Java Code Examples for com.gargoylesoftware.htmlunit.html.HtmlSubmitInput#click()

The following examples show how to use com.gargoylesoftware.htmlunit.html.HtmlSubmitInput#click() . You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: HTMLFormElement2Test.java    From htmlunit with Apache License 2.0 6 votes vote down vote up
/**
* @throws Exception if the test fails
*/
@Test
@Alerts("hi!")
public void lostFunction() throws Exception {
    final String content
        = "<html><head><title>foo</title><script>\n"
        + " function onSubmit() { alert('hi!'); return false; }\n"
        + "</script></head><body>\n"
        + "<form onsubmit='return onSubmit();'>\n"
        + "  <input type='submit' id='clickMe' />\n"
        + "</form>\n"
        + "</body></html>";

    final List<String> collectedAlerts = new ArrayList<>();
    final HtmlPage page = loadPage(content, collectedAlerts);
    final HtmlSubmitInput button = page.getHtmlElementById("clickMe");
    button.click();
    assertEquals(getExpectedAlerts(), collectedAlerts);
}
 
Example 2
Source File: HTTPTestUtils.java    From cxf-fediz with Apache License 2.0 6 votes vote down vote up
public static String login(String url, String user, String password, String idpPort,
                           String formName) throws IOException {
    final WebClient webClient = new WebClient();
    webClient.getOptions().setUseInsecureSSL(true);
    webClient.getCredentialsProvider().setCredentials(
        new AuthScope("localhost", Integer.parseInt(idpPort)),
        new UsernamePasswordCredentials(user, password));

    webClient.getOptions().setJavaScriptEnabled(false);
    final HtmlPage idpPage = webClient.getPage(url);
    webClient.getOptions().setJavaScriptEnabled(true);
    Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());

    final HtmlForm form = idpPage.getFormByName(formName);
    final HtmlSubmitInput button = form.getInputByName("_eventId_submit");

    final HtmlPage rpPage = button.click();
    Assert.assertTrue("WS Federation Systests Examples".equals(rpPage.getTitleText())
                        || "WS Federation Systests Spring Examples".equals(rpPage.getTitleText()));

    webClient.close();
    return rpPage.getBody().getTextContent();
}
 
Example 3
Source File: CsrfIT.java    From krazo with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieves a form, removes CSRF hidden field and attempts to submit. Should
 * result in a 403 error.
 *
 * @throws Exception an error occurs or validation fails.
 */
@Test
public void testFormFail() throws Exception {
    HtmlPage page1 = webClient.getPage(webUrl + "resources/csrf");
    HtmlForm form = (HtmlForm) page1.getDocumentElement().getElementsByTagName("form").get(0);

    // Remove hidden input field to cause a CSRF validation failure
    HtmlElement input = form.getElementsByTagName("input").get(1);
    form.removeChild(input);

    // Submit form - should fail
    HtmlSubmitInput button = (HtmlSubmitInput) form.getElementsByTagName("input").get(0);
    try {
        button.click();
        fail("CSRF validation should have failed!");
    } catch (FailingHttpStatusCodeException e) {
        // falls through
    }
}
 
Example 4
Source File: CsrfIT.java    From ozark with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieves a form, removes CSRF hidden field and attempts to submit. Should
 * result in a 403 error.
 *
 * @throws Exception an error occurs or validation fails.
 */
@Test
public void testFormFail() throws Exception {
    HtmlPage page1 = webClient.getPage(webUrl + "resources/csrf");
    HtmlForm form = (HtmlForm) page1.getDocumentElement().getHtmlElementsByTagName("form").get(0);

    // Remove hidden input field to cause a CSRF validation failure
    HtmlElement input = form.getHtmlElementsByTagName("input").get(1);
    form.removeChild(input);

    // Submit form - should fail
    HtmlSubmitInput button = (HtmlSubmitInput) form.getHtmlElementsByTagName("input").get(0);
    try {
        button.click();
        fail("CSRF validation should have failed!");
    } catch (FailingHttpStatusCodeException e) {
        // falls through
    }
}
 
Example 5
Source File: CsrfIT.java    From ozark with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieve a form and submit it making sure the CSRF hidden field is present
 *
 * @throws Exception an error occurs or validation fails.
 */
@Test
public void testFormOk() throws Exception {
    HtmlPage page1 = webClient.getPage(webUrl + "resources/csrf");
    HtmlForm form = (HtmlForm) page1.getDocumentElement().getHtmlElementsByTagName("form").get(0);

    // Check hidden input field
    HtmlElement input = form.getHtmlElementsByTagName("input").get(1);
    assertTrue(input.getAttribute("type").equals("hidden"));
    assertTrue(input.getAttribute("name").equals(CSRF_PARAM));
    assertTrue(input.hasAttribute("value"));        // token

    // Submit form
    HtmlSubmitInput button = (HtmlSubmitInput) form.getHtmlElementsByTagName("input").get(0);
    HtmlPage page2 = button.click();
    Iterator<HtmlElement> it = page2.getDocumentElement().getHtmlElementsByTagName("h1").iterator();
    assertTrue(it.next().asText().contains("CSRF Protection OK"));
}
 
Example 6
Source File: CsrfIT.java    From ozark with Apache License 2.0 6 votes vote down vote up
/**
 * Retrieves a form, removes CSRF hidden field and attempts to submit. Should
 * result in a 403 error.
 *
 * @throws Exception an error occurs or validation fails.
 */
@Test
public void testFormFail() throws Exception {
    HtmlPage page1 = webClient.getPage(webUrl + "resources/csrf");
    HtmlForm form = (HtmlForm) page1.getDocumentElement().getHtmlElementsByTagName("form").get(0);

    // Remove hidden input field to cause a CSRF validation failure
    HtmlElement input = form.getHtmlElementsByTagName("input").get(1);
    form.removeChild(input);

    // Submit form - should fail
    HtmlSubmitInput button = (HtmlSubmitInput) form.getHtmlElementsByTagName("input").get(0);
    try {
        button.click();
        fail("CSRF validation should have failed!");
    } catch (FailingHttpStatusCodeException e) {
        // falls through
    }
}
 
Example 7
Source File: AudienceRestrictionTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
@org.junit.Test
public void testSAMLTokenWithNonMatchingAudienceRestriction() throws Exception {
    String url = "https://localhost:" + TomcatLauncher.getRpHttpsPort() + '/' + SERVLET_CONTEXT_NAME
            + "/secure/fedservlet";
    String user = "alice";
    String password = "ecila";

    final WebClient webClient = new WebClient();
    webClient.getOptions().setUseInsecureSSL(true);
    webClient.getCredentialsProvider().setCredentials(
        new AuthScope("localhost", Integer.parseInt(TomcatLauncher.getIdpHttpsPort())),
        new UsernamePasswordCredentials(user, password));

    webClient.getOptions().setJavaScriptEnabled(false);
    final HtmlPage idpPage = webClient.getPage(url);
    webClient.getOptions().setJavaScriptEnabled(true);
    Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());

    final HtmlForm form = idpPage.getFormByName("signinresponseform");
    final HtmlSubmitInput button = form.getInputByName("_eventId_submit");

    try {
        button.click();
        Assert.fail("Failure expected on a bad audience restriction value");
    } catch (FailingHttpStatusCodeException ex) {
        Assert.assertEquals(ex.getStatusCode(), 401);
    }

    webClient.close();
}
 
Example 8
Source File: CsrfValidateFilterIT.java    From krazo with Apache License 2.0 5 votes vote down vote up
@Test
public void testPostWithCsrfFieldWorksWithStatusCode200() throws Exception {
    final HtmlPage page1 = webClient.getPage(baseURL + "resources/csrf-methods/ok-post");
    final HtmlForm form = (HtmlForm) page1.getElementById("form");
    final HtmlSubmitInput button = form.getInputByName("submit");

    final Page result = button.click();

    assertEquals(200, result.getWebResponse()
        .getStatusCode());
}
 
Example 9
Source File: CsrfValidateFilterIT.java    From krazo with Apache License 2.0 5 votes vote down vote up
@Test
public void testPutWithCsrfFieldWorksWithStatusCode200() throws Exception {
    final HtmlPage page1 = webClient.getPage(baseURL + "resources/csrf-methods/ok-put");
    final HtmlForm form = (HtmlForm) page1.getElementById("form");
    final HtmlSubmitInput button = form.getInputByName("submit");

    final Page result = button.click();

    assertEquals(200, result.getWebResponse()
        .getStatusCode());
}
 
Example 10
Source File: CsrfValidateFilterIT.java    From krazo with Apache License 2.0 5 votes vote down vote up
@Test
public void testPatchWithCsrfFieldWorksWithStatusCode200() throws Exception {
    final HtmlPage page1 = webClient.getPage(baseURL + "resources/csrf-methods/ok-patch");
    final HtmlForm form = (HtmlForm) page1.getElementById("form");
    final HtmlSubmitInput button = form.getInputByName("submit");

    final Page result = button.click();

    assertEquals(200, result.getWebResponse()
        .getStatusCode());
}
 
Example 11
Source File: HTTPTestUtils.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
public static void logout(String url, CookieManager cookieManager, boolean wsfed) throws IOException {
    final WebClient webClient = new WebClient();
    webClient.setCookieManager(cookieManager);
    webClient.getOptions().setUseInsecureSSL(true);
    final HtmlPage idpPage = webClient.getPage(url);

    Assert.assertEquals("IDP SignOut Confirmation Response Page", idpPage.getTitleText());

    final HtmlForm form = idpPage.getFormByName("signoutconfirmationresponseform");
    final HtmlSubmitInput button = form.getInputByName("_eventId_submit");

    webClient.getOptions().setJavaScriptEnabled(false);
    final HtmlPage idpLogoutPage = button.click();
    webClient.getOptions().setJavaScriptEnabled(true);

    if (wsfed) {
        DomNodeList<DomElement> images = idpLogoutPage.getElementsByTagName("img");
        Assert.assertEquals(1, images.getLength());
        for (int i = 0; i < images.size(); i++) {
            DomElement domElement = images.get(i);
            String imgSrc = domElement.getAttribute("src");

            //we should get a fault if the image isn't available.
            webClient.getPage(imgSrc);
        }
    } else {
        // For SAML SSO we will be redirected back to the RP
        HtmlForm responseForm = idpLogoutPage.getFormByName("samlsignoutresponseform");
        HtmlSubmitInput button2 = responseForm.getInputByName("_eventId_submit");
        button2.click();
    }

    webClient.close();
}
 
Example 12
Source File: SAMLSSOTest.java    From cxf-fediz with Apache License 2.0 5 votes vote down vote up
private static String login(String url, String user, String password,
                            String idpPort, String rpIdpPort) throws IOException {
    //
    // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
    // "realm b".
    //
    final WebClient webClient = new WebClient();
    CookieManager cookieManager = new CookieManager();
    webClient.setCookieManager(cookieManager);
    webClient.getOptions().setUseInsecureSSL(true);
    webClient.getCredentialsProvider().setCredentials(
        new AuthScope("localhost", Integer.parseInt(idpPort)),
        new UsernamePasswordCredentials(user, password));

    webClient.getOptions().setJavaScriptEnabled(false);
    HtmlPage idpPage = webClient.getPage(url);

    Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());

    // Now redirect back to the IdP for Realm A
    HtmlForm form = idpPage.getFormByName("signinresponseform");

    HtmlSubmitInput button = form.getInputByName("_eventId_submit");

    HtmlPage idpPageRealmA = button.click();

    Assert.assertTrue("SAML IDP Response Form".equals(idpPage.getTitleText())
                      || "IDP SignIn Response Form".equals(idpPage.getTitleText()));
    form = idpPageRealmA.getFormByName("samlsigninresponseform");

    // Now redirect back to the SAML SSO web app
    button = form.getInputByName("_eventId_submit");

    XmlPage rpPage = button.click();

    webClient.close();
    return rpPage.asXml();
}
 
Example 13
Source File: WSFedTest.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
private static String login(String url, String user, String password,
                                       String idpPort, String rpIdpPort) throws IOException {
    //
    // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
    // "realm b".
    //
    final WebClient webClient = new WebClient();
    CookieManager cookieManager = new CookieManager();
    webClient.setCookieManager(cookieManager);
    webClient.getOptions().setUseInsecureSSL(true);
    webClient.getCredentialsProvider().setCredentials(
        new AuthScope("localhost", Integer.parseInt(idpPort)),
        new UsernamePasswordCredentials(user, password));

    webClient.getOptions().setJavaScriptEnabled(false);
    final HtmlPage idpPage = webClient.getPage(url);
    webClient.getOptions().setJavaScriptEnabled(true);
    assertEquals("IDP SignIn Response Form", idpPage.getTitleText());

    // For some reason, redirecting back to the IdP for "realm a" is not working with htmlunit. So extract
    // the parameters manually from the form, and access the IdP for "realm a" with them
    DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");

    String wresult = null;
    String wa = null;
    String wctx = null;
    String wtrealm = null;
    for (DomElement result : results) {
        String name = result.getAttributeNS(null, "name");
        String value = result.getAttributeNS(null, "value");
        if ("wresult".equals(name)) {
            wresult = value;
        } else if ("wa".equals(name)) {
            wa = value;
        } else if ("wctx".equals(name)) {
            wctx = value;
        } else if ("wtrealm".equals(name)) {
            wtrealm = value;
        }
    }
    assertNotNull(wresult);
    assertNotNull(wa);
    assertNotNull(wctx);
    assertNotNull(wtrealm);
    webClient.close();

    // Invoke on the IdP for "realm a"
    final WebClient webClient2 = new WebClient();
    webClient2.setCookieManager(cookieManager);
    webClient2.getOptions().setUseInsecureSSL(true);

    String url2 = "https://localhost:" + rpIdpPort + "/fediz-idp/federation"
            + "?wctx=" + wctx
            + "&wa=" + wa
            + "&wtrealm=" + URLEncoder.encode(wtrealm, "UTF8")
            + "&wresult=" + URLEncoder.encode(wresult, "UTF8");

    webClient2.getOptions().setJavaScriptEnabled(false);
    final HtmlPage idpPage2 = webClient2.getPage(url2);
    webClient2.getOptions().setJavaScriptEnabled(true);
    assertEquals("IDP SignIn Response Form", idpPage2.getTitleText());

    // Now redirect back to the RP
    final HtmlForm form2 = idpPage2.getFormByName("signinresponseform");

    final HtmlSubmitInput button2 = form2.getInputByName("_eventId_submit");

    final HtmlPage rpPage = button2.click();
    assertEquals("WS Federation Systests Examples", rpPage.getTitleText());

    webClient2.close();
    return rpPage.getBody().getTextContent();
}
 
Example 14
Source File: KerberosTest.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testKerberos() throws Exception {
    String url = "https://localhost:" + getRpHttpsPort() + "/fedizhelloworld/secure/fedservlet";
    // Get a Kerberos Ticket +  Base64 encode it
    String ticket = getEncodedKerberosTicket(false);

    final WebClient webClient = new WebClient();
    webClient.getOptions().setUseInsecureSSL(true);

    webClient.getOptions().setJavaScriptEnabled(false);
    webClient.addRequestHeader("Authorization", "Negotiate " + ticket);
    final HtmlPage idpPage = webClient.getPage(url);
    webClient.getOptions().setJavaScriptEnabled(true);
    Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());

    final HtmlForm form = idpPage.getFormByName("signinresponseform");
    final HtmlSubmitInput button = form.getInputByName("_eventId_submit");

    final HtmlPage rpPage = button.click();
    Assert.assertEquals("WS Federation Systests Examples", rpPage.getTitleText());

    final String bodyTextContent = rpPage.getBody().getTextContent();
    String user = "alice";
    Assert.assertTrue("Principal not " + user,
                      bodyTextContent.contains("userPrincipal=" + user));
    Assert.assertTrue("User " + user + " does not have role Admin",
                      bodyTextContent.contains("role:Admin=false"));
    Assert.assertTrue("User " + user + " does not have role Manager",
                      bodyTextContent.contains("role:Manager=false"));
    Assert.assertTrue("User " + user + " must have role User",
                      bodyTextContent.contains("role:User=true"));

    String claim = ClaimTypes.FIRSTNAME.toString();
    Assert.assertTrue("User " + user + " claim " + claim + " is not 'Alice'",
                      bodyTextContent.contains(claim + "=Alice"));
    claim = ClaimTypes.LASTNAME.toString();
    Assert.assertTrue("User " + user + " claim " + claim + " is not 'Smith'",
                      bodyTextContent.contains(claim + "=Smith"));
    claim = ClaimTypes.EMAILADDRESS.toString();
    Assert.assertTrue("User " + user + " claim " + claim + " is not '[email protected]'",
                      bodyTextContent.contains(claim + "[email protected]"));

    webClient.close();
}
 
Example 15
Source File: WSFedTest.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
private static String loginOIDC(String url, String user, String password,
                            String idpPort, String rpIdpPort) throws IOException {
    //
    // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
    // "realm b".
    //
    final WebClient webClient = new WebClient();
    CookieManager cookieManager = new CookieManager();
    webClient.setCookieManager(cookieManager);
    webClient.getOptions().setUseInsecureSSL(true);
    webClient.getCredentialsProvider().setCredentials(
        new AuthScope("localhost", Integer.parseInt(idpPort)),
        new UsernamePasswordCredentials(user, password));

    webClient.getOptions().setJavaScriptEnabled(false);

    // The decision page is returned as XML for some reason. So parse it and send a form response back.
    HtmlPage oidcIdpConfirmationPage = webClient.getPage(url);
    final HtmlForm oidcForm = oidcIdpConfirmationPage.getForms().get(0);

    WebRequest request = new WebRequest(new URL(oidcForm.getActionAttribute()), HttpMethod.POST);

    request.setRequestParameters(Arrays.asList(
        new NameValuePair("client_id",
            oidcForm.getInputByName("client_id").getValueAttribute()),
        new NameValuePair("redirect_uri",
            oidcForm.getInputByName("redirect_uri").getValueAttribute()),
        new NameValuePair("scope",
            oidcForm.getInputByName("scope").getValueAttribute()),
        new NameValuePair("state",
            oidcForm.getInputByName("state").getValueAttribute()),
        new NameValuePair("session_authenticity_token",
            oidcForm.getInputByName("session_authenticity_token").getValueAttribute()),
        new NameValuePair("oauthDecision", "allow")));

    HtmlPage idpPage = webClient.getPage(request);

    assertEquals("IDP SignIn Response Form", idpPage.getTitleText());

    // Now redirect back to the RP
    final HtmlForm form = idpPage.getFormByName("signinresponseform");

    final HtmlSubmitInput button = form.getInputByName("_eventId_submit");

    final HtmlPage rpPage = button.click();
    assertEquals("WS Federation Systests Examples", rpPage.getTitleText());

    webClient.close();
    return rpPage.getBody().getTextContent();
}
 
Example 16
Source File: SpringTest.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
@org.junit.Test
public void testNoRequestValidation() throws Exception {

    String url = "https://localhost:" + getRpHttpsPort()
            + "/fedizhelloworldspringnoreqvalidation/secure/fedservlet";
    String user = "alice";
    String password = "ecila";

    // Get the initial token
    CookieManager cookieManager = new CookieManager();
    final WebClient webClient = new WebClient();
    webClient.setCookieManager(cookieManager);
    webClient.getOptions().setUseInsecureSSL(true);
    webClient.getCredentialsProvider().setCredentials(
        new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
        new UsernamePasswordCredentials(user, password));

    webClient.getOptions().setJavaScriptEnabled(false);
    final HtmlPage idpPage = webClient.getPage(url);
    webClient.getOptions().setJavaScriptEnabled(true);
    Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());

    // Parse the form to remove the context
    DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");

    for (DomElement result : results) {
        if (getContextName().equals(result.getAttributeNS(null, "name"))) {
            result.setAttributeNS(null, "value", "");
        }
    }

    // Invoke back on the RP

    final HtmlForm form = idpPage.getFormByName(getLoginFormName());
    final HtmlSubmitInput button = form.getInputByName("_eventId_submit");

    final HtmlPage rpPage = button.click();
    Assert.assertTrue("WS Federation Systests Examples".equals(rpPage.getTitleText())
                      || "WS Federation Systests Spring Examples".equals(rpPage.getTitleText()));

    webClient.close();

}
 
Example 17
Source File: AbstractTests.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
@Test
public void testEntityExpansionAttack2() throws Exception {

    String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
    String user = "alice";
    String password = "ecila";

    // Get the initial token
    CookieManager cookieManager = new CookieManager();
    final WebClient webClient = new WebClient();
    webClient.setCookieManager(cookieManager);
    webClient.getOptions().setUseInsecureSSL(true);
    webClient.getCredentialsProvider().setCredentials(
        new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
        new UsernamePasswordCredentials(user, password));

    webClient.getOptions().setJavaScriptEnabled(false);
    final HtmlPage idpPage = webClient.getPage(url);
    webClient.getOptions().setJavaScriptEnabled(true);
    Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());

    // Parse the form to get the token (wresult)
    DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");

    String entity = getResourceAsString("/entity2.xml");
    String reference = "&m;";

    for (DomElement result : results) {
        if (getTokenName().equals(result.getAttributeNS(null, "name"))) {
            // Now modify the Signature
            String value = result.getAttributeNS(null, "value");

            if (isWSFederation()) {
                value = entity + value;
                value = value.replace("alice", reference);
                result.setAttributeNS(null, "value", value);
            } else {
                // Decode response
                byte[] deflatedToken = Base64Utility.decode(value);
                InputStream inputStream = new ByteArrayInputStream(deflatedToken);

                Document responseDoc = StaxUtils.read(new InputStreamReader(inputStream, "UTF-8"));

                // Modify SignatureValue to include the entity
                String signatureNamespace = "http://www.w3.org/2000/09/xmldsig#";
                Node signatureValue =
                    responseDoc.getElementsByTagNameNS(signatureNamespace, "SignatureValue").item(0);
                signatureValue.setTextContent(reference + signatureValue.getTextContent());

                // Re-encode response
                String responseMessage = DOM2Writer.nodeToString(responseDoc);
                result.setAttributeNS(null, "value", Base64Utility.encode((entity + responseMessage).getBytes()));
            }
        }
    }

    // Invoke back on the RP

    final HtmlForm form = idpPage.getFormByName(getLoginFormName());
    final HtmlSubmitInput button = form.getInputByName("_eventId_submit");

    try {
        button.click();
        Assert.fail("Failure expected on an entity expansion attack");
    } catch (FailingHttpStatusCodeException ex) {
        // expected
        Assert.assertTrue(401 == ex.getStatusCode() || 403 == ex.getStatusCode());
    }

    webClient.close();
}
 
Example 18
Source File: SAMLSSOTest.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
private static String loginOIDC(String url, String user, String password,
                                String idpPort, String rpIdpPort) throws IOException {
    //
    // Access the RP + get redirected to the IdP for "realm a". Then get redirected to the IdP for
    // "realm b".
    //
    final WebClient webClient = new WebClient();
    CookieManager cookieManager = new CookieManager();
    webClient.setCookieManager(cookieManager);
    webClient.getOptions().setUseInsecureSSL(true);
    webClient.getCredentialsProvider().setCredentials(
                                                      new AuthScope("localhost", Integer.parseInt(idpPort)),
                                                      new UsernamePasswordCredentials(user, password));

    webClient.getOptions().setJavaScriptEnabled(false);

    // The decision page is returned as XML for some reason. So parse it and send a form response back.
    HtmlPage oidcIdpConfirmationPage = webClient.getPage(url);
    final HtmlForm oidcForm = oidcIdpConfirmationPage.getForms().get(0);

    WebRequest request = new WebRequest(new URL(oidcForm.getActionAttribute()), HttpMethod.POST);

    request.setRequestParameters(new ArrayList<NameValuePair>());
    String clientId = oidcForm.getInputByName("client_id").getValueAttribute();
    request.getRequestParameters().add(new NameValuePair("client_id", clientId));
    String redirectUri = oidcForm.getInputByName("redirect_uri").getValueAttribute();
    request.getRequestParameters().add(new NameValuePair("redirect_uri", redirectUri));
    String scope = oidcForm.getInputByName("scope").getValueAttribute();
    request.getRequestParameters().add(new NameValuePair("scope", scope));
    String state = oidcForm.getInputByName("state").getValueAttribute();
    request.getRequestParameters().add(new NameValuePair("state", state));
    String authToken = oidcForm.getInputByName("session_authenticity_token").getValueAttribute();
    request.getRequestParameters().add(new NameValuePair("session_authenticity_token", authToken));
    request.getRequestParameters().add(new NameValuePair("oauthDecision", "allow"));

    HtmlPage idpPage = webClient.getPage(request);

    Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());

    // Now redirect back to the RP
    final HtmlForm form = idpPage.getFormByName("samlsigninresponseform");

    final HtmlSubmitInput button = form.getInputByName("_eventId_submit");

    final XmlPage rpPage = button.click();

    webClient.close();
    return rpPage.asXml();
}
 
Example 19
Source File: AbstractTests.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
@Test
public void testEntityExpansionAttack() throws Exception {

    String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName() + "/secure/fedservlet";
    String user = "alice";
    String password = "ecila";

    // Get the initial token
    CookieManager cookieManager = new CookieManager();
    final WebClient webClient = new WebClient();
    webClient.setCookieManager(cookieManager);
    webClient.getOptions().setUseInsecureSSL(true);
    webClient.getCredentialsProvider().setCredentials(
        new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
        new UsernamePasswordCredentials(user, password));

    webClient.getOptions().setJavaScriptEnabled(false);
    final HtmlPage idpPage = webClient.getPage(url);
    webClient.getOptions().setJavaScriptEnabled(true);
    Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());

    // Parse the form to get the token (wresult)
    DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");

    String entity = getResourceAsString("/entity.xml");
    String reference = "&m;";

    for (DomElement result : results) {
        if (getTokenName().equals(result.getAttributeNS(null, "name"))) {
            // Now modify the Signature
            String value = result.getAttributeNS(null, "value");

            if (isWSFederation()) {
                value = entity + value;
                value = value.replace("alice", reference);
                result.setAttributeNS(null, "value", value);
            } else {
                // Decode response
                byte[] deflatedToken = Base64Utility.decode(value);
                InputStream inputStream = new ByteArrayInputStream(deflatedToken);

                Document responseDoc = StaxUtils.read(new InputStreamReader(inputStream, "UTF-8"));

                // Modify SignatureValue to include the entity
                String signatureNamespace = "http://www.w3.org/2000/09/xmldsig#";
                Node signatureValue =
                    responseDoc.getElementsByTagNameNS(signatureNamespace, "SignatureValue").item(0);
                signatureValue.setTextContent(reference + signatureValue.getTextContent());

                // Re-encode response
                String responseMessage = DOM2Writer.nodeToString(responseDoc);
                result.setAttributeNS(null, "value", Base64Utility.encode((entity + responseMessage).getBytes()));
            }
        }
    }

    // Invoke back on the RP

    final HtmlForm form = idpPage.getFormByName(getLoginFormName());
    final HtmlSubmitInput button = form.getInputByName("_eventId_submit");

    try {
        button.click();
        Assert.fail("Failure expected on an entity expansion attack");
    } catch (FailingHttpStatusCodeException ex) {
        // expected
        Assert.assertTrue(401 == ex.getStatusCode() || 403 == ex.getStatusCode());
    }

    webClient.close();
}
 
Example 20
Source File: TomcatPluginTest.java    From cxf-fediz with Apache License 2.0 4 votes vote down vote up
@Test
public void testModifiedSignatureValue() throws Exception {

    String url = "https://localhost:" + getRpHttpsPort() + "/" + getServletContextName()
        + "/secure/fedservlet";
    String user = "alice";
    String password = "ecila";

    // Get the initial token
    CookieManager cookieManager = new CookieManager();
    final WebClient webClient = new WebClient();
    webClient.setCookieManager(cookieManager);
    webClient.getOptions().setUseInsecureSSL(true);
    webClient.getCredentialsProvider().setCredentials(
        new AuthScope("localhost", Integer.parseInt(getIdpHttpsPort())),
        new UsernamePasswordCredentials(user, password));

    webClient.getOptions().setJavaScriptEnabled(false);
    final HtmlPage idpPage = webClient.getPage(url);
    webClient.getOptions().setJavaScriptEnabled(true);
    Assert.assertEquals("IDP SignIn Response Form", idpPage.getTitleText());

    // Parse the form to get the token (wresult)
    DomNodeList<DomElement> results = idpPage.getElementsByTagName("input");

    for (DomElement result : results) {
        if (getTokenName().equals(result.getAttributeNS(null, "name"))) {
            String value = result.getAttributeNS(null, "value");

            // Decode response
            byte[] deflatedToken = Base64Utility.decode(value);
            InputStream inputStream = new ByteArrayInputStream(deflatedToken);

            Document responseDoc = StaxUtils.read(new InputStreamReader(inputStream, "UTF-8"));

            // Modify SignatureValue
            String signatureNamespace = "http://www.w3.org/2000/09/xmldsig#";
            Node signatureValue =
                responseDoc.getElementsByTagNameNS(signatureNamespace, "SignatureValue").item(0);
            signatureValue.setTextContent("H" + signatureValue.getTextContent());

            // Re-encode response
            String responseMessage = DOM2Writer.nodeToString(responseDoc);
            result.setAttributeNS(null, "value", Base64Utility.encode(responseMessage.getBytes()));
        }
    }

    // Invoke back on the RP

    final HtmlForm form = idpPage.getFormByName(getLoginFormName());
    final HtmlSubmitInput button = form.getInputByName("_eventId_submit");

    try {
        button.click();
        Assert.fail("Failure expected on a modified signature");
    } catch (FailingHttpStatusCodeException ex) {
        // expected
        Assert.assertTrue(401 == ex.getStatusCode() || 403 == ex.getStatusCode());
    }

    webClient.close();
}