package at.gv.egiz.eaaf.modules.pvp2.test.binding; import java.io.IOException; import java.net.URLDecoder; import javax.xml.parsers.ParserConfigurationException; import at.gv.egiz.eaaf.core.api.IRequest; import at.gv.egiz.eaaf.core.impl.idp.module.test.TestRequestImpl; import at.gv.egiz.eaaf.core.impl.utils.IHttpClientFactory; import at.gv.egiz.eaaf.modules.pvp2.PvpConstants; import at.gv.egiz.eaaf.modules.pvp2.api.credential.EaafX509Credential; import at.gv.egiz.eaaf.modules.pvp2.api.message.InboundMessageInterface; import at.gv.egiz.eaaf.modules.pvp2.api.metadata.IPvp2MetadataProvider; import at.gv.egiz.eaaf.modules.pvp2.exception.CredentialsNotAvailableException; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2Exception; import at.gv.egiz.eaaf.modules.pvp2.exception.Pvp2MetadataException; import at.gv.egiz.eaaf.modules.pvp2.exception.SamlMessageValidationException; import at.gv.egiz.eaaf.modules.pvp2.exception.SamlSigningException; import at.gv.egiz.eaaf.modules.pvp2.impl.binding.RedirectBinding; import at.gv.egiz.eaaf.modules.pvp2.impl.metadata.PvpMetadataResolverFactory; import at.gv.egiz.eaaf.modules.pvp2.impl.opensaml.initialize.EaafOpenSaml3xInitializer; import at.gv.egiz.eaaf.modules.pvp2.impl.validation.EaafUriCompare; import at.gv.egiz.eaaf.modules.pvp2.test.dummy.DummyCredentialProvider; import at.gv.egiz.eaaf.modules.pvp2.test.metadata.MetadataResolverTest; import org.apache.commons.io.IOUtils; import org.apache.commons.lang3.RandomStringUtils; import org.joda.time.DateTime; import org.junit.Assert; import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.core.xml.io.UnmarshallingException; import org.opensaml.core.xml.util.XMLObjectSupport; import org.opensaml.messaging.decoder.MessageDecodingException; import org.opensaml.messaging.encoder.MessageEncodingException; import org.opensaml.saml.saml2.core.RequestAbstractType; import org.opensaml.saml.saml2.core.StatusResponseType; import org.opensaml.saml.saml2.metadata.SPSSODescriptor; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.mock.web.MockHttpServletRequest; import org.springframework.mock.web.MockHttpServletResponse; import org.springframework.test.context.ContextConfiguration; import org.springframework.test.context.TestPropertySource; import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; import org.xml.sax.SAXException; import net.shibboleth.utilities.java.support.net.URIComparator; import net.shibboleth.utilities.java.support.net.URISupport; import net.shibboleth.utilities.java.support.xml.XMLParserException; import okhttp3.HttpUrl; import okhttp3.mockwebserver.MockResponse; import okhttp3.mockwebserver.MockWebServer; @RunWith(SpringJUnit4ClassRunner.class) @ContextConfiguration({ "/spring/test_eaaf_pvp.beans.xml", "/spring/test_eaaf_core_spring_config.beans.xml", "/spring/eaaf_utils.beans.xml" }) @TestPropertySource(locations = { "/config/config_1.props" }) public class RedirectBindingTest { public static final String HTTP_FORM_RELAYSTATE = "RelayState"; public static final String HTTP_FORM_RELAYSTATE_PARAM = HTTP_FORM_RELAYSTATE + "="; public static final String HTTP_FORM_SAMLREQ = "SAMLRequest"; public static final String HTTP_FORM_SAMLREQ_PARAM = HTTP_FORM_SAMLREQ + "="; public static final String HTTP_FORM_SAMLRESP = "SAMLResponse"; public static final String HTTP_FORM_SAMLRESP_PARM = HTTP_FORM_SAMLRESP + "="; public static final String HTTP_REDIRECT_SIGALG = "SigAlg"; public static final String HTTP_REDIRECT_SIGALG_PARAM = HTTP_REDIRECT_SIGALG + "="; public static final String HTTP_REDIRECT_SIGNATURE = "Signature"; public static final String HTTP_REDIRECT_SIGNATURE_PARAM = HTTP_REDIRECT_SIGNATURE + "="; @Autowired private RedirectBinding bindingImpl; @Autowired private DummyCredentialProvider credentialProvider; @Autowired private PvpMetadataResolverFactory metadataResolverFactory; @Autowired private IHttpClientFactory httpClientFactory; private static MockWebServer mockWebServer; private static HttpUrl mockServerUrl; protected MockHttpServletRequest httpReq; protected MockHttpServletResponse httpResp; protected IRequest pendingReq; /** * JUnit class initializer. * * @throws Exception In case of an OpenSAML3 initialization error */ @BeforeClass public static void classInitializer() throws Exception { EaafOpenSaml3xInitializer.eaafInitialize(); mockWebServer = new MockWebServer(); mockServerUrl = mockWebServer.url("/sp/metadata"); } /** * Test initializer. * */ @Before public void initialize() { httpReq = new MockHttpServletRequest(); httpResp = new MockHttpServletResponse(); pendingReq = new TestRequestImpl(); } @Test public void checkCanHandle() { httpReq.setMethod("POST"); Assert.assertFalse("Wrong canHandle result", bindingImpl.handleDecode("Post", httpReq)); Assert.assertFalse("Wrong canHandle result", bindingImpl.handleDecode("Redirect", httpReq)); httpReq.setMethod("GET"); Assert.assertFalse("Wrong canHandle result", bindingImpl.handleDecode("Post", httpReq)); Assert.assertTrue("Wrong canHandle result", bindingImpl.handleDecode("Redirect", httpReq)); } @Test public void wrongHttpRequestMethod() throws MessageDecodingException, SecurityException, IOException, Pvp2MetadataException { final String serviceUrl = "http://testservice.org"; final IPvp2MetadataProvider metadataProvider = metadataResolverFactory.createMetadataProvider( "classpath:/data/pvp_metadata_wrong_sig.xml", null, "jUnit metadata resolver", null); final URIComparator comparator = new EaafUriCompare(serviceUrl); httpReq.setMethod("POST"); httpReq.setRequestURI("http://testservice.org"); httpReq.setQueryString("SAMLRequest=nVRNb9swDD13wP6DoXvkr%2FRjQuzCSFAgQDd0TbfDLoVi0642Wcok2kn766c4duABWw%" + "2B%2BSdQj%2BfhIanF7qKXXgrFCq4SENCAeqFwXQlUJ%2BfZ0N7sht%2BnC8lpGO5Y1%2BKIe4XcDFj3nqCw7vSSkMYppboVli" + "tdgGeZsk32%2BZxEN2M5o1LmWxMusBYMu1VIr29RgNmBakcNaFXBw6R0C0Yhtg3BCOBp%2FQxy%2FlcsuFMeO8Qvijvk%2BOps" + "9Aak2FfHWq4Q8c4BtySHO4eomLCEuipyXURjzeVQGYRE7mLWNC22RK0xIFITzWRDPgsun4IrFn1gQ0evryx%2FE%2Bz4o5Oohv" + "R6sczZjId7XgQ%2FVE%2B9Om5rj%2B%2FCjRRSzsoMyUCjwlaTHgq2ruIBaU6jEG61ayrG777RBLp%2BPR6krofyFP2Y68N402" + "5%2BQ4xTi6ccPFxd9mC8Ot15NI9T7umiDpSd1nrUT4kFLkb96mZR6vzTAERKCpoEpCu6OPbTohCRThtc%2FU%2Bs3AIpuH9ygI" + "hwm7cNYzXGspXSKP0I5qUP9Ruz3e2pRm1%2B00i2Fxne77ecCxRuor1l2Dy1Ifz6o%2F6%2Fso%2B78p%2Bb0%2FDz%2BGdI%2" + "F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DOVMqh17xn4wl%2" + "Byvifm4McMsBjKDVf1eqph9ss362ZEbp2nkAIXUzkNWv72I96iNK3r%2BYbAxY9dwZ8Z7jKzCGiJ9Qm34YSfPvzXWl3EVrdI86" + "9U%2BH6HGIMqVew3cVdr4q3Qv9ZBIhdRxbrDu%2F%2BnMjdf8mzbgcQnfjSQiQIYWxOIXZFyxKsyrxJtIam4hoNwUT7mMN6Rjg" + "zvyeS3mARsTJdcI0Vn4ItiprhLgIkD18V9WIdeSZR0gfRaFj8PKdmXCD%2FIa0cKgjhVKoiIZisV4vcthBOeDIqBORL2Ad3Xhc" + "NRQ3%2BcpAf65zHGMBAv1aRy7Bmv0%2B%2BOvCavufykqI2EHtg%3D%3D"); httpReq.setParameter(HTTP_FORM_SAMLREQ, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_FORM_SAMLREQ).substring(HTTP_FORM_SAMLREQ_PARAM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGALG, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGALG).substring(HTTP_REDIRECT_SIGALG_PARAM.length()), "UTF-8")); try { bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator); Assert.fail("Missing signature not detected"); } catch (final Pvp2Exception e) { Assert.assertEquals("Wrong errorCode", "internal.pvp.95", e.getErrorId()); } } @Test public void wrongRedirectBindingType() throws MessageDecodingException, SecurityException, IOException, Pvp2MetadataException { final String serviceUrl = "http://testservice.org"; final IPvp2MetadataProvider metadataProvider = metadataResolverFactory.createMetadataProvider( "classpath:/data/pvp_metadata_wrong_sig.xml", null, "jUnit metadata resolver", null); final URIComparator comparator = new EaafUriCompare(serviceUrl); httpReq.setMethod("POST"); httpReq.setRequestURI("http://testservice.org"); httpReq.setQueryString("SAMLRequest=nVRNb9swDD13wP6DoXvkr%2FRjQuzCSFAgQDd0TbfDLoVi0642Wcok2kn766c4duABWw%" + "2B%2BSdQj%2BfhIanF7qKXXgrFCq4SENCAeqFwXQlUJ%2BfZ0N7sht%2BnC8lpGO5Y1%2BKIe4XcDFj3nqCw7vSSkMYppboVli" + "tdgGeZsk32%2BZxEN2M5o1LmWxMusBYMu1VIr29RgNmBakcNaFXBw6R0C0Yhtg3BCOBp%2FQxy%2FlcsuFMeO8Qvijvk%2BOps" + "9Aak2FfHWq4Q8c4BtySHO4eomLCEuipyXURjzeVQGYRE7mLWNC22RK0xIFITzWRDPgsun4IrFn1gQ0evryx%2FE%2Bz4o5Oohv" + "R6sczZjId7XgQ%2FVE%2B9Om5rj%2B%2FCjRRSzsoMyUCjwlaTHgq2ruIBaU6jEG61ayrG777RBLp%2BPR6krofyFP2Y68N402" + "5%2BQ4xTi6ccPFxd9mC8Ot15NI9T7umiDpSd1nrUT4kFLkb96mZR6vzTAERKCpoEpCu6OPbTohCRThtc%2FU%2Bs3AIpuH9ygI" + "hwm7cNYzXGspXSKP0I5qUP9Ruz3e2pRm1%2B00i2Fxne77ecCxRuor1l2Dy1Ifz6o%2F6%2Fso%2B78p%2Bb0%2FDz%2BGdI%2" + "F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DOVMqh17xn4wl%2" + "Byvifm4McMsBjKDVf1eqph9ss362ZEbp2nkAIXUzkNWv72I96iNK3r%2BYbAxY9dwZ8Z7jKzCGiJ9Qm34YSfPvzXWl3EVrdI86" + "9U%2BH6HGIMqVew3cVdr4q3Qv9ZBIhdRxbrDu%2F%2BnMjdf8mzbgcQnfjSQiQIYWxOIXZFyxKsyrxJtIam4hoNwUT7mMN6Rjg" + "zvyeS3mARsTJdcI0Vn4ItiprhLgIkD18V9WIdeSZR0gfRaFj8PKdmXCD%2FIa0cKgjhVKoiIZisV4vcthBOeDIqBORL2Ad3Xhc" + "NRQ3%2BcpAf65zHGMBAv1aRy7Bmv0%2B%2BOvCavufykqI2EHtg%3D%3D"); httpReq.setParameter(HTTP_FORM_SAMLREQ, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_FORM_SAMLREQ).substring(HTTP_FORM_SAMLREQ_PARAM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGALG, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGALG).substring(HTTP_REDIRECT_SIGALG_PARAM.length()), "UTF-8")); httpReq.setParameter("SAMLEncoding", RandomStringUtils.randomAlphabetic(5)); try { bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator); Assert.fail("Missing signature not detected"); } catch (final Pvp2Exception e) { Assert.assertEquals("Wrong errorCode", "internal.pvp.95", e.getErrorId()); } } @Test public void decodeRequestNoSignature() throws MessageDecodingException, SecurityException, IOException, Pvp2MetadataException { final String serviceUrl = "http://testservice.org"; final IPvp2MetadataProvider metadataProvider = metadataResolverFactory.createMetadataProvider( "classpath:/data/pvp_metadata_wrong_sig.xml", null, "jUnit metadata resolver", null); final URIComparator comparator = new EaafUriCompare(serviceUrl); httpReq.setMethod("GET"); httpReq.setRequestURI("http://testservice.org"); httpReq.setQueryString("SAMLRequest=nVRNb9swDD13wP6DoXvkr%2FRjQuzCSFAgQDd0TbfDLoVi0642Wcok2kn766c4duABWw%" + "2B%2BSdQj%2BfhIanF7qKXXgrFCq4SENCAeqFwXQlUJ%2BfZ0N7sht%2BnC8lpGO5Y1%2BKIe4XcDFj3nqCw7vSSkMYppboVli" + "tdgGeZsk32%2BZxEN2M5o1LmWxMusBYMu1VIr29RgNmBakcNaFXBw6R0C0Yhtg3BCOBp%2FQxy%2FlcsuFMeO8Qvijvk%2BOps" + "9Aak2FfHWq4Q8c4BtySHO4eomLCEuipyXURjzeVQGYRE7mLWNC22RK0xIFITzWRDPgsun4IrFn1gQ0evryx%2FE%2Bz4o5Oohv" + "R6sczZjId7XgQ%2FVE%2B9Om5rj%2B%2FCjRRSzsoMyUCjwlaTHgq2ruIBaU6jEG61ayrG777RBLp%2BPR6krofyFP2Y68N402" + "5%2BQ4xTi6ccPFxd9mC8Ot15NI9T7umiDpSd1nrUT4kFLkb96mZR6vzTAERKCpoEpCu6OPbTohCRThtc%2FU%2Bs3AIpuH9ygI" + "hwm7cNYzXGspXSKP0I5qUP9Ruz3e2pRm1%2B00i2Fxne77ecCxRuor1l2Dy1Ifz6o%2F6%2Fso%2B78p%2Bb0%2FDz%2BGdI%2" + "F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DOVMqh17xn4wl%2" + "Byvifm4McMsBjKDVf1eqph9ss362ZEbp2nkAIXUzkNWv72I96iNK3r%2BYbAxY9dwZ8Z7jKzCGiJ9Qm34YSfPvzXWl3EVrdI86" + "9U%2BH6HGIMqVew3cVdr4q3Qv9ZBIhdRxbrDu%2F%2BnMjdf8mzbgcQnfjSQiQIYWxOIXZFyxKsyrxJtIam4hoNwUT7mMN6Rjg" + "zvyeS3mARsTJdcI0Vn4ItiprhLgIkD18V9WIdeSZR0gfRaFj8PKdmXCD%2FIa0cKgjhVKoiIZisV4vcthBOeDIqBORL2Ad3Xhc" + "NRQ3%2BcpAf65zHGMBAv1aRy7Bmv0%2B%2BOvCavufykqI2EHtg%3D%3D"); httpReq.setParameter(HTTP_FORM_SAMLREQ, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_FORM_SAMLREQ).substring(HTTP_FORM_SAMLREQ_PARAM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGALG, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGALG).substring(HTTP_REDIRECT_SIGALG_PARAM.length()), "UTF-8")); try { bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator); Assert.fail("Missing signature not detected"); } catch (final Pvp2Exception e) { Assert.assertEquals("Wrong errorCode", "internal.pvp.02", e.getErrorId()); } } @Test public void decodeRequestWrongEndpoint() throws MessageDecodingException, SecurityException, IOException, Pvp2Exception { final String serviceUrl = "http://wrongEndPoint.org"; final IPvp2MetadataProvider metadataProvider = metadataResolverFactory.createMetadataProvider( "classpath:/data/pvp_metadata_wrong_sig.xml", null, "jUnit metadata resolver", null); final URIComparator comparator = new EaafUriCompare(serviceUrl); httpReq.setMethod("GET"); httpReq.setRequestURI("http://testservice.org"); httpReq.setQueryString("SAMLRequest=nVRNb9swDD13wP6DoXvkr%2FRjQuzCSFAgQDd0TbfDLoVi0642Wcok2kn766c4duABWw%" + "2B%2BSdQj%2BfhIanF7qKXXgrFCq4SENCAeqFwXQlUJ%2BfZ0N7sht%2BnC8lpGO5Y1%2BKIe4XcDFj3nqCw7vSSkMYppboVli" + "tdgGeZsk32%2BZxEN2M5o1LmWxMusBYMu1VIr29RgNmBakcNaFXBw6R0C0Yhtg3BCOBp%2FQxy%2FlcsuFMeO8Qvijvk%2BOps" + "9Aak2FfHWq4Q8c4BtySHO4eomLCEuipyXURjzeVQGYRE7mLWNC22RK0xIFITzWRDPgsun4IrFn1gQ0evryx%2FE%2Bz4o5Oohv" + "R6sczZjId7XgQ%2FVE%2B9Om5rj%2B%2FCjRRSzsoMyUCjwlaTHgq2ruIBaU6jEG61ayrG777RBLp%2BPR6krofyFP2Y68N402" + "5%2BQ4xTi6ccPFxd9mC8Ot15NI9T7umiDpSd1nrUT4kFLkb96mZR6vzTAERKCpoEpCu6OPbTohCRThtc%2FU%2Bs3AIpuH9ygI" + "hwm7cNYzXGspXSKP0I5qUP9Ruz3e2pRm1%2B00i2Fxne77ecCxRuor1l2Dy1Ifz6o%2F6%2Fso%2B78p%2Bb0%2FDz%2BGdI%2" + "F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DOVMqh17xn4wl%2" + "Byvifm4McMsBjKDVf1eqph9ss362ZEbp2nkAIXUzkNWv72I96iNK3r%2BYbAxY9dwZ8Z7jKzCGiJ9Qm34YSfPvzXWl3EVrdI86" + "9U%2BH6HGIMqVew3cVdr4q3Qv9ZBIhdRxbrDu%2F%2BnMjdf8mzbgcQnfjSQiQIYWxOIXZFyxKsyrxJtIam4hoNwUT7mMN6Rjg" + "zvyeS3mARsTJdcI0Vn4ItiprhLgIkD18V9WIdeSZR0gfRaFj8PKdmXCD%2FIa0cKgjhVKoiIZisV4vcthBOeDIqBORL2Ad3Xhc" + "NRQ3%2BcpAf65zHGMBAv1aRy7Bmv0%2B%2BOvCavufykqI2EHtg%3D%3D"); httpReq.setParameter(HTTP_FORM_SAMLREQ, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_FORM_SAMLREQ).substring(HTTP_FORM_SAMLREQ_PARAM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGALG, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGALG).substring(HTTP_REDIRECT_SIGALG_PARAM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGNATURE, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGNATURE).substring(HTTP_REDIRECT_SIGNATURE_PARAM.length()), "UTF-8")); try { bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator); Assert.fail("Wrong signature not detected"); } catch (final Pvp2Exception e) { Assert.assertEquals("Wrong errorCode", "internal.pvp.10", e.getErrorId()); Assert.assertNotNull("Parameters null", e.getParams()); Assert.assertEquals("Wrong numer of parameters", 1, e.getParams().length); } } @Test public void decodeRequestWrongSignature() throws MessageDecodingException, SecurityException, IOException, Pvp2Exception { final String serviceUrl = "http://testservice.org"; final IPvp2MetadataProvider metadataProvider = metadataResolverFactory.createMetadataProvider( "classpath:/data/pvp_metadata_wrong_sig.xml", null, "jUnit metadata resolver", null); final URIComparator comparator = new EaafUriCompare(serviceUrl); httpReq.setMethod("GET"); httpReq.setRequestURI("http://testservice.org"); httpReq.setQueryString("SAMLRequest=nVRNb9swDD13wP6DoXvkr%2FRjQuzCSFAgQDd0TbfDLoVi0642Wcok2kn766c4duABWw%" + "2B%2BSdQj%2BfhIanF7qKXXgrFCq4SENCAeqFwXQlUJ%2BfZ0N7sht%2BnC8lpGO5Y1%2BKIe4XcDFj3nqCw7vSSkMYppboVli" + "tdgGeZsk32%2BZxEN2M5o1LmWxMusBYMu1VIr29RgNmBakcNaFXBw6R0C0Yhtg3BCOBp%2FQxy%2FlcsuFMeO8Qvijvk%2BOps" + "9Aak2FfHWq4Q8c4BtySHO4eomLCEuipyXURjzeVQGYRE7mLWNC22RK0xIFITzWRDPgsun4IrFn1gQ0evryx%2FE%2Bz4o5Oohv" + "R6sczZjId7XgQ%2FVE%2B9Om5rj%2B%2FCjRRSzsoMyUCjwlaTHgq2ruIBaU6jEG61ayrG777RBLp%2BPR6krofyFP2Y68N402" + "5%2BQ4xTi6ccPFxd9mC8Ot15NI9T7umiDpSd1nrUT4kFLkb96mZR6vzTAERKCpoEpCu6OPbTohCRThtc%2FU%2Bs3AIpuH9ygI" + "hwm7cNYzXGspXSKP0I5qUP9Ruz3e2pRm1%2B00i2Fxne77ecCxRuor1l2Dy1Ifz6o%2F6%2Fso%2B78p%2Bb0%2FDz%2BGdI%2" + "F&SigAlg=http%3A%2F%2Fwww.w3.org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=DOVMqh17xn4wl%2" + "Byvifm4McMsBjKDVf1eqph9ss362ZEbp2nkAIXUzkNWv72I96iNK3r%2BYbAxY9dwZ8Z7jKzCGiJ9Qm34YSfPvzXWl3EVrdI86" + "9U%2BH6HGIMqVew3cVdr4q3Qv9ZBIhdRxbrDu%2F%2BnMjdf8mzbgcQnfjSQiQIYWxOIXZFyxKsyrxJtIam4hoNwUT7mMN6Rjg" + "zvyeS3mARsTJdcI0Vn4ItiprhLgIkD18V9WIdeSZR0gfRaFj8PKdmXCD%2FIa0cKgjhVKoiIZisV4vcthBOeDIqBORL2Ad3Xhc" + "NRQ3%2BcpAf65zHGMBAv1aRy7Bmv0%2B%2BOvCavufykqI2EHtg%3D%3D"); httpReq.setParameter(HTTP_FORM_SAMLREQ, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_FORM_SAMLREQ).substring(HTTP_FORM_SAMLREQ_PARAM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGALG, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGALG).substring(HTTP_REDIRECT_SIGALG_PARAM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGNATURE, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGNATURE).substring(HTTP_REDIRECT_SIGNATURE_PARAM.length()), "UTF-8")); try { bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator); Assert.fail("Wrong signature not detected"); } catch (final Pvp2Exception e) { org.springframework.util.Assert.isInstanceOf(SamlSigningException.class, e, "Wrong Exception type"); Assert.assertEquals("Wrong errorCode", "internal.pvp.10", e.getErrorId()); Assert.assertNotNull("No error params", e.getParams()); Assert.assertEquals("Wrong param size", 1, e.getParams().length); } } @Test public void decodeRequestExpired() throws MessageDecodingException, SecurityException, IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException { final String serviceUrl = "http://testservice.org"; final IPvp2MetadataProvider metadataProvider = metadataResolverFactory.createMetadataProvider( "classpath:/data/pvp_metadata_junit_keystore.xml", null, "jUnit metadata resolver", null); final URIComparator comparator = new EaafUriCompare(serviceUrl); httpReq.setMethod("GET"); httpReq.setRequestURI("http://testservice.org"); httpReq.setQueryString("SAMLRequest=nVRNb9swDD13wP6DoXvkj2RFJsQujAQFAnTD1nQ97FIoNu1qkyVPop20v36KYwcusPVgQ" + "AeLeiQfH0mvbo6V9FowVmgVk5AGxAOV6VyoMiY%2FHm5nS3KTrCyvZFSztMFndQ9%2FGrDoOUdl2fklJo1RTHMrLFO8AsswY7v" + "0yx2LaMBqo1FnWhIvtRYMulRrrWxTgdmBaUUGW5XD0aV3CEQj9g3CGeFovIU4fhuXXSiOHeNnxJr5PjqbPQOpNiXxtpuYPHGAf" + "cFhnsH1MixgnucZL6JwzhdREYT53MGsbVxoi1xhTKIgCmZBNAsWD8Fn5s6na7qMwp%2FEexwUcvWQXg%2FWOZuxEO%2FrwIfqi" + "XerTcXxffjJIvJZ0UEZKBT4QpJTwdZVnEOlKZTilZYt5djda22Qy6fTp9SlUP7KHzMdeO%2Ba%2FS%2FIcArx5OOHq6s%2BzFe" + "H226mEep9XbTB0pO6zNoZ8U1Lkb14qZT6sDbAEWKCpoEpCtanHlp0QpIpw%2BtfqPUbAHm3D25QEY6T9mGs5jjWWjrF76GY1KF" + "%2BIw6HA7WozW9a6pZC47vd9jOB4hXU9zS9gxakvxjU%2F1f2UXf%2BU3NyeR7%2FGZK%2F&SigAlg=http%3A%2F%2Fwww.w3" + ".org%2F2001%2F04%2Fxmldsig-more%23rsa-sha256&Signature=JogFpk2oimCnBCgE7eZx%2B6yoJu2ZCgus5vM1opkTk" + "OLM9qgNMUJJJbIeA3j2TR%2BWx3pUApnV7ed9CuTBF94b3ELkFdaZAetfLzY8gnPLCBmcYIYkwg3bK7ZQWEBJpjNoU%2BaBHXV" + "OgptLUt0qRWavm%2BiPOUXRWpb0PtgvApTieRk32gBfZbuPOltWjrRCKaa2ulKBjB34LqYdAaIWaVix2sGvg128p6lC7bQ%2Fz" + "wmz6j8S5Vn8snvlg48MlBldTWKSZrUERx3MwTyaB17A617XmX2QKo8fGCQ6O7FF4umFyWGAlujI%2FwqafTfPlaNX2usHynHS6" + "XkH5HWCDSAe3%2BVR1w%3D%3D "); httpReq.setParameter(HTTP_FORM_SAMLREQ, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_FORM_SAMLREQ).substring(HTTP_FORM_SAMLREQ_PARAM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGALG, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGALG).substring(HTTP_REDIRECT_SIGALG_PARAM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGNATURE, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGNATURE).substring(HTTP_REDIRECT_SIGNATURE_PARAM.length()), "UTF-8")); try { bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator); Assert.fail("Expired message not detected"); } catch (final Pvp2Exception e) { org.springframework.util.Assert.isInstanceOf(SamlMessageValidationException.class, e, "Wrong Exception type"); Assert.assertEquals("Wrong errorCode", "internal.pvp.11", e.getErrorId()); Assert.assertNotNull("No error params", e.getParams()); Assert.assertEquals("Wrong param size", 1, e.getParams().length); } } @Test public void decodeRequestSuccess() throws MessageDecodingException, SecurityException, IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException { final String serviceUrl = "http://testservice.org"; final IPvp2MetadataProvider metadataProvider = metadataResolverFactory.createMetadataProvider( "classpath:/data/pvp_metadata_junit_keystore.xml", null, "jUnit metadata resolver", null); final URIComparator comparator = new EaafUriCompare(serviceUrl); httpReq.setMethod("GET"); httpReq.setRequestURI("http://testservice.org"); httpReq.setQueryString(generateAuthnRequest(credentialProvider.getMetaDataSigningCredential())); httpReq.setParameter(HTTP_FORM_SAMLREQ, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_FORM_SAMLREQ).substring(HTTP_FORM_SAMLREQ_PARAM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGALG, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGALG).substring(HTTP_REDIRECT_SIGALG_PARAM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGNATURE, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGNATURE).substring(HTTP_REDIRECT_SIGNATURE_PARAM.length()), "UTF-8")); final InboundMessageInterface msg = bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator); Assert.assertNotNull("PVP msg is null", msg); Assert.assertNull("RelayState is not null", msg.getRelayState()); Assert.assertNotNull("AuthnReq is null", msg.getInboundMessage()); Assert.assertNotNull("EntityId is null", msg.getEntityID()); Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg .getEntityID()); Assert.assertTrue("Wrong isVerified flag", msg.isVerified()); } @Test public void decodeResponseSuccess() throws MessageDecodingException, SecurityException, IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException { final String serviceUrl = "http://testservice.org"; final IPvp2MetadataProvider metadataProvider = metadataResolverFactory.createMetadataProvider( "classpath:/data/pvp_metadata_junit_keystore.xml", null, "jUnit metadata resolver", null); final URIComparator comparator = new EaafUriCompare(serviceUrl); httpReq.setMethod("GET"); httpReq.setRequestURI("http://testservice.org"); httpReq.setQueryString(generateResponse(credentialProvider.getMetaDataSigningCredential())); httpReq.setParameter(HTTP_FORM_SAMLRESP, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_FORM_SAMLRESP).substring(HTTP_FORM_SAMLRESP_PARM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGALG, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGALG).substring(HTTP_REDIRECT_SIGALG_PARAM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGNATURE, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGNATURE).substring(HTTP_REDIRECT_SIGNATURE_PARAM.length()), "UTF-8")); final InboundMessageInterface msg = bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator); Assert.assertNotNull("PVP msg is null", msg); Assert.assertNull("RelayState is not null", msg.getRelayState()); Assert.assertNotNull("Response is null", msg.getInboundMessage()); Assert.assertNotNull("EntityId is null", msg.getEntityID()); Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg .getEntityID()); Assert.assertTrue("Wrong isVerified flag", msg.isVerified()); } @Test public void decodeResponseSuccessWithRelayStateAndMetadataReload() throws MessageDecodingException, SecurityException, IOException, Pvp2Exception, CredentialsNotAvailableException, XMLParserException, UnmarshallingException { final String serviceUrl = "http://testservice.org"; final String relayState = RandomStringUtils.randomAlphanumeric(10); mockWebServer.enqueue(new MockResponse().setResponseCode(200) .setBody(new String(IOUtils.toByteArray( MetadataResolverTest.class.getResourceAsStream( "/data/pvp_metadata_wrong_sig.xml")), "UTF-8")) .setHeader("Content-Type", "text/xml")); mockWebServer.enqueue(new MockResponse().setResponseCode(200) .setBody(new String(IOUtils.toByteArray( MetadataResolverTest.class.getResourceAsStream( "/data/pvp_metadata_junit_keystore.xml")), "UTF-8")) .setHeader("Content-Type", "text/xml")); final IPvp2MetadataProvider metadataProvider = metadataResolverFactory.createMetadataProvider( mockServerUrl.url().toString(), null, "jUnit test", httpClientFactory.getHttpClient()); httpReq.setMethod("GET"); httpReq.setRequestURI("http://testservice.org"); httpReq.setParameter(HTTP_FORM_RELAYSTATE, relayState); httpReq.setQueryString(generateResponse(credentialProvider.getMetaDataSigningCredential())); httpReq.setParameter(HTTP_FORM_SAMLRESP, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_FORM_SAMLRESP).substring(HTTP_FORM_SAMLRESP_PARM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGALG, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGALG).substring(HTTP_REDIRECT_SIGALG_PARAM.length()), "UTF-8")); httpReq.setParameter(HTTP_REDIRECT_SIGNATURE, URLDecoder.decode(URISupport.getRawQueryStringParameter( httpReq.getQueryString(), HTTP_REDIRECT_SIGNATURE).substring(HTTP_REDIRECT_SIGNATURE_PARAM.length()), "UTF-8")); final URIComparator comparator = new EaafUriCompare(serviceUrl); final InboundMessageInterface msg = bindingImpl.decode(httpReq, httpResp, metadataProvider, SPSSODescriptor.DEFAULT_ELEMENT_NAME, comparator); Assert.assertNotNull("PVP msg is null", msg); Assert.assertNotNull("RelayState is null", msg.getRelayState()); Assert.assertEquals("RelayState not match", relayState, msg.getRelayState()); Assert.assertNotNull("Response is null", msg.getInboundMessage()); Assert.assertNotNull("EntityId is null", msg.getEntityID()); Assert.assertEquals("EntityId not match", "https://demo.egiz.gv.at/demoportal_demologin/", msg .getEntityID()); Assert.assertTrue("Wrong isVerified flag", msg.isVerified()); } @Test public void encodeRequestSuccess() throws MessageDecodingException, SecurityException, MessageEncodingException, XMLParserException, UnmarshallingException, CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception { // build test data final String serviceUrl = "http://testservice.org"; final String relayState = null; final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")); bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState, credentialProvider.getMetaDataSigningCredential(), pendingReq); // validate Assert.assertEquals("http StatusCode", 302, httpResp.getStatus()); Assert.assertEquals("PVP msg is null", 0, httpResp.getContentLength()); Assert.assertNull("ContentType", httpResp.getContentType()); Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding()); final String locationHeader = httpResp.getHeader("Location"); Assert.assertNotNull("Location header is null", locationHeader); Assert.assertFalse("Location header is empty", locationHeader.isEmpty()); Assert.assertTrue("Wrong redirect URL", locationHeader.startsWith(serviceUrl + "?" + HTTP_FORM_SAMLREQ_PARAM)); final String respSamlMsg = checkMessagePart(locationHeader, HTTP_FORM_SAMLREQ_PARAM, true); Assert.assertNotNull("Saml msg is null", respSamlMsg); Assert.assertFalse("Saml msg is empty", respSamlMsg.isEmpty()); final String sigAlg = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGALG_PARAM, true); Assert.assertNotNull("SigAlg is null", sigAlg); Assert.assertFalse("SigAlg is empty", sigAlg.isEmpty()); Assert.assertEquals("SigAlg not match", PvpConstants.DEFAULT_SIGNING_METHODE_RSA, URLDecoder.decode(sigAlg, "UTF-8")); final String samlSig = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGNATURE_PARAM, true); Assert.assertNotNull("Saml signature null", samlSig); Assert.assertFalse("Saml signature is empty", samlSig.isEmpty()); final String respRelayState = checkMessagePart(locationHeader, HTTP_FORM_RELAYSTATE_PARAM, false); Assert.assertNull("RelayState parameter", respRelayState); } @Test public void encodeRequestSuccessEcdsa() throws MessageDecodingException, SecurityException, MessageEncodingException, XMLParserException, UnmarshallingException, CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception { // build test data final String serviceUrl = "http://testservice.org"; final String relayState = null; final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")); bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState, credentialProvider.getMessageSigningCredential(), pendingReq); // validate // validate Assert.assertEquals("http StatusCode", 302, httpResp.getStatus()); Assert.assertEquals("PVP msg is null", 0, httpResp.getContentLength()); Assert.assertNull("ContentType", httpResp.getContentType()); Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding()); final String locationHeader = httpResp.getHeader("Location"); Assert.assertNotNull("Location header is null", locationHeader); Assert.assertFalse("Location header is empty", locationHeader.isEmpty()); Assert.assertTrue("Wrong redirect URL", locationHeader.startsWith(serviceUrl + "?" + HTTP_FORM_SAMLREQ_PARAM)); final String respSamlMsg = checkMessagePart(locationHeader, HTTP_FORM_SAMLREQ_PARAM, true); Assert.assertNotNull("Saml msg is null", respSamlMsg); Assert.assertFalse("Saml msg is empty", respSamlMsg.isEmpty()); final String sigAlg = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGALG_PARAM, true); Assert.assertNotNull("SigAlg is null", sigAlg); Assert.assertFalse("SigAlg is empty", sigAlg.isEmpty()); Assert.assertEquals("SigAlg not match", PvpConstants.DEFAULT_SIGNING_METHODE_EC, URLDecoder.decode(sigAlg, "UTF-8")); final String samlSig = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGNATURE_PARAM, true); Assert.assertNotNull("Saml signature null", samlSig); Assert.assertFalse("Saml signature is empty", samlSig.isEmpty()); final String respRelayState = checkMessagePart(locationHeader, HTTP_FORM_RELAYSTATE_PARAM, false); Assert.assertNull("RelayState parameter", respRelayState); } @Test public void encodeRequestSuccessWithRelayState() throws MessageDecodingException, SecurityException, MessageEncodingException, XMLParserException, UnmarshallingException, CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception { // build test data final String serviceUrl = "http://testservice.org"; final String relayState = RandomStringUtils.randomAlphabetic(10); final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")); bindingImpl.encodeRequest(httpReq, httpResp, authnReq, serviceUrl, relayState, credentialProvider.getMetaDataSigningCredential(), pendingReq); // validate Assert.assertEquals("http StatusCode", 302, httpResp.getStatus()); Assert.assertEquals("PVP msg is null", 0, httpResp.getContentLength()); Assert.assertNull("ContentType", httpResp.getContentType()); Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding()); final String locationHeader = httpResp.getHeader("Location"); Assert.assertNotNull("Location header is null", locationHeader); Assert.assertFalse("Location header is empty", locationHeader.isEmpty()); Assert.assertTrue("Wrong redirect URL", locationHeader.startsWith(serviceUrl + "?" + HTTP_FORM_SAMLREQ_PARAM)); final String respSamlMsg = checkMessagePart(locationHeader, HTTP_FORM_SAMLREQ_PARAM, true); Assert.assertNotNull("Saml msg is null", respSamlMsg); Assert.assertFalse("Saml msg is empty", respSamlMsg.isEmpty()); final String sigAlg = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGALG_PARAM, true); Assert.assertNotNull("SigAlg is null", sigAlg); Assert.assertFalse("SigAlg is empty", sigAlg.isEmpty()); Assert.assertEquals("SigAlg not match", PvpConstants.DEFAULT_SIGNING_METHODE_RSA, URLDecoder.decode(sigAlg, "UTF-8")); final String samlSig = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGNATURE_PARAM, true); Assert.assertNotNull("Saml signature null", samlSig); Assert.assertFalse("Saml signature is empty", samlSig.isEmpty()); final String respRelayState = checkMessagePart(locationHeader, HTTP_FORM_RELAYSTATE_PARAM, false); Assert.assertNotNull("RelayState parameter", respRelayState); Assert.assertEquals("RelayState not match", relayState, URLDecoder.decode(respRelayState, "UTF-8")); } @Test public void encodeResponseSuccessWithRelayState() throws MessageDecodingException, SecurityException, MessageEncodingException, XMLParserException, UnmarshallingException, CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception { // build test data final String serviceUrl = "http://testservice.org"; final String relayState = RandomStringUtils.randomAlphabetic(10); final StatusResponseType authnReq = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), RedirectBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml")); bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState, credentialProvider.getMetaDataSigningCredential(), pendingReq); // validate Assert.assertEquals("http StatusCode", 302, httpResp.getStatus()); Assert.assertEquals("PVP msg is null", 0, httpResp.getContentLength()); Assert.assertNull("ContentType", httpResp.getContentType()); Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding()); final String locationHeader = httpResp.getHeader("Location"); Assert.assertNotNull("Location header is null", locationHeader); Assert.assertFalse("Location header is empty", locationHeader.isEmpty()); Assert.assertTrue("Wrong redirect URL", locationHeader.startsWith(serviceUrl + "?" + HTTP_FORM_SAMLRESP_PARM)); final String respSamlMsg = checkMessagePart(locationHeader, HTTP_FORM_SAMLRESP_PARM, true); Assert.assertNotNull("Saml msg is null", respSamlMsg); Assert.assertFalse("Saml msg is empty", respSamlMsg.isEmpty()); final String sigAlg = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGALG_PARAM, true); Assert.assertNotNull("SigAlg is null", sigAlg); Assert.assertFalse("SigAlg is empty", sigAlg.isEmpty()); Assert.assertEquals("SigAlg not match", PvpConstants.DEFAULT_SIGNING_METHODE_RSA, URLDecoder.decode(sigAlg, "UTF-8")); final String samlSig = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGNATURE_PARAM, true); Assert.assertNotNull("Saml signature null", samlSig); Assert.assertFalse("Saml signature is empty", samlSig.isEmpty()); final String respRelayState = checkMessagePart(locationHeader, HTTP_FORM_RELAYSTATE_PARAM, false); Assert.assertNotNull("RelayState parameter", respRelayState); Assert.assertEquals("RelayState not match", relayState, URLDecoder.decode(respRelayState, "UTF-8")); } @Test public void encodeResponseSuccess() throws MessageDecodingException, SecurityException, MessageEncodingException, XMLParserException, UnmarshallingException, CredentialsNotAvailableException, ParserConfigurationException, SAXException, IOException, Pvp2Exception { // build test data final String serviceUrl = "http://testservice.org"; final String relayState = null; final StatusResponseType authnReq = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), RedirectBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml")); bindingImpl.encodeResponse(httpReq, httpResp, authnReq, serviceUrl, relayState, credentialProvider.getMetaDataSigningCredential(), pendingReq); // validate Assert.assertEquals("http StatusCode", 302, httpResp.getStatus()); Assert.assertEquals("PVP msg is null", 0, httpResp.getContentLength()); Assert.assertNull("ContentType", httpResp.getContentType()); Assert.assertEquals("Encoding", "UTF-8", httpResp.getCharacterEncoding()); final String locationHeader = httpResp.getHeader("Location"); Assert.assertNotNull("Location header is null", locationHeader); Assert.assertFalse("Location header is empty", locationHeader.isEmpty()); Assert.assertTrue("Wrong redirect URL", locationHeader.startsWith(serviceUrl + "?" + HTTP_FORM_SAMLRESP_PARM)); final String respSamlMsg = checkMessagePart(locationHeader, HTTP_FORM_SAMLRESP_PARM, true); Assert.assertNotNull("Saml msg is null", respSamlMsg); Assert.assertFalse("Saml msg is empty", respSamlMsg.isEmpty()); final String sigAlg = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGALG_PARAM, true); Assert.assertNotNull("SigAlg is null", sigAlg); Assert.assertFalse("SigAlg is empty", sigAlg.isEmpty()); Assert.assertEquals("SigAlg not match", PvpConstants.DEFAULT_SIGNING_METHODE_RSA, URLDecoder.decode(sigAlg, "UTF-8")); final String samlSig = checkMessagePart(locationHeader, HTTP_REDIRECT_SIGNATURE_PARAM, true); Assert.assertNotNull("Saml signature null", samlSig); Assert.assertFalse("Saml signature is empty", samlSig.isEmpty()); final String respRelayState = checkMessagePart(locationHeader, HTTP_FORM_RELAYSTATE_PARAM, false); Assert.assertNull("RelayState parameter", respRelayState); } private String checkMessagePart(String locationHeader, String httpFormSamlreq, boolean isRequired) { final int startIndex = locationHeader.indexOf(httpFormSamlreq); int endIndex = locationHeader.indexOf("&", startIndex); if (isRequired && startIndex == -1) { Assert.fail("Element: " + httpFormSamlreq + " NOT found"); } else if (startIndex == -1) { return null; } if (endIndex == -1) { endIndex = locationHeader.length(); } return locationHeader.substring(startIndex + httpFormSamlreq.length(), endIndex); } private String generateAuthnRequest(EaafX509Credential credential) throws Pvp2Exception, XMLParserException, UnmarshallingException { final MockHttpServletRequest intHttpReq = new MockHttpServletRequest(); final MockHttpServletResponse intHttpResp = new MockHttpServletResponse(); final RequestAbstractType authnReq = (RequestAbstractType) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), RedirectBindingTest.class.getResourceAsStream("/data/AuthRequest_without_sig_1.xml")); authnReq.setIssueInstant(DateTime.now()); bindingImpl.encodeRequest(intHttpReq, intHttpResp, authnReq, "http://testservice.org", null, credential, pendingReq); Assert.assertEquals("http StatusCode", 302, intHttpResp.getStatus()); final String locationHeader = intHttpResp.getHeader("Location"); Assert.assertNotNull("Location header is null", locationHeader); return locationHeader.split("\\?")[1]; } private String generateResponse(EaafX509Credential credential) throws Pvp2Exception, XMLParserException, UnmarshallingException { new MockHttpServletRequest(); final MockHttpServletRequest intHttpReq = new MockHttpServletRequest(); final MockHttpServletResponse intHttpResp = new MockHttpServletResponse(); final StatusResponseType authnReq = (StatusResponseType) XMLObjectSupport.unmarshallFromInputStream( XMLObjectProviderRegistrySupport.getParserPool(), RedirectBindingTest.class.getResourceAsStream("/data/Response_without_sig_1.xml")); authnReq.setIssueInstant(DateTime.now()); bindingImpl.encodeResponse(intHttpReq, intHttpResp, authnReq, "http://testservice.org", null, credential, pendingReq); Assert.assertEquals("http StatusCode", 302, intHttpResp.getStatus()); final String locationHeader = intHttpResp.getHeader("Location"); Assert.assertNotNull("Location header is null", locationHeader); return locationHeader.split("\\?")[1]; } }