SAML2STSLoginModuleUnitTestCase.java

/*
 * JBoss, Home of Professional Open Source.
 * Copyright 2008, Red Hat Middleware LLC, and individual contributors
 * as indicated by the @author tags. See the copyright.txt file in the
 * distribution for a full listing of individual contributors.
 *
 * This is free software; you can redistribute it and/or modify it
 * under the terms of the GNU Lesser General Public License as
 * published by the Free Software Foundation; either version 2.1 of
 * the License, or (at your option) any later version.
 *
 * This software is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * Lesser General Public License for more details.
 *
 * You should have received a copy of the GNU Lesser General Public
 * License along with this software; if not, write to the Free
 * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
 * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
 */
package org.picketlink.test.identity.federation.bindings.jboss.auth;

import static org.junit.Assert.assertNotNull;
import static org.junit.Assert.assertTrue;

import java.io.IOException;
import java.security.acl.Group;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;

import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.AppConfigurationEntry.LoginModuleControlFlag;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginContext;

import org.jboss.security.SimplePrincipal;
import org.jboss.security.auth.callback.ObjectCallback;
import org.junit.Before;
import org.junit.Test;
import org.picketlink.identity.federation.bindings.jboss.auth.SAML2STSLoginModule;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
import org.picketlink.identity.federation.core.wstrust.SamlCredential;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;

/**
 * Unit Test the {@code SAML2STSLoginModule}
 *
 * @author Anil.Saldhana@redhat.com
 * @since Jun 7, 2011
 */
public class SAML2STSLoginModuleUnitTestCase {
    @Before
    public void setup() {
        System.setProperty("java.security.debug", "true");

        Configuration.setConfiguration(new Configuration() {
            @SuppressWarnings({ "rawtypes", "unchecked" })
            @Override
            public AppConfigurationEntry[] getAppConfigurationEntry(String name) {
                final Map options = new HashMap();
                options.put("configFile", "sts-client.properties");
                options.put("localValidation", "true");
                options.put("localValidationSecurityDomain", "someSD");
                options.put("localTestingOnly", "true");
                options.put("roleKey", "Role,SomeAttrib");

                AppConfigurationEntry a2 = new AppConfigurationEntry(SAML2STSLoginModule.class.getName(),
                        LoginModuleControlFlag.REQUIRED, options);
                return new AppConfigurationEntry[] { a2 };
            }
        });
    }

    public class MyCBH implements CallbackHandler {

        public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException {
            AssertionType assertion = AssertionUtil.createAssertion(IDGenerator.create("ID_"), new NameIDType());

            assertion.setSubject(AssertionUtil.createAssertionSubject("anil"));

            List<String> roles = new ArrayList<String>();
            roles.add("test1");
            roles.add("test2");
            assertion.addStatement(StatementUtil.createAttributeStatement(roles));
            assertion.addStatement(StatementUtil.createAttributeStatement("SomeAttrib", "testX"));

            try {
                SamlCredential cred = new SamlCredential(AssertionUtil.asString(assertion));
                ObjectCallback obj = (ObjectCallback) callbacks[0];
                obj.setCredential(cred);
            } catch (ProcessingException e) {
                throw new RuntimeException(e);
            }
        }

    }

    @Test
    public void testAuth() throws Exception {
        Subject subject = new Subject();

        LoginContext lc = new LoginContext("something", subject, new MyCBH());
        lc.login();

        Set<Group> groups = subject.getPrincipals(Group.class);
        Group roleGroup = null;
        for (Group grp : groups) {
            if (grp.getName().equalsIgnoreCase("Roles")) {
                roleGroup = grp;
                break;
            }
        }
        assertNotNull(roleGroup);
        assertTrue(roleGroup.isMember(new SimplePrincipal("test1")));
        assertTrue(roleGroup.isMember(new SimplePrincipal("test2")));
        assertTrue(roleGroup.isMember(new SimplePrincipal("testX")));
    }
}