SAMLOAuthEndpointTestCase.java

/*
 * JBoss, Home of Professional Open Source
 *
 * Copyright 2013 Red Hat, Inc. and/or its affiliates.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.picketlink.test.identity.federation.bindings.wildfly.rest;

import io.undertow.servlet.api.DeploymentInfo;
import io.undertow.servlet.api.LoginConfig;
import io.undertow.servlet.api.SecurityConstraint;
import io.undertow.servlet.api.SecurityInfo;
import io.undertow.servlet.api.ServletInfo;
import io.undertow.servlet.api.ServletSecurityInfo;
import io.undertow.servlet.api.WebResourceCollection;
import org.jboss.resteasy.plugins.server.undertow.UndertowJaxrsServer;
import org.junit.AfterClass;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.picketlink.identity.federation.api.saml.api.SAMLClient;
import org.picketlink.identity.federation.bindings.wildfly.rest.SAMLOauthInfo;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.web.util.PostBindingUtil;
import org.picketlink.test.identity.federation.bindings.wildfly.TestClassIntrospector;
import org.picketlink.test.identity.federation.bindings.wildfly.TestIdentityManager;

import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;

import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertNotNull;

/**
 * Unit test the {@link org.picketlink.identity.federation.bindings.wildfly.rest.SAMLOAuthEndpoint}
 * @author Anil Saldhana
 * @since June 16, 2014
 */
public class SAMLOAuthEndpointTestCase extends UndertowJaxrsBaseTest{

    private final String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:saml2-bearer";

    private final String GRANT_TYPE_PARAMETER = "grant_type";

    private final String ASSERTION_PARAMETER = "assertion";

    @Test
    public void testSAMLOAuth() throws Exception {
        Client client = restClient("user1", "password1");
        WebTarget webTarget = client.target(server_url).path("/test/testsaml/saml");
        Form form = new Form();
        form.param("x", "foo");
        form.param("y", "bar");

        Entity entity = Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE);

        Response response = webTarget.request().post(entity);
        assertNotNull(response);
        int status = response.getStatus();
        assertEquals("Expected 200", 200, status);
        String samlAssertionBase64Encoded = response.readEntity(String.class);
        assertNotNull(samlAssertionBase64Encoded);
        byte[] assertionBytes = PostBindingUtil.base64Decode(samlAssertionBase64Encoded);

        SAMLClient samlClient = new SAMLClient();
        AssertionType assertionType = samlClient.parseAssertion(assertionBytes);
        assertNotNull(assertionType);

        String assertionID = assertionType.getID();

        assertFalse(samlClient.hasExpired(assertionType));
        NameIDType nameIDType = (NameIDType) assertionType.getSubject().getSubType().getBaseID();
        assertEquals("user1", nameIDType.getValue());

        //Now let us use the SAML assertion to call the oauth endpoint
        form = new Form();
        form.param(GRANT_TYPE_PARAMETER,GRANT_TYPE);
        form.param(ASSERTION_PARAMETER,samlAssertionBase64Encoded);
        entity = Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE);

        webTarget = client.target(server_url).path("/test/testsaml/samloauth");
        response = webTarget.request().post(entity);
        assertNotNull(response);
        status = response.getStatus();
        assertEquals("Expected 200", 200, status);

        SAMLOauthInfo samlOauthInfo = response.readEntity(SAMLOauthInfo.class);
        assertNotNull(samlOauthInfo);
        assertEquals(assertionID, samlOauthInfo.getSamlAssertionID());

        //Let us call the endpoint to validate the assertion
        form = new Form();
        form.param(ASSERTION_PARAMETER,samlAssertionBase64Encoded);
        entity = Entity.entity(form, MediaType.APPLICATION_FORM_URLENCODED_TYPE);

        webTarget = client.target(server_url).path("/test/testsaml/samlvalidate");
        assertFalse(samlClient.hasExpired(assertionType));

        response = webTarget.request().post(entity);
        assertNotNull(response);
        status = response.getStatus();
        assertEquals("Expected 200", 200, status);

        assertEquals("true", response.readEntity(String.class));
    }
}