Package org.picketlink.test.identity.federation.web.mock

Examples of org.picketlink.test.identity.federation.web.mock.MockHttpServletRequest


        filterConfig.addInitParameter(GeneralConstants.IGNORE_SIGNATURES, "true");

        spEmpl.init(filterConfig);

        MockHttpSession filterSession = new MockHttpSession();
        MockHttpServletRequest filterRequest = new MockHttpServletRequest(filterSession, "POST");
        filterRequest.addParameter(GeneralConstants.GLOBAL_LOGOUT, "true");

        MockHttpServletResponse filterResponse = new MockHttpServletResponse();
        ByteArrayOutputStream filterbaos = new ByteArrayOutputStream();
        filterResponse.setOutputStream(filterbaos);
View Full Code Here


        });
        List<String> rolesList = new ArrayList<String>();
        rolesList.add("manager");
        session.setAttribute(GeneralConstants.ROLES_ID, rolesList);

        MockHttpServletRequest request = new MockHttpServletRequest(session, "POST");
        request.addHeader("Referer", sales);

        String samlMessage = Base64.encodeBytes(createLogOutRequest(sales).getBytes());
        session.setAttribute("SAMLRequest", samlMessage);

        MockHttpServletResponse response = new MockHttpServletResponse();
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        response.setOutputStream(baos);

        // The IDP is preloaded with 2 participants : "http://localhost:8080/sales/"
        // and "http://localhost:8080/employee"

        // Lets start the workflow with post
        idp.testPost(request, response);

        String idpResponse = new String(baos.toByteArray());
        assertNotNull(idpResponse);

        Document htmlResponse = DocumentUtil.getDocument(idpResponse);
        assertNotNull(htmlResponse);
        NodeList nodes = htmlResponse.getElementsByTagName("INPUT");
        Element inputElement = (Element) nodes.item(0);
        String logoutOrigResponse = inputElement.getAttributeNode("VALUE").getValue();

        String relayState = null;
        if (nodes.getLength() > 1)
            relayState = ((Element) nodes.item(1)).getAttributeNode("VALUE").getValue();

        String logoutResponse = new String(Base64.decode(logoutOrigResponse));

        SAML2Request samlRequest = new SAML2Request();
        ByteArrayInputStream bis = new ByteArrayInputStream(logoutResponse.getBytes());
        SAML2Object samlObject = samlRequest.getSAML2ObjectFromStream(bis);
        assertTrue(samlObject instanceof LogoutRequestType);

        // Let us feed the LogOutRequest to the SPFilter
        MockContextClassLoader mclSPEmp = setupTCL(profile + "/sp/employee");
        Thread.currentThread().setContextClassLoader(mclSPEmp);
        SPFilter spEmpl = new SPFilter();
        MockFilterConfig filterConfig = new MockFilterConfig(servletContext);
        filterConfig.addInitParameter(GeneralConstants.IGNORE_SIGNATURES, "true");

        spEmpl.init(filterConfig);

        MockHttpSession filterSession = new MockHttpSession();
        MockHttpServletRequest filterRequest = new MockHttpServletRequest(filterSession, "POST");
        filterRequest.addParameter("SAMLResponse", logoutOrigResponse);
        filterRequest.addParameter("RelayState", relayState);

        MockHttpServletResponse filterResponse = new MockHttpServletResponse();
        ByteArrayOutputStream filterbaos = new ByteArrayOutputStream();
        filterResponse.setOutputStream(filterbaos);

        spEmpl.doFilter(filterRequest, filterResponse, new MockFilterChain());
        String spResponse = new String(filterbaos.toByteArray());
        Document spHTMLResponse = DocumentUtil.getDocument(spResponse);
        nodes = spHTMLResponse.getElementsByTagName("INPUT");
        inputElement = (Element) nodes.item(0);
        logoutOrigResponse = inputElement.getAttributeNode("VALUE").getValue();
        relayState = null;
        if (nodes.getLength() > 1)
            relayState = ((Element) nodes.item(1)).getAttributeNode("VALUE").getValue();

        // Now the SP (employee app) has logged out and sending a status response to IDP
        Thread.currentThread().setContextClassLoader(mclIDP);
        session.setAttribute("SAMLResponse", logoutOrigResponse);
        session.setAttribute("RelayState", relayState);

        idp.testPost(request, response);

        idpResponse = new String(filterbaos.toByteArray());
        assertNotNull(idpResponse);

        htmlResponse = DocumentUtil.getDocument(idpResponse);
        assertNotNull(htmlResponse);
        nodes = htmlResponse.getElementsByTagName("INPUT");
        inputElement = (Element) nodes.item(0);
        logoutOrigResponse = inputElement.getAttributeNode("VALUE").getValue();

        relayState = null;
        if (nodes.getLength() > 1)
            relayState = ((Element) nodes.item(1)).getAttributeNode("VALUE").getValue();

        // Now we should have got a full success report from IDP
        MockContextClassLoader mclSPSales = setupTCL(profile + "/sp/employee");
        Thread.currentThread().setContextClassLoader(mclSPSales);
        SPFilter spSales = new SPFilter();

        spSales.init(filterConfig);

        filterRequest.addParameter("SAMLResponse", logoutOrigResponse);
        filterRequest.addParameter("RelayState", relayState);

        spSales.doFilter(filterRequest, filterResponse, new MockFilterChain());

        spResponse = new String(filterbaos.toByteArray());
View Full Code Here

        handler.initHandlerConfig(handlerConfig);

        // Create a Protocol Context
        MockHttpSession session = new MockHttpSession();
        MockServletContext servletContext = new MockServletContext();
        MockHttpServletRequest servletRequest = new MockHttpServletRequest(session, "POST");
        MockHttpServletResponse servletResponse = new MockHttpServletResponse();
        HTTPContext httpContext = new HTTPContext(servletRequest, servletResponse, servletContext);

        SAML2Object saml2Object = new SAML2Object() {
        };
View Full Code Here

        handler.initHandlerConfig(handlerConfig);

        // Create a Protocol Context
        MockHttpSession session = new MockHttpSession();
        MockServletContext servletContext = new MockServletContext();
        MockHttpServletRequest servletRequest = new MockHttpServletRequest(session, "POST");
        MockHttpServletResponse servletResponse = new MockHttpServletResponse();
        HTTPContext httpContext = new HTTPContext(servletRequest, servletResponse, servletContext);

        ResponseType saml2Object = new SAML2Response().createResponseType("fake_id");
View Full Code Here

        SAML2IssuerTrustHandler issuerTrustHandler = new SAML2IssuerTrustHandler();

        // Create a Protocol Context
        MockHttpSession session = new MockHttpSession();
        MockServletContext servletContext = new MockServletContext();
        MockHttpServletRequest servletRequest = new MockHttpServletRequest(session, "POST");
        MockHttpServletResponse servletResponse = new MockHttpServletResponse();
        HTTPContext httpContext = new HTTPContext(servletRequest, servletResponse, servletContext);

        // Create chainConfig for IDP
        TrustType trustType = new TrustType();
View Full Code Here

        filterConfig.addInitParameter(GeneralConstants.IGNORE_SIGNATURES, "true");

        spEmpl.init(filterConfig);

        MockHttpSession filterSession = new MockHttpSession();
        MockHttpServletRequest filterRequest = new MockHttpServletRequest(filterSession, "POST");

        MockHttpServletResponse filterResponse = new MockHttpServletResponse();
        ByteArrayOutputStream filterbaos = new ByteArrayOutputStream();
        filterResponse.setOutputStream(filterbaos);

        spEmpl.doFilter(filterRequest, filterResponse, new MockFilterChain());
        String spResponse = new String(filterbaos.toByteArray());
        Document spHTMLResponse = DocumentUtil.getDocument(spResponse);
        NodeList nodes = spHTMLResponse.getElementsByTagName("INPUT");
        Element inputElement = (Element) nodes.item(0);
        String idpResponse = inputElement.getAttributeNode("VALUE").getValue();
        @SuppressWarnings("unused")
        String relayState = null;
        if (nodes.getLength() > 1)
            relayState = ((Element) nodes.item(1)).getAttributeNode("VALUE").getValue();

        // Lets call the IDPServlet

        MockHttpSession session = new MockHttpSession();
        servletContext = new MockServletContext();
        session.setServletContext(servletContext);
        IdentityServer server = this.getIdentityServer(session);
        servletContext.setAttribute("IDENTITY_SERVER", server);
        MockServletConfig servletConfig = new MockServletConfig(servletContext);

        MockContextClassLoader mclIDP = setupTCL(profile + "/idp");
        Thread.currentThread().setContextClassLoader(mclIDP);

        MockHttpServletRequest request = new MockHttpServletRequest(session, "POST");
        request.addHeader("Referer", "http://localhost:8080/employee/");

        request.addParameter(GeneralConstants.USERNAME_FIELD, "anil");
        request.addParameter(GeneralConstants.PASS_FIELD, "anil");

        MockHttpServletResponse response = new MockHttpServletResponse();
        ByteArrayOutputStream baos = new ByteArrayOutputStream();
        response.setOutputStream(baos);
View Full Code Here

        verificationHandler.initHandlerConfig(handlerConfig);

        // Create a Protocol Context
        MockHttpSession session = new MockHttpSession();
        MockServletContext servletContext = new MockServletContext();
        MockHttpServletRequest servletRequest = new MockHttpServletRequest(session, "POST");
        MockHttpServletResponse servletResponse = new MockHttpServletResponse();
        HTTPContext httpContext = new HTTPContext(servletRequest, servletResponse, servletContext);

        // Create handler request and response
        IssuerInfoHolder issuerInfo = new IssuerInfoHolder("http://localhost:8080/sales/");
        SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext, issuerInfo.getIssuer(), null,
                SAML2Handler.HANDLER_TYPE.SP);
        request.setTypeOfRequestToBeGenerated(SAML2HandlerRequest.GENERATE_REQUEST_TYPE.AUTH);
        SAML2HandlerResponse response = new DefaultSAML2HandlerResponse();

        // 2) GENERATE SAML AUTHENTICATION REQUEST

        // Generate SAML AuthnRequest with handlers
        authenticationHandler.generateSAMLRequest(request, response);
        verificationHandler.generateSAMLRequest(request, response);

        // Parse document and verify that ID is saved in Http session
        Document samlReqDoc = response.getResultingDocument();
        SAMLParser parser = new SAMLParser();
        AuthnRequestType authnRequest = (AuthnRequestType) parser.parse(DocumentUtil.getNodeAsStream(samlReqDoc));
        assertEquals(authnRequest.getID(), servletRequest.getSession().getAttribute(GeneralConstants.AUTH_REQUEST_ID));

        // 3) SEND SAML AUTHENTICATION REQUEST TO IDP

        // Generate request and response for IDP
        SAML2HandlerResponse handlerResponseFromIdp = sendRequestToIdp(authnRequest, samlReqDoc, httpContext, handlerConfig);

        // Parse SAML response from IDP
        Document doc2response = handlerResponseFromIdp.getResultingDocument();
        assertNotNull(doc2response);
        String responseString = DocumentUtil.asString(doc2response);

        // 4) PROCESS SAML RESPONSE FROM IDP. VERIFICATION OF InResponseId SHOULD BE SUCCESSFUL

        HandlerContext handlerContext = getHandlerRequestAndResponse(httpContext, issuerInfo, responseString);

        // Assert that ID from session is not null
        String inResponseIdFromSession = (String) servletRequest.getSession().getAttribute(GeneralConstants.AUTH_REQUEST_ID);
        assertNotNull(inResponseIdFromSession);

        // Handle response from IDP
        authenticationHandler.handleStatusResponseType(handlerContext.request, handlerContext.response);
        verificationHandler.handleStatusResponseType(handlerContext.request, handlerContext.response);

        // Verify that Id is not in session anymore. Becaue it was removed by SAML2ResponseIdVerificationHandler
        assertNull(servletRequest.getSession().getAttribute(GeneralConstants.AUTH_REQUEST_ID));

        // 5) CHANGE InResponseId IN SAML RESPONSE. VALIDATION MUST FAIL NOW.

        // Change InResponseId
        String responseStringChangedId = responseString.replaceAll("InResponseTo=\"" + inResponseIdFromSession + "\"",
                "InResponseTo=\"ID_101dcb5e-f432-4f45-87cb-47daff92edef\"");
        HandlerContext handlerContextChangedId = getHandlerRequestAndResponse(httpContext, issuerInfo, responseStringChangedId);

        // Set Id to session again as it was removed in previous processing
        servletRequest.getSession().setAttribute(GeneralConstants.AUTH_REQUEST_ID, inResponseIdFromSession);

        // Handle response with changed Id. This time it should fail
        try {
            authenticationHandler.handleStatusResponseType(handlerContextChangedId.request, handlerContextChangedId.response);
            verificationHandler.handleStatusResponseType(handlerContextChangedId.request, handlerContextChangedId.response);

            fail("Verification of InResponseTo should fail.");
        } catch (ProcessingException pe) {
            assertEquals(ErrorCodes.AUTHN_REQUEST_ID_VERIFICATION_FAILED, pe.getMessage());
        }

        // 6) REMOVE InResponseId FROM SAML RESPONSE. VALIDATION MUST FAIL NOW.

        // Remove inResponseId
        String responseStringRemovedId = responseString.replaceAll("InResponseTo=\"" + inResponseIdFromSession + "\"", "");
        HandlerContext handlerContextRemovedId = getHandlerRequestAndResponse(httpContext, issuerInfo, responseStringRemovedId);

        // Set Id to session again as it was removed in previous processing
        servletRequest.getSession().setAttribute(GeneralConstants.AUTH_REQUEST_ID, inResponseIdFromSession);

        // Now handle again response from IDP. This time it should also fail as InResponseTo is null
        try {
            authenticationHandler.handleStatusResponseType(handlerContextRemovedId.request, handlerContextRemovedId.response);
            verificationHandler.handleStatusResponseType(handlerContextRemovedId.request, handlerContextRemovedId.response);
View Full Code Here

        // Create a Protocol Context
        MockHttpSession session = new MockHttpSession();
        MockServletContext servletContext = new MockServletContext();
        String httpMethod = isPostBinding ? "POST" : "GET";
        MockHttpServletRequest servletRequest = new MockHttpServletRequest(session, httpMethod);
        MockHttpServletResponse servletResponse = new MockHttpServletResponse();
        HTTPContext httpContext = new HTTPContext(servletRequest, servletResponse, servletContext);

        SAMLDocumentHolder docHolder = new SAMLDocumentHolder(authnRequest, authDoc);
        IssuerInfoHolder issuerInfo = new IssuerInfoHolder("http://localhost:8080/idp/");
        SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext, issuerInfo.getIssuer(), docHolder,
                SAML2Handler.HANDLER_TYPE.IDP);
        request.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.AUTH);

        SAML2HandlerResponse response = new DefaultSAML2HandlerResponse();
        response.setPostBindingForResponse(isPostBinding);

        request.addOption(GeneralConstants.SENDER_PUBLIC_KEY, keypair.getPublic());

        SAML2AuthenticationHandler authHandler = new SAML2AuthenticationHandler();
        authHandler.initChainConfig(chainConfig);
        authHandler.initHandlerConfig(handlerConfig);
        authHandler.generateSAMLRequest(request, response);

        handler.generateSAMLRequest(request, response);
        Document signedDoc = response.getResultingDocument();

        assertNotNull("Signed Doc is not null", signedDoc);
        SAMLDocumentHolder signedHolder = new SAMLDocumentHolder(signedDoc);
        request = new DefaultSAML2HandlerRequest(httpContext, issuerInfo.getIssuer(), signedHolder,
                SAML2Handler.HANDLER_TYPE.SP);

        request.addOption(GeneralConstants.SENDER_PUBLIC_KEY, keypair.getPublic());

        if (!isPostBinding) {
            servletRequest.setQueryString(response.getDestinationQueryStringWithSignature());
        }

        SAML2SignatureValidationHandler validHandler = new SAML2SignatureValidationHandler();
        validHandler.initChainConfig(chainConfig);
        validHandler.initHandlerConfig(handlerConfig);
View Full Code Here

        handler.initHandlerConfig(handlerConfig);

        // Create a Protocol Context
        MockHttpSession session = new MockHttpSession();
        MockServletContext servletContext = new MockServletContext();
        MockHttpServletRequest servletRequest = new MockHttpServletRequest(session, "POST");
        MockHttpServletResponse servletResponse = new MockHttpServletResponse();
        HTTPContext httpContext = new HTTPContext(servletRequest, servletResponse, servletContext);

        SAML2Object saml2Object = new SAML2Object() {
        };
View Full Code Here

        handler.initHandlerConfig(handlerConfig);

        // Create a Protocol Context
        MockHttpSession session = new MockHttpSession();
        MockServletContext servletContext = new MockServletContext();
        MockHttpServletRequest servletRequest = new MockHttpServletRequest(session, "POST");
        MockHttpServletResponse servletResponse = new MockHttpServletResponse();
        HTTPContext httpContext = new HTTPContext(servletRequest, servletResponse, servletContext);

        SAML2Object saml2Object = new SAML2Object() {
        };
View Full Code Here

TOP

Related Classes of org.picketlink.test.identity.federation.web.mock.MockHttpServletRequest

Copyright © 2018 www.massapicom. All rights reserved.
All source code are property of their respective owners. Java is a trademark of Sun Microsystems, Inc and owned by ORACLE Inc. Contact coftware#gmail.com.