org.opensaml.saml.security.impl

Class MetadataCredentialResolverTest

java.lang.Object

org.opensaml.core.OpenSAMLInitBaseTestCase

org.opensaml.core.xml.XMLObjectBaseTestCase

org.opensaml.saml.security.impl.MetadataCredentialResolverTest

public class MetadataCredentialResolverTest
extends org.opensaml.core.xml.XMLObjectBaseTestCase

Testing the metadata credential resolver.

Field Summary

Fields

Modifier and Type	Field and Description
private CriteriaSet	criteriaSet
private org.opensaml.core.criterion.EntityIdCriterion	entityIdCriteria
private X509Certificate	idpDSACert
private String	idpDSACertBase64
private String	idpEntityID
private QName	idpRole
private X509Certificate	idpRSACert
private String	idpRSACertBase64
private RSAPublicKey	idpRSAPubKey
private String	idpRSAPubKeyBase64
private String	idpRSAPubKeyName
private String	keyAuthorityCertBase64
private org.opensaml.saml.security.impl.MetadataCredentialResolver	mdCredResolver
private String	mdFileName
private String	protocolBar
private String	protocolFoo
private org.opensaml.saml.criterion.EntityRoleCriterion	roleCriteria
private org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver	roleResolver

Fields inherited from class org.opensaml.core.xml.XMLObjectBaseTestCase

builderFactory, marshallerFactory, parserPool, simpleXMLObjectQName, unmarshallerFactory

Constructor Summary

Constructors

Constructor and Description
MetadataCredentialResolverTest()

Method Summary

Methods

Modifier and Type	Method and Description
private void	checkContextAndID(org.opensaml.security.credential.Credential credential, String entityID, QName role, boolean checkEntitiesDesc) Check expected entity ID and also that expected data is available from the metadata context.
protected void	setUp()
void	testCaching() Test caching behavior across 2 resolutions.
void	testDirectResolutionFromRoleDescriptor() Test resolving directly from a RoleDescriptor input.
void	testMissingKeyInfoCredentialResolver() Test fails correctly when required KeyInfo credential resolver is not configured
void	testMissingRequiredInputs() Test fails correctly when required inputs are missing.
void	testMissingRequiredRoleDescriptorResolver() Test that fails when entityID+role name are supplied, but no role descriptor resolver was configured.
void	testNoProtocolNoUsage() Test protocol null, and no usage.
void	testNoProtocolUsageEncryption() Test protocol null, and usage = encryption.
void	testNoProtocolUsageSigning() Test protocol null, and usage = signing.
void	testProtocolBARNoUsage() Test 1 protocol (BAR), and no usage.
void	testProtocolBARUsageEncryption() Test 1 protocol (BAR), and usage = encryption.
void	testProtocolBARUsageSigning() Test 1 protocol (BAR), and usage = signing.
void	testProtocolFOONoUsage() Test 1 protocol (FOO), and no usage .
void	testProtocolFOOUsageEncryption() Test 1 protocol (FOO), and usage encryption.
void	testProtocolFOOUsageSigning() Test 1 protocol (FOO), and usage = signing.

Methods inherited from class org.opensaml.core.xml.XMLObjectBaseTestCase

assertXMLEquals, assertXMLEquals, buildXMLObject, fetchDuration, getBuilder, getMarshaller, getMarshaller, getUnmarshaller, getUnmarshaller, getUnmarshaller, initXMLObjectSupport, parseXMLDocument, printXML, printXML, unmarshallElement, unmarshallElement

Methods inherited from class org.opensaml.core.OpenSAMLInitBaseTestCase

initOpenSAML

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

idpRSAPubKeyName

private String idpRSAPubKeyName

idpRSAPubKey

private RSAPublicKey idpRSAPubKey

idpRSAPubKeyBase64

private String idpRSAPubKeyBase64

idpDSACert

private X509Certificate idpDSACert

idpDSACertBase64

private String idpDSACertBase64

idpRSACert

private X509Certificate idpRSACert

idpRSACertBase64

private String idpRSACertBase64

keyAuthorityCertBase64

private String keyAuthorityCertBase64

protocolFoo

private String protocolFoo

protocolBar

private String protocolBar

idpRole

private QName idpRole

idpEntityID

private String idpEntityID

mdFileName

private String mdFileName

roleResolver

private org.opensaml.saml.metadata.resolver.impl.PredicateRoleDescriptorResolver roleResolver

mdCredResolver

private org.opensaml.saml.security.impl.MetadataCredentialResolver mdCredResolver

entityIdCriteria

private org.opensaml.core.criterion.EntityIdCriterion entityIdCriteria

roleCriteria

private org.opensaml.saml.criterion.EntityRoleCriterion roleCriteria

criteriaSet

private CriteriaSet criteriaSet

Constructor Detail

MetadataCredentialResolverTest

public MetadataCredentialResolverTest()

Method Detail

setUp

protected void setUp()
              throws Exception

Throws:

Exception

testNoProtocolNoUsage

public void testNoProtocolNoUsage()
                           throws org.opensaml.security.SecurityException,
                                  ResolverException

Test protocol null, and no usage. Should get 3 credentials, 2 from protocolFoo and 1 from protocolBar.

Throws:

org.opensaml.security.SecurityException

ResolverException

testNoProtocolUsageEncryption

public void testNoProtocolUsageEncryption()
                                   throws org.opensaml.security.SecurityException,
                                          ResolverException

Test protocol null, and usage = encryption. Should get 2 credentials, 1 from protocolFoo and 1 from protocolBar.

Throws:

org.opensaml.security.SecurityException

ResolverException

testNoProtocolUsageSigning

public void testNoProtocolUsageSigning()
                                throws org.opensaml.security.SecurityException,
                                       ResolverException

Test protocol null, and usage = signing. Should get 2 credentials, 1 from protocolFoo and 1 from protocolBar.

Throws:

org.opensaml.security.SecurityException

ResolverException

testProtocolFOONoUsage

public void testProtocolFOONoUsage()
                            throws org.opensaml.security.SecurityException,
                                   ResolverException

Test 1 protocol (FOO), and no usage . Should get 2 credentials.

Throws:

org.opensaml.security.SecurityException

ResolverException

testProtocolFOOUsageSigning

public void testProtocolFOOUsageSigning()
                                 throws org.opensaml.security.SecurityException,
                                        ResolverException

Test 1 protocol (FOO), and usage = signing. Should get 1 credentials.

Throws:

org.opensaml.security.SecurityException

ResolverException

testProtocolFOOUsageEncryption

public void testProtocolFOOUsageEncryption()
                                    throws org.opensaml.security.SecurityException,
                                           ResolverException

Test 1 protocol (FOO), and usage encryption. Should get 1 credentials.

Throws:

org.opensaml.security.SecurityException

ResolverException

testProtocolBARNoUsage

public void testProtocolBARNoUsage()
                            throws org.opensaml.security.SecurityException,
                                   ResolverException

Test 1 protocol (BAR), and no usage. Should get 1 credentials.

Throws:

org.opensaml.security.SecurityException

ResolverException

testProtocolBARUsageSigning

public void testProtocolBARUsageSigning()
                                 throws org.opensaml.security.SecurityException,
                                        ResolverException

Test 1 protocol (BAR), and usage = signing. Should get 1 credentials.

Throws:

org.opensaml.security.SecurityException

ResolverException

testProtocolBARUsageEncryption

public void testProtocolBARUsageEncryption()
                                    throws org.opensaml.security.SecurityException,
                                           ResolverException

Test 1 protocol (BAR), and usage = encryption. Should get 1 credentials.

Throws:

org.opensaml.security.SecurityException

ResolverException

testCaching

public void testCaching()
                 throws org.opensaml.security.SecurityException,
                        ResolverException

Test caching behavior across 2 resolutions.

Throws:

org.opensaml.security.SecurityException

ResolverException

testDirectResolutionFromRoleDescriptor

public void testDirectResolutionFromRoleDescriptor()
                                            throws ComponentInitializationException,
                                                   ResolverException,
                                                   CertificateEncodingException

Test resolving directly from a RoleDescriptor input.

Throws:

ComponentInitializationException

ResolverException

CertificateEncodingException

testMissingRequiredInputs

public void testMissingRequiredInputs()
                               throws ResolverException

Test fails correctly when required inputs are missing.

Throws:

ResolverException

testMissingKeyInfoCredentialResolver

public void testMissingKeyInfoCredentialResolver()
                                          throws ComponentInitializationException

Test fails correctly when required KeyInfo credential resolver is not configured

Throws:

ComponentInitializationException

testMissingRequiredRoleDescriptorResolver

public void testMissingRequiredRoleDescriptorResolver()
                                               throws ComponentInitializationException,
                                                      ResolverException

Test that fails when entityID+role name are supplied, but no role descriptor resolver was configured.

Throws:

ComponentInitializationException

ResolverException

checkContextAndID

private void checkContextAndID(org.opensaml.security.credential.Credential credential,
                     String entityID,
                     QName role,
                     boolean checkEntitiesDesc)

Check expected entity ID and also that expected data is available from the metadata context.

Parameters:

credential - the credential to evaluate

entityID - the expected entity ID value

role - the expected type of role from the context role descriptor data

checkEntitiesDesc - whether to check for and validate an EntitiesDescriptor grandparent