Skip to content

Commit 836f203

Browse files
fast-reflexesjzheaux
fast-reflexes
authored and
jzheaux
committed
Refactored OpenSaml4AuthenticationProviderTests
Factored out repeatedly used code for signing a request.
1 parent 73003d5 commit 836f203

File tree

1 file changed

+31
-69
lines changed

1 file changed

+31
-69
lines changed

saml2/saml2-service-provider/src/opensaml4Test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProviderTests.java

Lines changed: 31 additions & 69 deletions
Original file line numberDiff line numberDiff line change
@@ -39,6 +39,7 @@
3939
import org.opensaml.core.xml.io.MarshallingException;
4040
import org.opensaml.core.xml.schema.XSDateTime;
4141
import org.opensaml.core.xml.schema.impl.XSDateTimeBuilder;
42+
import org.opensaml.saml.common.SignableSAMLObject;
4243
import org.opensaml.saml.common.assertion.ValidationContext;
4344
import org.opensaml.saml.saml2.assertion.SAML2AssertionValidationParameters;
4445
import org.opensaml.saml.saml2.core.Assertion;
@@ -144,9 +145,7 @@ public void authenticateWhenXmlErrorThenThrowAuthenticationException() {
144145
public void authenticateWhenInvalidDestinationThenThrowAuthenticationException() {
145146
Response response = response(DESTINATION + "invalid", ASSERTING_PARTY_ENTITY_ID);
146147
response.getAssertions().add(assertion());
147-
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
148-
RELYING_PARTY_ENTITY_ID);
149-
Saml2AuthenticationToken token = token(response, verifying(registration()));
148+
Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
150149
assertThatExceptionOfType(Saml2AuthenticationException.class)
151150
.isThrownBy(() -> this.provider.authenticate(token))
152151
.satisfies(errorOf(Saml2ErrorCodes.INVALID_DESTINATION));
@@ -176,9 +175,7 @@ public void authenticateWhenOpenSAMLValidationErrorThenThrowAuthenticationExcept
176175
Assertion assertion = assertion();
177176
assertion.getSubject().getSubjectConfirmations().get(0).getSubjectConfirmationData()
178177
.setNotOnOrAfter(Instant.now().minus(Duration.ofDays(3)));
179-
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
180-
RELYING_PARTY_ENTITY_ID);
181-
response.getAssertions().add(assertion);
178+
response.getAssertions().add(signed(assertion));
182179
Saml2AuthenticationToken token = token(response, verifying(registration()));
183180
assertThatExceptionOfType(Saml2AuthenticationException.class)
184181
.isThrownBy(() -> this.provider.authenticate(token))
@@ -190,9 +187,7 @@ public void authenticateWhenMissingSubjectThenThrowAuthenticationException() {
190187
Response response = response();
191188
Assertion assertion = assertion();
192189
assertion.setSubject(null);
193-
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
194-
RELYING_PARTY_ENTITY_ID);
195-
response.getAssertions().add(assertion);
190+
response.getAssertions().add(signed(assertion));
196191
Saml2AuthenticationToken token = token(response, verifying(registration()));
197192
assertThatExceptionOfType(Saml2AuthenticationException.class)
198193
.isThrownBy(() -> this.provider.authenticate(token))
@@ -204,9 +199,7 @@ public void authenticateWhenUsernameMissingThenThrowAuthenticationException() {
204199
Response response = response();
205200
Assertion assertion = assertion();
206201
assertion.getSubject().getNameID().setValue(null);
207-
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
208-
RELYING_PARTY_ENTITY_ID);
209-
response.getAssertions().add(assertion);
202+
response.getAssertions().add(signed(assertion));
210203
Saml2AuthenticationToken token = token(response, verifying(registration()));
211204
assertThatExceptionOfType(Saml2AuthenticationException.class)
212205
.isThrownBy(() -> this.provider.authenticate(token))
@@ -219,9 +212,7 @@ public void authenticateWhenAssertionContainsValidationAddressThenItSucceeds() {
219212
Assertion assertion = assertion();
220213
assertion.getSubject().getSubjectConfirmations()
221214
.forEach((sc) -> sc.getSubjectConfirmationData().setAddress("10.10.10.10"));
222-
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
223-
RELYING_PARTY_ENTITY_ID);
224-
response.getAssertions().add(assertion);
215+
response.getAssertions().add(signed(assertion));
225216
Saml2AuthenticationToken token = token(response, verifying(registration()));
226217
this.provider.authenticate(token);
227218
}
@@ -232,9 +223,7 @@ public void authenticateWhenAssertionContainsAttributesThenItSucceeds() {
232223
Assertion assertion = assertion();
233224
List<AttributeStatement> attributes = attributeStatements();
234225
assertion.getAttributeStatements().addAll(attributes);
235-
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
236-
RELYING_PARTY_ENTITY_ID);
237-
response.getAssertions().add(assertion);
226+
response.getAssertions().add(signed(assertion));
238227
Saml2AuthenticationToken token = token(response, verifying(registration()));
239228
Authentication authentication = this.provider.authenticate(token);
240229
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
@@ -258,9 +247,7 @@ public void authenticateWhenAssertionContainsCustomAttributesThenItSucceeds() {
258247
AttributeStatement attribute = TestOpenSamlObjects.customAttributeStatement("Address",
259248
TestCustomOpenSamlObjects.instance());
260249
assertion.getAttributeStatements().add(attribute);
261-
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
262-
RELYING_PARTY_ENTITY_ID);
263-
response.getAssertions().add(assertion);
250+
response.getAssertions().add(signed(assertion));
264251
Saml2AuthenticationToken token = token(response, verifying(registration()));
265252
Authentication authentication = this.provider.authenticate(token);
266253
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
@@ -291,9 +278,7 @@ public void authenticateWhenEncryptedAssertionWithSignatureThenItSucceeds() {
291278
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion,
292279
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
293280
response.getEncryptedAssertions().add(encryptedAssertion);
294-
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
295-
RELYING_PARTY_ENTITY_ID);
296-
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
281+
Saml2AuthenticationToken token = token(signed(response), decrypting(verifying(registration())));
297282
this.provider.authenticate(token);
298283
}
299284

@@ -303,9 +288,7 @@ public void authenticateWhenEncryptedAssertionWithResponseSignatureThenItSucceed
303288
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion(),
304289
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
305290
response.getEncryptedAssertions().add(encryptedAssertion);
306-
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
307-
RELYING_PARTY_ENTITY_ID);
308-
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
291+
Saml2AuthenticationToken token = token(signed(response), decrypting(verifying(registration())));
309292
this.provider.authenticate(token);
310293
}
311294

@@ -318,9 +301,7 @@ public void authenticateWhenEncryptedNameIdWithSignatureThenItSucceeds() {
318301
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
319302
assertion.getSubject().setNameID(null);
320303
assertion.getSubject().setEncryptedID(encryptedID);
321-
response.getAssertions().add(assertion);
322-
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
323-
RELYING_PARTY_ENTITY_ID);
304+
response.getAssertions().add(signed(assertion));
324305
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
325306
this.provider.authenticate(token);
326307
}
@@ -335,9 +316,7 @@ public void authenticateWhenEncryptedAttributeThenDecrypts() {
335316
statement.getEncryptedAttributes().add(attribute);
336317
assertion.getAttributeStatements().add(statement);
337318
response.getAssertions().add(assertion);
338-
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
339-
RELYING_PARTY_ENTITY_ID);
340-
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
319+
Saml2AuthenticationToken token = token(signed(response), decrypting(verifying(registration())));
341320
Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
342321
Saml2AuthenticatedPrincipal principal = (Saml2AuthenticatedPrincipal) authentication.getPrincipal();
343322
assertThat(principal.getAttribute("name")).containsExactly("value");
@@ -349,9 +328,7 @@ public void authenticateWhenDecryptionKeysAreMissingThenThrowAuthenticationExcep
349328
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion(),
350329
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
351330
response.getEncryptedAssertions().add(encryptedAssertion);
352-
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
353-
RELYING_PARTY_ENTITY_ID);
354-
Saml2AuthenticationToken token = token(response, verifying(registration()));
331+
Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
355332
assertThatExceptionOfType(Saml2AuthenticationException.class)
356333
.isThrownBy(() -> this.provider.authenticate(token))
357334
.satisfies(errorOf(Saml2ErrorCodes.DECRYPTION_ERROR, "Failed to decrypt EncryptedData"));
@@ -363,9 +340,7 @@ public void authenticateWhenDecryptionKeysAreWrongThenThrowAuthenticationExcepti
363340
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion(),
364341
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
365342
response.getEncryptedAssertions().add(encryptedAssertion);
366-
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
367-
RELYING_PARTY_ENTITY_ID);
368-
Saml2AuthenticationToken token = token(response, registration()
343+
Saml2AuthenticationToken token = token(signed(response), registration()
369344
.decryptionX509Credentials((c) -> c.add(TestSaml2X509Credentials.assertingPartyPrivateCredential())));
370345
assertThatExceptionOfType(Saml2AuthenticationException.class)
371346
.isThrownBy(() -> this.provider.authenticate(token))
@@ -378,9 +353,7 @@ public void authenticateWhenAuthenticationHasDetailsThenSucceeds() {
378353
Assertion assertion = assertion();
379354
assertion.getSubject().getSubjectConfirmations()
380355
.forEach((sc) -> sc.getSubjectConfirmationData().setAddress("10.10.10.10"));
381-
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
382-
RELYING_PARTY_ENTITY_ID);
383-
response.getAssertions().add(assertion);
356+
response.getAssertions().add(signed(assertion));
384357
Saml2AuthenticationToken token = token(response, verifying(registration()));
385358
token.setDetails("some-details");
386359
Authentication authentication = this.provider.authenticate(token);
@@ -395,9 +368,7 @@ public void writeObjectWhenTypeIsSaml2AuthenticationThenNoException() throws IOE
395368
EncryptedAssertion encryptedAssertion = TestOpenSamlObjects.encrypted(assertion,
396369
TestSaml2X509Credentials.assertingPartyEncryptingCredential());
397370
response.getEncryptedAssertions().add(encryptedAssertion);
398-
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
399-
RELYING_PARTY_ENTITY_ID);
400-
Saml2AuthenticationToken token = token(response, decrypting(verifying(registration())));
371+
Saml2AuthenticationToken token = token(signed(response), decrypting(verifying(registration())));
401372
Saml2Authentication authentication = (Saml2Authentication) this.provider.authenticate(token);
402373
// the following code will throw an exception if authentication isn't serializable
403374
ByteArrayOutputStream byteStream = new ByteArrayOutputStream(1024);
@@ -432,9 +403,7 @@ public void authenticateWhenDelegatingToDefaultAssertionValidatorThenUses() {
432403
OneTimeUse oneTimeUse = build(OneTimeUse.DEFAULT_ELEMENT_NAME);
433404
assertion.getConditions().getConditions().add(oneTimeUse);
434405
response.getAssertions().add(assertion);
435-
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
436-
ASSERTING_PARTY_ENTITY_ID);
437-
Saml2AuthenticationToken token = token(response, verifying(registration()));
406+
Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
438407
// @formatter:off
439408
assertThatExceptionOfType(Saml2AuthenticationException.class)
440409
.isThrownBy(() -> provider.authenticate(token)).isInstanceOf(Saml2AuthenticationException.class)
@@ -456,9 +425,7 @@ public void authenticateWhenCustomAssertionValidatorThenUses() {
456425
Response response = response();
457426
Assertion assertion = assertion();
458427
response.getAssertions().add(assertion);
459-
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
460-
ASSERTING_PARTY_ENTITY_ID);
461-
Saml2AuthenticationToken token = token(response, verifying(registration()));
428+
Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
462429
given(validator.convert(any(OpenSaml4AuthenticationProvider.AssertionToken.class)))
463430
.willReturn(Saml2ResponseValidatorResult.success());
464431
provider.authenticate(token);
@@ -475,9 +442,7 @@ public void authenticateWhenDefaultConditionValidatorNotUsedThenSignatureStillCh
475442
RELYING_PARTY_ENTITY_ID); // broken
476443
// signature
477444
response.getAssertions().add(assertion);
478-
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
479-
ASSERTING_PARTY_ENTITY_ID);
480-
Saml2AuthenticationToken token = token(response, verifying(registration()));
445+
Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
481446
// @formatter:off
482447
assertThatExceptionOfType(Saml2AuthenticationException.class)
483448
.isThrownBy(() -> provider.authenticate(token))
@@ -496,9 +461,7 @@ public void authenticateWhenValidationContextCustomizedThenUsers() {
496461
OpenSaml4AuthenticationProvider.createDefaultAssertionValidator((assertionToken) -> context));
497462
Response response = response();
498463
Assertion assertion = assertion();
499-
response.getAssertions().add(assertion);
500-
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
501-
ASSERTING_PARTY_ENTITY_ID);
464+
response.getAssertions().add(signed(assertion));
502465
Saml2AuthenticationToken token = token(response, verifying(registration()));
503466
// @formatter:off
504467
assertThatExceptionOfType(Saml2AuthenticationException.class)
@@ -570,13 +533,12 @@ public void setAssertionElementsDecrypterWhenNullThenIllegalArgument() {
570533
public void authenticateWhenCustomResponseElementsDecrypterThenDecryptsResponse() {
571534
Response response = response();
572535
Assertion assertion = assertion();
573-
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
574-
RELYING_PARTY_ENTITY_ID);
575536
response.getEncryptedAssertions().add(new EncryptedAssertionBuilder().buildObject());
576537
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
577538
RELYING_PARTY_ENTITY_ID);
578539
Saml2AuthenticationToken token = token(response, verifying(registration()));
579-
this.provider.setResponseElementsDecrypter((tuple) -> tuple.getResponse().getAssertions().add(assertion));
540+
this.provider
541+
.setResponseElementsDecrypter((tuple) -> tuple.getResponse().getAssertions().add(signed(assertion)));
580542
Authentication authentication = this.provider.authenticate(token);
581543
assertThat(authentication.getName()).isEqualTo("test@saml.user");
582544
}
@@ -588,9 +550,7 @@ public void authenticateWhenCustomAssertionElementsDecrypterThenDecryptsAssertio
588550
EncryptedID id = new EncryptedIDBuilder().buildObject();
589551
id.setEncryptedData(new EncryptedDataBuilder().buildObject());
590552
assertion.getSubject().setEncryptedID(id);
591-
TestOpenSamlObjects.signed(assertion, TestSaml2X509Credentials.assertingPartySigningCredential(),
592-
RELYING_PARTY_ENTITY_ID);
593-
response.getAssertions().add(assertion);
553+
response.getAssertions().add(signed(assertion));
594554
Saml2AuthenticationToken token = token(response, verifying(registration()));
595555
this.provider.setAssertionElementsDecrypter((tuple) -> {
596556
NameID name = new NameIDBuilder().buildObject();
@@ -639,9 +599,7 @@ public void authenticateWhenCustomResponseValidatorThenUses() {
639599
Response response = response();
640600
Assertion assertion = assertion();
641601
response.getAssertions().add(assertion);
642-
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
643-
ASSERTING_PARTY_ENTITY_ID);
644-
Saml2AuthenticationToken token = token(response, verifying(registration()));
602+
Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
645603
given(validator.convert(any(OpenSaml4AuthenticationProvider.ResponseToken.class)))
646604
.willReturn(Saml2ResponseValidatorResult.success());
647605
provider.authenticate(token);
@@ -655,9 +613,7 @@ public void authenticateWhenAssertionIssuerNotValidThenFailsWithInvalidIssuer()
655613
Assertion assertion = assertion();
656614
assertion.setIssuer(TestOpenSamlObjects.issuer("https://invalid.idp.test/saml2/idp"));
657615
response.getAssertions().add(assertion);
658-
TestOpenSamlObjects.signed(response, TestSaml2X509Credentials.assertingPartySigningCredential(),
659-
ASSERTING_PARTY_ENTITY_ID);
660-
Saml2AuthenticationToken token = token(response, verifying(registration()));
616+
Saml2AuthenticationToken token = token(signed(response), verifying(registration()));
661617
assertThatExceptionOfType(Saml2AuthenticationException.class).isThrownBy(() -> provider.authenticate(token))
662618
.withMessageContaining("did not match any valid issuers");
663619
}
@@ -716,6 +672,12 @@ private Assertion assertion() {
716672
return assertion;
717673
}
718674

675+
private <T extends SignableSAMLObject> T signed(T toSign) {
676+
TestOpenSamlObjects.signed(toSign, TestSaml2X509Credentials.assertingPartySigningCredential(),
677+
RELYING_PARTY_ENTITY_ID);
678+
return toSign;
679+
}
680+
719681
private List<AttributeStatement> attributeStatements() {
720682
List<AttributeStatement> attributeStatements = TestOpenSamlObjects.attributeStatements();
721683
AttributeBuilder attributeBuilder = new AttributeBuilder();

0 commit comments

Comments
 (0)