| <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" |
| "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> |
| <html> |
| <head> |
| <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> |
| <title>Coverage Report</title> |
| <link title="Style" type="text/css" rel="stylesheet" href="css/main.css"/> |
| <script type="text/javascript" src="js/popup.js"></script> |
| </head> |
| <body> |
| <h5>Coverage Report - com.google.enterprise.adaptor.SamlServiceProvider</h5> |
| <div class="separator"> </div> |
| <table class="report"> |
| <thead><tr> <td class="heading">Classes in this File</td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Line Coverage</a></td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Branch Coverage</a></td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Complexity</a></td></tr></thead> |
| <tr><td><a href="com.google.enterprise.adaptor.SamlServiceProvider.html">SamlServiceProvider</a></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">1</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:97px"><span class="text">33/34</span></div></div></td></tr></table></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">3</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:85px"><span class="text">17/20</span></div></div></td></tr></table></td><td class="value"><span class="hidden">3.375;</span>3.375</td></tr> |
| <tr><td><a href="com.google.enterprise.adaptor.SamlServiceProvider.html">SamlServiceProvider$AssertionConsumerHandler</a></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">0</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:100px"><span class="text">59/59</span></div></div></td></tr></table></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">2</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:91px"><span class="text">22/24</span></div></div></td></tr></table></td><td class="value"><span class="hidden">3.375;</span>3.375</td></tr> |
| <tr><td><a href="com.google.enterprise.adaptor.SamlServiceProvider.html">SamlServiceProvider$AuthnState</a></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">3</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:87px"><span class="text">21/24</span></div></div></td></tr></table></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">1</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:75px"><span class="text">3/4</span></div></div></td></tr></table></td><td class="value"><span class="hidden">3.375;</span>3.375</td></tr> |
| |
| </table> |
| <div class="separator"> </div> |
| <table cellspacing="0" cellpadding="0" class="src"> |
| <tr> <td class="numLine"> 1</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// Copyright 2013 Google Inc. All Rights Reserved.</span></pre></td></tr> |
| <tr> <td class="numLine"> 2</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">//</span></pre></td></tr> |
| <tr> <td class="numLine"> 3</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// Licensed under the Apache License, Version 2.0 (the "License");</span></pre></td></tr> |
| <tr> <td class="numLine"> 4</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// you may not use this file except in compliance with the License.</span></pre></td></tr> |
| <tr> <td class="numLine"> 5</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// You may obtain a copy of the License at</span></pre></td></tr> |
| <tr> <td class="numLine"> 6</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">//</span></pre></td></tr> |
| <tr> <td class="numLine"> 7</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// http://www.apache.org/licenses/LICENSE-2.0</span></pre></td></tr> |
| <tr> <td class="numLine"> 8</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">//</span></pre></td></tr> |
| <tr> <td class="numLine"> 9</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// Unless required by applicable law or agreed to in writing, software</span></pre></td></tr> |
| <tr> <td class="numLine"> 10</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// distributed under the License is distributed on an "AS IS" BASIS,</span></pre></td></tr> |
| <tr> <td class="numLine"> 11</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span></pre></td></tr> |
| <tr> <td class="numLine"> 12</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// See the License for the specific language governing permissions and</span></pre></td></tr> |
| <tr> <td class="numLine"> 13</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// limitations under the License.</span></pre></td></tr> |
| <tr> <td class="numLine"> 14</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 15</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">package</span> com.google.enterprise.adaptor;</pre></td></tr> |
| <tr> <td class="numLine"> 16</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 17</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> com.google.common.annotations.VisibleForTesting;</pre></td></tr> |
| <tr> <td class="numLine"> 18</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> com.google.enterprise.adaptor.secmgr.authncontroller.ExportedState;</pre></td></tr> |
| <tr> <td class="numLine"> 19</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> com.google.enterprise.adaptor.secmgr.http.HttpClientInterface;</pre></td></tr> |
| <tr> <td class="numLine"> 20</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> com.google.enterprise.adaptor.secmgr.modules.SamlClient;</pre></td></tr> |
| <tr> <td class="numLine"> 21</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> com.google.enterprise.adaptor.secmgr.servlets.ResponseParser;</pre></td></tr> |
| <tr> <td class="numLine"> 22</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 23</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> com.sun.net.httpserver.HttpExchange;</pre></td></tr> |
| <tr> <td class="numLine"> 24</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> com.sun.net.httpserver.HttpHandler;</pre></td></tr> |
| <tr> <td class="numLine"> 25</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 26</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.joda.time.DateTime;</pre></td></tr> |
| <tr> <td class="numLine"> 27</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.opensaml.saml2.core.Response;</pre></td></tr> |
| <tr> <td class="numLine"> 28</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.opensaml.saml2.core.StatusCode;</pre></td></tr> |
| <tr> <td class="numLine"> 29</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.opensaml.xml.security.SecurityHelper;</pre></td></tr> |
| <tr> <td class="numLine"> 30</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> org.opensaml.xml.security.credential.Credential;</pre></td></tr> |
| <tr> <td class="numLine"> 31</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 32</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> java.io.IOException;</pre></td></tr> |
| <tr> <td class="numLine"> 33</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> java.net.HttpURLConnection;</pre></td></tr> |
| <tr> <td class="numLine"> 34</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> java.net.URI;</pre></td></tr> |
| <tr> <td class="numLine"> 35</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> java.security.KeyPair;</pre></td></tr> |
| <tr> <td class="numLine"> 36</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> java.util.Date;</pre></td></tr> |
| <tr> <td class="numLine"> 37</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> java.util.Set;</pre></td></tr> |
| <tr> <td class="numLine"> 38</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> java.util.logging.Level;</pre></td></tr> |
| <tr> <td class="numLine"> 39</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">import</span> java.util.logging.Logger;</pre></td></tr> |
| <tr> <td class="numLine"> 40</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 41</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 42</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Provides the ability to send SAML authn requests and receive the responses.</span></pre></td></tr> |
| <tr> <td class="numLine"> 43</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 44</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p>This functions in the Service Provider (SP) role in SAML. A SP is simply</span></pre></td></tr> |
| <tr> <td class="numLine"> 45</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * the site that the user was trying to use (it provides a service to the user).</span></pre></td></tr> |
| <tr> <td class="numLine"> 46</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * The SP sends the user to an Identity Provider (IdP) to be authenticated.</span></pre></td></tr> |
| <tr> <td class="numLine"> 47</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 48</td> <td class="nbHitsCovered"> 25</td> <td class="src"><pre class="src"> <span class="keyword">class</span> SamlServiceProvider {</pre></td></tr> |
| <tr> <td class="numLine"> 49</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> @VisibleForTesting</pre></td></tr> |
| <tr> <td class="numLine"> 50</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">static</span> <span class="keyword">final</span> String SESSION_STATE_ATTR_NAME = <span class="string">"authnState"</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 51</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 52</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> Logger log = Logger.getLogger(</pre></td></tr> |
| <tr> <td class="numLine"> 53</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> SamlServiceProvider.<span class="keyword">class</span>.getName());</pre></td></tr> |
| <tr> <td class="numLine"> 54</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 55</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 56</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Manager that handles keeping track of users attempting to authenticate.</span></pre></td></tr> |
| <tr> <td class="numLine"> 57</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 58</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">final</span> SessionManager<HttpExchange> sessionManager;</pre></td></tr> |
| <tr> <td class="numLine"> 59</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/** SAML configuration of endpoints. */</span></pre></td></tr> |
| <tr> <td class="numLine"> 60</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">final</span> SamlMetadata metadata;</pre></td></tr> |
| <tr> <td class="numLine"> 61</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/** Credentials to use to sign messages. */</span></pre></td></tr> |
| <tr> <td class="numLine"> 62</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">final</span> Credential cred;</pre></td></tr> |
| <tr> <td class="numLine"> 63</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 64</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Http client implementation that {@code SamlClient} will use to send</span></pre></td></tr> |
| <tr> <td class="numLine"> 65</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * requests directly to the GSA, for resolving SAML artifacts.</span></pre></td></tr> |
| <tr> <td class="numLine"> 66</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 67</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">final</span> HttpClientInterface httpClient;</pre></td></tr> |
| <tr> <td class="numLineCover"> 68</td> <td class="nbHitsCovered"> 18</td> <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">final</span> AssertionConsumerHandler assertionConsumer</pre></td></tr> |
| <tr> <td class="numLine"> 69</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> = <span class="keyword">new</span> AssertionConsumerHandler();</pre></td></tr> |
| <tr> <td class="numLine"> 70</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 71</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 72</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param sessionManager manager for storing session state, like authn</span></pre></td></tr> |
| <tr> <td class="numLine"> 73</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * results</span></pre></td></tr> |
| <tr> <td class="numLine"> 74</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param metadata SAML configuration of endpoints</span></pre></td></tr> |
| <tr> <td class="numLine"> 75</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @param keyAlias alias in keystore that contains the key for signing</span></pre></td></tr> |
| <tr> <td class="numLine"> 76</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * messages</span></pre></td></tr> |
| <tr> <td class="numLine"> 77</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 78</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> SamlServiceProvider(SessionManager<HttpExchange> sessionManager,</pre></td></tr> |
| <tr> <td class="numLine"> 79</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> SamlMetadata metadata, KeyPair key) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 80</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> <span class="keyword">this</span>(sessionManager, metadata, key, <span class="keyword">new</span> HttpClientAdapter());</pre></td></tr> |
| <tr> <td class="numLineCover"> 81</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 82</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 83</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> @VisibleForTesting</pre></td></tr> |
| <tr> <td class="numLine"> 84</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> SamlServiceProvider(SessionManager<HttpExchange> sessionManager,</pre></td></tr> |
| <tr> <td class="numLineCover"> 85</td> <td class="nbHitsCovered"> 18</td> <td class="src"><pre class="src"> SamlMetadata metadata, KeyPair key, HttpClientInterface httpClient) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 86</td> <td class="nbHitsUncovered"><a title="Line 86: Conditional coverage 50% (3/6) [each condition: 50%, 50%, 50%]."> 18</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 86: Conditional coverage 50% (3/6) [each condition: 50%, 50%, 50%]."> <span class="keyword">if</span> (metadata == <span class="keyword">null</span> || sessionManager == <span class="keyword">null</span> || httpClient == <span class="keyword">null</span>) {</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 87</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">throw</span> <span class="keyword">new</span> NullPointerException();</span></pre></td></tr> |
| <tr> <td class="numLine"> 88</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 89</td> <td class="nbHitsCovered"> 18</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.sessionManager = sessionManager;</pre></td></tr> |
| <tr> <td class="numLineCover"> 90</td> <td class="nbHitsCovered"> 18</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.metadata = metadata;</pre></td></tr> |
| <tr> <td class="numLineCover"> 91</td> <td class="nbHitsCovered"><a title="Line 91: Conditional coverage 100% (2/2)."> 18</a></td> <td class="src"><pre class="src"> <a title="Line 91: Conditional coverage 100% (2/2)."> <span class="keyword">this</span>.cred = (key == <span class="keyword">null</span>) ? <span class="keyword">null</span></a></pre></td></tr> |
| <tr> <td class="numLine"> 92</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> : SecurityHelper.getSimpleCredential(key.getPublic(),</pre></td></tr> |
| <tr> <td class="numLine"> 93</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> key.getPrivate());</pre></td></tr> |
| <tr> <td class="numLineCover"> 94</td> <td class="nbHitsCovered"> 18</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.httpClient = httpClient;</pre></td></tr> |
| <tr> <td class="numLineCover"> 95</td> <td class="nbHitsCovered"> 18</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 96</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 97</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 98</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Consumer of authentication responses. It must be registered as a handler</span></pre></td></tr> |
| <tr> <td class="numLine"> 99</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * with the HTTP server with the same path as defined in the SamlMetadata.</span></pre></td></tr> |
| <tr> <td class="numLine"> 100</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 101</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> HttpHandler getAssertionConsumer() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 102</td> <td class="nbHitsCovered"> 11</td> <td class="src"><pre class="src"> <span class="keyword">return</span> assertionConsumer;</pre></td></tr> |
| <tr> <td class="numLine"> 103</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 104</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 105</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 106</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Get the identity of the current user. This uses {@code ex} to identify the</span></pre></td></tr> |
| <tr> <td class="numLine"> 107</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * user, but does not do any modification of the exchange.</span></pre></td></tr> |
| <tr> <td class="numLine"> 108</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 109</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * @return the identity of the user, or {@code null} if the user is not</span></pre></td></tr> |
| <tr> <td class="numLine"> 110</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * currently authenticated</span></pre></td></tr> |
| <tr> <td class="numLine"> 111</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 112</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> AuthnIdentity getUserIdentity(HttpExchange ex) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 113</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> Session session = sessionManager.getSession(ex, <span class="keyword">false</span>);</pre></td></tr> |
| <tr> <td class="numLineCover"> 114</td> <td class="nbHitsCovered"><a title="Line 114: Conditional coverage 100% (2/2)."> 15</a></td> <td class="src"><pre class="src"> <a title="Line 114: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (session == <span class="keyword">null</span>) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 115</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">null</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 116</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 117</td> <td class="nbHitsCovered"> 14</td> <td class="src"><pre class="src"> AuthnState authnState</pre></td></tr> |
| <tr> <td class="numLine"> 118</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> = (AuthnState) session.getAttribute(SESSION_STATE_ATTR_NAME);</pre></td></tr> |
| <tr> <td class="numLineCover"> 119</td> <td class="nbHitsCovered"><a title="Line 119: Conditional coverage 100% (4/4) [each condition: 100%, 100%]."> 14</a></td> <td class="src"><pre class="src"> <a title="Line 119: Conditional coverage 100% (4/4) [each condition: 100%, 100%]."> <span class="keyword">if</span> (authnState != <span class="keyword">null</span> && authnState.isAuthenticated()) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 120</td> <td class="nbHitsCovered"> 5</td> <td class="src"><pre class="src"> <span class="keyword">return</span> authnState.getIdentity();</pre></td></tr> |
| <tr> <td class="numLine"> 121</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 122</td> <td class="nbHitsCovered"> 9</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">null</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 123</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 124</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 125</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 126</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Authenticate the user, consuming {@code ex} in the process. This creates a</span></pre></td></tr> |
| <tr> <td class="numLine"> 127</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * SAML Authn Request to the IdP and redirects the user to begin the</span></pre></td></tr> |
| <tr> <td class="numLine"> 128</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * authentication process. At the end of the process, the user will be</span></pre></td></tr> |
| <tr> <td class="numLine"> 129</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * redirected back to the current URL.</span></pre></td></tr> |
| <tr> <td class="numLine"> 130</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> *</span></pre></td></tr> |
| <tr> <td class="numLine"> 131</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * <p>{@link #getAssertionConsumer} must have been properly registered with</span></pre></td></tr> |
| <tr> <td class="numLine"> 132</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * the HTTP server for the operation to complete successfully.</span></pre></td></tr> |
| <tr> <td class="numLine"> 133</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 134</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">void</span> handleAuthentication(HttpExchange ex) <span class="keyword">throws</span> IOException {</pre></td></tr> |
| <tr> <td class="numLineCover"> 135</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> String requestMethod = ex.getRequestMethod();</pre></td></tr> |
| <tr> <td class="numLineCover"> 136</td> <td class="nbHitsCovered"><a title="Line 136: Conditional coverage 100% (4/4) [each condition: 100%, 100%]."> 4</a></td> <td class="src"><pre class="src"> <a title="Line 136: Conditional coverage 100% (4/4) [each condition: 100%, 100%]."> <span class="keyword">if</span> (!<span class="string">"GET"</span>.equals(requestMethod) && !<span class="string">"HEAD"</span>.equals(requestMethod)) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 137</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> HttpExchanges.cannedRespond(ex, HttpURLConnection.HTTP_BAD_METHOD,</pre></td></tr> |
| <tr> <td class="numLine"> 138</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> Translation.HTTP_BAD_METHOD);</pre></td></tr> |
| <tr> <td class="numLineCover"> 139</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">return</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 140</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 141</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 142</td> <td class="nbHitsCovered"> 3</td> <td class="src"><pre class="src"> Session session = sessionManager.getSession(ex);</pre></td></tr> |
| <tr> <td class="numLineCover"> 143</td> <td class="nbHitsCovered"> 3</td> <td class="src"><pre class="src"> AuthnState authnState = (AuthnState) session.getAttribute(</pre></td></tr> |
| <tr> <td class="numLine"> 144</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> SESSION_STATE_ATTR_NAME);</pre></td></tr> |
| <tr> <td class="numLineCover"> 145</td> <td class="nbHitsCovered"><a title="Line 145: Conditional coverage 100% (2/2)."> 3</a></td> <td class="src"><pre class="src"> <a title="Line 145: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (authnState == <span class="keyword">null</span>) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 146</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> authnState = <span class="keyword">new</span> AuthnState();</pre></td></tr> |
| <tr> <td class="numLineCover"> 147</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> session.setAttribute(SESSION_STATE_ATTR_NAME, authnState);</pre></td></tr> |
| <tr> <td class="numLine"> 148</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 149</td> <td class="nbHitsCovered"> 3</td> <td class="src"><pre class="src"> SamlClient client =</pre></td></tr> |
| <tr> <td class="numLine"> 150</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">new</span> SamlClient(</pre></td></tr> |
| <tr> <td class="numLine"> 151</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> metadata.getLocalEntity(),</pre></td></tr> |
| <tr> <td class="numLine"> 152</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> metadata.getPeerEntity(),</pre></td></tr> |
| <tr> <td class="numLine"> 153</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="string">"GSA Adaptor"</span>,</pre></td></tr> |
| <tr> <td class="numLine"> 154</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> cred,</pre></td></tr> |
| <tr> <td class="numLine"> 155</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> httpClient);</pre></td></tr> |
| <tr> <td class="numLineCover"> 156</td> <td class="nbHitsCovered"> 3</td> <td class="src"><pre class="src"> authnState.startAttempt(client, HttpExchanges.getRequestUri(ex));</pre></td></tr> |
| <tr> <td class="numLineCover"> 157</td> <td class="nbHitsCovered"> 3</td> <td class="src"><pre class="src"> client.sendAuthnRequest(<span class="keyword">new</span> HttpExchangeOutTransportAdapter(ex, <span class="keyword">true</span>));</pre></td></tr> |
| <tr> <td class="numLineCover"> 158</td> <td class="nbHitsCovered"> 3</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 159</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 160</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 161</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * A servlet that implements the SAML "assertion consumer" role for SAML</span></pre></td></tr> |
| <tr> <td class="numLine"> 162</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * credentials gathering. Once the client has been authenticated with the GSA,</span></pre></td></tr> |
| <tr> <td class="numLine"> 163</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * the SSO service will redirect the client to us and include a SAML response.</span></pre></td></tr> |
| <tr> <td class="numLine"> 164</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * This {@code Handler} interprets the response and updates our knowledge</span></pre></td></tr> |
| <tr> <td class="numLine"> 165</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * about the client, followed by redirecting the client back to the original</span></pre></td></tr> |
| <tr> <td class="numLine"> 166</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * page they tried to visit.</span></pre></td></tr> |
| <tr> <td class="numLine"> 167</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 168</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">class</span> AssertionConsumerHandler <span class="keyword">implements</span> HttpHandler {</pre></td></tr> |
| <tr> <td class="numLineCover"> 169</td> <td class="nbHitsCovered"> 18</td> <td class="src"><pre class="src"> <span class="keyword">public</span> AssertionConsumerHandler() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 170</td> <td class="nbHitsCovered"> 18</td> <td class="src"><pre class="src"> SecurityManagerConfig.load();</pre></td></tr> |
| <tr> <td class="numLineCover"> 171</td> <td class="nbHitsCovered"> 18</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 172</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 173</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> @Override</pre></td></tr> |
| <tr> <td class="numLine"> 174</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">void</span> handle(HttpExchange ex) <span class="keyword">throws</span> IOException {</pre></td></tr> |
| <tr> <td class="numLineCover"> 175</td> <td class="nbHitsCovered"> 10</td> <td class="src"><pre class="src"> String requestMethod = ex.getRequestMethod();</pre></td></tr> |
| <tr> <td class="numLineCover"> 176</td> <td class="nbHitsCovered"><a title="Line 176: Conditional coverage 100% (2/2)."> 10</a></td> <td class="src"><pre class="src"> <a title="Line 176: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (!<span class="string">"GET"</span>.equals(requestMethod)) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 177</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> HttpExchanges.cannedRespond(ex, HttpURLConnection.HTTP_BAD_METHOD,</pre></td></tr> |
| <tr> <td class="numLine"> 178</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> Translation.HTTP_BAD_METHOD);</pre></td></tr> |
| <tr> <td class="numLineCover"> 179</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">return</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 180</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 181</td> <td class="nbHitsCovered"> 9</td> <td class="src"><pre class="src"> Session session = sessionManager.getSession(ex);</pre></td></tr> |
| <tr> <td class="numLineCover"> 182</td> <td class="nbHitsCovered"> 9</td> <td class="src"><pre class="src"> AuthnState authnState = (AuthnState) session.getAttribute(</pre></td></tr> |
| <tr> <td class="numLine"> 183</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> SESSION_STATE_ATTR_NAME);</pre></td></tr> |
| <tr> <td class="numLineCover"> 184</td> <td class="nbHitsCovered"><a title="Line 184: Conditional coverage 100% (2/2)."> 9</a></td> <td class="src"><pre class="src"> <a title="Line 184: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (authnState == <span class="keyword">null</span>) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 185</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> HttpExchanges.cannedRespond(ex, HttpURLConnection.HTTP_CONFLICT,</pre></td></tr> |
| <tr> <td class="numLine"> 186</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> Translation.AUTHN_UNKNOWN_SESSION);</pre></td></tr> |
| <tr> <td class="numLineCover"> 187</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">return</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 188</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 189</td> <td class="nbHitsCovered"><a title="Line 189: Conditional coverage 100% (2/2)."> 8</a></td> <td class="src"><pre class="src"> <a title="Line 189: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (authnState.isAuthenticated()) {</a></pre></td></tr> |
| <tr> <td class="numLine"> 190</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// TODO(ejona): keep track of each request, so that we can redirect here</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 191</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> HttpExchanges.cannedRespond(ex, HttpURLConnection.HTTP_CONFLICT,</pre></td></tr> |
| <tr> <td class="numLine"> 192</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> Translation.AUTHN_RETRY);</pre></td></tr> |
| <tr> <td class="numLineCover"> 193</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">return</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 194</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 195</td> <td class="nbHitsCovered"> 7</td> <td class="src"><pre class="src"> SamlClient client = authnState.getSamlClient();</pre></td></tr> |
| <tr> <td class="numLineCover"> 196</td> <td class="nbHitsCovered"> 7</td> <td class="src"><pre class="src"> URI origUri = authnState.getOriginalUri();</pre></td></tr> |
| <tr> <td class="numLineCover"> 197</td> <td class="nbHitsUncovered"><a title="Line 197: Conditional coverage 75% (3/4) [each condition: 100%, 50%]."> 7</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 197: Conditional coverage 75% (3/4) [each condition: 100%, 50%]."> <span class="keyword">if</span> (client == <span class="keyword">null</span> || origUri == <span class="keyword">null</span>) {</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 198</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> HttpExchanges.cannedRespond(ex, HttpURLConnection.HTTP_INTERNAL_ERROR,</pre></td></tr> |
| <tr> <td class="numLine"> 199</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> Translation.AUTHN_NOT_STARTED);</pre></td></tr> |
| <tr> <td class="numLineCover"> 200</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">return</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 201</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 202</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">boolean</span> authnSuccess;</pre></td></tr> |
| <tr> <td class="numLine"> 203</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// GET implies the assertion is being sent with the artifact binding.</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 204</td> <td class="nbHitsCovered"> 6</td> <td class="src"><pre class="src"> log.info(<span class="string">"Received assertion via artifact binding"</span>);</pre></td></tr> |
| <tr> <td class="numLineCover"> 205</td> <td class="nbHitsCovered"> 6</td> <td class="src"><pre class="src"> Response samlResponse = client.decodeArtifactResponse(</pre></td></tr> |
| <tr> <td class="numLine"> 206</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> HttpExchanges.getRequestUri(ex),</pre></td></tr> |
| <tr> <td class="numLine"> 207</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">new</span> HttpExchangeInTransportAdapter(ex));</pre></td></tr> |
| <tr> <td class="numLineCover"> 208</td> <td class="nbHitsCovered"> 6</td> <td class="src"><pre class="src"> authnSuccess = consumeAssertion(client, samlResponse,</pre></td></tr> |
| <tr> <td class="numLine"> 209</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> client.getArtifactAssertionConsumerService().getLocation(),</pre></td></tr> |
| <tr> <td class="numLine"> 210</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> authnState);</pre></td></tr> |
| <tr> <td class="numLine"> 211</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 212</td> <td class="nbHitsCovered"><a title="Line 212: Conditional coverage 100% (2/2)."> 6</a></td> <td class="src"><pre class="src"> <a title="Line 212: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (authnSuccess) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 213</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> HttpExchanges.sendRedirect(ex, origUri); </pre></td></tr> |
| <tr> <td class="numLine"> 214</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> } <span class="keyword">else</span> {</pre></td></tr> |
| <tr> <td class="numLineCover"> 215</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> HttpExchanges.cannedRespond(ex, HttpURLConnection.HTTP_FORBIDDEN,</pre></td></tr> |
| <tr> <td class="numLine"> 216</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> Translation.HTTP_FORBIDDEN_AUTHN_FAILURE);</pre></td></tr> |
| <tr> <td class="numLine"> 217</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 218</td> <td class="nbHitsCovered"> 6</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 219</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 220</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">boolean</span> consumeAssertion(SamlClient client, Response samlResponse,</pre></td></tr> |
| <tr> <td class="numLine"> 221</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> String recipient, AuthnState authnState) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 222</td> <td class="nbHitsCovered"><a title="Line 222: Conditional coverage 100% (2/2)."> 6</a></td> <td class="src"><pre class="src"> <a title="Line 222: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (samlResponse == <span class="keyword">null</span>) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 223</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> log.warning(<span class="string">"SAML response is missing"</span>);</pre></td></tr> |
| <tr> <td class="numLineCover"> 224</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> authnState.failAttempt();</pre></td></tr> |
| <tr> <td class="numLineCover"> 225</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">false</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 226</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 227</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 228</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// "some session id" is trash that is used for logging in the</span></pre></td></tr> |
| <tr> <td class="numLine"> 229</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// ResponseParser. We have no need for it, but we need to provide a value.</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 230</td> <td class="nbHitsCovered"> 5</td> <td class="src"><pre class="src"> ResponseParser parser = ResponseParser.make(</pre></td></tr> |
| <tr> <td class="numLine"> 231</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> client, recipient, samlResponse, <span class="string">"some session id"</span>);</pre></td></tr> |
| <tr> <td class="numLineCover"> 232</td> <td class="nbHitsCovered"><a title="Line 232: Conditional coverage 100% (2/2)."> 5</a></td> <td class="src"><pre class="src"> <a title="Line 232: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (!parser.isResponseValid()) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 233</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> log.warning(<span class="string">"SAML response is invalid"</span>);</pre></td></tr> |
| <tr> <td class="numLineCover"> 234</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> authnState.failAttempt();</pre></td></tr> |
| <tr> <td class="numLineCover"> 235</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">false</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 236</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 237</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 238</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> String code = parser.getResponseStatus();</pre></td></tr> |
| <tr> <td class="numLineCover"> 239</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> log.log(Level.INFO, <span class="string">"status code = {0}"</span>, <span class="keyword">new</span> Object[] {code});</pre></td></tr> |
| <tr> <td class="numLineCover"> 240</td> <td class="nbHitsCovered"><a title="Line 240: Conditional coverage 100% (2/2)."> 4</a></td> <td class="src"><pre class="src"> <a title="Line 240: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (!code.equals(StatusCode.SUCCESS_URI)) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 241</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> log.log(Level.WARNING, <span class="string">"SAML IdP failed to resolve: {0}"</span>,</pre></td></tr> |
| <tr> <td class="numLine"> 242</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">new</span> Object[] {code});</pre></td></tr> |
| <tr> <td class="numLineCover"> 243</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> authnState.failAttempt();</pre></td></tr> |
| <tr> <td class="numLineCover"> 244</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">false</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 245</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 246</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 247</td> <td class="nbHitsCovered"><a title="Line 247: Conditional coverage 100% (2/2)."> 3</a></td> <td class="src"><pre class="src"> <a title="Line 247: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (!parser.areAssertionsValid()) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 248</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> log.warning(<span class="string">"One or more SAML assertions are invalid"</span>);</pre></td></tr> |
| <tr> <td class="numLineCover"> 249</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> authnState.failAttempt();</pre></td></tr> |
| <tr> <td class="numLineCover"> 250</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">false</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 251</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 252</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> String subjectName = parser.getSubject();</pre></td></tr> |
| <tr> <td class="numLineCover"> 253</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> Set<String> groups = <span class="keyword">null</span>;</pre></td></tr> |
| <tr> <td class="numLineCover"> 254</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> String password = <span class="keyword">null</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 255</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 256</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> ExportedState state = parser.getExportedState();</pre></td></tr> |
| <tr> <td class="numLineCover"> 257</td> <td class="nbHitsCovered"><a title="Line 257: Conditional coverage 100% (2/2)."> 2</a></td> <td class="src"><pre class="src"> <a title="Line 257: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (state != <span class="keyword">null</span>) {</a></pre></td></tr> |
| <tr> <td class="numLine"> 258</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// Groups is also available via parser.getGroups, but this handles the</span></pre></td></tr> |
| <tr> <td class="numLine"> 259</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">// state == null case more appropriately for our usage.</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 260</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> groups = state.getPviCredentials().getGroups();</pre></td></tr> |
| <tr> <td class="numLineCover"> 261</td> <td class="nbHitsCovered"> 1</td> <td class="src"><pre class="src"> password = state.getPviCredentials().getPassword();</pre></td></tr> |
| <tr> <td class="numLine"> 262</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLineCover"> 263</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> DateTime expirationDateTime = parser.getExpirationTime();</pre></td></tr> |
| <tr> <td class="numLineCover"> 264</td> <td class="nbHitsUncovered"><a title="Line 264: Conditional coverage 50% (1/2)."> 2</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 264: Conditional coverage 50% (1/2)."> <span class="keyword">long</span> expirationTime = (expirationDateTime == <span class="keyword">null</span>)</a></span></pre></td></tr> |
| <tr> <td class="numLine"> 265</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> ? Long.MAX_VALUE : expirationDateTime.getMillis();</pre></td></tr> |
| <tr> <td class="numLineCover"> 266</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> log.log(Level.INFO, <span class="string">"SAML subject {0} verified {1}"</span>,</pre></td></tr> |
| <tr> <td class="numLine"> 267</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">new</span> Object[] {subjectName, <span class="keyword">new</span> Date(expirationTime)});</pre></td></tr> |
| <tr> <td class="numLineCover"> 268</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> AuthnIdentity identity = <span class="keyword">new</span> AuthnIdentityImpl</pre></td></tr> |
| <tr> <td class="numLine"> 269</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> .Builder(<span class="keyword">new</span> UserPrincipal(subjectName))</pre></td></tr> |
| <tr> <td class="numLine"> 270</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> .setGroups(GroupPrincipal.makeSet(groups))</pre></td></tr> |
| <tr> <td class="numLine"> 271</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> .setPassword(password).build();</pre></td></tr> |
| <tr> <td class="numLineCover"> 272</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> authnState.authenticated(identity, expirationTime);</pre></td></tr> |
| <tr> <td class="numLineCover"> 273</td> <td class="nbHitsCovered"> 2</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">true</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 274</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 275</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 276</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 277</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/**</span></pre></td></tr> |
| <tr> <td class="numLine"> 278</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * Current state of an authentication attempt. It can represent a pending</span></pre></td></tr> |
| <tr> <td class="numLine"> 279</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> * authentication attempt or a completed authentication.</span></pre></td></tr> |
| <tr> <td class="numLine"> 280</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment"> */</span></pre></td></tr> |
| <tr> <td class="numLine"> 281</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> @VisibleForTesting</pre></td></tr> |
| <tr> <td class="numLineCover"> 282</td> <td class="nbHitsCovered"> 11</td> <td class="src"><pre class="src"> <span class="keyword">static</span> <span class="keyword">class</span> AuthnState {</pre></td></tr> |
| <tr> <td class="numLine"> 283</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/** Client used for pending authn attempt. */</span></pre></td></tr> |
| <tr> <td class="numLine"> 284</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> SamlClient client;</pre></td></tr> |
| <tr> <td class="numLine"> 285</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/** Original URL that was accessed that caused this authn attempt. */</span></pre></td></tr> |
| <tr> <td class="numLine"> 286</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> URI originalUri;</pre></td></tr> |
| <tr> <td class="numLine"> 287</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/** Successfully authned identity for the user. */</span></pre></td></tr> |
| <tr> <td class="numLine"> 288</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> AuthnIdentity identity;</pre></td></tr> |
| <tr> <td class="numLine"> 289</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="comment">/** Time in milliseconds that authentication information expires */</span></pre></td></tr> |
| <tr> <td class="numLine"> 290</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">long</span> expirationTimeMillis;</pre></td></tr> |
| <tr> <td class="numLine"> 291</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 292</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">void</span> startAttempt(SamlClient client, URI originalUri) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 293</td> <td class="nbHitsCovered"> 10</td> <td class="src"><pre class="src"> expirationTimeMillis = 0;</pre></td></tr> |
| <tr> <td class="numLineCover"> 294</td> <td class="nbHitsCovered"> 10</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.client = client;</pre></td></tr> |
| <tr> <td class="numLineCover"> 295</td> <td class="nbHitsCovered"> 10</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.originalUri = originalUri;</pre></td></tr> |
| <tr> <td class="numLineCover"> 296</td> <td class="nbHitsCovered"> 10</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 297</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 298</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">void</span> failAttempt() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 299</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> clearAttempt();</pre></td></tr> |
| <tr> <td class="numLineCover"> 300</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 301</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 302</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">private</span> <span class="keyword">void</span> clearAttempt() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 303</td> <td class="nbHitsCovered"> 8</td> <td class="src"><pre class="src"> client = <span class="keyword">null</span>;</pre></td></tr> |
| <tr> <td class="numLineCover"> 304</td> <td class="nbHitsCovered"> 8</td> <td class="src"><pre class="src"> originalUri = <span class="keyword">null</span>;</pre></td></tr> |
| <tr> <td class="numLineCover"> 305</td> <td class="nbHitsCovered"> 8</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 306</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 307</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">void</span> authenticated(AuthnIdentity identity,</pre></td></tr> |
| <tr> <td class="numLine"> 308</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">long</span> expirationTimeMillis) {</pre></td></tr> |
| <tr> <td class="numLineCover"> 309</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> clearAttempt();</pre></td></tr> |
| <tr> <td class="numLineCover"> 310</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.identity = identity;</pre></td></tr> |
| <tr> <td class="numLineCover"> 311</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> <span class="keyword">this</span>.expirationTimeMillis = expirationTimeMillis;</pre></td></tr> |
| <tr> <td class="numLineCover"> 312</td> <td class="nbHitsCovered"> 4</td> <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 313</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 314</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> <span class="keyword">boolean</span> isAuthenticated() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 315</td> <td class="nbHitsCovered"><a title="Line 315: Conditional coverage 100% (2/2)."> 21</a></td> <td class="src"><pre class="src"> <a title="Line 315: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (expirationTimeMillis == 0) {</a></pre></td></tr> |
| <tr> <td class="numLineCover"> 316</td> <td class="nbHitsCovered"> 15</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">false</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 317</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 318</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 319</td> <td class="nbHitsUncovered"><a title="Line 319: Conditional coverage 50% (1/2)."> 6</a></td> <td class="src"><pre class="src"><span class="srcUncovered"> <a title="Line 319: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (System.currentTimeMillis() > expirationTimeMillis) {</a></span></pre></td></tr> |
| <tr> <td class="numLineCover"> 320</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> expirationTimeMillis = 0;</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 321</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> identity = <span class="keyword">null</span>;</span></pre></td></tr> |
| <tr> <td class="numLineCover"> 322</td> <td class="nbHitsUncovered"> 0</td> <td class="src"><pre class="src"><span class="srcUncovered"> <span class="keyword">return</span> <span class="keyword">false</span>;</span></pre></td></tr> |
| <tr> <td class="numLine"> 323</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 324</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLineCover"> 325</td> <td class="nbHitsCovered"> 6</td> <td class="src"><pre class="src"> <span class="keyword">return</span> <span class="keyword">true</span>;</pre></td></tr> |
| <tr> <td class="numLine"> 326</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 327</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 328</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> SamlClient getSamlClient() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 329</td> <td class="nbHitsCovered"> 7</td> <td class="src"><pre class="src"> <span class="keyword">return</span> client;</pre></td></tr> |
| <tr> <td class="numLine"> 330</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 331</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 332</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> URI getOriginalUri() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 333</td> <td class="nbHitsCovered"> 7</td> <td class="src"><pre class="src"> <span class="keyword">return</span> originalUri;</pre></td></tr> |
| <tr> <td class="numLine"> 334</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 335</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> </pre></td></tr> |
| <tr> <td class="numLine"> 336</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> <span class="keyword">public</span> AuthnIdentity getIdentity() {</pre></td></tr> |
| <tr> <td class="numLineCover"> 337</td> <td class="nbHitsCovered"> 5</td> <td class="src"><pre class="src"> <span class="keyword">return</span> identity;</pre></td></tr> |
| <tr> <td class="numLine"> 338</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 339</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| <tr> <td class="numLine"> 340</td> <td class="nbHits"> </td> |
| <td class="src"><pre class="src"> }</pre></td></tr> |
| </table> |
| |
| <div class="footer">Report generated by <a href="http://cobertura.sourceforge.net/" target="_top">Cobertura</a> 1.9.4.1.</div> |
| </body> |
| </html> |