Skip to content

Commit 76331a5

Browse files
youngkihjzheaux
youngkih
authored and
jzheaux
committed
Add test for status code returning parent and child status code
1 parent e1bcd77 commit 76331a5

File tree

1 file changed

+77
-0
lines changed

1 file changed

+77
-0
lines changed

saml2/saml2-service-provider/src/test/java/org/springframework/security/saml2/provider/service/authentication/OpenSaml4AuthenticationProviderTests.java

Lines changed: 77 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -51,16 +51,20 @@
5151
import org.opensaml.saml.saml2.core.EncryptedAssertion;
5252
import org.opensaml.saml.saml2.core.EncryptedAttribute;
5353
import org.opensaml.saml.saml2.core.EncryptedID;
54+
import org.opensaml.saml.saml2.core.Issuer;
5455
import org.opensaml.saml.saml2.core.NameID;
5556
import org.opensaml.saml.saml2.core.OneTimeUse;
5657
import org.opensaml.saml.saml2.core.Response;
58+
import org.opensaml.saml.saml2.core.Status;
5759
import org.opensaml.saml.saml2.core.StatusCode;
5860
import org.opensaml.saml.saml2.core.SubjectConfirmation;
5961
import org.opensaml.saml.saml2.core.SubjectConfirmationData;
6062
import org.opensaml.saml.saml2.core.impl.AttributeBuilder;
6163
import org.opensaml.saml.saml2.core.impl.EncryptedAssertionBuilder;
6264
import org.opensaml.saml.saml2.core.impl.EncryptedIDBuilder;
6365
import org.opensaml.saml.saml2.core.impl.NameIDBuilder;
66+
import org.opensaml.saml.saml2.core.impl.StatusBuilder;
67+
import org.opensaml.saml.saml2.core.impl.StatusCodeBuilder;
6468
import org.opensaml.xmlsec.encryption.impl.EncryptedDataBuilder;
6569
import org.opensaml.xmlsec.signature.support.SignatureConstants;
6670
import org.w3c.dom.Element;
@@ -82,6 +86,8 @@
8286
import static org.assertj.core.api.Assertions.assertThat;
8387
import static org.assertj.core.api.Assertions.assertThatExceptionOfType;
8488
import static org.assertj.core.api.Assertions.assertThatIllegalArgumentException;
89+
import static org.junit.Assert.assertFalse;
90+
import static org.junit.Assert.assertTrue;
8591
import static org.mockito.ArgumentMatchers.any;
8692
import static org.mockito.BDDMockito.given;
8793
import static org.mockito.Mockito.atLeastOnce;
@@ -729,6 +735,77 @@ public void authenticateWhenCustomResponseValidatorThenUses() {
729735
verify(validator).convert(any(OpenSaml4AuthenticationProvider.ResponseToken.class));
730736
}
731737

738+
@Test
739+
public void setsOnlyParentStatusCodeOnResultDescription() {
740+
ResponseToken mockResponseToken = mock(ResponseToken.class);
741+
Saml2AuthenticationToken mockSamlToken = mock(Saml2AuthenticationToken.class);
742+
given(mockResponseToken.getToken()).willReturn(mockSamlToken);
743+
744+
RelyingPartyRegistration mockRelyingPartyRegistration = mock(RelyingPartyRegistration.class);
745+
given(mockSamlToken.getRelyingPartyRegistration()).willReturn(mockRelyingPartyRegistration);
746+
747+
RelyingPartyRegistration.AssertingPartyDetails mockAssertingPartyDetails = mock(RelyingPartyRegistration.AssertingPartyDetails.class);
748+
given(mockRelyingPartyRegistration.getAssertingPartyDetails()).willReturn(mockAssertingPartyDetails);
749+
750+
Status parentStatus = new StatusBuilder().buildObject();
751+
StatusCode parentStatusCode = new StatusCodeBuilder().buildObject();
752+
parentStatusCode.setValue(StatusCode.AUTHN_FAILED);
753+
StatusCode childStatusCode = new StatusCodeBuilder().buildObject();
754+
childStatusCode.setValue(StatusCode.NO_PASSIVE);
755+
parentStatusCode.setStatusCode(childStatusCode);
756+
parentStatus.setStatusCode(parentStatusCode);
757+
758+
Response mockResponse = mock(Response.class);
759+
given(mockResponse.getStatus()).willReturn(parentStatus);
760+
Issuer mockIssuer = mock(Issuer.class);
761+
given(mockIssuer.getValue()).willReturn("mockedIssuer");
762+
given(mockResponse.getIssuer()).willReturn(mockIssuer);
763+
764+
given(mockResponseToken.getResponse()).willReturn(mockResponse);
765+
766+
Converter<ResponseToken, Saml2ResponseValidatorResult> validator = OpenSaml4AuthenticationProvider.createDefaultResponseValidator();
767+
Saml2ResponseValidatorResult result = validator.convert(mockResponseToken);
768+
769+
String expectedErrorMessage = String.format("Invalid status [%s] for SAML response", parentStatusCode.getValue());
770+
assertTrue(result.getErrors().stream().anyMatch(error -> error.getDescription().contains(expectedErrorMessage)));
771+
assertFalse(result.getErrors().stream().anyMatch(error -> error.getDescription().contains(childStatusCode.getValue())));
772+
}
773+
774+
@Test
775+
public void setsParentAndChildStatusCodeOnResultDescription() {
776+
ResponseToken mockResponseToken = mock(ResponseToken.class);
777+
Saml2AuthenticationToken mockSamlToken = mock(Saml2AuthenticationToken.class);
778+
given(mockResponseToken.getToken()).willReturn(mockSamlToken);
779+
780+
RelyingPartyRegistration mockRelyingPartyRegistration = mock(RelyingPartyRegistration.class);
781+
given(mockSamlToken.getRelyingPartyRegistration()).willReturn(mockRelyingPartyRegistration);
782+
783+
RelyingPartyRegistration.AssertingPartyDetails mockAssertingPartyDetails = mock(RelyingPartyRegistration.AssertingPartyDetails.class);
784+
given(mockRelyingPartyRegistration.getAssertingPartyDetails()).willReturn(mockAssertingPartyDetails);
785+
786+
Status parentStatus = new StatusBuilder().buildObject();
787+
StatusCode parentStatusCode = new StatusCodeBuilder().buildObject();
788+
parentStatusCode.setValue(StatusCode.REQUESTER);
789+
StatusCode childStatusCode = new StatusCodeBuilder().buildObject();
790+
childStatusCode.setValue(StatusCode.NO_PASSIVE);
791+
parentStatusCode.setStatusCode(childStatusCode);
792+
parentStatus.setStatusCode(parentStatusCode);
793+
794+
Response mockResponse = mock(Response.class);
795+
given(mockResponse.getStatus()).willReturn(parentStatus);
796+
Issuer mockIssuer = mock(Issuer.class);
797+
given(mockIssuer.getValue()).willReturn("mockedIssuer");
798+
given(mockResponse.getIssuer()).willReturn(mockIssuer);
799+
800+
given(mockResponseToken.getResponse()).willReturn(mockResponse);
801+
802+
Converter<ResponseToken, Saml2ResponseValidatorResult> validator = OpenSaml4AuthenticationProvider.createDefaultResponseValidator();
803+
Saml2ResponseValidatorResult result = validator.convert(mockResponseToken);
804+
805+
String expectedErrorMessage = String.format("Invalid status [%s] for SAML response", parentStatusCode.getValue() + childStatusCode.getValue());
806+
assertTrue(result.getErrors().stream().anyMatch(error -> error.getDescription().contains(expectedErrorMessage)));
807+
}
808+
732809
@Test
733810
public void authenticateWhenAssertionIssuerNotValidThenFailsWithInvalidIssuer() {
734811
OpenSaml4AuthenticationProvider provider = new OpenSaml4AuthenticationProvider();

0 commit comments

Comments
 (0)