| // Copyright 2014 Google Inc. All Rights Reserved. |
| // |
| // Licensed under the Apache License, Version 2.0 (the "License"); |
| // you may not use this file except in compliance with the License. |
| // You may obtain a copy of the License at |
| // |
| // http://www.apache.org/licenses/LICENSE-2.0 |
| // |
| // Unless required by applicable law or agreed to in writing, software |
| // distributed under the License is distributed on an "AS IS" BASIS, |
| // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| // See the License for the specific language governing permissions and |
| // limitations under the License. |
| |
| package com.google.enterprise.adaptor.sharepoint; |
| |
| import static org.junit.Assert.assertEquals; |
| |
| import com.google.enterprise.adaptor.sharepoint.FormsAuthenticationHandlerTest.MockScheduledExecutor; |
| import com.google.enterprise.adaptor.sharepoint.SamlAuthenticationHandler.HttpPostClient; |
| import com.google.enterprise.adaptor.sharepoint.SamlAuthenticationHandler.PostResponseInfo; |
| |
| import java.io.IOException; |
| import java.net.URL; |
| import java.util.Arrays; |
| import java.util.HashMap; |
| import java.util.List; |
| import java.util.Map; |
| |
| import org.junit.Rule; |
| import org.junit.Test; |
| import org.junit.rules.ExpectedException; |
| |
| |
| public class LiveAuthenticationHandshakeManagerTest { |
| |
| private static final String LIVE_AUTHENTICATION_RESPONSE |
| = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>" |
| + "<S:Envelope xmlns:S=\"http://www.w3.org/2003/05/soap-envelope\" " |
| + "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-" |
| + "wssecurity-secext-1.0.xsd\" " |
| + "xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-" |
| + "wss-wssecurity-utility-1.0.xsd\" " |
| + "xmlns:wsa=\"http://www.w3.org/2005/08/addressing\">" |
| + "<S:Header><wsa:Action " |
| + "xmlns:S=\"http://www.w3.org/2003/05/soap-envelope\" " |
| + "xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" " |
| + "xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-" |
| + "wss-wssecurity-utility-1.0.xsd\" wsu:Id=\"Action\" " |
| + "S:mustUnderstand=\"1\">" |
| + "http://schemas.xmlsoap.org/ws/2005/02/trust/RSTR/Issue" |
| + "</wsa:Action><wsa:To " |
| + "xmlns:S=\"http://www.w3.org/2003/05/soap-envelope\" " |
| + "xmlns:wsa=\"http://www.w3.org/2005/08/addressing\" " |
| + "xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-" |
| + "wss-wssecurity-utility-1.0.xsd\" " |
| + "wsu:Id=\"To\" S:mustUnderstand=\"1\">" |
| + "http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous" |
| + "</wsa:To><wsse:Security S:mustUnderstand=\"1\">" |
| + "<wsu:Timestamp xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/" |
| + "oasis-200401-wss-wssecurity-utility-1.0.xsd\" wsu:Id=\"TS\">" |
| + "<wsu:Created>2014-03-27T20:56:38Z</wsu:Created><wsu:Expires>" |
| + "2014-03-27T21:01:38Z</wsu:Expires></wsu:Timestamp></wsse:Security>" |
| + "</S:Header><S:Body><wst:RequestSecurityTokenResponse " |
| + "xmlns:S=\"http://www.w3.org/2003/05/soap-envelope\" " |
| + "xmlns:wst=\"http://schemas.xmlsoap.org/ws/2005/02/trust\" " |
| + "xmlns:wsse=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-" |
| + "wss-wssecurity-secext-1.0.xsd\" " |
| + "xmlns:wsu=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-" |
| + "wss-wssecurity-utility-1.0.xsd\" " |
| + "xmlns:saml=\"urn:oasis:names:tc:SAML:1.0:assertion\" " |
| + "xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\" " |
| + "xmlns:psf=\"http://schemas.microsoft.com/Passport" |
| + "/SoapServices/SOAPFault\"><wst:TokenType>urn:passport:compact" |
| + "</wst:TokenType><wsp:AppliesTo " |
| + "xmlns:wsa=\"http://www.w3.org/2005/08/addressing\">" |
| + "<wsa:EndpointReference><wsa:Address>" |
| + "https://sharepoint.example.com" |
| + "</wsa:Address></wsa:EndpointReference>" |
| + "</wsp:AppliesTo><wst:Lifetime><wsu:Created>2014-03-27T20:56:38Z" |
| + "</wsu:Created><wsu:Expires>2014-03-28T20:56:38Z</wsu:Expires>" |
| + "</wst:Lifetime><wst:RequestedSecurityToken>" |
| + "<wsse:BinarySecurityToken Id=\"Compact0\">" |
| + "t=This is live authentication token to extract" |
| + "</wsse:BinarySecurityToken></wst:RequestedSecurityToken>" |
| + "<wst:RequestedAttachedReference><wsse:SecurityTokenReference>" |
| + "<wsse:Reference URI=\"euzZqFurd7rgUGVjTUnCah09kbA=\">" |
| + "</wsse:Reference></wsse:SecurityTokenReference>" |
| + "</wst:RequestedAttachedReference><wst:RequestedUnattachedReference>" |
| + "<wsse:SecurityTokenReference><wsse:Reference " |
| + "URI=\"euzZqFurd7rgUGVjTUnCah09kbA=\"></wsse:Reference>" |
| + "</wsse:SecurityTokenReference></wst:RequestedUnattachedReference>" |
| + "</wst:RequestSecurityTokenResponse></S:Body></S:Envelope>"; |
| |
| @Rule |
| public ExpectedException thrown = ExpectedException.none(); |
| |
| @Test |
| public void testConstructor() { |
| new LiveAuthenticationHandshakeManager.Builder( |
| "http://sharepointurl", "username", "password") |
| .build(); |
| } |
| |
| @Test |
| public void testNullUsername() { |
| thrown.expect(NullPointerException.class); |
| new LiveAuthenticationHandshakeManager.Builder( |
| "http://endpoint", null, "password").build(); |
| } |
| |
| @Test |
| public void testNullPassword() { |
| thrown.expect(NullPointerException.class); |
| new LiveAuthenticationHandshakeManager.Builder( |
| "http://endpoint", "username", null).build(); |
| } |
| |
| @Test |
| public void testNullSharePointUrl() { |
| thrown.expect(NullPointerException.class); |
| new LiveAuthenticationHandshakeManager.Builder( |
| null, "username", "password").build(); |
| } |
| |
| @Test |
| public void testExtractToken() throws IOException { |
| LiveAuthenticationHandshakeManager manager |
| = new LiveAuthenticationHandshakeManager.Builder( |
| "https://sharepoint.example.com", "username", "password").build(); |
| |
| assertEquals("t=This is live authentication token to extract", |
| manager.extractToken(LIVE_AUTHENTICATION_RESPONSE)); |
| } |
| |
| @Test |
| public void testExtractTokenWithInvalidInput() throws IOException { |
| LiveAuthenticationHandshakeManager manager |
| = new LiveAuthenticationHandshakeManager.Builder( |
| "https://sharepoint.example.com", "username", "password").build(); |
| |
| String tokenResponse = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>" |
| + "<S:Envelope xmlns:S=\"http://www.w3.org/2003/05/soap-envelope\">" |
| + "<data>Something went wrong this is invalid</data>" |
| + "</S:Envelope>"; |
| |
| thrown.expect(IOException.class); |
| String extractedToken = manager.extractToken(tokenResponse); |
| } |
| |
| @Test |
| public void testExtractTokenWithNullInput() throws IOException { |
| LiveAuthenticationHandshakeManager manager |
| = new LiveAuthenticationHandshakeManager.Builder( |
| "https://sharepoint.example.com", "username", "password").build(); |
| thrown.expect(IOException.class); |
| String extractedToken = manager.extractToken(null); |
| } |
| |
| @Test |
| public void testAuthenticateInSamlHandlerWithLive() throws IOException{ |
| MockHttpPostClient postClient = new MockHttpPostClient(); |
| LiveAuthenticationHandshakeManager manager |
| = new LiveAuthenticationHandshakeManager.Builder( |
| "https://sharepoint.example.com", "username@domain", "password&123", |
| postClient).build(); |
| URL tokenRequest = new URL( |
| "https://login.microsoftonline.com/extSTS.srf"); |
| postClient.responseMap.put(tokenRequest, |
| new PostResponseInfo(LIVE_AUTHENTICATION_RESPONSE, null)); |
| URL submitToken = new URL( |
| "https://sharepoint.example.com/_forms/default.aspx?wa=wsignin1.0"); |
| Map<String, List<String>> responseHeaders |
| = new HashMap<String, List<String>>(); |
| responseHeaders.put("some-header", Arrays.asList("some value")); |
| responseHeaders.put("Set-Cookie", |
| Arrays.asList("FedAuth=AutheCookie", "rfta=rftaValue")); |
| |
| postClient.responseMap.put(submitToken, |
| new PostResponseInfo(null, responseHeaders)); |
| |
| SamlAuthenticationHandler authenticationHandler |
| = new SamlAuthenticationHandler.Builder("username@domain", |
| "password&123", new MockScheduledExecutor(), manager).build(); |
| AuthenticationResult result = authenticationHandler.authenticate(); |
| |
| assertEquals("FedAuth=AutheCookie;rfta=rftaValue;", result.getCookie()); |
| assertEquals("NO_ERROR", result.getErrorCode()); |
| assertEquals(600, result.getCookieTimeOut()); |
| } |
| |
| |
| private static class MockHttpPostClient implements HttpPostClient { |
| |
| private Map<URL, SamlAuthenticationHandler.PostResponseInfo> responseMap; |
| private Map<URL, String> receivedRequestBodyMap; |
| public MockHttpPostClient() { |
| responseMap = new HashMap<URL, PostResponseInfo>(); |
| receivedRequestBodyMap = new HashMap<URL, String>(); |
| } |
| |
| @Override |
| public PostResponseInfo issuePostRequest( |
| URL url, Map<String, String> connectionProperties, String requestBody) |
| throws IOException { |
| if (!responseMap.containsKey(url)) { |
| throw new UnsupportedOperationException( |
| "Unexpected Http Post for URL " + url); |
| } |
| // log incoming request body |
| receivedRequestBodyMap.put(url, requestBody); |
| return responseMap.get(url); |
| } |
| } |
| } |