-
Notifications
You must be signed in to change notification settings - Fork 826
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[#187902333] Signed-off-by: Duane May <duane.may@broadcom.com> Signed-off-by: Peter Chen <peter-h.chen@broadcom.com>
- Loading branch information
1 parent
51deef5
commit 369afa6
Showing
5 changed files
with
154 additions
and
33 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
49 changes: 49 additions & 0 deletions
49
...rg/cloudfoundry/identity/uaa/provider/saml/DefaultRelyingPartyRegistrationRepository.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
package org.cloudfoundry.identity.uaa.provider.saml; | ||
|
||
import org.cloudfoundry.identity.uaa.util.KeyWithCert; | ||
import org.cloudfoundry.identity.uaa.zone.IdentityZone; | ||
import org.cloudfoundry.identity.uaa.zone.ZoneAware; | ||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; | ||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistrationRepository; | ||
|
||
/** | ||
* A {@link RelyingPartyRegistrationRepository} that always returns a default {@link RelyingPartyRegistrationRepository}. | ||
*/ | ||
public class DefaultRelyingPartyRegistrationRepository implements RelyingPartyRegistrationRepository, ZoneAware { | ||
public static final String CLASSPATH_DUMMY_SAML_IDP_METADATA_XML = "classpath:dummy-saml-idp-metadata.xml"; | ||
|
||
private final KeyWithCert keyWithCert; | ||
private final String samlEntityID; | ||
|
||
public DefaultRelyingPartyRegistrationRepository(String samlEntityID, | ||
KeyWithCert keyWithCert) { | ||
this.keyWithCert = keyWithCert; | ||
this.samlEntityID = samlEntityID; | ||
} | ||
|
||
/** | ||
* Returns the relying party registration identified by the provided | ||
* {@code registrationId}, or {@code null} if not found. | ||
* | ||
* @param registrationId the registration identifier | ||
* @return the {@link RelyingPartyRegistration} if found, otherwise {@code null} | ||
*/ | ||
@Override | ||
public RelyingPartyRegistration findByRegistrationId(String registrationId) { | ||
IdentityZone zone = retrieveZone(); | ||
|
||
String zonedSamlEntityID; | ||
if (zone.isUaa()) { | ||
zonedSamlEntityID = this.samlEntityID; | ||
} else if (zone.getConfig() != null && zone.getConfig().getSamlConfig() != null) { | ||
zonedSamlEntityID = zone.getConfig().getSamlConfig().getEntityID(); | ||
} else { | ||
return null; | ||
} | ||
|
||
return RelyingPartyRegistrationBuilder.buildRelyingPartyRegistration( | ||
zonedSamlEntityID, null, | ||
keyWithCert, CLASSPATH_DUMMY_SAML_IDP_METADATA_XML, registrationId, | ||
zonedSamlEntityID, zone.getConfig().getSamlConfig().isRequestSigned()); | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
92 changes: 92 additions & 0 deletions
92
...loudfoundry/identity/uaa/provider/saml/DefaultRelyingPartyRegistrationRepositoryTest.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,92 @@ | ||
package org.cloudfoundry.identity.uaa.provider.saml; | ||
|
||
import org.cloudfoundry.identity.uaa.util.KeyWithCert; | ||
import org.cloudfoundry.identity.uaa.zone.IdentityZone; | ||
import org.cloudfoundry.identity.uaa.zone.IdentityZoneConfiguration; | ||
import org.cloudfoundry.identity.uaa.zone.SamlConfig; | ||
import org.junit.jupiter.api.BeforeEach; | ||
import org.junit.jupiter.api.Test; | ||
import org.junit.jupiter.api.extension.ExtendWith; | ||
import org.mockito.Mock; | ||
import org.mockito.junit.jupiter.MockitoExtension; | ||
import org.springframework.security.saml2.provider.service.registration.RelyingPartyRegistration; | ||
|
||
import java.security.PrivateKey; | ||
import java.security.cert.X509Certificate; | ||
|
||
import static org.assertj.core.api.Assertions.assertThat; | ||
import static org.mockito.Mockito.mock; | ||
import static org.mockito.Mockito.spy; | ||
import static org.mockito.Mockito.when; | ||
|
||
@ExtendWith(MockitoExtension.class) | ||
class DefaultRelyingPartyRegistrationRepositoryTest { | ||
private static final String ENTITY_ID = "entityId"; | ||
private static final String ZONED_ENTITY_ID = "%s.%s".formatted("subdomain",ENTITY_ID); | ||
private static final String REGISTRATION_ID = "registrationId"; | ||
private static final String NAME_ID = "name1"; | ||
|
||
@Mock | ||
private KeyWithCert mockKeyWithCert; | ||
|
||
@Mock | ||
private IdentityZone identityZone; | ||
|
||
@Mock | ||
private IdentityZoneConfiguration identityZoneConfig; | ||
|
||
@Mock | ||
private SamlConfig samlConfig; | ||
|
||
private DefaultRelyingPartyRegistrationRepository repository; | ||
|
||
@BeforeEach | ||
void setUp() { | ||
repository = spy(new DefaultRelyingPartyRegistrationRepository(ENTITY_ID, mockKeyWithCert)); | ||
} | ||
|
||
@Test | ||
void findByRegistrationId() { | ||
when(mockKeyWithCert.getCertificate()).thenReturn(mock(X509Certificate.class)); | ||
when(mockKeyWithCert.getPrivateKey()).thenReturn(mock(PrivateKey.class)); | ||
|
||
RelyingPartyRegistration registration = repository.findByRegistrationId(REGISTRATION_ID); | ||
|
||
assertThat(registration) | ||
// from definition | ||
.returns(REGISTRATION_ID, RelyingPartyRegistration::getRegistrationId) | ||
.returns(ENTITY_ID, RelyingPartyRegistration::getEntityId) | ||
.returns(null, RelyingPartyRegistration::getNameIdFormat) | ||
// from functions | ||
.returns("{baseUrl}/saml/SSO/alias/entityId", RelyingPartyRegistration::getAssertionConsumerServiceLocation) | ||
.returns("{baseUrl}/saml/SingleLogout/alias/entityId", RelyingPartyRegistration::getSingleLogoutServiceResponseLocation) | ||
// from xml | ||
.extracting(RelyingPartyRegistration::getAssertingPartyDetails) | ||
.returns("exampleEntityId", RelyingPartyRegistration.AssertingPartyDetails::getEntityId); | ||
} | ||
|
||
@Test | ||
void findByRegistrationIdForZone() { | ||
when(mockKeyWithCert.getCertificate()).thenReturn(mock(X509Certificate.class)); | ||
when(mockKeyWithCert.getPrivateKey()).thenReturn(mock(PrivateKey.class)); | ||
when(repository.retrieveZone()).thenReturn(identityZone); | ||
when(identityZone.isUaa()).thenReturn(false); | ||
when(identityZone.getConfig()).thenReturn(identityZoneConfig); | ||
when(identityZoneConfig.getSamlConfig()).thenReturn(samlConfig); | ||
when(samlConfig.getEntityID()).thenReturn(ZONED_ENTITY_ID); | ||
|
||
RelyingPartyRegistration registration = repository.findByRegistrationId(REGISTRATION_ID); | ||
|
||
assertThat(registration) | ||
// from definition | ||
.returns(REGISTRATION_ID, RelyingPartyRegistration::getRegistrationId) | ||
.returns(ZONED_ENTITY_ID, RelyingPartyRegistration::getEntityId) | ||
.returns(null, RelyingPartyRegistration::getNameIdFormat) | ||
// from functions | ||
.returns("{baseUrl}/saml/SSO/alias/subdomain.entityId", RelyingPartyRegistration::getAssertionConsumerServiceLocation) | ||
.returns("{baseUrl}/saml/SingleLogout/alias/subdomain.entityId", RelyingPartyRegistration::getSingleLogoutServiceResponseLocation) | ||
// from xml | ||
.extracting(RelyingPartyRegistration::getAssertingPartyDetails) | ||
.returns("exampleEntityId", RelyingPartyRegistration.AssertingPartyDetails::getEntityId); | ||
} | ||
} |