SamlSignatureUtilForPostBindingTest.java

package org.jboss.seam.security.externaltest.module;

import java.io.IOException;
import java.io.InputStream;
import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;

import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;

import junit.framework.Assert;
import org.jboss.seam.security.external.InvalidRequestException;
import org.jboss.seam.security.external.saml.SamlSignatureUtilForPostBinding;
import org.junit.Before;
import org.junit.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

public class SamlSignatureUtilForPostBindingTest {
    private SamlSignatureUtilForPostBinding samlSignatureUtilForPostBinding;

    private KeyPair keyPair;

    @Before
    public void setup() throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException, UnrecoverableKeyException {
        samlSignatureUtilForPostBinding = new SamlSignatureUtilForPostBinding();

        // Get private and public key
        InputStream keyStoreStream = getClass().getClassLoader().getResourceAsStream("test_keystore.jks");
        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
        keyStore.load(keyStoreStream, "store456".toCharArray());
        X509Certificate certificate = (X509Certificate) keyStore.getCertificate("servercert");
        PublicKey publicKey = certificate.getPublicKey();
        PrivateKey privateKey = (PrivateKey) keyStore.getKey("servercert", "pass456".toCharArray());
        keyPair = new KeyPair(publicKey, privateKey);
    }

    @Test
    public void testValidSignature() throws ParserConfigurationException, InvalidRequestException {
        Document doc = createSignedDocument();

        // Verify the signature (must not throw an InvalidRequestException)
        samlSignatureUtilForPostBinding.validateSignature(keyPair.getPublic(), doc);
    }

    @Test
    public void testInvalidSignature() throws ParserConfigurationException {
        Document doc = createSignedDocument();

        // Manipulate the document
        Element root = doc.getElementById("rootElement");
        root.setAttribute("extraAttribute", "value");

        // Verify the signature. Verification must fail.
        boolean exception = false;
        try {
            samlSignatureUtilForPostBinding.validateSignature(keyPair.getPublic(), doc);
        } catch (InvalidRequestException e) {
            exception = true;
        }

        Assert.assertTrue(exception);
    }

    private Document createSignedDocument() throws ParserConfigurationException {
        // Create a test document
        DocumentBuilderFactory dbfac = DocumentBuilderFactory.newInstance();
        DocumentBuilder docBuilder = dbfac.newDocumentBuilder();
        Document doc = docBuilder.newDocument();
        Element root = doc.createElement("root");
        root.setAttribute("ID", "rootElement");
        root.setIdAttribute("ID", true);
        doc.appendChild(root);
        Element child = doc.createElement("child");
        child.setAttribute("name", "value");
        root.appendChild(child);

        // Sign the document
        samlSignatureUtilForPostBinding.init();
        samlSignatureUtilForPostBinding.sign(doc, keyPair);

        return doc;
    }
}