Skip to content

Commit

Permalink
Update tests for SAML2BearerGrantHandler
Browse files Browse the repository at this point in the history
  • Loading branch information
@hwupathum
hwupathum committed Sep 25, 2024
1 parent ebc9e67 commit 605842b
Show file tree
Hide file tree
Showing 2 changed files with 66 additions and 2 deletions.
4 changes: 2 additions & 2 deletions ...va/org/wso2/carbon/identity/oauth2/token/handlers/grant/saml/SAML2BearerGrantHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1464,13 +1464,13 @@ private X509Certificate getCertificateFromSAMLSignKeyStore() throws IdentityOAut

} catch (FileNotFoundException e) {
throw new IdentityOAuth2Exception("Unable to locate SAML sign keystore.", e);
} catch (IOException | NoSuchProviderException e) {
} catch (IOException e) {
throw new IdentityOAuth2Exception("Unable to read SAML sign keystore.", e);
} catch (CertificateException e) {
throw new IdentityOAuth2Exception("Unable to read certificate from SAML sign keystore.", e);
} catch (NoSuchAlgorithmException e) {
throw new IdentityOAuth2Exception("Unable to load algorithm.", e);
} catch (KeyStoreException e) {
} catch (KeyStoreException | NoSuchProviderException e) {
throw new IdentityOAuth2Exception("Unable to load SAML sign keystore.", e);
}
}
Expand Down
64 changes: 64 additions & 0 deletions ...rg/wso2/carbon/identity/oauth2/token/handlers/grant/saml/SAML2BearerGrantHandlerTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,7 @@
import org.testng.annotations.Listeners;
import org.testng.annotations.Test;
import org.wso2.carbon.base.CarbonBaseConstants;
import org.wso2.carbon.base.ServerConfiguration;
import org.wso2.carbon.identity.application.authentication.framework.model.AuthenticatedUser;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.Claim;
Expand Down Expand Up @@ -84,6 +85,7 @@
import org.wso2.carbon.utils.multitenancy.MultitenantUtils;

import java.lang.reflect.Field;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
Expand All @@ -98,10 +100,12 @@
import static org.mockito.ArgumentMatchers.isNull;
import static org.mockito.ArgumentMatchers.nullable;
import static org.mockito.Mockito.lenient;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.mockStatic;
import static org.mockito.Mockito.when;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertNotNull;
import static org.testng.Assert.assertThrows;
import static org.testng.Assert.assertTrue;
import static org.testng.Assert.fail;

Expand Down Expand Up @@ -151,6 +155,8 @@ public class SAML2BearerGrantHandlerTest {
private TokenPersistenceProcessor persistenceProcessor;
@Mock
private SAMLSSOServiceProviderManager samlSSOServiceProviderManager;
@Mock
private ServerConfiguration mockServerConfiguration;

private MockedStatic<OAuthServerConfiguration> oAuthServerConfiguration;
private MockedStatic<IdentityUtil> identityUtil;
Expand Down Expand Up @@ -348,6 +354,64 @@ public void testValidateGrantException(Object dateTimeObj, String idpName, boole
}
}

@Test(description = "Test case to verify successful validation of a SAML assertion signature against a keystore.")
public void testValidateSignatureSuccess() throws IdentityOAuth2Exception {

try (MockedStatic<ServerConfiguration> serverConfiguration = mockStatic(ServerConfiguration.class);
MockedStatic<SignatureValidator> signatureValidator = mockStatic(SignatureValidator.class)) {

serverConfiguration.when(ServerConfiguration::getInstance).thenReturn(mockServerConfiguration);

when(mockServerConfiguration.getFirstProperty("Security.SAMLSignKeyStore.Location"))
.thenReturn(createPath("testkeystore.jks").toString());
when(mockServerConfiguration.getFirstProperty("Security.SAMLSignKeyStore.Type")).thenReturn("JKS");
when(mockServerConfiguration.getFirstProperty("Security.SAMLSignKeyStore.Password"))
.thenReturn("wso2carbon");
when(mockServerConfiguration.getFirstProperty("Security.SAMLSignKeyStore.KeyAlias"))
.thenReturn("wso2carbon");

// Mock Assertion and Signature
Assertion mockedAssertion = mock(Assertion.class);
Signature mockedSignature = mock(Signature.class);
when(mockedAssertion.getSignature()).thenReturn(mockedSignature);

signatureValidator.when(() -> SignatureValidator.validate(any(), any())).thenAnswer(invocation -> {
// Simulate successful validation (no exception thrown)
return null;
});

saml2BearerGrantHandler.validateSignatureAgainstSAMLSignKeyStoreCertificate(mockedAssertion);
}
}

@Test(description = "Test case to verify that an exception is thrown when the keystore configuration is incorrect.")
public void testValidateSignatureException() {

try (MockedStatic<ServerConfiguration> serverConfiguration = mockStatic(ServerConfiguration.class)) {

serverConfiguration.when(ServerConfiguration::getInstance).thenReturn(mockServerConfiguration);

when(mockServerConfiguration.getFirstProperty("Security.SAMLSignKeyStore.Location"))
.thenReturn(createPath("testkeystore.jks").toString());
when(mockServerConfiguration.getFirstProperty("Security.SAMLSignKeyStore.Type")).thenReturn("PKCS12");
when(mockServerConfiguration.getFirstProperty("JCEProvider")).thenReturn("BC");

Assertion mockedAssertion = mock(Assertion.class);

// Execute method under test
assertThrows(IdentityOAuth2Exception.class, () -> {
saml2BearerGrantHandler.validateSignatureAgainstSAMLSignKeyStoreCertificate(mockedAssertion);
});
}
}

private Path createPath(String keystoreName) {

Path keystorePath = Paths.get(System.getProperty(CarbonBaseConstants.CARBON_HOME), "repository",
"resources", "security", keystoreName);
return keystorePath;
}

private Property getProperty(String name, String value) {

Property property = new Property();
Expand Down

0 comments on commit 605842b

Please sign in to comment.