public static final String USERGRID_EXTERNAL_SSO_ENABLED = "usergrid.external.sso.enabled";
    public static final String USERGRID_EXTERNAL_PROVIDER =    "usergrid.external.sso.provider";

    public ExternalSSOEnabledIT() throws Exception {

    }

    @Before
    public void setup() throws NoSuchAlgorithmException {
        generateKey();
    }

    private void generateKey() {
        KeyPair kp = RsaProvider.generateKeyPair(1024);
        publicKey = kp.getPublic();
        privateKey = kp.getPrivate();
    }

    private String genrateToken(){
        Map<String, Object> claims = new HashedMap<String, Object>();
        claims.put("jti","c7df0339-3847-450b-a925-628ef237953a");
        claims.put("sub","b6d62259-217b-4e96-8f49-e00c366e4fed");
        claims.put("scope","size = 5");
        claims.put("client_id", "edgecli");
        claims.put("azp","edgecli");
        claims.put("grant_type" ,"password");
        claims.put("user_id","b6d62259-217b-4e96-8f49-e00c366e4fed");
        claims.put( "origin","usergrid");
        claims.put("user_name","AyeshaSSOUser");
        claims.put("email", "adastagiri+ssotesting@apigee.com");
        claims.put( "rev_sig","dfe5d0d3");
        claims.put("iat","1466550862");
        claims.put("exp", System.currentTimeMillis() + 1000);
        claims.put("iss", "https://login.apigee.com/oauth/token");
        claims.put( "zid","uaa");
        claims.put( "aud"," size = 6");
        claims.put("grant_type","password");

        String jwt = Jwts.builder().setClaims(claims).signWith(SignatureAlgorithm.RS256, privateKey).compact();
        return jwt;

    }

    @Test
    public void SuperUserTestsFor() throws NoSuchAlgorithmException {

        // create a admin user.
        RestClient restClient = clientSetup.getRestClient();

        //Create adminUser values
        Entity adminUserPayload = new Entity();
        adminUserPayload.put("username", "TestUser");
        adminUserPayload.put("name", username);
        adminUserPayload.put("email", "adastagiri+ssotesting@apigee.com");
        adminUserPayload.put("password", username);

        //create adminUser
        ApiResponse adminUserEntityResponse = management().orgs().org(clientSetup.getOrganizationName()).users().post(ApiResponse.class, adminUserPayload);

        Entity adminUserResponse = new Entity(adminUserEntityResponse);
        //verify that the response contains the correct data
        assertNotNull(adminUserResponse);
        assertEquals("TestUser", adminUserResponse.get("username"));

        Map<String, String> props = new HashMap<String, String>();

        props.put( USERGRID_EXTERNAL_SSO_ENABLED, "true" );
        props.put( USERGRID_EXTERNAL_PROVIDER, "apigee" );
        pathResource( "testproperties" ).post( props );

        // /management/me --> superuser and query params --> Generate a super usesr token.
        Map<String, Object> loginInfo = new HashMap<String, Object>() {{
            put( "username", "superuser" );
            put( "password", "superpassword" );
            put( "grant_type", "password" );
        }};
        ApiResponse postResponse2 = pathResource( "management/token" ).post( false,ApiResponse.class,loginInfo );
        assertTrue(postResponse2.getAccessToken() != null );


        // /orgs  create an org with superuser credentials.
        // /management/me --> superuser and query params --> Generate a super usesr token.
        Map<String, Object> orgDetails = new HashMap<String, Object>() {{
            put( "email", "adastagiri+ssotesting@apigee.com" );
            put( "name", "testuser" );
            put( "organization", username );
        }};

        context().getToken().put("access_token",postResponse2.getAccessToken());
        postResponse2 = pathResource( "management/orgs" ).post( true,ApiResponse.class,orgDetails);
        assertTrue(postResponse2.getData() != null);

        postResponse2 = pathResource("management/orgs").get(ApiResponse.class,true);
        assertTrue(postResponse2 != null);


        compactJws = genrateToken();

        SpringResource.getInstance().getAppContext().getBean(ApigeeSSO2Provider.class).setPublicKey( publicKey  );
        context().getToken().put("access_token",compactJws);
        // /management/me --> admin user and jwt token. Return the user information and "token" should have jwt token.
        JsonNode responseToken = management().me().get(JsonNode.class,true);
        assertTrue(responseToken.get("access_token") != null);


        // /management/me --> admin and query params --> Generate a super usesr token.
        Map<String, Object> loginInfo1 = new HashMap<String, Object>() {{
            put( "username", "TestUser" );
            put( "password", username );
            put( "grant_type", "password" );
        }};

        // /managment/token -> adminusername and password --> should fail.
        ApiResponse postResponse1 = pathResource("management/token").post(false, ApiResponse.class,loginInfo1);
//        fail( "External SSO integration is enabled, admin users must login via provider: "+ USERGRID_EXTERNAL_SSO_PROVIDER_URL);




    }
}