Google Git
Sign in
code / plexi / hourly / cd3a62bafdedcf109d4de037b0edea2e61236c03 / . / coverage / com.google.enterprise.adaptor.SamlServiceProvider.html
blob: 8aa627aa664eed748677721d1ec23aff12efea34 [file] [log] [blame]
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<title>Coverage Report</title>
<link title="Style" type="text/css" rel="stylesheet" href="css/main.css"/>
<script type="text/javascript" src="js/popup.js"></script>
</head>
<body>
<h5>Coverage Report - com.google.enterprise.adaptor.SamlServiceProvider</h5>
<div class="separator">&nbsp;</div>
<table class="report">
<thead><tr> <td class="heading">Classes in this File</td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Line Coverage</a></td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Branch Coverage</a></td> <td class="heading"><a class="dfn" href="help.html" onclick="popupwindow('help.html'); return false;">Complexity</a></td></tr></thead>
<tr><td><a href="com.google.enterprise.adaptor.SamlServiceProvider.html">SamlServiceProvider</a></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">1</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:97px"><span class="text">33/34</span></div></div></td></tr></table></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">3</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:85px"><span class="text">17/20</span></div></div></td></tr></table></td><td class="value"><span class="hidden">3.375;</span>3.375</td></tr>
<tr><td><a href="com.google.enterprise.adaptor.SamlServiceProvider.html">SamlServiceProvider$AssertionConsumerHandler</a></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">0</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:100px"><span class="text">59/59</span></div></div></td></tr></table></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">2</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:91px"><span class="text">22/24</span></div></div></td></tr></table></td><td class="value"><span class="hidden">3.375;</span>3.375</td></tr>
<tr><td><a href="com.google.enterprise.adaptor.SamlServiceProvider.html">SamlServiceProvider$AuthnState</a></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">3</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:87px"><span class="text">21/24</span></div></div></td></tr></table></td><td><table cellpadding="0px" cellspacing="0px" class="percentgraph"><tr class="percentgraph"><td align="right" class="percentgraph" width="40">1</td><td class="percentgraph"><div class="percentgraph"><div class="greenbar" style="width:75px"><span class="text">3/4</span></div></div></td></tr></table></td><td class="value"><span class="hidden">3.375;</span>3.375</td></tr>
</table>
<div class="separator">&nbsp;</div>
<table cellspacing="0" cellpadding="0" class="src">
<tr> <td class="numLine">&nbsp;1</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">// Copyright 2013 Google Inc. All Rights Reserved.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;2</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;3</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">// Licensed under the Apache License, Version 2.0 (the "License");</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;4</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">// you may not use this file except in compliance with the License.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;5</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">// You may obtain a copy of the License at</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;6</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;7</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">// http://www.apache.org/licenses/LICENSE-2.0</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;8</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">//</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;9</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">// Unless required by applicable law or agreed to in writing, software</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;10</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">// distributed under the License is distributed on an "AS IS" BASIS,</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;11</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;12</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">// See the License for the specific language governing permissions and</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;13</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">// limitations under the License.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;14</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;15</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">package</span> com.google.enterprise.adaptor;</pre></td></tr>
<tr> <td class="numLine">&nbsp;16</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;17</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> com.google.common.annotations.VisibleForTesting;</pre></td></tr>
<tr> <td class="numLine">&nbsp;18</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> com.google.enterprise.adaptor.secmgr.authncontroller.ExportedState;</pre></td></tr>
<tr> <td class="numLine">&nbsp;19</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> com.google.enterprise.adaptor.secmgr.http.HttpClientInterface;</pre></td></tr>
<tr> <td class="numLine">&nbsp;20</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> com.google.enterprise.adaptor.secmgr.modules.SamlClient;</pre></td></tr>
<tr> <td class="numLine">&nbsp;21</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> com.google.enterprise.adaptor.secmgr.servlets.ResponseParser;</pre></td></tr>
<tr> <td class="numLine">&nbsp;22</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;23</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> com.sun.net.httpserver.HttpExchange;</pre></td></tr>
<tr> <td class="numLine">&nbsp;24</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> com.sun.net.httpserver.HttpHandler;</pre></td></tr>
<tr> <td class="numLine">&nbsp;25</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;26</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> org.joda.time.DateTime;</pre></td></tr>
<tr> <td class="numLine">&nbsp;27</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> org.opensaml.saml2.core.Response;</pre></td></tr>
<tr> <td class="numLine">&nbsp;28</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> org.opensaml.saml2.core.StatusCode;</pre></td></tr>
<tr> <td class="numLine">&nbsp;29</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> org.opensaml.xml.security.SecurityHelper;</pre></td></tr>
<tr> <td class="numLine">&nbsp;30</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> org.opensaml.xml.security.credential.Credential;</pre></td></tr>
<tr> <td class="numLine">&nbsp;31</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;32</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> java.io.IOException;</pre></td></tr>
<tr> <td class="numLine">&nbsp;33</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> java.net.HttpURLConnection;</pre></td></tr>
<tr> <td class="numLine">&nbsp;34</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> java.net.URI;</pre></td></tr>
<tr> <td class="numLine">&nbsp;35</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> java.security.KeyPair;</pre></td></tr>
<tr> <td class="numLine">&nbsp;36</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> java.util.Date;</pre></td></tr>
<tr> <td class="numLine">&nbsp;37</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> java.util.Set;</pre></td></tr>
<tr> <td class="numLine">&nbsp;38</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> java.util.logging.Level;</pre></td></tr>
<tr> <td class="numLine">&nbsp;39</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="keyword">import</span> java.util.logging.Logger;</pre></td></tr>
<tr> <td class="numLine">&nbsp;40</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;41</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;42</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * Provides the ability to send SAML authn requests and receive the responses.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;43</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> *</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;44</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * &lt;p&gt;This functions in the Service Provider (SP) role in SAML. A SP is simply</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;45</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * the site that the user was trying to use (it provides a service to the user).</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;46</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * The SP sends the user to an Identity Provider (IdP) to be authenticated.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;47</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;48</td> <td class="nbHitsCovered">&nbsp;25</td> <td class="src"><pre class="src">&nbsp;<span class="keyword">class</span> SamlServiceProvider {</pre></td></tr>
<tr> <td class="numLine">&nbsp;49</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; @VisibleForTesting</pre></td></tr>
<tr> <td class="numLine">&nbsp;50</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">static</span> <span class="keyword">final</span> String SESSION_STATE_ATTR_NAME = <span class="string">"authnState"</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;51</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;52</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">private</span> <span class="keyword">static</span> <span class="keyword">final</span> Logger log = Logger.getLogger(</pre></td></tr>
<tr> <td class="numLine">&nbsp;53</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; SamlServiceProvider.<span class="keyword">class</span>.getName());</pre></td></tr>
<tr> <td class="numLine">&nbsp;54</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;55</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;56</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * Manager that handles keeping track of users attempting to authenticate.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;57</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;58</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">private</span> <span class="keyword">final</span> SessionManager&lt;HttpExchange&gt; sessionManager;</pre></td></tr>
<tr> <td class="numLine">&nbsp;59</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/** SAML configuration of endpoints. */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;60</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">private</span> <span class="keyword">final</span> SamlMetadata metadata;</pre></td></tr>
<tr> <td class="numLine">&nbsp;61</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/** Credentials to use to sign messages. */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;62</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">private</span> <span class="keyword">final</span> Credential cred;</pre></td></tr>
<tr> <td class="numLine">&nbsp;63</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;64</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * Http client implementation that {@code SamlClient} will use to send</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;65</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * requests directly to the GSA, for resolving SAML artifacts.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;66</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;67</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">private</span> <span class="keyword">final</span> HttpClientInterface httpClient;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;68</td> <td class="nbHitsCovered">&nbsp;18</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">private</span> <span class="keyword">final</span> AssertionConsumerHandler assertionConsumer</pre></td></tr>
<tr> <td class="numLine">&nbsp;69</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; = <span class="keyword">new</span> AssertionConsumerHandler();</pre></td></tr>
<tr> <td class="numLine">&nbsp;70</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;71</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;72</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * @param sessionManager manager for storing session state, like authn</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;73</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * results</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;74</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * @param metadata SAML configuration of endpoints</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;75</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * @param keyAlias alias in keystore that contains the key for signing</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;76</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * messages</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;77</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;78</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> SamlServiceProvider(SessionManager&lt;HttpExchange&gt; sessionManager,</pre></td></tr>
<tr> <td class="numLine">&nbsp;79</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; SamlMetadata metadata, KeyPair key) {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;80</td> <td class="nbHitsCovered">&nbsp;4</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">this</span>(sessionManager, metadata, key, <span class="keyword">new</span> HttpClientAdapter());</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;81</td> <td class="nbHitsCovered">&nbsp;4</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;82</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;83</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; @VisibleForTesting</pre></td></tr>
<tr> <td class="numLine">&nbsp;84</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; SamlServiceProvider(SessionManager&lt;HttpExchange&gt; sessionManager,</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;85</td> <td class="nbHitsCovered">&nbsp;18</td> <td class="src"><pre class="src">&nbsp; SamlMetadata metadata, KeyPair key, HttpClientInterface httpClient) {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;86</td> <td class="nbHitsUncovered"><a title="Line 86: Conditional coverage 50% (3/6) [each condition: 50%, 50%, 50%].">&nbsp;18</a></td> <td class="src"><pre class="src"><span class="srcUncovered">&nbsp;<a title="Line 86: Conditional coverage 50% (3/6) [each condition: 50%, 50%, 50%]."> <span class="keyword">if</span> (metadata == <span class="keyword">null</span> || sessionManager == <span class="keyword">null</span> || httpClient == <span class="keyword">null</span>) {</a></span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;87</td> <td class="nbHitsUncovered">&nbsp;0</td> <td class="src"><pre class="src"><span class="srcUncovered">&nbsp; <span class="keyword">throw</span> <span class="keyword">new</span> NullPointerException();</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;88</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;89</td> <td class="nbHitsCovered">&nbsp;18</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">this</span>.sessionManager = sessionManager;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;90</td> <td class="nbHitsCovered">&nbsp;18</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">this</span>.metadata = metadata;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;91</td> <td class="nbHitsCovered"><a title="Line 91: Conditional coverage 100% (2/2).">&nbsp;18</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 91: Conditional coverage 100% (2/2)."> <span class="keyword">this</span>.cred = (key == <span class="keyword">null</span>) ? <span class="keyword">null</span></a></pre></td></tr>
<tr> <td class="numLine">&nbsp;92</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; : SecurityHelper.getSimpleCredential(key.getPublic(),</pre></td></tr>
<tr> <td class="numLine">&nbsp;93</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; key.getPrivate());</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;94</td> <td class="nbHitsCovered">&nbsp;18</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">this</span>.httpClient = httpClient;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;95</td> <td class="nbHitsCovered">&nbsp;18</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;96</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;97</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;98</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * Consumer of authentication responses. It must be registered as a handler</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;99</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * with the HTTP server with the same path as defined in the SamlMetadata.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;100</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;101</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> HttpHandler getAssertionConsumer() {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;102</td> <td class="nbHitsCovered">&nbsp;11</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> assertionConsumer;</pre></td></tr>
<tr> <td class="numLine">&nbsp;103</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;104</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;105</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;106</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * Get the identity of the current user. This uses {@code ex} to identify the</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;107</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * user, but does not do any modification of the exchange.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;108</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> *</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;109</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * @return the identity of the user, or {@code null} if the user is not</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;110</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * currently authenticated</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;111</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;112</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> AuthnIdentity getUserIdentity(HttpExchange ex) {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;113</td> <td class="nbHitsCovered">&nbsp;15</td> <td class="src"><pre class="src">&nbsp; Session session = sessionManager.getSession(ex, <span class="keyword">false</span>);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;114</td> <td class="nbHitsCovered"><a title="Line 114: Conditional coverage 100% (2/2).">&nbsp;15</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 114: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (session == <span class="keyword">null</span>) {</a></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;115</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="keyword">null</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;116</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;117</td> <td class="nbHitsCovered">&nbsp;14</td> <td class="src"><pre class="src">&nbsp; AuthnState authnState</pre></td></tr>
<tr> <td class="numLine">&nbsp;118</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; = (AuthnState) session.getAttribute(SESSION_STATE_ATTR_NAME);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;119</td> <td class="nbHitsCovered"><a title="Line 119: Conditional coverage 100% (4/4) [each condition: 100%, 100%].">&nbsp;14</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 119: Conditional coverage 100% (4/4) [each condition: 100%, 100%]."> <span class="keyword">if</span> (authnState != <span class="keyword">null</span> &amp;&amp; authnState.isAuthenticated()) {</a></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;120</td> <td class="nbHitsCovered">&nbsp;5</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> authnState.getIdentity();</pre></td></tr>
<tr> <td class="numLine">&nbsp;121</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;122</td> <td class="nbHitsCovered">&nbsp;9</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="keyword">null</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;123</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;124</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;125</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;126</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * Authenticate the user, consuming {@code ex} in the process. This creates a</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;127</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * SAML Authn Request to the IdP and redirects the user to begin the</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;128</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * authentication process. At the end of the process, the user will be</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;129</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * redirected back to the current URL.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;130</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> *</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;131</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * &lt;p&gt;{@link #getAssertionConsumer} must have been properly registered with</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;132</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * the HTTP server for the operation to complete successfully.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;133</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;134</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> <span class="keyword">void</span> handleAuthentication(HttpExchange ex) <span class="keyword">throws</span> IOException {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;135</td> <td class="nbHitsCovered">&nbsp;4</td> <td class="src"><pre class="src">&nbsp; String requestMethod = ex.getRequestMethod();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;136</td> <td class="nbHitsCovered"><a title="Line 136: Conditional coverage 100% (4/4) [each condition: 100%, 100%].">&nbsp;4</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 136: Conditional coverage 100% (4/4) [each condition: 100%, 100%]."> <span class="keyword">if</span> (!<span class="string">"GET"</span>.equals(requestMethod) &amp;&amp; !<span class="string">"HEAD"</span>.equals(requestMethod)) {</a></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;137</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; HttpExchanges.cannedRespond(ex, HttpURLConnection.HTTP_BAD_METHOD,</pre></td></tr>
<tr> <td class="numLine">&nbsp;138</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; Translation.HTTP_BAD_METHOD);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;139</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;140</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;141</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;142</td> <td class="nbHitsCovered">&nbsp;3</td> <td class="src"><pre class="src">&nbsp; Session session = sessionManager.getSession(ex);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;143</td> <td class="nbHitsCovered">&nbsp;3</td> <td class="src"><pre class="src">&nbsp; AuthnState authnState = (AuthnState) session.getAttribute(</pre></td></tr>
<tr> <td class="numLine">&nbsp;144</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; SESSION_STATE_ATTR_NAME);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;145</td> <td class="nbHitsCovered"><a title="Line 145: Conditional coverage 100% (2/2).">&nbsp;3</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 145: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (authnState == <span class="keyword">null</span>) {</a></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;146</td> <td class="nbHitsCovered">&nbsp;2</td> <td class="src"><pre class="src">&nbsp; authnState = <span class="keyword">new</span> AuthnState();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;147</td> <td class="nbHitsCovered">&nbsp;2</td> <td class="src"><pre class="src">&nbsp; session.setAttribute(SESSION_STATE_ATTR_NAME, authnState);</pre></td></tr>
<tr> <td class="numLine">&nbsp;148</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;149</td> <td class="nbHitsCovered">&nbsp;3</td> <td class="src"><pre class="src">&nbsp; SamlClient client =</pre></td></tr>
<tr> <td class="numLine">&nbsp;150</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">new</span> SamlClient(</pre></td></tr>
<tr> <td class="numLine">&nbsp;151</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; metadata.getLocalEntity(),</pre></td></tr>
<tr> <td class="numLine">&nbsp;152</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; metadata.getPeerEntity(),</pre></td></tr>
<tr> <td class="numLine">&nbsp;153</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="string">"GSA Adaptor"</span>,</pre></td></tr>
<tr> <td class="numLine">&nbsp;154</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; cred,</pre></td></tr>
<tr> <td class="numLine">&nbsp;155</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; httpClient);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;156</td> <td class="nbHitsCovered">&nbsp;3</td> <td class="src"><pre class="src">&nbsp; authnState.startAttempt(client, HttpExchanges.getRequestUri(ex));</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;157</td> <td class="nbHitsCovered">&nbsp;3</td> <td class="src"><pre class="src">&nbsp; client.sendAuthnRequest(<span class="keyword">new</span> HttpExchangeOutTransportAdapter(ex, <span class="keyword">true</span>));</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;158</td> <td class="nbHitsCovered">&nbsp;3</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;159</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;160</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;161</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * A servlet that implements the SAML "assertion consumer" role for SAML</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;162</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * credentials gathering. Once the client has been authenticated with the GSA,</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;163</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * the SSO service will redirect the client to us and include a SAML response.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;164</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * This {@code Handler} interprets the response and updates our knowledge</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;165</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * about the client, followed by redirecting the client back to the original</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;166</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * page they tried to visit.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;167</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;168</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">private</span> <span class="keyword">class</span> AssertionConsumerHandler <span class="keyword">implements</span> HttpHandler {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;169</td> <td class="nbHitsCovered">&nbsp;18</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> AssertionConsumerHandler() {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;170</td> <td class="nbHitsCovered">&nbsp;18</td> <td class="src"><pre class="src">&nbsp; SecurityManagerConfig.load();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;171</td> <td class="nbHitsCovered">&nbsp;18</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;172</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;173</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; @Override</pre></td></tr>
<tr> <td class="numLine">&nbsp;174</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> <span class="keyword">void</span> handle(HttpExchange ex) <span class="keyword">throws</span> IOException {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;175</td> <td class="nbHitsCovered">&nbsp;10</td> <td class="src"><pre class="src">&nbsp; String requestMethod = ex.getRequestMethod();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;176</td> <td class="nbHitsCovered"><a title="Line 176: Conditional coverage 100% (2/2).">&nbsp;10</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 176: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (!<span class="string">"GET"</span>.equals(requestMethod)) {</a></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;177</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; HttpExchanges.cannedRespond(ex, HttpURLConnection.HTTP_BAD_METHOD,</pre></td></tr>
<tr> <td class="numLine">&nbsp;178</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; Translation.HTTP_BAD_METHOD);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;179</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;180</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;181</td> <td class="nbHitsCovered">&nbsp;9</td> <td class="src"><pre class="src">&nbsp; Session session = sessionManager.getSession(ex);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;182</td> <td class="nbHitsCovered">&nbsp;9</td> <td class="src"><pre class="src">&nbsp; AuthnState authnState = (AuthnState) session.getAttribute(</pre></td></tr>
<tr> <td class="numLine">&nbsp;183</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; SESSION_STATE_ATTR_NAME);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;184</td> <td class="nbHitsCovered"><a title="Line 184: Conditional coverage 100% (2/2).">&nbsp;9</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 184: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (authnState == <span class="keyword">null</span>) {</a></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;185</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; HttpExchanges.cannedRespond(ex, HttpURLConnection.HTTP_CONFLICT,</pre></td></tr>
<tr> <td class="numLine">&nbsp;186</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; Translation.AUTHN_UNKNOWN_SESSION);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;187</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;188</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;189</td> <td class="nbHitsCovered"><a title="Line 189: Conditional coverage 100% (2/2).">&nbsp;8</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 189: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (authnState.isAuthenticated()) {</a></pre></td></tr>
<tr> <td class="numLine">&nbsp;190</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">// TODO(ejona): keep track of each request, so that we can redirect here</span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;191</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; HttpExchanges.cannedRespond(ex, HttpURLConnection.HTTP_CONFLICT,</pre></td></tr>
<tr> <td class="numLine">&nbsp;192</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; Translation.AUTHN_RETRY);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;193</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;194</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;195</td> <td class="nbHitsCovered">&nbsp;7</td> <td class="src"><pre class="src">&nbsp; SamlClient client = authnState.getSamlClient();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;196</td> <td class="nbHitsCovered">&nbsp;7</td> <td class="src"><pre class="src">&nbsp; URI origUri = authnState.getOriginalUri();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;197</td> <td class="nbHitsUncovered"><a title="Line 197: Conditional coverage 75% (3/4) [each condition: 100%, 50%].">&nbsp;7</a></td> <td class="src"><pre class="src"><span class="srcUncovered">&nbsp;<a title="Line 197: Conditional coverage 75% (3/4) [each condition: 100%, 50%]."> <span class="keyword">if</span> (client == <span class="keyword">null</span> || origUri == <span class="keyword">null</span>) {</a></span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;198</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; HttpExchanges.cannedRespond(ex, HttpURLConnection.HTTP_INTERNAL_ERROR,</pre></td></tr>
<tr> <td class="numLine">&nbsp;199</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; Translation.AUTHN_NOT_STARTED);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;200</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;201</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;202</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">boolean</span> authnSuccess;</pre></td></tr>
<tr> <td class="numLine">&nbsp;203</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">// GET implies the assertion is being sent with the artifact binding.</span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;204</td> <td class="nbHitsCovered">&nbsp;6</td> <td class="src"><pre class="src">&nbsp; log.info(<span class="string">"Received assertion via artifact binding"</span>);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;205</td> <td class="nbHitsCovered">&nbsp;6</td> <td class="src"><pre class="src">&nbsp; Response samlResponse = client.decodeArtifactResponse(</pre></td></tr>
<tr> <td class="numLine">&nbsp;206</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; HttpExchanges.getRequestUri(ex),</pre></td></tr>
<tr> <td class="numLine">&nbsp;207</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">new</span> HttpExchangeInTransportAdapter(ex));</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;208</td> <td class="nbHitsCovered">&nbsp;6</td> <td class="src"><pre class="src">&nbsp; authnSuccess = consumeAssertion(client, samlResponse,</pre></td></tr>
<tr> <td class="numLine">&nbsp;209</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; client.getArtifactAssertionConsumerService().getLocation(),</pre></td></tr>
<tr> <td class="numLine">&nbsp;210</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; authnState);</pre></td></tr>
<tr> <td class="numLine">&nbsp;211</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;212</td> <td class="nbHitsCovered"><a title="Line 212: Conditional coverage 100% (2/2).">&nbsp;6</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 212: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (authnSuccess) {</a></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;213</td> <td class="nbHitsCovered">&nbsp;2</td> <td class="src"><pre class="src">&nbsp; HttpExchanges.sendRedirect(ex, origUri); </pre></td></tr>
<tr> <td class="numLine">&nbsp;214</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; } <span class="keyword">else</span> {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;215</td> <td class="nbHitsCovered">&nbsp;4</td> <td class="src"><pre class="src">&nbsp; HttpExchanges.cannedRespond(ex, HttpURLConnection.HTTP_FORBIDDEN,</pre></td></tr>
<tr> <td class="numLine">&nbsp;216</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; Translation.HTTP_FORBIDDEN_AUTHN_FAILURE);</pre></td></tr>
<tr> <td class="numLine">&nbsp;217</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;218</td> <td class="nbHitsCovered">&nbsp;6</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;219</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;220</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">private</span> <span class="keyword">boolean</span> consumeAssertion(SamlClient client, Response samlResponse,</pre></td></tr>
<tr> <td class="numLine">&nbsp;221</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; String recipient, AuthnState authnState) {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;222</td> <td class="nbHitsCovered"><a title="Line 222: Conditional coverage 100% (2/2).">&nbsp;6</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 222: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (samlResponse == <span class="keyword">null</span>) {</a></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;223</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; log.warning(<span class="string">"SAML response is missing"</span>);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;224</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; authnState.failAttempt();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;225</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="keyword">false</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;226</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;227</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;228</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">// "some session id" is trash that is used for logging in the</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;229</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">// ResponseParser. We have no need for it, but we need to provide a value.</span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;230</td> <td class="nbHitsCovered">&nbsp;5</td> <td class="src"><pre class="src">&nbsp; ResponseParser parser = ResponseParser.make(</pre></td></tr>
<tr> <td class="numLine">&nbsp;231</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; client, recipient, samlResponse, <span class="string">"some session id"</span>);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;232</td> <td class="nbHitsCovered"><a title="Line 232: Conditional coverage 100% (2/2).">&nbsp;5</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 232: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (!parser.isResponseValid()) {</a></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;233</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; log.warning(<span class="string">"SAML response is invalid"</span>);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;234</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; authnState.failAttempt();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;235</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="keyword">false</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;236</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;237</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;238</td> <td class="nbHitsCovered">&nbsp;4</td> <td class="src"><pre class="src">&nbsp; String code = parser.getResponseStatus();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;239</td> <td class="nbHitsCovered">&nbsp;4</td> <td class="src"><pre class="src">&nbsp; log.log(Level.INFO, <span class="string">"status code = {0}"</span>, <span class="keyword">new</span> Object[] {code});</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;240</td> <td class="nbHitsCovered"><a title="Line 240: Conditional coverage 100% (2/2).">&nbsp;4</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 240: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (!code.equals(StatusCode.SUCCESS_URI)) {</a></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;241</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; log.log(Level.WARNING, <span class="string">"SAML IdP failed to resolve: {0}"</span>,</pre></td></tr>
<tr> <td class="numLine">&nbsp;242</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">new</span> Object[] {code});</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;243</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; authnState.failAttempt();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;244</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="keyword">false</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;245</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;246</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;247</td> <td class="nbHitsCovered"><a title="Line 247: Conditional coverage 100% (2/2).">&nbsp;3</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 247: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (!parser.areAssertionsValid()) {</a></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;248</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; log.warning(<span class="string">"One or more SAML assertions are invalid"</span>);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;249</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; authnState.failAttempt();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;250</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="keyword">false</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;251</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;252</td> <td class="nbHitsCovered">&nbsp;2</td> <td class="src"><pre class="src">&nbsp; String subjectName = parser.getSubject();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;253</td> <td class="nbHitsCovered">&nbsp;2</td> <td class="src"><pre class="src">&nbsp; Set&lt;String&gt; groups = <span class="keyword">null</span>;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;254</td> <td class="nbHitsCovered">&nbsp;2</td> <td class="src"><pre class="src">&nbsp; String password = <span class="keyword">null</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;255</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;256</td> <td class="nbHitsCovered">&nbsp;2</td> <td class="src"><pre class="src">&nbsp; ExportedState state = parser.getExportedState();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;257</td> <td class="nbHitsCovered"><a title="Line 257: Conditional coverage 100% (2/2).">&nbsp;2</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 257: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (state != <span class="keyword">null</span>) {</a></pre></td></tr>
<tr> <td class="numLine">&nbsp;258</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">// Groups is also available via parser.getGroups, but this handles the</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;259</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">// state == null case more appropriately for our usage.</span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;260</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; groups = state.getPviCredentials().getGroups();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;261</td> <td class="nbHitsCovered">&nbsp;1</td> <td class="src"><pre class="src">&nbsp; password = state.getPviCredentials().getPassword();</pre></td></tr>
<tr> <td class="numLine">&nbsp;262</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;263</td> <td class="nbHitsCovered">&nbsp;2</td> <td class="src"><pre class="src">&nbsp; DateTime expirationDateTime = parser.getExpirationTime();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;264</td> <td class="nbHitsUncovered"><a title="Line 264: Conditional coverage 50% (1/2).">&nbsp;2</a></td> <td class="src"><pre class="src"><span class="srcUncovered">&nbsp;<a title="Line 264: Conditional coverage 50% (1/2)."> <span class="keyword">long</span> expirationTime = (expirationDateTime == <span class="keyword">null</span>)</a></span></pre></td></tr>
<tr> <td class="numLine">&nbsp;265</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; ? Long.MAX_VALUE : expirationDateTime.getMillis();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;266</td> <td class="nbHitsCovered">&nbsp;2</td> <td class="src"><pre class="src">&nbsp; log.log(Level.INFO, <span class="string">"SAML subject {0} verified {1}"</span>,</pre></td></tr>
<tr> <td class="numLine">&nbsp;267</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">new</span> Object[] {subjectName, <span class="keyword">new</span> Date(expirationTime)});</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;268</td> <td class="nbHitsCovered">&nbsp;2</td> <td class="src"><pre class="src">&nbsp; AuthnIdentity identity = <span class="keyword">new</span> AuthnIdentityImpl</pre></td></tr>
<tr> <td class="numLine">&nbsp;269</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; .Builder(<span class="keyword">new</span> UserPrincipal(subjectName))</pre></td></tr>
<tr> <td class="numLine">&nbsp;270</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; .setGroups(GroupPrincipal.makeSet(groups))</pre></td></tr>
<tr> <td class="numLine">&nbsp;271</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; .setPassword(password).build();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;272</td> <td class="nbHitsCovered">&nbsp;2</td> <td class="src"><pre class="src">&nbsp; authnState.authenticated(identity, expirationTime);</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;273</td> <td class="nbHitsCovered">&nbsp;2</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="keyword">true</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;274</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;275</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;276</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;277</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/**</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;278</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * Current state of an authentication attempt. It can represent a pending</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;279</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> * authentication attempt or a completed authentication.</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;280</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;<span class="comment"> */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;281</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; @VisibleForTesting</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;282</td> <td class="nbHitsCovered">&nbsp;11</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">static</span> <span class="keyword">class</span> AuthnState {</pre></td></tr>
<tr> <td class="numLine">&nbsp;283</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/** Client used for pending authn attempt. */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;284</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">private</span> SamlClient client;</pre></td></tr>
<tr> <td class="numLine">&nbsp;285</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/** Original URL that was accessed that caused this authn attempt. */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;286</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">private</span> URI originalUri;</pre></td></tr>
<tr> <td class="numLine">&nbsp;287</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/** Successfully authned identity for the user. */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;288</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">private</span> AuthnIdentity identity;</pre></td></tr>
<tr> <td class="numLine">&nbsp;289</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="comment">/** Time in milliseconds that authentication information expires */</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;290</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">private</span> <span class="keyword">long</span> expirationTimeMillis;</pre></td></tr>
<tr> <td class="numLine">&nbsp;291</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;292</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> <span class="keyword">void</span> startAttempt(SamlClient client, URI originalUri) {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;293</td> <td class="nbHitsCovered">&nbsp;10</td> <td class="src"><pre class="src">&nbsp; expirationTimeMillis = 0;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;294</td> <td class="nbHitsCovered">&nbsp;10</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">this</span>.client = client;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;295</td> <td class="nbHitsCovered">&nbsp;10</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">this</span>.originalUri = originalUri;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;296</td> <td class="nbHitsCovered">&nbsp;10</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;297</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;298</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> <span class="keyword">void</span> failAttempt() {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;299</td> <td class="nbHitsCovered">&nbsp;4</td> <td class="src"><pre class="src">&nbsp; clearAttempt();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;300</td> <td class="nbHitsCovered">&nbsp;4</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;301</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;302</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">private</span> <span class="keyword">void</span> clearAttempt() {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;303</td> <td class="nbHitsCovered">&nbsp;8</td> <td class="src"><pre class="src">&nbsp; client = <span class="keyword">null</span>;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;304</td> <td class="nbHitsCovered">&nbsp;8</td> <td class="src"><pre class="src">&nbsp; originalUri = <span class="keyword">null</span>;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;305</td> <td class="nbHitsCovered">&nbsp;8</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;306</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;307</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> <span class="keyword">void</span> authenticated(AuthnIdentity identity,</pre></td></tr>
<tr> <td class="numLine">&nbsp;308</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">long</span> expirationTimeMillis) {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;309</td> <td class="nbHitsCovered">&nbsp;4</td> <td class="src"><pre class="src">&nbsp; clearAttempt();</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;310</td> <td class="nbHitsCovered">&nbsp;4</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">this</span>.identity = identity;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;311</td> <td class="nbHitsCovered">&nbsp;4</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">this</span>.expirationTimeMillis = expirationTimeMillis;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;312</td> <td class="nbHitsCovered">&nbsp;4</td> <td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;313</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;314</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> <span class="keyword">boolean</span> isAuthenticated() {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;315</td> <td class="nbHitsCovered"><a title="Line 315: Conditional coverage 100% (2/2).">&nbsp;21</a></td> <td class="src"><pre class="src">&nbsp;<a title="Line 315: Conditional coverage 100% (2/2)."> <span class="keyword">if</span> (expirationTimeMillis == 0) {</a></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;316</td> <td class="nbHitsCovered">&nbsp;15</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="keyword">false</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;317</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;318</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;319</td> <td class="nbHitsUncovered"><a title="Line 319: Conditional coverage 50% (1/2).">&nbsp;6</a></td> <td class="src"><pre class="src"><span class="srcUncovered">&nbsp;<a title="Line 319: Conditional coverage 50% (1/2)."> <span class="keyword">if</span> (System.currentTimeMillis() &gt; expirationTimeMillis) {</a></span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;320</td> <td class="nbHitsUncovered">&nbsp;0</td> <td class="src"><pre class="src"><span class="srcUncovered">&nbsp; expirationTimeMillis = 0;</span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;321</td> <td class="nbHitsUncovered">&nbsp;0</td> <td class="src"><pre class="src"><span class="srcUncovered">&nbsp; identity = <span class="keyword">null</span>;</span></pre></td></tr>
<tr> <td class="numLineCover">&nbsp;322</td> <td class="nbHitsUncovered">&nbsp;0</td> <td class="src"><pre class="src"><span class="srcUncovered">&nbsp; <span class="keyword">return</span> <span class="keyword">false</span>;</span></pre></td></tr>
<tr> <td class="numLine">&nbsp;323</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;324</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;325</td> <td class="nbHitsCovered">&nbsp;6</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> <span class="keyword">true</span>;</pre></td></tr>
<tr> <td class="numLine">&nbsp;326</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;327</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;328</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> SamlClient getSamlClient() {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;329</td> <td class="nbHitsCovered">&nbsp;7</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> client;</pre></td></tr>
<tr> <td class="numLine">&nbsp;330</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;331</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;332</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> URI getOriginalUri() {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;333</td> <td class="nbHitsCovered">&nbsp;7</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> originalUri;</pre></td></tr>
<tr> <td class="numLine">&nbsp;334</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;335</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;</pre></td></tr>
<tr> <td class="numLine">&nbsp;336</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; <span class="keyword">public</span> AuthnIdentity getIdentity() {</pre></td></tr>
<tr> <td class="numLineCover">&nbsp;337</td> <td class="nbHitsCovered">&nbsp;5</td> <td class="src"><pre class="src">&nbsp; <span class="keyword">return</span> identity;</pre></td></tr>
<tr> <td class="numLine">&nbsp;338</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;339</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp; }</pre></td></tr>
<tr> <td class="numLine">&nbsp;340</td> <td class="nbHits">&nbsp;</td>
<td class="src"><pre class="src">&nbsp;}</pre></td></tr>
</table>
<div class="footer">Report generated by <a href="http://cobertura.sourceforge.net/" target="_top">Cobertura</a> 1.9.4.1.</div>
</body>
</html>