test/com/google/enterprise/adaptor/sharepoint/AdfsHandshakeManagerTest.java

// Copyright 2014 Google Inc. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//      http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

package com.google.enterprise.adaptor.sharepoint;

import static org.junit.Assert.assertEquals;

import com.google.enterprise.adaptor.sharepoint.FormsAuthenticationHandlerTest.MockScheduledExecutor;
import com.google.enterprise.adaptor.sharepoint.SamlAuthenticationHandler.HttpPostClient;
import com.google.enterprise.adaptor.sharepoint.SamlAuthenticationHandler.PostResponseInfo;

import java.io.IOException;
import java.net.URL;
import java.net.URLEncoder;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.Map;

import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;


public class AdfsHandshakeManagerTest {
  
  @Rule
  public ExpectedException thrown = ExpectedException.none();
  
  private static class UnsupportedHttpPostClient implements HttpPostClient {
    @Override
    public SamlAuthenticationHandler.PostResponseInfo issuePostRequest(
        URL url, Map<String, String> connectionProperties, String requestBody)
        throws IOException {
      throw new UnsupportedOperationException();
    }    
  }
  
  private static class MockHttpPostClient implements HttpPostClient {

    private Map<URL, PostResponseInfo> responseMap;
    private Map<URL, String> receivedRequestBodyMap;
    public MockHttpPostClient() {
      responseMap = new HashMap<URL, PostResponseInfo>();
      receivedRequestBodyMap = new HashMap<URL, String>();      
    }
    
    @Override
    public SamlAuthenticationHandler.PostResponseInfo issuePostRequest(
        URL url, Map<String, String> connectionProperties, String requestBody)
        throws IOException {
      if (!responseMap.containsKey(url)) {
        throw new UnsupportedOperationException(
            "Unexpected Http Post for URL " + url);
      }
      // log incoming request body
      receivedRequestBodyMap.put(url, requestBody);
      return responseMap.get(url);
    }
  }

  @Test
  public void testConstructor() {
    new AdfsHandshakeManager.Builder(
        "http://endpoint", "username", "password", "https://sts", "realm")
        .build();    
  }

  @Test
  public void testNullUsername() {
    thrown.expect(NullPointerException.class);
    new AdfsHandshakeManager.Builder(
        "http://endpoint", null, "password", "https://sts", "realm").build();
  }

  @Test
  public void testNullPassword() {
    thrown.expect(NullPointerException.class);
    new AdfsHandshakeManager.Builder(
        "http://endpoint", "username", null, "https://sts", "realm").build();
  }

  @Test
  public void testNullEndpoint() {
    thrown.expect(NullPointerException.class);
    new AdfsHandshakeManager.Builder(
        null, "username", "password","https://sts", "realm").build();
  }

  @Test
  public void testNullSts() {
    thrown.expect(NullPointerException.class);
    new AdfsHandshakeManager.Builder(
        "http://endpoint", "username", "password", null, "realm").build();
  }

  @Test
  public void testNullRealm() {
    thrown.expect(NullPointerException.class);
    new AdfsHandshakeManager.Builder(
        "http://endpoint", "username", "password", "http://sts", null).build();
  }

  @Test
  public void testRequestToken() throws IOException{
    MockHttpPostClient postClient = new MockHttpPostClient();
    AdfsHandshakeManager manager = new AdfsHandshakeManager.Builder(
        "https://sharepoint.intranet.com", "username@domain", "pass]]>word&123", 
        "https://sts.dmain.com/adfs/services/trust/2005/usernamemixed",
        "urn:realm:sharepoint", postClient).build();
    URL tokenRequest = new URL(
        "https://sts.dmain.com/adfs/services/trust/2005/usernamemixed");
    String tokenResponse = "<s:Envelope "
        + "xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\">"
        + "<s:Header>Some header</s:Header>"
        + "<t:RequestSecurityTokenResponse "
        + "xmlns:t=\"http://schemas.xmlsoap.org/ws/2005/02/trust\">"
        + "This is requested token"
        + "</t:RequestSecurityTokenResponse>"        
        + "</s:Envelope>";
    postClient.responseMap.put(tokenRequest,
        new PostResponseInfo(tokenResponse, null));    
    assertEquals("<t:RequestSecurityTokenResponse "
        + "xmlns:t=\"http://schemas.xmlsoap.org/ws/2005/02/trust\">"
        + "This is requested token"
        + "</t:RequestSecurityTokenResponse>", manager.requestToken());

    String expectedRequestBody 
        = "<?xml version=\"1.0\" encoding=\"utf-8\" ?>"
        + "<s:Envelope xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\" "
        + "xmlns:a=\"http://www.w3.org/2005/08/addressing\" "
        + "xmlns:u=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-"
        + "wssecurity-utility-1.0.xsd\"><s:Header><a:Action "
        + "s:mustUnderstand=\"1\">"
        + "http://schemas.xmlsoap.org/ws/2005/02/trust/RST/Issue</a:Action>"
        + "<a:ReplyTo><a:Address>http://www.w3.org/2005/08/addressing/anonymous"
        + "</a:Address></a:ReplyTo><a:To s:mustUnderstand=\"1\"><![CDATA["
        + "https://sts.dmain.com/adfs/services/trust/2005/usernamemixed]]>"
        + "</a:To><o:Security s:mustUnderstand=\"1\" "
        + "xmlns:o=\"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-"
        + "wssecurity-secext-1.0.xsd\"><o:UsernameToken>"
        + "<o:Username><![CDATA[username@domain]]></o:Username>"
        + "<o:Password><![CDATA[pass]]]]><![CDATA[>word&123]]>"
        + "</o:Password></o:UsernameToken></o:Security></s:Header>"
        + "<s:Body><t:RequestSecurityToken "
        + "xmlns:t=\"http://schemas.xmlsoap.org/ws/2005/02/trust\">"
        + "<wsp:AppliesTo "
        + "xmlns:wsp=\"http://schemas.xmlsoap.org/ws/2004/09/policy\">"
        + "<a:EndpointReference><a:Address>"
        + "<![CDATA[urn:realm:sharepoint]]></a:Address>"
        + "</a:EndpointReference></wsp:AppliesTo><t:KeyType>"
        + "http://schemas.xmlsoap.org/ws/2005/05/identity/NoProofKey"
        + "</t:KeyType><t:RequestType>"
        + "http://schemas.xmlsoap.org/ws/2005/02/trust/Issue"
        + "</t:RequestType><t:TokenType>urn:oasis:names:tc:SAML:1.0:assertion"
        + "</t:TokenType></t:RequestSecurityToken></s:Body></s:Envelope>";

    assertEquals(expectedRequestBody,
        postClient.receivedRequestBodyMap.get(tokenRequest));
    
  }

  @Test
  public void testNullRequestToken() throws IOException{    
    MockHttpPostClient postClient = new MockHttpPostClient();    
    AdfsHandshakeManager manager = new AdfsHandshakeManager.Builder(
        "https://sharepoint.intranet.com", "username@domain", "password&123", 
        "https://sts.dmain.com/adfs/services/trust/2005/usernamemixed",
        "urn:realm:sharepoint", postClient).build();
    URL tokenRequest = new URL(
        "https://sts.dmain.com/adfs/services/trust/2005/usernamemixed");
    postClient.responseMap.put(tokenRequest,
        new PostResponseInfo("<data>some invalid content</data>", null));
    thrown.expect(IOException.class);
    String token = manager.requestToken();    
  }

  @Test
  public void testGetAuthenticationCookie() throws IOException{
    MockHttpPostClient postClient = new MockHttpPostClient();    
    AdfsHandshakeManager manager = new AdfsHandshakeManager.Builder(
        "https://sharepoint.intranet.com", "username@domain", "password&123", 
        "https://sts.dmain.com/adfs/services/trust/2005/usernamemixed",
        "urn:realm:sharepoint", postClient).build();   

    URL submitToken = new URL("https://sharepoint.intranet.com/_trust");

    Map<String, List<String>> responseHeaders 
        = new HashMap<String, List<String>>();
    responseHeaders.put("some-header", Arrays.asList("some value"));
    responseHeaders.put("Set-Cookie", Arrays.asList("FedAuth=AutheCookie"));

    postClient.responseMap.put(submitToken,
        new PostResponseInfo("submit token response", responseHeaders));
    String cookie = manager.getAuthenticationCookie(
        "<t:RequestSecurityTokenResponse "
        + "xmlns:t=\"http://schemas.xmlsoap.org/ws/2005/02/trust\">"
        + "This is requested token"
        + "</t:RequestSecurityTokenResponse>");

    assertEquals("FedAuth=AutheCookie;", cookie);

    String expectedSubmitTokenRequest = "wa=wsignin1.0&wctx=" 
      + URLEncoder.encode("https://sharepoint.intranet.com/_layouts/"
          + "Authenticate.aspx","UTF-8")
      + "&wresult=" + URLEncoder.encode("<t:RequestSecurityTokenResponse "
          + "xmlns:t=\"http://schemas.xmlsoap.org/ws/2005/02/trust\">"
          + "This is requested token"
          + "</t:RequestSecurityTokenResponse>", "UTF-8");  
    assertEquals(expectedSubmitTokenRequest,
        postClient.receivedRequestBodyMap.get(submitToken));
  }

  @Test
  public void testAuthenticateInSamlHandlerWithADFS() throws IOException{
    MockHttpPostClient postClient = new MockHttpPostClient();
    String username = "username@domain";
    String password = "password&123";
    AdfsHandshakeManager manager = new AdfsHandshakeManager.Builder(
        "https://sharepoint.intranet.com", username, password, 
        "https://sts.dmain.com/adfs/services/trust/2005/usernamemixed",
        "urn:realm:sharepoint", postClient).build();
    URL tokenRequest = new URL(
        "https://sts.dmain.com/adfs/services/trust/2005/usernamemixed");
    String tokenResponse = "<s:Envelope "
        + "xmlns:s=\"http://www.w3.org/2003/05/soap-envelope\">"
        + "<s:Header>Some header</s:Header>"
        + "<t:RequestSecurityTokenResponse "
        + "xmlns:t=\"http://schemas.xmlsoap.org/ws/2005/02/trust\">"
        + "This is requested token"
        + "</t:RequestSecurityTokenResponse>"        
        + "</s:Envelope>";
    postClient.responseMap.put(tokenRequest,
        new PostResponseInfo(tokenResponse, null));    
    URL submitToken = new URL("https://sharepoint.intranet.com/_trust");    
    Map<String, List<String>> responseHeaders 
        = new HashMap<String, List<String>>();
    responseHeaders.put("some-header", Arrays.asList("some value"));
    responseHeaders.put("Set-Cookie", Arrays.asList("FedAuth=AutheCookie"));

    postClient.responseMap.put(submitToken,
        new PostResponseInfo(null, responseHeaders));

    SamlAuthenticationHandler authenticationHandler 
        = new SamlAuthenticationHandler.Builder(username, password,
            new MockScheduledExecutor(), manager).build();
    AuthenticationResult result = authenticationHandler.authenticate();

    assertEquals("FedAuth=AutheCookie;", result.getCookie());
    assertEquals("NO_ERROR", result.getErrorCode());
    assertEquals(600, result.getCookieTimeOut());    
  }

  @Test
  public void testEscapeCdata() {

    AdfsHandshakeManager manager = new AdfsHandshakeManager.Builder(
        "http://endpoint", "username", "password", "https://sts", "realm")
        .build();

     assertEquals("<![CDATA[This is simple]]>",
         manager.escapeCdata("This is simple"));

     assertEquals(
         "<![CDATA[This is simple]]]]><![CDATA[>with additional text]]>",
         manager.escapeCdata("This is simple]]>with additional text"));

     assertEquals(
         "<![CDATA[This is > & simple]]]]><![CDATA[>]]>",
         manager.escapeCdata("This is > & simple]]>"));

     assertEquals(
         "<![CDATA[]]]]><![CDATA[>]]>",
         manager.escapeCdata("]]>"));

     assertEquals("<![CDATA[<![CDATA[This is simple]]]]><![CDATA[>]]>",
         manager.escapeCdata("<![CDATA[This is simple]]>"));    

     assertEquals("<![CDATA[This is simple]]]]>"
         + "<![CDATA[>with multiple]]]]><![CDATA[>]]>",
         manager.escapeCdata("This is simple]]>with multiple]]>"));
  }
}