@Test
 public void testBuildAuthnRequestObject() throws Exception {
   String consumerUrl = "http://someurl.com";
   String idpUrl = "http://idp.domain.example";
   String spId = "cloudstack";
   String authnId = SAMLUtils.generateSecureRandomId();
   AuthnRequest req = SAMLUtils.buildAuthnRequestObject(authnId, spId, idpUrl, consumerUrl);
   assertEquals(req.getAssertionConsumerServiceURL(), consumerUrl);
   assertEquals(req.getDestination(), idpUrl);
   assertEquals(req.getIssuer().getValue(), spId);
 }
  @Test
  public void testX509Helpers() throws Exception {
    KeyPair keyPair = SAMLUtils.generateRandomKeyPair();

    String privateKeyString = SAMLUtils.savePrivateKey(keyPair.getPrivate());
    String publicKeyString = SAMLUtils.savePublicKey(keyPair.getPublic());

    PrivateKey privateKey = SAMLUtils.loadPrivateKey(privateKeyString);
    PublicKey publicKey = SAMLUtils.loadPublicKey(publicKeyString);

    assertTrue(privateKey.equals(keyPair.getPrivate()));
    assertTrue(publicKey.equals(keyPair.getPublic()));
  }
 @Test
 public void testBuildLogoutRequest() throws Exception {
   String logoutUrl = "http://logoutUrl";
   String spId = "cloudstack";
   String nameId = "_12345";
   LogoutRequest req = SAMLUtils.buildLogoutRequest(logoutUrl, spId, nameId);
   assertEquals(req.getDestination(), logoutUrl);
   assertEquals(req.getIssuer().getValue(), spId);
 }
 @Test
 public void testGenerateSecureRandomId() throws Exception {
   assertTrue(SAMLUtils.generateSecureRandomId().length() > 0);
 }
  @Test
  public void testAuthenticate() throws Exception {
    SAML2LoginAPIAuthenticatorCmd cmd = Mockito.spy(new SAML2LoginAPIAuthenticatorCmd());

    Field apiServerField = SAML2LoginAPIAuthenticatorCmd.class.getDeclaredField("_apiServer");
    apiServerField.setAccessible(true);
    apiServerField.set(cmd, apiServer);

    Field managerField = SAML2LoginAPIAuthenticatorCmd.class.getDeclaredField("_samlAuthManager");
    managerField.setAccessible(true);
    managerField.set(cmd, samlAuthManager);

    Field accountServiceField = BaseCmd.class.getDeclaredField("_accountService");
    accountServiceField.setAccessible(true);
    accountServiceField.set(cmd, accountService);

    Field domainMgrField = SAML2LoginAPIAuthenticatorCmd.class.getDeclaredField("_domainMgr");
    domainMgrField.setAccessible(true);
    domainMgrField.set(cmd, domainMgr);

    Field userAccountDaoField =
        SAML2LoginAPIAuthenticatorCmd.class.getDeclaredField("_userAccountDao");
    userAccountDaoField.setAccessible(true);
    userAccountDaoField.set(cmd, userAccountDao);

    String spId = "someSPID";
    String url = "someUrl";
    KeyPair kp = SAMLUtils.generateRandomKeyPair();
    X509Certificate cert = SAMLUtils.generateRandomX509Certificate(kp);

    SAMLProviderMetadata providerMetadata = new SAMLProviderMetadata();
    providerMetadata.setEntityId("random");
    providerMetadata.setSigningCertificate(cert);
    providerMetadata.setEncryptionCertificate(cert);
    providerMetadata.setKeyPair(kp);
    providerMetadata.setSsoUrl("http://test.local");
    providerMetadata.setSloUrl("http://test.local");

    Mockito.when(session.getAttribute(Mockito.anyString())).thenReturn(null);

    Mockito.when(domain.getId()).thenReturn(1L);
    Mockito.when(domainMgr.getDomain(Mockito.anyString())).thenReturn(domain);
    UserAccountVO user = new UserAccountVO();
    user.setId(1000L);
    Mockito.when(userAccountDao.getUserAccount(Mockito.anyString(), Mockito.anyLong()))
        .thenReturn(user);
    Mockito.when(apiServer.verifyUser(Mockito.anyLong())).thenReturn(false);
    Mockito.when(samlAuthManager.getSPMetadata()).thenReturn(providerMetadata);
    Mockito.when(samlAuthManager.getIdPMetadata(Mockito.anyString())).thenReturn(providerMetadata);

    Map<String, Object[]> params = new HashMap<String, Object[]>();

    // SSO redirection test
    cmd.authenticate(
        "command",
        params,
        session,
        InetAddress.getByName("127.0.0.1"),
        HttpUtils.RESPONSE_TYPE_JSON,
        new StringBuilder(),
        req,
        resp);
    Mockito.verify(resp, Mockito.times(1)).sendRedirect(Mockito.anyString());

    // SSO SAMLResponse verification test, this should throw ServerApiException for auth failure
    params.put(SAMLPluginConstants.SAML_RESPONSE, new String[] {"Some String"});
    Mockito.stub(cmd.processSAMLResponse(Mockito.anyString())).toReturn(buildMockResponse());
    try {
      cmd.authenticate(
          "command",
          params,
          session,
          InetAddress.getByName("127.0.0.1"),
          HttpUtils.RESPONSE_TYPE_JSON,
          new StringBuilder(),
          req,
          resp);
    } catch (ServerApiException ignored) {
    }
    Mockito.verify(userAccountDao, Mockito.times(0))
        .getUserAccount(Mockito.anyString(), Mockito.anyLong());
    Mockito.verify(apiServer, Mockito.times(0)).verifyUser(Mockito.anyLong());
  }