a lot of more OpenSAML3 refactoring staff

This version is also NOT stable!

1 files changed, 448 insertions, 0 deletions

diff --git a/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
new file mode 100644
index 00000000..6adce26e
--- /dev/null
+++ b/eaaf_modules/eaaf_module_pvp2_core/src/test/java/at/gv/egiz/eaaf/modules/pvp2/test/binding/PostBindingTest.java
@@ -0,0 +1,448 @@
+package at.gv.egiz.eaaf.modules.pvp2.test.binding;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.util.Base64;
+import java.util.Map;
+
+import javax.xml.parsers.ParserConfigurationException;
+
+import at.gv.egiz.eaaf.core.api.IRequest;
+import at.gv.egiz.eaaf.core.api.gui.IVelocityGuiBuilderConfiguration;
+import at.gv.egiz.eaaf.core.impl.idp.module.gui.DummyGuiBuilderConfigurationFactory;
+import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl;
+import at.gv.egiz.eaaf.core.impl.utils.DomUtils;
+import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface;
+import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider;
+import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException;
+import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception;
+import at.gv.egiz.eaaf.modules.pvp2.impl.binding.PostBinding;
+import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer;
+import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare;
+import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider;
+
+import org.apache.commons.io.IOUtils;
+import org.apache.commons.lang3.RandomStringUtils;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.opensaml.core.config.InitializationException;
+import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport;
+import org.opensaml.core.xml.io.Unmarshaller;
+import org.opensaml.core.xml.io.UnmarshallerFactory;
+import org.opensaml.core.xml.io.UnmarshallingException;
+import org.opensaml.core.xml.util.XMLObjectSupport;
+import org.opensaml.messaging.decoder.MessageDecodingException;
+import org.opensaml.messaging.encoder.MessageEncodingException;
+import org.opensaml.saml.common.SignableSAMLObject;
+import org.opensaml.saml.saml2.core.RequestAbstractType;
+import org.opensaml.saml.saml2.core.StatusResponseType;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mock.web.MockHttpServletRequest;
+import org.springframework.mock.web.MockHttpServletResponse;
+import org.springframework.test.context.ContextConfiguration;
+import org.springframework.test.context.TestPropertySource;
+import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
+import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
+
+import net.shibboleth.utilities.java.support.component.ComponentInitializationException;
+import net.shibboleth.utilities.java.support.net.URIComparator;
+import net.shibboleth.utilities.java.support.xml.XMLParserException;
+
+@RunWith(SpringJUnit4ClassRunner.class)
+@ContextConfiguration({"/spring/test_eaaf_pvp.beans.xml"})
+@TestPropertySource(locations = {"/config/config_1.props"})
+public class PostBindingTest {
+
+  public static final String HTTP_FORM_RELAYSTATE = "RelayState=";
+  public static final String HTTP_FORM_SAMLREQ = "SAMLRequest=";
+  public static final String HTTP_FORM_SAMLRESP = "SAMLResponse=";
+
+  @Autowired private PostBinding bindingImpl;
+  @Autowired private DummyCredentialProvider credentialProvider;
+  @Autowired private DummyGuiBuilderConfigurationFactory guiBuilderFactory;
+
+  protected MockHttpServletRequest httpReq;
+  protected MockHttpServletResponse httpResp;
+  protected IRequest pendingReq;
+
+  @BeforeClass
+  public static void classInitializer() throws InitializationException, ComponentInitializationException {
+    EaafOpenSaml3xInitializer.eaafInitialize();
+
+  }
+
+  /**
+   * Test initializer.
+   *
+   */
+  @Before
+  public void initialize() {
+    httpReq = new MockHttpServletRequest();
+    httpResp = new MockHttpServletResponse();
+
+    pendingReq = new TestRequestImpl();
+
+  }
+
+  @Test
+  public void checkCanHandle() {
+    httpReq.setMethod("POST");
+    Assert.assertTrue("Wrong canHandle result", bindingImpl.handleDecode("Post", httpReq));
+    Assert.assertFalse("Wrong canHandle result", bindingImpl.handleDecode("Redirect", httpReq));
+
+    httpReq.setMethod("GET");
+    Assert.assertFalse("Wrong canHandle result", bindingImpl.handleDecode("Post", httpReq));
+    Assert.assertFalse("Wrong canHandle result", bindingImpl.handleDecode("Redirect", httpReq));
+  }
+
+  @Test
+  public void decodeRequestSuccess() throws MessageDecodingException, SecurityException, IOException, Pvp2Exception {
+    final String serviceUrl = "http://testservice.org";
+
+    final IPvp2MetadataProvider metadataProvider = null;
+
+    final boolean isSpEndPoint = false;
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+    final String b64AuthnReq = Base64.getEncoder().encodeToString(IOUtils.toByteArray(
+        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_with_sig_1.xml")));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+
+
+    final InboundMessageInterface msg =
+        bindingImpl.decode(httpReq, httpResp, metadataProvider, isSpEndPoint, comparator);
+
+    Assert.assertNotNull("PVP msg is null", msg);
+    Assert.assertNull("RelayState is not null", msg.getRelayState());
+    Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
+    Assert.assertNotNull("EntityId is null", msg.getEntityID());
+    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
+    Assert.assertFalse("Wrong isVerified flag", msg.isVerified());
+
+  }
+
+  @Test
+  public void decodeRequestSuccessWithRelayState() throws MessageDecodingException, SecurityException,
+      IOException, Pvp2Exception {
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = RandomStringUtils.randomAlphanumeric(10);
+
+    final String b64AuthnReq = Base64.getEncoder().encodeToString(IOUtils.toByteArray(
+        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_with_sig_1.xml")));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+    httpReq.addParameter("RelayState", relayState);
+
+    final IPvp2MetadataProvider metadataProvider = null;
+
+    final boolean isSpEndPoint = false;
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+
+    final InboundMessageInterface msg =
+        bindingImpl.decode(httpReq, httpResp, metadataProvider, isSpEndPoint, comparator);
+
+    Assert.assertNotNull("PVP msg is null", msg);
+    Assert.assertNotNull("RelayState is not null", msg.getRelayState());
+    Assert.assertEquals("RelayState not match", relayState, msg.getRelayState());
+    Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage());
+    Assert.assertNotNull("EntityId is null", msg.getEntityID());
+    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg.getEntityID());
+    Assert.assertFalse("Wrong isVerified flag", msg.isVerified());
+
+  }
+
+  @Test
+  public void decodeResponseSuccess() throws MessageDecodingException, SecurityException, IOException, Pvp2Exception {
+    final String serviceUrl = "http://testservice.org";
+
+    final IPvp2MetadataProvider metadataProvider = null;
+
+    final boolean isSpEndPoint = false;
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+    final String b64AuthnReq = Base64.getEncoder().encodeToString(IOUtils.toByteArray(
+        PostBindingTest.class.getResourceAsStream("/data/Response_with_sig_1.xml")));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+
+
+    final InboundMessageInterface msg =
+        bindingImpl.decode(httpReq, httpResp, metadataProvider, isSpEndPoint, comparator);
+
+    Assert.assertNotNull("PVP msg is null", msg);
+    Assert.assertNull("RelayState is not null", msg.getRelayState());
+    Assert.assertNotNull("Response is null", msg.getInboundMessage());
+    Assert.assertNotNull("EntityId is null", msg.getEntityID());
+    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata", msg.getEntityID());
+    Assert.assertFalse("Wrong isVerified flag", msg.isVerified());
+
+  }
+
+  @Test
+  public void decodeResponseSuccessWithRelayState() throws MessageDecodingException, SecurityException, IOException, Pvp2Exception {
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = RandomStringUtils.randomAlphanumeric(10);
+
+    final String b64AuthnReq = Base64.getEncoder().encodeToString(IOUtils.toByteArray(
+        PostBindingTest.class.getResourceAsStream("/data/Response_with_sig_1.xml")));
+    httpReq.setMethod("POST");
+    httpReq.addParameter("SAMLRequest", b64AuthnReq);
+    httpReq.addParameter("RelayState", relayState);
+
+    final IPvp2MetadataProvider metadataProvider = null;
+
+    final boolean isSpEndPoint = false;
+    final URIComparator comparator = new EaafUriCompare(serviceUrl);
+
+
+    final InboundMessageInterface msg =
+        bindingImpl.decode(httpReq, httpResp, metadataProvider, isSpEndPoint, comparator);
+
+    Assert.assertNotNull("PVP msg is null", msg);
+    Assert.assertNotNull("RelayState is not null", msg.getRelayState());
+    Assert.assertEquals("RelayState not match", relayState, msg.getRelayState());
+    Assert.assertNotNull("Response is null", msg.getInboundMessage());
+    Assert.assertNotNull("EntityId is null", msg.getEntityID());
+    Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_moaid-2.0/pvp/metadata", msg.getEntityID());
+    Assert.assertFalse("Wrong isVerified flag", msg.isVerified());
+
+  }
+
+  @Test
+  public void encodeRequestSuccess() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = null;
+    guiBuilderFactory.setVelocityBuilderConfig(createDummyGuiConfig());
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
+
+    bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+
+    //validate
+    Assert.assertEquals("http StatusCode", 200, httpResp.getStatus());
+    Assert.assertNotNull("PVP msg is null", httpResp.getContentLength());
+
+    Assert.assertEquals("ContentType", "text/html", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String http = httpResp.getContentAsString();
+    Assert.assertNotNull("http body is null", http);
+    Assert.assertFalse("http body is empty", http.isEmpty());
+
+    Assert.assertFalse("RelayState parameter", http.contains(HTTP_FORM_RELAYSTATE));
+
+    Assert.assertTrue("SAMLRequest parameter", http.contains(HTTP_FORM_SAMLREQ));
+    final String httpSamlReq = extractParamFromHttpForm(http, HTTP_FORM_SAMLREQ);
+    checkSamlMessageSigned(httpSamlReq);
+
+  }
+
+  @Test
+  public void encodeRequestSuccessEcdsa() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = null;
+    guiBuilderFactory.setVelocityBuilderConfig(createDummyGuiConfig());
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
+
+    bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpAssertionSigningCredential(), pendingReq);
+
+    //validate
+    Assert.assertEquals("http StatusCode", 200, httpResp.getStatus());
+    Assert.assertNotNull("PVP msg is null", httpResp.getContentLength());
+
+    Assert.assertEquals("ContentType", "text/html", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String http = httpResp.getContentAsString();
+    Assert.assertNotNull("http body is null", http);
+    Assert.assertFalse("http body is empty", http.isEmpty());
+
+    Assert.assertFalse("RelayState parameter", http.contains(HTTP_FORM_RELAYSTATE));
+
+    Assert.assertTrue("SAMLRequest parameter", http.contains(HTTP_FORM_SAMLREQ));
+    final String httpSamlReq = extractParamFromHttpForm(http, HTTP_FORM_SAMLREQ);
+    checkSamlMessageSigned(httpSamlReq);
+
+  }
+
+  @Test
+  public void encodeRequestSuccessWithRelayState() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = RandomStringUtils.randomAlphabetic(10);
+    guiBuilderFactory.setVelocityBuilderConfig(createDummyGuiConfig());
+    final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        PostBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml"));
+
+    bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+
+
+    //validate
+    Assert.assertEquals("http StatusCode", 200, httpResp.getStatus());
+    Assert.assertNotNull("PVP msg is null", httpResp.getContentLength());
+
+    Assert.assertEquals("ContentType", "text/html", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String http = httpResp.getContentAsString();
+    Assert.assertNotNull("http body is null", http);
+    Assert.assertFalse("http body is empty", http.isEmpty());
+
+    Assert.assertTrue("RelayState parameter", http.contains(HTTP_FORM_RELAYSTATE));
+    final String httpRelayState = extractParamFromHttpForm(http, HTTP_FORM_RELAYSTATE);
+    Assert.assertEquals("Wrong RelayState", relayState, httpRelayState);
+
+    Assert.assertTrue("SAMLRequest parameter", http.contains(HTTP_FORM_SAMLREQ));
+    final String httpSamlReq = extractParamFromHttpForm(http, HTTP_FORM_SAMLREQ);
+    checkSamlMessageSigned(httpSamlReq);
+
+  }
+
+  @Test
+  public void encodeResponseSuccessWithRelayState() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = RandomStringUtils.randomAlphabetic(10);
+    guiBuilderFactory.setVelocityBuilderConfig(createDummyGuiConfig());
+    final StatusResponseType authnReq = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        PostBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml"));
+
+    bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+
+
+    //validate
+    Assert.assertEquals("http StatusCode", 200, httpResp.getStatus());
+    Assert.assertNotNull("PVP msg is null", httpResp.getContentLength());
+
+    Assert.assertEquals("ContentType", "text/html", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String http = httpResp.getContentAsString();
+    Assert.assertNotNull("http body is null", http);
+    Assert.assertFalse("http body is empty", http.isEmpty());
+
+    Assert.assertTrue("RelayState parameter", http.contains(HTTP_FORM_RELAYSTATE));
+    final String httpRelayState = extractParamFromHttpForm(http, HTTP_FORM_RELAYSTATE);
+    Assert.assertEquals("Wrong RelayState", relayState, httpRelayState);
+
+    Assert.assertTrue("SAMLRequest parameter", http.contains(HTTP_FORM_SAMLRESP));
+    final String httpSamlReq = extractParamFromHttpForm(http, HTTP_FORM_SAMLRESP);
+    checkSamlMessageSigned(httpSamlReq);
+
+  }
+
+  @Test
+  public void encodeResponseSuccess() throws MessageDecodingException, SecurityException,
+      MessageEncodingException, XMLParserException, UnmarshallingException,
+      CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception {
+
+    //build test data
+    final String serviceUrl = "http://testservice.org";
+    final String relayState = null;
+    guiBuilderFactory.setVelocityBuilderConfig(createDummyGuiConfig());
+    final StatusResponseType authnReq = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream(
+        XMLObjectProviderRegistrySupport.getParserPool(),
+        PostBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml"));
+
+    bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState,
+        credentialProvider.getIdpMetaDataSigningCredential(), pendingReq);
+
+
+    //validate
+    Assert.assertEquals("http StatusCode", 200, httpResp.getStatus());
+    Assert.assertNotNull("PVP msg is null", httpResp.getContentLength());
+
+    Assert.assertEquals("ContentType", "text/html", httpResp.getContentType());
+    Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding());
+
+    final String http = httpResp.getContentAsString();
+    Assert.assertNotNull("http body is null", http);
+    Assert.assertFalse("http body is empty", http.isEmpty());
+
+    Assert.assertFalse("RelayState parameter", http.contains(HTTP_FORM_RELAYSTATE));
+
+    Assert.assertTrue("SAMLRequest parameter", http.contains(HTTP_FORM_SAMLRESP));
+    final String httpSamlReq = extractParamFromHttpForm(http, HTTP_FORM_SAMLRESP);
+    checkSamlMessageSigned(httpSamlReq);
+
+  }
+
+  private IVelocityGuiBuilderConfiguration createDummyGuiConfig() {
+    return new IVelocityGuiBuilderConfiguration() {
+
+      @Override
+      public Map<String, Object> getViewParameters() {
+        return null;
+      }
+
+      @Override
+      public String getViewName() {
+        return "SAML2 Post-Binding";
+      }
+
+      @Override
+      public String getDefaultContentType() {
+        return null;
+      }
+
+      @Override
+      public InputStream getTemplate(String viewName) {
+        return PostBindingTest.class.getResourceAsStream("/data/pvp_postbinding_template.html");
+      }
+
+      @Override
+      public String getClasspathTemplateDir() {
+        return null;
+
+      }
+    };
+  }
+
+  private void checkSamlMessageSigned(String b64Msg) throws ParserConfigurationException,
+      SAXException, IOException, UnmarshallingException {
+    final Element httpSamlReqElment = DomUtils.parseXmlNonValidating(
+        new ByteArrayInputStream(Base64.getDecoder().decode(b64Msg)));
+
+    final UnmarshallerFactory unmarshallerFactory = XMLObjectProviderRegistrySupport.getUnmarshallerFactory();
+    final Unmarshaller unmarshaller = unmarshallerFactory.getUnmarshaller(httpSamlReqElment);
+    final SignableSAMLObject msg = (SignableSAMLObject) unmarshaller.unmarshall(httpSamlReqElment);
+    Assert.assertTrue("SAML msg not signed", msg.isSigned());
+
+  }
+
+  private String extractParamFromHttpForm(String http, String httpFormRelaystate) {
+    final int startIndex = http.indexOf(httpFormRelaystate) + httpFormRelaystate.length();
+    final int endIndex = http.indexOf("\"", startIndex);
+    return http.substring(startIndex, endIndex);
+
+  }
+
+}