/*
* JBoss, Home of Professional Open Source
*
* Copyright 2013 Red Hat, Inc. and/or its affiliates.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.picketlink.test.identity.federation.web.saml.handlers;
import junit.framework.TestCase;
import org.junit.Assert;
import org.picketlink.common.constants.GeneralConstants;
import org.picketlink.common.exceptions.ProcessingException;
import org.picketlink.common.exceptions.fed.IssuerNotTrustedException;
import org.picketlink.config.federation.IDPType;
import org.picketlink.config.federation.SPType;
import org.picketlink.config.federation.TrustType;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.handlers.saml2.SAML2IssuerTrustHandler;
import org.picketlink.test.identity.federation.web.mock.MockHttpServletRequest;
import org.picketlink.test.identity.federation.web.mock.MockHttpServletResponse;
import org.picketlink.test.identity.federation.web.mock.MockHttpSession;
import org.picketlink.test.identity.federation.web.mock.MockServletContext;
import java.util.HashMap;
import java.util.Map;
/**
* @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
*/
public class SAMLIssuerTrustHandlerUnitTestCase extends TestCase {
public void testIssuerForIdp() throws Exception {
SAML2IssuerTrustHandler issuerTrustHandler = new SAML2IssuerTrustHandler();
// Create a Protocol Context
MockHttpSession session = new MockHttpSession();
MockServletContext servletContext = new MockServletContext();
MockHttpServletRequest servletRequest = new MockHttpServletRequest(session, "POST");
MockHttpServletResponse servletResponse = new MockHttpServletResponse();
HTTPContext httpContext = new HTTPContext(servletRequest, servletResponse, servletContext);
// Create chainConfig for IDP
TrustType trustType = new TrustType();
Map<String, Object> chainOptionsIdp = new HashMap<String, Object>();
IDPType idpType = new IDPType();
idpType.setTrust(trustType);
chainOptionsIdp.put(GeneralConstants.CONFIGURATION, idpType);
SAML2HandlerChainConfig chainConfigIdp = new DefaultSAML2HandlerChainConfig(chainOptionsIdp);
issuerTrustHandler.initChainConfig(chainConfigIdp);
// Create documentHolder
NameIDType issuer = new NameIDType();
AuthnRequestType authnRequestType = new AuthnRequestType("ID_123456789", null);
authnRequestType.setIssuer(issuer);
SAMLDocumentHolder documentHolder = new SAMLDocumentHolder(authnRequestType);
// Create request and response
SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext, null, documentHolder,
SAML2Handler.HANDLER_TYPE.IDP);
SAML2HandlerResponse response = new DefaultSAML2HandlerResponse();
// Test localhost
issuer.setValue("http://localhost:8080/sales");
trustType.setDomains("localhost,google.com,somedomain.com");
issuerTrustHandler.handleRequestType(request, response);
// Test somedomain
issuer.setValue("http://www.somedomain.com:8080/sales/");
issuerTrustHandler.handleRequestType(request, response);
// Test non-trusted domain
try {
issuer.setValue("http://www.evil.com:8080/sales/");
issuerTrustHandler.handleRequestType(request, response);
fail("www.evil.com is non-trusted domain");
} catch (ProcessingException pe) {
Assert.assertEquals(pe.getCause().getClass(), IssuerNotTrustedException.class);
}
// Test google.com
issuer.setValue("google.com");
issuerTrustHandler.handleRequestType(request, response);
issuer.setValue("google.com/a/mposolda1.com");
issuerTrustHandler.handleRequestType(request, response);
}
public void testIssuerForSp() throws Exception {
SAML2IssuerTrustHandler issuerTrustHandler = new SAML2IssuerTrustHandler();
// Create a Protocol Context
MockHttpSession session = new MockHttpSession();
MockServletContext servletContext = new MockServletContext();
MockHttpServletRequest servletRequest = new MockHttpServletRequest(session, "POST");
MockHttpServletResponse servletResponse = new MockHttpServletResponse();
HTTPContext httpContext = new HTTPContext(servletRequest, servletResponse, servletContext);
// Create chainConfig for SP
TrustType trustType = new TrustType();
Map<String, Object> chainOptionsIdp = new HashMap<String, Object>();
SPType spType = new SPType();
spType.setTrust(trustType);
chainOptionsIdp.put(GeneralConstants.CONFIGURATION, spType);
SAML2HandlerChainConfig chainConfigIdp = new DefaultSAML2HandlerChainConfig(chainOptionsIdp);
issuerTrustHandler.initChainConfig(chainConfigIdp);
// Create documentHolder
NameIDType issuer = new NameIDType();
ResponseType responseType = new ResponseType("ID_123456789", null);
responseType.setIssuer(issuer);
SAMLDocumentHolder documentHolder = new SAMLDocumentHolder(responseType);
// Create request and response
SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext, null, documentHolder,
SAML2Handler.HANDLER_TYPE.IDP);
SAML2HandlerResponse response = new DefaultSAML2HandlerResponse();
// Test localhost
issuer.setValue("http://localhost:8080/idp");
trustType.setDomains("localhost,google.com,somedomain.com");
issuerTrustHandler.handleStatusResponseType(request, response);
// Test somedomain
issuer.setValue("http://www.somedomain.com:8080/idp/");
issuerTrustHandler.handleStatusResponseType(request, response);
// Test non-trusted domain
try {
issuer.setValue("http://www.evil.com:8080/idp/");
issuerTrustHandler.handleStatusResponseType(request, response);
fail("www.evil.com is non-trusted domain");
} catch (ProcessingException pe) {
Assert.assertEquals(pe.getCause().getClass(), IssuerNotTrustedException.class);
}
// Test google.com
issuer.setValue("google.com");
issuerTrustHandler.handleStatusResponseType(request, response);
issuer.setValue("google.com/a/mposolda1.com");
issuerTrustHandler.handleStatusResponseType(request, response);
}
}