Skip to content
This repository was archived by the owner on Dec 12, 2018. It is now read-only.

Commit 80dfda8

Browse files
author
Richard Blaylock
committed
Issue-1136 Happy path test for authn request verification.
1 parent 48e1e1b commit 80dfda8

File tree

1 file changed

+73
-17
lines changed

1 file changed

+73
-17
lines changed

extensions/httpclient/src/test/groovy/com/stormpath/sdk/impl/saml/SamlIdentityProviderIT.groovy

Lines changed: 73 additions & 17 deletions
Original file line numberDiff line numberDiff line change
@@ -18,36 +18,27 @@ package com.stormpath.sdk.impl.saml
1818
import com.stormpath.sdk.account.Account
1919
import com.stormpath.sdk.application.Application
2020
import com.stormpath.sdk.application.webconfig.ApplicationWebConfig
21+
import com.stormpath.sdk.http.HttpMethod
22+
import com.stormpath.sdk.http.HttpRequest
23+
import com.stormpath.sdk.http.HttpRequestBuilder
24+
import com.stormpath.sdk.http.HttpRequests
2125
import com.stormpath.sdk.impl.ds.InternalDataStore
26+
import com.stormpath.sdk.impl.util.Base64
2227
import com.stormpath.sdk.query.Options
2328
import com.stormpath.sdk.resource.ResourceException
24-
import com.stormpath.sdk.saml.AttributeStatementMappingRule
25-
import com.stormpath.sdk.saml.AttributeStatementMappingRules
26-
import com.stormpath.sdk.saml.CreateSamlResponseRequest
27-
import com.stormpath.sdk.saml.RegisteredSamlServiceProvider
28-
import com.stormpath.sdk.saml.RegisteredSamlServiceProviderList
29-
import com.stormpath.sdk.saml.RegisteredSamlServiceProviders
30-
import com.stormpath.sdk.saml.SamlIdentityProvider
31-
import com.stormpath.sdk.saml.SamlIdentityProviderMetadata
32-
import com.stormpath.sdk.saml.SamlIdentityProviderStatus
33-
import com.stormpath.sdk.saml.SamlIdentityProviders
34-
import com.stormpath.sdk.saml.SamlPolicy
35-
import com.stormpath.sdk.saml.SamlResponse
36-
import com.stormpath.sdk.saml.SamlServiceProviderRegistration
37-
import com.stormpath.sdk.saml.SamlServiceProviderRegistrationList
38-
import com.stormpath.sdk.saml.SamlServiceProviderRegistrationStatus
39-
import com.stormpath.sdk.saml.SamlServiceProviderRegistrations
29+
import com.stormpath.sdk.saml.*
4030
import org.joda.time.format.DateTimeFormatter
4131
import org.joda.time.format.ISODateTimeFormat
4232
import org.testng.annotations.AfterMethod
4333
import org.testng.annotations.Test
4434

4535
import javax.xml.bind.DatatypeConverter
36+
import java.text.SimpleDateFormat
4637

4738
import static org.testng.Assert.assertEquals
4839
import static org.testng.Assert.assertNotEquals
49-
import static org.testng.Assert.assertNotNull
5040
import static org.testng.Assert.assertNull
41+
import static org.testng.Assert.assertNotNull
5142
import static org.testng.Assert.assertTrue
5243

5344
/**
@@ -551,6 +542,61 @@ class SamlIdentityProviderIT extends AbstractSamlIT {
551542
assertEquals(registrationList.size, 0)
552543
}
553544

545+
@Test
546+
void testAuthnVerification() {
547+
def identityProvider = getNewSamlIdentityProviderForNewApplication()
548+
549+
String cannedX509Cert = '''-----BEGIN CERTIFICATE-----
550+
MIIDBjCCAe4CCQDkkfBwuV3jqTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJV
551+
UzETMBEGA1UECBMKU29tZS1TdGF0ZTEhMB8GA1UEChMYSW50ZXJuZXQgV2lkZ2l0
552+
cyBQdHkgTHRkMB4XDTE1MTAxNDIyMDUzOFoXDTE2MTAxMzIyMDUzOFowRTELMAkG
553+
A1UEBhMCVVMxEzARBgNVBAgTClNvbWUtU3RhdGUxITAfBgNVBAoTGEludGVybmV0
554+
IFdpZGdpdHMgUHR5IEx0ZDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
555+
ALuZBSfp4ecigQGFL6zawVi9asVstXHy3cpj3pPXjDx5Xj4QlbBL7KbZhVd4B+j3
556+
Paacetpn8N0g06sYe1fIeddZE7PZeD2vxTLglriOCB8exH9ZAcYNHIGy3pMFdXHY
557+
lS7xXYWb+BNLVU7ka3tJnceDjhviAjICzQJs0JXDVQUeYxB80a+WtqJP+ZMbAxvA
558+
QbPzkcvK8CMctRSRqKkpC4gWSxUAJOqEmyvQVQpaLGrI2zFroD2Bgt0cZzBHN5tG
559+
wC2qgacDv16qyY+90rYgX/WveA+MSd8QKGLcpPlEzzVJp7Z5Boc3T8wIR29jaDtR
560+
cK4bWQ2EGLJiJ+Vql5qaOmsCAwEAATANBgkqhkiG9w0BAQUFAAOCAQEAmCND/4tB
561+
+yVsIZBAQgul/rK1Qj26FlyO0i0Rmm2OhGRhrd9JPQoZ+xCtBixopNICKG7kvUeQ
562+
Sk8Bku6rQ3VquxKtqAjNFeiLykd9Dn2HUOGpNlRcpzFXHtX+L1f34lMaT54qgWAh
563+
PgWkzh8xo5HT4M83DaG+HT6BkaVAQwIlJ26S/g3zJ00TrWRP2E6jlhR5KHLN+8eE
564+
D7/ENlqO5ThU5uX07/Bf+S0q5NK0NPuy0nO2w064kHdIX5/O64ktT1/MgWBV6yV7
565+
mg1osHToeo4WXGz2Yo6+VFMM3IKRqMDbkR7N4cNKd1KvEKrMaRE7vC14H/G5NSOh
566+
yl85oFHAdkguTA==
567+
-----END CERTIFICATE-----
568+
'''
569+
570+
def serviceProvider = client.instantiate(RegisteredSamlServiceProvider)
571+
serviceProvider
572+
.setName("testName")
573+
.setAssertionConsumerServiceUrl("http://localhost:9191/v1/directories/58RbxGTCdqH9L1ddRxBquy/saml/sso/post")
574+
.setEntityId("http://localhost:9191/v1/directories/58RbxGTCdqH9L1ddRxBquy")
575+
.setEncodedX509SigningCert(cannedX509Cert)
576+
577+
578+
def registeredSamlServiceProvider = client.currentTenant.createRegisterdSamlServiceProvider(serviceProvider)
579+
580+
def registration = client.instantiate(SamlServiceProviderRegistration)
581+
registration.setDefaultRelayState("aNiceDefaultRelayState")
582+
registration.setServiceProvider(registeredSamlServiceProvider)
583+
registration.setIdentityProvider(identityProvider)
584+
createAndGetAndAssertNewRegistration(registration)
585+
586+
String cannedRelayState = "eyJ0aWQiOiI3QXZCMWJqZXJRWTRVM0JzQWtvOEYyIiwic3R0IjoiYXNzZXJ0aW9uIiwiYWxnIjoiSFMyNTYifQ.eyJpcnQiOiIyMmJhYjc5OS01OTM2LTQ2ZjktOTMwNy1mYjM2ZGIxOTBkMmYiLCJhcGlfa2lkIjoiMVNFNUxIODBVU080MEVYTVQ1SVEyVVRXSCIsImNiX3VyaSI6Imh0dHA6Ly9sb2NhbGhvc3Q6OTE5MS91aTIvdmlld3Mvc2FtbC10ZXN0LWNhbGxiYWNrLmh0bWwiLCJhc2giOiJodHRwOi8vbG9jYWxob3N0OjkxOTEvdjEvZGlyZWN0b3JpZXMvNThSYnhHVENkcUg5TDFkZFJ4QnF1eSIsImFwcF9ocmVmIjoiaHR0cDovL2xvY2FsaG9zdDo5MTkxL3YxL2FwcGxpY2F0aW9ucy83RFVXNHlzNU5mM0oyd09NV29SRUZvIiwianRpIjoic3A2UEJLVm5ZZW4xS3ZYN1F0UThQS0RjIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MTkxL3YxL2FwcGxpY2F0aW9ucy83RFVXNHlzNU5mM0oyd09NV29SRUZvL3NhbWwvc3NvL2lkcFJlZGlyZWN0IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo5MTkxL3YxL2RpcmVjdG9yaWVzLzU4UmJ4R1RDZHFIOUwxZGRSeEJxdXkvc2FtbC9zc28vcG9zdCJ9.fG4Ffp2Udzr2xfEzNrVGzbjc02asVf2UkuzpOLMphHo"
587+
588+
AuthnVerificationRequest authnVerificationRequest = client.instantiate(AuthnVerificationRequest.class);
589+
authnVerificationRequest.setSamlRequest("pJJBc9owEIXv/RUe3W0hd0hBg50xMGkYaOOAk2l7U+RNUEaWjFZ2SX59HQNNcmguvUq77715307O95UOWnCorEkIiwYkACNtqcxDQm6Ki3BEztNPExSVjmueNX5r1rBrAH2QIYLz3d7MGmwqcBtwrZJws14lZOt9zSnVVgq9tej5mI0ZbRktlQPprVOAdDha3+2/FrNydzlesbJc76e75om+mFFES+tukQTzzkwZ4fuER91nENo2GD6Cj0RdYyRVhJ1qVQu/jZT9q0GCC+sk9METci80AgkW84RgfZZPl7fmJxi2bH98ufbXo3w5l90v5gJRtfA6j9jAwqAXxickHrCzkMUh+1zEjA+HnMVRPBr8IkHurLfS6qkyhwIbZ7gVqJAbUQFyL/km+7bicTTgd4ch5JdFkYf51aYgwe0JRPwCokNjkB+q/1irPhqT9ECK94ndW4WPBcSJJUn/g9yEvnVPT1fzvbNbzHOrlXwKMq3t75kD4bt+vWugJ1QJ/++ALGL9iyrD+36UQyWUzsrSASKh6dH3/X2mfwAAAP//")
590+
.setRelayState(cannedRelayState)
591+
.setQueryString("SAMLRequest=pJJBc9owEIXv/RUe3W0hd0hBg50xMGkYaOOAk2l7U+RNUEaWjFZ2SX59HQNNcmguvUq77715307O95UOWnCorEkIiwYkACNtqcxDQm6Ki3BEztNPExSVjmueNX5r1rBrAH2QIYLz3d7MGmwqcBtwrZJws14lZOt9zSnVVgq9tej5mI0ZbRktlQPprVOAdDha3+2/FrNydzlesbJc76e75om+mFFES+tukQTzzkwZ4fuER91nENo2GD6Cj0RdYyRVhJ1qVQu/jZT9q0GCC+sk9METci80AgkW84RgfZZPl7fmJxi2bH98ufbXo3w5l90v5gJRtfA6j9jAwqAXxickHrCzkMUh+1zEjA+HnMVRPBr8IkHurLfS6qkyhwIbZ7gVqJAbUQFyL/km+7bicTTgd4ch5JdFkYf51aYgwe0JRPwCokNjkB+q/1irPhqT9ECK94ndW4WPBcSJJUn/g9yEvnVPT1fzvbNbzHOrlXwKMq3t75kD4bt+vWugJ1QJ/++ALGL9iyrD+36UQyWUzsrSASKh6dH3/X2mfwAAAP//&RelayState=eyJ0aWQiOiI3QXZCMWJqZXJRWTRVM0JzQWtvOEYyIiwic3R0IjoiYXNzZXJ0aW9uIiwiYWxnIjoiSFMyNTYifQ.eyJpcnQiOiIyMmJhYjc5OS01OTM2LTQ2ZjktOTMwNy1mYjM2ZGIxOTBkMmYiLCJhcGlfa2lkIjoiMVNFNUxIODBVU080MEVYTVQ1SVEyVVRXSCIsImNiX3VyaSI6Imh0dHA6Ly9sb2NhbGhvc3Q6OTE5MS91aTIvdmlld3Mvc2FtbC10ZXN0LWNhbGxiYWNrLmh0bWwiLCJhc2giOiJodHRwOi8vbG9jYWxob3N0OjkxOTEvdjEvZGlyZWN0b3JpZXMvNThSYnhHVENkcUg5TDFkZFJ4QnF1eSIsImFwcF9ocmVmIjoiaHR0cDovL2xvY2FsaG9zdDo5MTkxL3YxL2FwcGxpY2F0aW9ucy83RFVXNHlzNU5mM0oyd09NV29SRUZvIiwianRpIjoic3A2UEJLVm5ZZW4xS3ZYN1F0UThQS0RjIiwiaXNzIjoiaHR0cDovL2xvY2FsaG9zdDo5MTkxL3YxL2FwcGxpY2F0aW9ucy83RFVXNHlzNU5mM0oyd09NV29SRUZvL3NhbWwvc3NvL2lkcFJlZGlyZWN0IiwiYXVkIjoiaHR0cDovL2xvY2FsaG9zdDo5MTkxL3YxL2RpcmVjdG9yaWVzLzU4UmJ4R1RDZHFIOUwxZGRSeEJxdXkvc2FtbC9zc28vcG9zdCJ9.fG4Ffp2Udzr2xfEzNrVGzbjc02asVf2UkuzpOLMphHo&SigAlg=http://www.w3.org/2001/04/xmldsig-more#rsa-sha256&Signature=bv/bFoVCuOlrB8OyrkNMjpDh9s6g2+zppZGeSOd3lSOPzfdJIv7/8/e1S3I+0jDHGSFceFYj1q7HtFMyKxh2VNAeBnt1FjZ3SwbifZzoV5TwFSThTXv2wWiEYPbw9HETv3ol3xthDfFwNy+7mc862XEUwh8vmoilCHdxOJXXTzvuGF0dpF6a4QzHZT4og4GBd9uBTl1u4IKejGzP0CpoBlDrBS0TVuyvJz2kc5CC5NM0Q2LK4WMb3J4HCxZ8SbLBL9O65YQOAzNJwmLRQGhgfeS63a5x0eMtZJAOzAjAaoFOaCSAwsUmQtd5tlGmejSsKQOTeBYe8JMRkSjZ6XnHmw==")
592+
593+
AuthnVerification authnVerification = identityProvider.createAuthnVerification(authnVerificationRequest)
594+
assertEquals(authnVerification.relayState, cannedRelayState)
595+
assertEquals(authnVerification.serviceProvider.href, registeredSamlServiceProvider.href)
596+
Date cannedDate = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss.SSS'Z'").parse("2016-12-13T13:55:12.280Z")
597+
assertEquals(authnVerification.authnIssueInstant, cannedDate)
598+
}
599+
554600
@Test
555601
void testSamlResponse() {
556602
def identityProvider = getNewSamlIdentityProviderForNewApplication()
@@ -581,4 +627,14 @@ class SamlIdentityProviderIT extends AbstractSamlIT {
581627
assertTrue(xml.contains(account.email))
582628
assertTrue(xml.contains("InResponseTo=\"" + requestId + "\""))
583629
}
630+
631+
def static String createBasicAuthzHeader(String id, String secret) {
632+
633+
String cred = id + ":" + secret
634+
635+
byte[] bytes = cred.getBytes("UTF-8")
636+
637+
"Basic " + Base64.encodeBase64String(bytes)
638+
}
639+
584640
}

0 commit comments

Comments
 (0)