java source code of AudienceRestrictionTest

Project: cxf-fediz (GitHub Link)

cxf-fediz-master
- services
  - idp-core
    - src
      - main
        resources
        META-INF
        orm.xml
        spring-persistence.xml
        java
        org
        apache
        cxf
        fediz
        service
        idp
        STSAuthenticationProvider.java
        STSKrbAuthenticationProvider.java
        FedizEntryPoint.java
        BasicAuthEntryPoint.java
        beans
        EndpointAddressValidator.java
        LogoutAction.java
        TokenSerializer.java
        wsfed
        WfreshParser.java
        samlsso
        SamlResponseCreator.java
        AbstractSamlResponseCreator.java
        SamlResponseErrorCreator.java
        AuthnRequestParser.java
        LocalRedirectCreator.java
        SigninParametersCacheAction.java
        CommonsURLValidator.java
        IdpTokenExpiredAction.java
        CacheSecurityToken.java
        TrustedIdpProtocolAction.java
        ParameterSizeChecker.java
        ProcessHRDSExpressionAction.java
        HomeRealmReminder.java
        STSClientAction.java
        protocols
        TrustedIdpWSFedProtocolHandler.java
        TrustedIdpSAMLProtocolHandler.java
        TrustedIdpFacebookProtocolHandler.java
        AbstractTrustedIdpOAuth2ProtocolHandler.java
        ClaimsHandler.java
        AbstractTrustedIdpProtocolHandler.java
        ApplicationSAMLSSOProtocolHandler.java
        ApplicationProtocolControllerImpl.java
        ProtocolController.java
        TrustedIdpProtocolControllerImpl.java
        TrustedIdpOIDCProtocolHandler.java
        ApplicationWSFedProtocolHandler.java
        RoleClaimsHandler.java
        kerberos
        KerberosTokenValidator.java
        PassThroughKerberosClient.java
        KerberosEntryPoint.java
        KerberosAuthenticationProcessingFilter.java
        KerberosServiceRequestToken.java
        IdpSTSClient.java
        metadata
        IdpMetadataWriter.java
        ServiceMetadataWriter.java
        IdpConstants.java
        util
        LocalServerResolver.java
        WebUtils.java
        samlsso
        SAML2PResponseComponentBuilder.java
        SAML2CallbackHandler.java
        SAMLLogoutRequest.java
        SAMLAbstractRequest.java
        SAMLAuthnRequest.java
        service
        security
        GrantedAuthorityEntitlements.java
        ClaimDAO.java
        ConfigService.java
        RoleDAO.java
        ConfigServiceSpring.java
        TrustedIdpDAO.java
        ApplicationDAO.java
        jpa
        ClaimDAOJPAImpl.java
        ApplicationIdpProtocolSupportValidator.java
        DBInitApplicationListener.java
        IdpEntity.java
        DBLoaderImpl.java
        EntitlementDAOJPAImpl.java
        RoleEntity.java
        TrustedIdpDAOJPAImpl.java
        ConfigServiceJPA.java
        TrustedIdpEntity.java
        IdpDAOJPAImpl.java
        ApplicationDAOJPAImpl.java
        TrustedIdpProtocolSupportValidator.java
        DBLoader.java
        ApplicationEntity.java
        ApplicationProtocolSupported.java
        DBLoaderSpring.java
        RoleDAOJPAImpl.java
        TrustedIdpProtocolSupported.java
        EntitlementEntity.java
        ClaimEntity.java
        ApplicationClaimEntity.java
        IdpDAO.java
        EntitlementDAO.java
        STSUPAuthenticationProvider.java
        domain
        Entitlement.java
        TrustedIdp.java
        Role.java
        FederationType.java
        Claim.java
        TrustType.java
        RequestClaim.java
        Idp.java
        Application.java
        MetadataServlet.java
        model
        IDPConfig.java
        TrustedIDPConfig.java
        ServiceConfig.java
        TrustedIDPSelection.java
        RequestClaim.java
        rest
        TrustedIdps.java
        EntitlementServiceImpl.java
        Applications.java
        TrustedIdpServiceImpl.java
        Entitlements.java
        RoleServiceImpl.java
        QueryResourceInfoComparator.java
        ApplicationServiceImpl.java
        Idps.java
        RestServiceExceptionMapper.java
        TrustedIdpService.java
        EntitlementService.java
        RoleService.java
        RootService.java
        ApplicationService.java
        Roles.java
        Claims.java
        ClaimService.java
        ClaimServiceImpl.java
        IdpService.java
        RootServiceImpl.java
        IdpServiceImpl.java
        STSUserDetails.java
        STSPortFilter.java
        STSPreAuthAuthenticationProvider.java
        spi
        ApplicationProtocolHandler.java
        TrustedIdpProtocolHandler.java
        ProtocolHandler.java
      - test
        resources
        persistenceContext.xml
        realm.properties
        realma.cert
        stsKeystoreA.properties
        persistence.properties
        idp-config.xml
        entities-realma.xml
        stsrealm_a.jks
        testContext.xml
        java
        org
        apache
        cxf
        fediz
        service
        idp
        beans
        STSClientActionTest.java
        util
        MetadataWriterTest.java
        service
        jpa
        IdpDAOJPATest.java
        TestDBLoader.java
        TrustedIdpDAOJPATest.java
        EntitlementDAOJPATest.java
        ClaimDAOJPATest.java
        ApplicationDAOJPATest.java
    - pom.xml
    - README.txt
  - pom.xml
  - oidc
    - src
      - main
        resources
        log4j.properties
        rs.security.properties
        cxf-oauth2-ehcache.xml
        oidc.jks
        static
        styles.css
        java
        org
        apache
        cxf
        fediz
        service
        oidc
        PrivateKeyPasswordProviderImpl.java
        OAuthDataProviderImpl.java
        FedizSubjectCreator.java
        logout
        BackChannelLogoutHandler.java
        LogoutHandler.java
        TokenCleanupHandler.java
        LogoutRedirectConstraintHandler.java
        LogoutService.java
        clients
        InvalidRegistration.java
        ClientRegistrationService.java
        RegisterClient.java
        EditClient.java
        ClientTokens.java
        InvalidRegistrationException.java
        RegisteredClients.java
        ClientCodeGrants.java
        console
        UserConsoleService.java
        UserConsole.java
        CSRFUtils.java
        JAASAuthenticationStrategy.java
        handler
        hrd
        ApplicationContextProvider.java
        LoginHintHomeRealmDiscovery.java
        ClientIdHomeRealmDiscovery.java
        webapp
        META-INF
        context.xml
        WEB-INF
        views
        oOBAuthorizationResponse.jsp
        invalidRegistration.jsp
        userConsole.jsp
        oAuthAuthorizationData.jsp
        registerClient.jsp
        oAuthError.jsp
        registeredClients.jsp
        clientTokens.jsp
        clientCodeGrants.jsp
        client.jsp
        editClient.jsp
        applicationContext.xml
        data-manager.xml
        web.xml
        conf
        fediz_config.xml
    - pom.xml
  - idp
    - src
      - main
        resources
        persistenceContext.xml
        log4j.properties
        realm.properties
        realma.cert
        stsKeystoreA.properties
        persistence.properties
        users.properties
        restContext.xml
        idp-ssl-key.jks
        stsrealm_b.jks
        idp-ssl-trust.jks
        realmb.cert
        entities-realma.xml
        entities-realmb.xml
        cxf-tls.xml
        stsrealm_a.jks
        stsKeystoreB.properties
        filters
        realm-a
        env.properties
        realm-b
        env.properties
        webapp
        resources
        images
        WEB-INF
        security-config.xml
        views
        samlsigninresponseform.jsp
        signoutresponse.jsp
        signinform.jsp
        index.jsp
        idplist.jsp
        genericerror.jsp
        signinresponseform.jsp
        samlsignoutresponseform.jsp
        signoutconfirmationresponse.jsp
        flows
        signin-response.xml
        federation-validate-request.xml
        signin-request.xml
        saml-validate-request.xml
        config
        security-clientcert-config.xml
        security-krb-config.xml
        idp-core-servlet.xml
        security-up-config.xml
        security-rs-config.xml
        idp-servlet.xml
        applicationContext.xml
        idp-config-realmb.xml
        idp-config-realma.xml
        web.xml
      - test
        resources
        jetty.xml
        jetty-ssl.xml
        jetty-ssl-context.xml
        jetty-https.xml
        rest-client.xml
        java
        org
        apache
        cxf
        fediz
        service
        idp
        integrationtests
        RestITTest.java
    - pom.xml
    - README.txt
  - sts
    - src
      - main
        resources
        log4j.properties
        sts.properties
        realma.cert
        stsKeystoreA.properties
        stsTruststore.properties
        ststrust.jks
        stsrealm_b.jks
        org.apache.cxf.Logger
        realmb.cert
        stsrealm_a.jks
        stsKeystoreB.properties
        config
        jaas.conf
        java
        org
        apache
        cxf
        fediz
        service
        sts
        FedizX509DelegationHandler.java
        FileClaimsHandler.java
        FedizSAMLDelegationHandler.java
        realms
        IdentityMapperImpl.java
        UriRealmParser.java
        RealmFileClaimsHandler.java
        RealmExtensionIdentityMapper.java
        SamlRealmCodec.java
        PasswordCallbackHandler.java
        UsernamePasswordCallbackHandler.java
        webapp
        WEB-INF
        cxf-transport.xml
        wsdl
        ws-trust-1.4-service.wsdl
        ws-trust-1.4.wsdl
        applicationContext.xml
        data
        realms.xml
        userClaims.xml
        passwords.xml
        kerberos.jaas
        endpoints
        ldap.xml
        kerberos.xml
        file.xml
        fediz-sts.xml
        web.xml
      - test
        resources
        jetty.xml
        logback.xml
        jetty-ssl.xml
        jetty-ssl-context.xml
        stsclient.properties
        jetty-https.xml
        org
        apache
        cxf
        fediz
        sts
        realms
        ITCrossRealmTest-testRealmAtoRealmBWithClaims.properties
        sts-client.xml
        ITCrossRealmTest-testRealmAtoRealmB.properties
        ITCrossRealmTest.properties
        java
        org
        apache
        cxf
        fediz
        sts
        AbstractSTSTest.java
        Utils.java
        realms
        ITCrossRealmTest.java
        RealmExtensionIdentityMapperTest.java
    - pom.xml
    - README.txt
- release_notes.txt
- examples
  - simpleWebapp
    - src
      - main
        resources
        log4j.properties
        logging.properties
        config
        fediz_config.xml
        java
        org
        apache
        cxf
        fediz
        example
        FederationServlet.java
        webapp
        META-INF
        context.xml
        WEB-INF
        web.xml
        secure
        test.html
        index.html
    - pom.xml
    - README.txt
  - websphereWebappEar
    - pom.xml
    - README.txt
  - springWebapp
    - src
      - main
        resources
        log4j.properties
        ststrust.jks
        java
        org
        apache
        cxf
        fediz
        example
        FederationServlet.java
        webapp
        WEB-INF
        fediz_config.xml
        applicationContext-security.xml
        web.xml
        secure
        test.html
        index.html
    - pom.xml
    - README.txt
  - pom.xml
  - jaxrsCxfPluginWebapp
    - src
      - main
        resources
        log4j.properties
        fediz_config.xml
        ststrust.jks
        java
        org
        apache
        cxf
        fediz
        example
        FederationService.java
        webapp
        WEB-INF
        fediz_config.xml
        applicationContext-security.xml
        web.xml
        secure
        test.html
        index.html
    - pom.xml
    - README.txt
  - jaxrsSpringSecurityWebapp
    - src
      - main
        resources
        log4j.properties
        ststrust.jks
        java
        org
        apache
        cxf
        fediz
        example
        FederationService.java
        webapp
        WEB-INF
        fediz_config.xml
        applicationContext-security.xml
        web.xml
        secure
        test.html
        index.html
    - pom.xml
    - README.txt
  - README.txt
  - websphereWebapp
    - src
      - main
        resources
        log4j.properties
        logging.properties
        config
        fediz_config.xml
        java
        org
        apache
        cxf
        fediz
        example
        FederationServlet.java
        webapp
        META-INF
        context.xml
        WEB-INF
        web.xml
        secure
        test.html
        index.html
    - pom.xml
    - README.txt
  - wsclientWebapp
    - pom.xml
    - README.txt
    - webservice
      - pom.xml
      - common
        src
        main
        resources
        wsdl
        hello_world.wsdl
        pom.xml
      - service
        src
        main
        resources
        stsTruststore.properties
        ststrust.jks
        java
        org
        apache
        cxf
        fediz
        examples
        service
        GreeterImpl.java
        webapp
        WEB-INF
        wsdl
        hello_world.wsdl
        applicationContext.xml
        web.xml
        pom.xml
    - webapp
      - src
        main
        resources
        log4j.properties
        webappKeystore.jks
        logging.properties
        rp-ssl-key.jks
        config
        fediz_config.xml
        java
        org
        apache
        cxf
        fediz
        example
        ApplicationContextProvider.java
        ClaimsCallbackHandler.java
        FederationServlet.java
        webapp
        META-INF
        context.xml
        WEB-INF
        wsdl
        hello_world.wsdl
        applicationContext.xml
        web.xml
        secure
        test.html
        service.jsp
        index.html
      - pom.xml
  - samplekeys
    - wsp-ssl-key.jks
    - HowToGenerateKeysREADME.html
    - rp-ssl-key.jks
    - ststrust.jks
    - idp-ssl-key.jks
    - idp-ssl-trust.jks
  - springPreauthWebapp
    - src
      - main
        resources
        log4j.properties
        config
        fediz_config.xml
        java
        org
        apache
        cxf
        fediz
        example
        FederationServlet.java
        webapp
        META-INF
        context.xml
        WEB-INF
        applicationContext-security.xml
        web.xml
        secure
        test.html
        index.html
    - pom.xml
    - README.txt
  - jaxrsSimpleWebapp
    - src
      - main
        resources
        log4j.properties
        ststrust.jks
        config
        fediz_config.xml
        java
        org
        apache
        cxf
        fediz
        example
        FederationApplication.java
        FederationService.java
        webapp
        META-INF
        context.xml
        WEB-INF
        web.xml
        secure
        test.html
        index.html
    - pom.xml
    - README.txt
- pom.xml
- LICENSE
- BUILDING.txt
- plugins
  - spring
    - src
      - main
        resources
        org
        apache
        cxf
        fediz
        spring
        messages.properties
        java
        org
        apache
        cxf
        fediz
        spring
        FederationConfig.java
        web
        FederationSignOutCleanupFilter.java
        FederationAuthenticationFilter.java
        FederationAuthenticationEntryPoint.java
        FederationLogoutSuccessHandler.java
        FederationAuthenticationFailureHandler.java
        FederationLogoutFilter.java
        authentication
        FederationResponseAuthenticationToken.java
        GrantedAuthoritiesUserDetailsFederationService.java
        FederationAuthenticationToken.java
        ExpiredTokenException.java
        AbstractFederationUserDetailsService.java
        FederationAuthenticationProvider.java
        preauth
        FederationPreAuthenticatedProcessingFilter.java
        PreAuthenticatedGrantedAuthoritiesUserDetailsFederationService.java
        SpringFedizMessageSource.java
        FederationUser.java
        FederationConfigImpl.java
        assembly
        assembly.xml
    - pom.xml
    - README.txt
  - pom.xml
  - tomcat
    - src
      - main
        java
        org
        apache
        cxf
        fediz
        tomcat
        FederationAuthenticator.java
        FederationPrincipalImpl.java
        handler
        TomcatLogoutHandler.java
        TomcatSigninHandler.java
        assembly
        assembly.xml
    - pom.xml
    - README.txt
  - jetty9
    - src
      - main
        java
        org
        apache
        cxf
        fediz
        jetty9
        FederationUserPrincipal.java
        FederationAuthenticator.java
        FederationIdentityService.java
        FederationLoginService.java
        FederationUserIdentity.java
        assembly
        assembly.xml
    - pom.xml
    - README.txt
  - websphere
    - src
      - main
        resources
        schemas
        MappingSchema.xsd
        java
        org
        apache
        cxf
        fediz
        was
        tai
        FedizInterceptor.java
        exception
        TAIConfigurationException.java
        Constants.java
        servlet
        filter
        SecurityContextTTLChecker.java
        FederationFilter.java
        mapper
        FileBasedRoleToGroupMapper.java
        DefaultRoleToGroupMapper.java
        RoleToGroupMapper.java
        assembly
        assembly.xml
      - test
        resources
        fediz_config.xml
        mappingSample.xml
        java
        org
        apache
        cxf
        fediz
        was
        tai
        FedizInterceptorTest.java
        mapper
        DefaultRoleToGroupMapperTest.java
    - pom.xml
    - README.txt
  - core
    - src
      - main
        resources
        fediz-ehcache.xml
        schemas
        FedizConfig.xsd
        logout.jpg
        java
        org
        apache
        cxf
        fediz
        core
        ClaimCollection.java
        TokenValidatorResponse.java
        TokenValidatorRequest.java
        FedizPrincipal.java
        SecurityTokenThreadLocal.java
        processor
        SAMLProcessorImpl.java
        FedizRequest.java
        ClaimsProcessor.java
        FederationProcessorImpl.java
        RedirectionResponse.java
        AbstractFedizProcessor.java
        FedizProcessor.java
        FedizProcessorFactory.java
        FedizResponse.java
        TokenValidator.java
        metadata
        MetadataDocumentHandler.java
        MetadataWriter.java
        SAMLSSOConstants.java
        FederationConstants.java
        util
        CertsUtils.java
        CookieUtils.java
        DOMUtils.java
        ClassLoaderUtils.java
        SignatureUtils.java
        StringUtils.java
        ClaimTypes.java
        samlsso
        SSOValidatorResponse.java
        SAMLPRequestBuilder.java
        SAMLSSOResponseValidator.java
        SamlpRequestComponentBuilder.java
        DefaultSAMLPRequestBuilder.java
        CompressionUtils.java
        SAMLProtocolResponseValidator.java
        config
        FederationProtocol.java
        FedizContext.java
        ConfigUtils.java
        PropertyType.java
        CertificateValidationMethod.java
        SignatureDigestAlgorithm.java
        KeyManager.java
        FedizConfigurator.java
        TrustedIssuer.java
        SAMLProtocol.java
        Claim.java
        TrustManager.java
        Protocol.java
        exception
        IllegalConfigurationException.java
        ProcessingException.java
        Claim.java
        saml
        SAMLUtil.java
        CertConstraintsParser.java
        SamlAssertionValidator.java
        SAMLTokenValidator.java
        FedizSignatureTrustValidator.java
        servlet
        FederationFilter.java
        handler
        LogoutHandler.java
        RequestHandler.java
        AuthentcationTypeCallbackHandler.java
        SigninHandler.java
        HomeRealmCallbackHandler.java
        RealmCallbackHandler.java
        FedizConstants.java
        RequestState.java
        spi
        WReqCallback.java
        SignOutQueryCallback.java
        ReplyConstraintCallback.java
        SignInQueryCallback.java
        ReplyCallback.java
        WAuthCallback.java
        HomeRealmCallback.java
        FreshnessCallback.java
        RealmCallback.java
        IDPCallback.java
        AbstractServletCallback.java
      - test
        resources
        fediz_test_config_aud.xml
        signature.properties
        fediz_meta_test_config.xml
        logging.properties
        fediz_test_config.xml
        fediz_test_config_logout.xml
        ststrust.jks
        fediz_meta_test_config_saml.xml
        stsrealm_b.jks
        clientonly.jks
        stsstore.jks
        RSTR.formatted.xml
        clientstore.jks
        stsrealm_a.jks
        client-crypto.properties
        fediz_test_config_saml.xml
        java
        org
        apache
        cxf
        fediz
        common
        ClaimMutateProcessor.java
        STSUtil.java
        ClaimCopyProcessor.java
        SecurityTestUtil.java
        core
        KeystoreCallbackHandler.java
        SAML2CallbackHandler.java
        SAML1CallbackHandler.java
        samlsso
        CustomValidator.java
        SAML2PResponseComponentBuilder.java
        SAMLMetaDataTest.java
        SAMLRequestTest.java
        SAMLSSOTestUtils.java
        SAMLResponseConformanceTest.java
        SAMLResponseTest.java
        SAMLEncryptedResponseTest.java
        SAMLLogoutTest.java
        CustomSAMLPRequestBuilder.java
        config
        TestCallbackHandler.java
        FedizConfigurationTest.java
        FedizConfigurationWriterTest.java
        CallbackHandlerTest.java
        federation
        FederationRequestTest.java
        SignoutQueryHandler.java
        RequestedClaimsTest.java
        CustomValidator.java
        FederationLogoutTest.java
        LogoutRedirectConstraintHandler.java
        FederationMetaDataTest.java
        ClaimsProcessorTest.java
        AudienceRestrictionTest.java
        FederationResponseTest.java
        SAMLTokenValidatorOldTest.java
        TestSigninHandler.java
        AbstractSAMLCallbackHandler.java
    - pom.xml
  - cxf
    - src
      - main
        java
        org
        apache
        cxf
        fediz
        cxf
        web
        ThreadLocalCallbackHandler.java
        plugin
        FedizRedirectBindingFilter.java
        state
        EHCacheSPStateManager.java
        ResponseState.java
        SPStateManager.java
        Messages.properties
        CXFFedizPrincipal.java
        AbstractServiceProviderFilter.java
        FedizSecurityContext.java
        assembly
        assembly.xml
    - pom.xml
    - README.txt
- apache-fediz
  - src
    - main
      - release
        licenses
        LICENSE-bouncycastle.txt
        LICENSE-slf4j.txt
        LICENSE-asm.txt
        LICENSE-bsd.txt
        LICENSE-wsdl4j.txt
        LICENSE-cddl-gpl-11.txt
        LICENSE-cddl-gpl-10.txt
        LICENSE
        NOTICE
    - assembly
      - bin.xml
  - pom.xml
- systests
  - spring
    - src
      - test
        resources
        log4j.properties
        fediz_config.xml
        logging.properties
        realma
        entities-realma.xml
        fediz-sts.xml
        java
        org
        apache
        cxf
        fediz
        systests
        spring
        SpringTest.java
        TokenExpiryTest.java
    - pom.xml
  - ldap
    - src
      - test
        resources
        ldap.ldif
        fediz_config.xml
        logging.properties
        ldap.jaas
        sts
        cxf-transport.xml
        ldap.xml
        java
        org
        apache
        cxf
        fediz
        systests
        ldap
        LDAPTest.java
    - pom.xml
  - kerberos
    - src
      - test
        resources
        fediz_config.xml
        logging.properties
        kerberos.jaas
        sts
        cxf-transport.xml
        userClaimsKerberos.xml
        kerberos.xml
        java
        org
        apache
        cxf
        fediz
        systests
        kerberos
        KerberosClientPasswordCallback.java
        KerberosServicePasswordCallback.java
        KerberosTest.java
    - pom.xml
  - pom.xml
  - tomcat
    - src
      - test
        resources
        fediz_config.xml
        logging.properties
        realma
        entities-realma.xml
        fediz-sts.xml
        java
        org
        apache
        cxf
        fediz
        systests
        tomcat
        TestCallbackHandler.java
        TomcatTest.java
        WReqTest.java
        TokenExpiryTest.java
        AudienceRestrictionTest.java
        HOKCallbackHandler.java
        TomcatLauncher.java
        HolderOfKeyTest.java
        ClientCertificateTest.java
    - pom.xml
  - jetty9
    - src
      - test
        resources
        rp-client-cert-server.xml
        fediz_config.xml
        logging.properties
        rp-server.xml
        realma
        entities-realma.xml
        fediz-sts.xml
        fediz_config_client_cert.xml
        rp-expiry-server.xml
        java
        org
        apache
        cxf
        fediz
        systests
        jetty9
        JettyPreAuthSpringTest.java
        JettyUtils.java
        TomcatUtils.java
        TokenExpiryTest.java
        JettyTest.java
        HOKCallbackHandler.java
        ClientCertificatePreAuthSpringTest.java
        ClientCertificateTest.java
    - pom.xml
  - webapps
    - simpleWebapp
      - src
        main
        resources
        log4j.properties
        logging.properties
        java
        org
        apache
        cxf
        fediz
        example
        FederationServlet.java
        webapp
        WEB-INF
        web.xml
        secure
        test.html
        index.html
      - pom.xml
    - springWebapp
      - src
        main
        resources
        log4j.properties
        logging.properties
        clienttrust.jks
        java
        org
        apache
        cxf
        fediz
        example
        FederationServlet.java
        webapp
        WEB-INF
        applicationContext-security.xml
        web.xml
        secure
        test.html
        index.html
      - pom.xml
    - pom.xml
    - cxfWebapp
      - src
        main
        resources
        log4j.properties
        fediz_config.xml
        logging.properties
        clienttrust.jks
        java
        org
        apache
        cxf
        fediz
        example
        Service.java
        FedizExceptionMapper.java
        webapp
        WEB-INF
        cxf-service.xml
        applicationContext.xml
        web.xml
        index.html
      - pom.xml
    - springPreauthWebapp
      - src
        main
        resources
        log4j.properties
        java
        org
        apache
        cxf
        fediz
        example
        FederationServlet.java
        webapp
        WEB-INF
        applicationContext-security.xml
        web.xml
        secure
        test.html
        index.html
      - pom.xml
  - samlsso
    - src
      - test
        resources
        fediz_config.xml
        logging.properties
        realma.cert
        stsKeystoreA.properties
        rp-server.xml
        entity_wreq.xml
        realma
        realm.properties
        entities-realma.xml
        stsrealm_a.jks
        java
        org
        apache
        cxf
        fediz
        systests
        samlsso
        JettyUtils.java
        SpringTest.java
        TomcatPluginTest.java
        CXFTest.java
        JettyTest.java
        IdpTest.java
    - pom.xml
  - federation
    - pom.xml
    - wsfed
      - src
        test
        resources
        logging.properties
        fediz_config_wsfed.xml
        realmb
        security-config.xml
        realm.properties
        persistence.properties
        idp-servlet.xml
        entities-realmb.xml
        realma
        entities-realma.xml
        java
        org
        apache
        cxf
        fediz
        systests
        federation
        wsfed
        WSFedTest.java
      - pom.xml
    - samlsso
      - src
        test
        resources
        logging.properties
        cxf-service.xml
        rp
        cxf-service.xml
        realmb
        security-config.xml
        realm.properties
        persistence.properties
        idp-servlet.xml
        entities-realmb.xml
        realma
        entities-realma.xml
        java
        org
        apache
        cxf
        fediz
        systests
        federation
        samlsso
        RealmMapper.java
        SAMLSSOTest.java
      - pom.xml
    - samlWebapp
      - src
        main
        resources
        stsKeystoreA.properties
        ststrust.jks
        stsrealm_a.jks
        java
        org
        apache
        cxf
        fediz
        samlsso
        service
        KeystorePasswordCallback.java
        Number.java
        DoubleItService.java
        webapp
        WEB-INF
        cxf-service.xml
        web.xml
      - pom.xml
    - samlIdpWebapp
      - src
        main
        resources
        log4j.properties
        logging.properties
        TemplateSAMLResponse.xml
        stsrealm_b.jks
        clienttrust.jks
        stsKeystoreB.properties
        java
        org
        apache
        cxf
        fediz
        samlsso
        example
        SAML2PResponseComponentBuilder.java
        SAML2CallbackHandler.java
        SamlSso.java
        CommonCallbackHandler.java
        BasicAuthFilter.java
        webapp
        WEB-INF
        cxf-service.xml
        applicationContext.xml
        web.xml
        index.html
      - pom.xml
    - unknown-subject
      - src
        test
        resources
        logging.properties
        fediz_config_wsfed.xml
        realmb
        security-config.xml
        realm.properties
        persistence.properties
        idp-servlet.xml
        entities-realmb.xml
        realma
        entities-realma.xml
        sts
        realms.xml
        java
        org
        apache
        cxf
        fediz
        systests
        federation
        unknown
        WSFedTest.java
        sts
        DefaultClaimsMapper.java
      - pom.xml
    - oidcIdpWebapp
      - src
        main
        resources
        log4j.properties
        logging.properties
        stsrealm_b.jks
        java
        org
        apache
        cxf
        fediz
        oidc
        idp
        example
        IdTokenProviderImpl.java
        CommonCallbackHandler.java
        BasicAuthFilter.java
        EHCacheOIDCTokenProvider.java
        webapp
        WEB-INF
        views
        oAuthAuthorizationData.jsp
        cxf-service.xml
        applicationContext.xml
        web.xml
        index.html
      - pom.xml
  - oidc
    - src
      - test
        resources
        logging.properties
        oidc
        spring
        applicationContext.xml
        web.xml
        applicationContext.xml
        data-manager.xml
        sts.jaas
        oidc.jks
        alice.cer
        fediz_config_tomcat.xml
        realma
        entities-realma.xml
        jwkPrivateSet.txt
        fediz_config_spring.xml
        java
        org
        apache
        cxf
        fediz
        systests
        oidc
        OIDCTomcatTest.java
        OIDCSpringTest.java
        AbstractOIDCTest.java
    - pom.xml
  - websphere
    - src
      - test
        resources
        entity.xml
        fediz_config.xml
        logging.properties
        fediz_config_bad_wreq.xml
        fediz_config_hok.xml
        alice.cer
        fediz_config_client_cert.xml
        fediz_config_wreq.xml
        java
        org
        apache
        cxf
        fediz
        systests
        websphere
        WebsphereTest.java
    - pom.xml
  - tests
    - src
      - test
        resources
        entity.xml
        server.jks
        entity2.xml
        client.jks
        clienttrust.jks
        alice_client.jks
        java
        org
        apache
        cxf
        fediz
        systests
        common
        AbstractClientCertTests.java
        AbstractExpiryTests.java
        HTTPTestUtils.java
        AbstractTests.java
    - pom.xml
  - idp
    - src
      - test
        resources
        logging.properties
        entity_wreq.xml
        realma
        entities-realma.xml
        entity_wreq2.xml
        java
        org
        apache
        cxf
        fediz
        systests
        idp
        IdpTest.java
    - pom.xml
  - custom
    - src
      - test
        resources
        fediz_config.xml
        userClaims.xml
        logging.properties
        realma
        idp-servlet.xml
        security-up-config.xml
        file.xml
        java
        org
        apache
        cxf
        fediz
        systests
        custom
        SignInQueryCallbackHandler.java
        CustomParametersTest.java
        custom
        CustomClaimsHandler.java
        CustomUTValidator.java
    - pom.xml
  - cxf
    - src
      - test
        resources
        fediz_config.xml
        expiry
        fediz_config.xml
        logging.properties
        realma
        entities-realma.xml
        fediz-sts.xml
        java
        org
        apache
        cxf
        fediz
        systests
        cxf
        TokenExpiryTest.java
        FederationTest.java
    - pom.xml
- README.md
- etc
  - eclipse
    - addcheckstyle.xsl
    - CXFCodeFormatter.xml
    - xmltemplates.xml
    - CXFCleanUp.xml
    - template.checkstyle-config.xml
    - CXF.importorder
    - codetemplates.xml
- .gitignore

/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */

package org.apache.cxf.fediz.core.federation;

import java.io.File;
import java.io.IOException;
import java.net.URL;
import java.util.Collections;

import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.w3c.dom.Document;
import org.w3c.dom.Element;

import org.apache.cxf.fediz.common.STSUtil;
import org.apache.cxf.fediz.common.SecurityTestUtil;
import org.apache.cxf.fediz.core.FederationConstants;
import org.apache.cxf.fediz.core.KeystoreCallbackHandler;
import org.apache.cxf.fediz.core.SAML2CallbackHandler;
import org.apache.cxf.fediz.core.config.FedizConfigurator;
import org.apache.cxf.fediz.core.config.FedizContext;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
import org.apache.wss4j.common.ext.WSPasswordCallback;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
import org.apache.wss4j.common.saml.bean.ConditionsBean;
import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.apache.wss4j.common.util.DOM2Writer;
import org.apache.wss4j.common.util.XMLUtils;

import org.easymock.EasyMock;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;

/**
 * Some tests for audience restriction
 */
public class AudienceRestrictionTest {
    public static final String SAMPLE_MULTIPLE_RSTR_COLL_MSG =
        "<?xml version=\"1.0\" encoding=\"UTF-8\"?>"
        + "<RequestSecurityTokenResponseCollection "
        +   "xmlns=\"http://docs.oasis-open.org/ws-sx/ws-trust/200512\"> "
        +   "<RequestSecurityTokenResponse>"
        +     "<RequestedSecurityToken>"
        +     "</RequestedSecurityToken>"
        +   "</RequestSecurityTokenResponse>"
        +   "<RequestSecurityTokenResponse>"
        +     "<RequestedSecurityToken>"
        +     "</RequestedSecurityToken>"
        +   "</RequestSecurityTokenResponse>"
        + "</RequestSecurityTokenResponseCollection>";

    static final String TEST_USER = "alice";
    static final String TEST_RSTR_ISSUER = "FedizSTSIssuer";
    static final String TEST_AUDIENCE = "https://localhost/fedizhelloworld";
    static final String TEST_REQUEST_URL = "https://localhost/fedizhelloworld/";
    static final String TEST_REQUEST_URI = "/fedizhelloworld";

    private static final String CONFIG_FILE = "fediz_test_config_aud.xml";

    private static Crypto crypto;
    private static CallbackHandler cbPasswordHandler;
    private static FedizConfigurator configurator;


    @BeforeClass
    public static void init() {
        try {
            crypto = CryptoFactory.getInstance("signature.properties");
            cbPasswordHandler = new KeystoreCallbackHandler();
            getFederationConfigurator();
        } catch (Exception e) {
            e.printStackTrace();
        }
        Assert.assertNotNull(configurator);

    }

    @AfterClass
    public static void cleanup() {
        SecurityTestUtil.cleanup();
    }


    private static FedizConfigurator getFederationConfigurator() {
        if (configurator != null) {
            return configurator;
        }
        try {
            configurator = new FedizConfigurator();
            final URL resource = Thread.currentThread().getContextClassLoader()
                    .getResource(CONFIG_FILE);
            File f = new File(resource.toURI());
            configurator.loadConfig(f);
            return configurator;
        } catch (Exception e) {
            e.printStackTrace();
            return null;
        }
    }

    @org.junit.Test
    public void validateAudienceThatIsRequired() throws Exception {
        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
        callbackHandler.setIssuer(TEST_RSTR_ISSUER);
        callbackHandler.setSubjectName(TEST_USER);
        ConditionsBean cp = new ConditionsBean();
        AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
        audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
        cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
        callbackHandler.setConditions(cp);

        SAMLCallback samlCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
        String rstr = createSamlToken(assertion, "mystskey", true);

        configurator = null;
        FedizContext config = getFederationConfigurator().getFedizContext("AUD1");

        // Mock up the servet request/response
        HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_HOME_REALM)).andReturn(null);
        EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
        EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
        EasyMock.expect(req.getMethod()).andReturn("POST");
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_RESULT)).andReturn(rstr);
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
            .andReturn(FederationConstants.ACTION_SIGNIN);
        EasyMock.expect(req.getParameter("RelayState")).andReturn(null);
        EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
        EasyMock.expect(req.getQueryString()).andReturn(null);
        EasyMock.replay(req);

        HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
        EasyMock.replay(resp);

        // Now validate the request
        TestSigninHandler signinHandler = new TestSigninHandler(config);
        Assert.assertNotNull(signinHandler.handleRequest(req, resp));
    }

    @org.junit.Test
    public void validateAudienceThatIsRequiredAgainstMultipleAudiences() throws Exception {
        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
        callbackHandler.setIssuer(TEST_RSTR_ISSUER);
        callbackHandler.setSubjectName(TEST_USER);
        ConditionsBean cp = new ConditionsBean();
        AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
        audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
        cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
        callbackHandler.setConditions(cp);

        SAMLCallback samlCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
        String rstr = createSamlToken(assertion, "mystskey", true);

        configurator = null;
        FedizContext config = getFederationConfigurator().getFedizContext("AUD2");

        // Mock up the servet request/response
        HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_HOME_REALM)).andReturn(null);
        EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
        EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
        EasyMock.expect(req.getMethod()).andReturn("POST");
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_RESULT)).andReturn(rstr);
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
            .andReturn(FederationConstants.ACTION_SIGNIN);
        EasyMock.expect(req.getParameter("RelayState")).andReturn(null);
        EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
        EasyMock.expect(req.getQueryString()).andReturn(null);
        EasyMock.replay(req);

        HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
        EasyMock.replay(resp);

        // Now validate the request
        TestSigninHandler signinHandler = new TestSigninHandler(config);
        Assert.assertNotNull(signinHandler.handleRequest(req, resp));
    }

    @org.junit.Test
    public void validateBadAudienceThatIsRequired() throws Exception {
        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
        callbackHandler.setIssuer(TEST_RSTR_ISSUER);
        callbackHandler.setSubjectName(TEST_USER);
        ConditionsBean cp = new ConditionsBean();
        AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
        audienceRestriction.getAudienceURIs().add("https://localhost/badfedizhelloworld");
        cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
        callbackHandler.setConditions(cp);

        SAMLCallback samlCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
        String rstr = createSamlToken(assertion, "mystskey", true);

        configurator = null;
        FedizContext config = getFederationConfigurator().getFedizContext("AUD1");

        // Mock up the servet request/response
        HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_HOME_REALM)).andReturn(null);
        EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
        EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
        EasyMock.expect(req.getMethod()).andReturn("POST");
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_RESULT)).andReturn(rstr);
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
            .andReturn(FederationConstants.ACTION_SIGNIN);
        EasyMock.expect(req.getParameter("RelayState")).andReturn(null);
        EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
        EasyMock.expect(req.getQueryString()).andReturn(null);
        EasyMock.replay(req);

        HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
        EasyMock.replay(resp);

        // Now validate the request
        TestSigninHandler signinHandler = new TestSigninHandler(config);
        Assert.assertNull(signinHandler.handleRequest(req, resp));
    }

    @org.junit.Test
    public void validateNoAudienceThatIsRequired() throws Exception {
        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
        callbackHandler.setIssuer(TEST_RSTR_ISSUER);
        callbackHandler.setSubjectName(TEST_USER);
        ConditionsBean cp = new ConditionsBean();
        callbackHandler.setConditions(cp);

        SAMLCallback samlCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
        String rstr = createSamlToken(assertion, "mystskey", true);

        configurator = null;
        FedizContext config = getFederationConfigurator().getFedizContext("AUD1");

        // Mock up the servet request/response
        HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_HOME_REALM)).andReturn(null);
        EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
        EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
        EasyMock.expect(req.getMethod()).andReturn("POST");
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_RESULT)).andReturn(rstr);
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
            .andReturn(FederationConstants.ACTION_SIGNIN);
        EasyMock.expect(req.getParameter("RelayState")).andReturn(null);
        EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
        EasyMock.expect(req.getQueryString()).andReturn(null);
        EasyMock.replay(req);

        HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
        EasyMock.replay(resp);

        // Now validate the request
        TestSigninHandler signinHandler = new TestSigninHandler(config);
        Assert.assertNull(signinHandler.handleRequest(req, resp));
    }

    @org.junit.Test
    public void validateNoAudienceThatIsNotRequired() throws Exception {
        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
        callbackHandler.setIssuer(TEST_RSTR_ISSUER);
        callbackHandler.setSubjectName(TEST_USER);
        ConditionsBean cp = new ConditionsBean();
        callbackHandler.setConditions(cp);

        SAMLCallback samlCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
        String rstr = createSamlToken(assertion, "mystskey", true);

        configurator = null;
        FedizContext config = getFederationConfigurator().getFedizContext("NOAUD");

        // Mock up the servet request/response
        HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_HOME_REALM)).andReturn(null);
        EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
        EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
        EasyMock.expect(req.getMethod()).andReturn("POST");
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_RESULT)).andReturn(rstr);
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
            .andReturn(FederationConstants.ACTION_SIGNIN);
        EasyMock.expect(req.getParameter("RelayState")).andReturn(null);
        EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
        EasyMock.expect(req.getQueryString()).andReturn(null);
        EasyMock.replay(req);

        HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
        EasyMock.replay(resp);

        // Now validate the request
        TestSigninHandler signinHandler = new TestSigninHandler(config);
        Assert.assertNotNull(signinHandler.handleRequest(req, resp));
    }

    @org.junit.Test
    public void validateAudienceThatIsNotRequired() throws Exception {
        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
        callbackHandler.setIssuer(TEST_RSTR_ISSUER);
        callbackHandler.setSubjectName(TEST_USER);
        ConditionsBean cp = new ConditionsBean();
        AudienceRestrictionBean audienceRestriction = new AudienceRestrictionBean();
        audienceRestriction.getAudienceURIs().add(TEST_AUDIENCE);
        cp.setAudienceRestrictions(Collections.singletonList(audienceRestriction));
        callbackHandler.setConditions(cp);

        SAMLCallback samlCallback = new SAMLCallback();
        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
        SamlAssertionWrapper assertion = new SamlAssertionWrapper(samlCallback);
        String rstr = createSamlToken(assertion, "mystskey", true);

        configurator = null;
        FedizContext config = getFederationConfigurator().getFedizContext("NOAUD");

        // Mock up the servet request/response
        HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_HOME_REALM)).andReturn(null);
        EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL));
        EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
        EasyMock.expect(req.getMethod()).andReturn("POST");
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_RESULT)).andReturn(rstr);
        EasyMock.expect(req.getParameter(FederationConstants.PARAM_ACTION))
            .andReturn(FederationConstants.ACTION_SIGNIN);
        EasyMock.expect(req.getParameter("RelayState")).andReturn(null);
        EasyMock.expect(req.getAttribute("javax.servlet.request.X509Certificate")).andReturn(null);
        EasyMock.expect(req.getQueryString()).andReturn(null);
        EasyMock.replay(req);

        HttpServletResponse resp = EasyMock.createMock(HttpServletResponse.class);
        EasyMock.replay(resp);

        // Now validate the request
        TestSigninHandler signinHandler = new TestSigninHandler(config);
        Assert.assertNull(signinHandler.handleRequest(req, resp));
    }

    private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign)
        throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
        return createSamlToken(assertion, alias, sign, STSUtil.SAMPLE_RSTR_COLL_MSG);
    }

    private String createSamlToken(SamlAssertionWrapper assertion, String alias, boolean sign, String rstr)
        throws IOException, UnsupportedCallbackException, WSSecurityException, Exception {
        WSPasswordCallback[] cb = {
            new WSPasswordCallback(alias, WSPasswordCallback.SIGNATURE)
        };
        cbPasswordHandler.handle(cb);
        String password = cb[0].getPassword();

        if (sign) {
            assertion.signAssertion(alias, password, crypto, false);
        }
        Document doc = STSUtil.toSOAPPart(rstr);
        Element token = assertion.toDOM(doc);

        Element e = XMLUtils.findElement(doc, "RequestedSecurityToken",
                                                        FederationConstants.WS_TRUST_13_NS);
        if (e == null) {
            e = XMLUtils.findElement(doc, "RequestedSecurityToken",
                                                    FederationConstants.WS_TRUST_2005_02_NS);
        }
        e.appendChild(token);
        return DOM2Writer.nodeToString(doc);
    }

}