Google Git
Sign in
apache / nifi / b4e0416b5ea57213e23ee95299f8db58c276155f / . / nifi-nar-bundles / nifi-framework-bundle / nifi-framework / nifi-web / nifi-web-security / src / test / java / org / apache / nifi / web / security / saml / impl / TestStandardSAMLService.java
blob: 2bb0df2cc0c44bacf6a7e66900b1574f071d5b30 [file] [log] [blame]
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.nifi.web.security.saml.impl;
import org.apache.commons.lang3.SystemUtils;
import org.apache.nifi.security.util.TemporaryKeyStoreBuilder;
import org.apache.nifi.security.util.TlsConfiguration;
import org.apache.nifi.util.NiFiProperties;
import org.apache.nifi.web.security.saml.SAMLConfigurationFactory;
import org.apache.nifi.web.security.saml.SAMLService;
import org.apache.nifi.web.security.saml.impl.tls.TruststoreStrategy;
import org.junit.After;
import org.junit.Assume;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import java.io.File;
import java.io.IOException;
import java.security.GeneralSecurityException;
import java.util.Arrays;
import java.util.HashSet;
import static org.junit.Assert.assertFalse;
import static org.junit.Assert.assertThrows;
import static org.junit.Assert.assertTrue;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
public class TestStandardSAMLService {
private NiFiProperties properties;
private SAMLConfigurationFactory samlConfigurationFactory;
private SAMLService samlService;
@BeforeClass
public static void setUpSuite() {
Assume.assumeTrue("Test only runs on *nix", !SystemUtils.IS_OS_WINDOWS);
}
@Before
public void setup() {
properties = mock(NiFiProperties.class);
samlConfigurationFactory = new StandardSAMLConfigurationFactory();
samlService = new StandardSAMLService(samlConfigurationFactory, properties);
}
@After
public void teardown() {
samlService.shutdown();
}
@Test
public void testSamlEnabledWithFileBasedIdpMetadata() throws GeneralSecurityException, IOException {
final String spEntityId = "org:apache:nifi";
final File idpMetadataFile = new File("src/test/resources/saml/sso-circle-meta.xml");
final String baseUrl = "https://localhost:8443/nifi-api";
final TlsConfiguration tlsConfiguration = new TemporaryKeyStoreBuilder().build();
when(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE)).thenReturn(tlsConfiguration.getKeystorePath());
when(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_PASSWD)).thenReturn(tlsConfiguration.getKeystorePassword());
when(properties.getProperty(NiFiProperties.SECURITY_KEY_PASSWD)).thenReturn(tlsConfiguration.getKeyPassword());
when(properties.getProperty(NiFiProperties.SECURITY_KEYSTORE_TYPE)).thenReturn(tlsConfiguration.getKeystoreType().getType());
when(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE)).thenReturn(tlsConfiguration.getTruststorePath());
when(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_PASSWD)).thenReturn(tlsConfiguration.getTruststorePassword());
when(properties.getProperty(NiFiProperties.SECURITY_TRUSTSTORE_TYPE)).thenReturn(tlsConfiguration.getTruststoreType().getType());
when(properties.getPropertyKeys()).thenReturn(new HashSet<>(Arrays.asList(
NiFiProperties.SECURITY_KEYSTORE,
NiFiProperties.SECURITY_KEYSTORE_PASSWD,
NiFiProperties.SECURITY_KEY_PASSWD,
NiFiProperties.SECURITY_KEYSTORE_TYPE,
NiFiProperties.SECURITY_TRUSTSTORE,
NiFiProperties.SECURITY_TRUSTSTORE_PASSWD,
NiFiProperties.SECURITY_TRUSTSTORE_TYPE
)));
when(properties.isSamlEnabled()).thenReturn(true);
when(properties.getSamlServiceProviderEntityId()).thenReturn(spEntityId);
when(properties.getSamlIdentityProviderMetadataUrl()).thenReturn("file://" + idpMetadataFile.getAbsolutePath());
when(properties.getSamlAuthenticationExpiration()).thenReturn("12 hours");
when(properties.getSamlHttpClientTruststoreStrategy()).thenReturn(TruststoreStrategy.JDK.name());
// initialize the saml service
samlService.initialize();
assertTrue(samlService.isSamlEnabled());
// initialize the service provider
assertFalse(samlService.isServiceProviderInitialized());
samlService.initializeServiceProvider(baseUrl);
assertTrue(samlService.isServiceProviderInitialized());
// obtain the service provider metadata xml
final String spMetadataXml = samlService.getServiceProviderMetadata();
assertTrue(spMetadataXml.contains("entityID=\"org:apache:nifi\""));
assertTrue(spMetadataXml.contains("<md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost:8443/nifi-api/access/saml/login/consumer\""));
assertTrue(spMetadataXml.contains("<md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"https://localhost:8443/nifi-api/access/saml/single-logout/consumer\"/>"));
assertTrue(spMetadataXml.contains("<md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"https://localhost:8443/nifi-api/access/saml/single-logout/consumer\"/>"));
}
@Test
public void testInitializeWhenSamlNotEnabled() {
when(properties.isSamlEnabled()).thenReturn(false);
samlService.initialize();
assertFalse(samlService.isSamlEnabled());
assertThrows(IllegalStateException.class, () -> samlService.initializeServiceProvider("https://localhost:8443/nifi-api"));
assertThrows(IllegalStateException.class, () -> samlService.getServiceProviderMetadata());
}
}