This commit should improve testing

Although not very happy with this solution, it gives the ability to
write tests against concrete implementations.

Writing "plain" unit tests against the Montoya API is currently not
possible because the concrete implementation to those interfaces is
missing and only available during runtime. See also:
PortSwigger/burp-extensions-montoya-api#97

This commit provides a new Tab in DEBUG mode where tests can be run
against concrete implementations during runtime. -> Semi-automated
testing.

build.gradle

@@ -17,6 +17,7 @@ dependencies {
 	compileOnly libs.net.portswigger.burp.extensions.montoya.api
 	compileOnly libs.org.bouncycastle.bcpkix.jdk15on
 
+	implementation libs.com.google.guava
 	implementation libs.com.sun.xml.security.xml.security.impl
 	implementation libs.org.apache.santuario.xmlsec
 	implementation libs.xerces.xercesimpl

gradle/libs.versions.toml

@@ -1,4 +1,5 @@
 [versions]
+com-google-guava = "33.2.1-jre"
 com-sun-xml-security-xml-security-impl = "1.0"
 net-portswigger-burp-extensions-montoya-api = "2023.12.1"
 org-apache-santuario-xmlsec = "2.1.7"
@@ -7,6 +8,7 @@ org-junit-jupiter = "5.10.2"
 xerces-xercesimpl = "2.12.2"
 
 [libraries]
+com-google-guava = { module = "com.google.guava:guava", version.ref = "com-google-guava"}
 com-sun-xml-security-xml-security-impl = { module = "com.sun.xml.security:xml-security-impl", version.ref = "com-sun-xml-security-xml-security-impl" }
 net-portswigger-burp-extensions-montoya-api = { module = "net.portswigger.burp.extensions:montoya-api", version.ref = "net-portswigger-burp-extensions-montoya-api" }
 org-apache-santuario-xmlsec = { module = "org.apache.santuario:xmlsec", version.ref = "org-apache-santuario-xmlsec" }

src/main/java/burp/BurpExtender.java

@@ -10,8 +10,10 @@
 import burp.api.montoya.ui.editor.extension.ExtensionProvidedHttpRequestEditor;
 import burp.api.montoya.ui.editor.extension.HttpRequestEditorProvider;
 import gui.CertificateTab;
+import helpers.Flags;
 import java.io.BufferedReader;
 import java.io.InputStreamReader;
+import livetesting.LiveTestingTab;
 
 import static java.util.Objects.requireNonNull;
 
@@ -34,6 +36,11 @@ public void initialize(MontoyaApi api) {
         certificateTab.setCertificateTabController(certificateTabController);
         api.userInterface().registerSuiteTab(certificateTabController.getTabCaption(), certificateTabController.getUiComponent());
 
+        if (Flags.DEBUG) {
+            var liveTestingTab = new LiveTestingTab();
+            api.userInterface().registerSuiteTab(liveTestingTab.caption(), liveTestingTab);
+        }
+
         this.samlHighlighter = new SAMLHighlighter(this.certificateTab::getSamlRequestParameterName, this.certificateTab::getSamlResponseParameterName);
         api.http().registerHttpHandler(samlHighlighter);
 

src/main/java/helpers/Flags.java

@@ -1,8 +1,5 @@
 package helpers;
 
 public class Flags {
-
-	// Write SAMLRaiderDebug.log and load example certificates
-	public static final boolean DEBUG = false;
-
+	public static final boolean DEBUG = true;
 }

src/main/java/livetesting/LiveTestingTab.java

@@ -0,0 +1,113 @@
+package livetesting;
+
+import burp.BurpExtender;
+import com.google.common.reflect.ClassPath;
+import java.awt.BorderLayout;
+import java.awt.Color;
+import java.awt.Font;
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+import java.util.Arrays;
+import java.util.stream.Collectors;
+import javax.swing.JButton;
+import javax.swing.JPanel;
+import javax.swing.JScrollPane;
+import javax.swing.JTextPane;
+import javax.swing.border.EmptyBorder;
+import javax.swing.text.BadLocationException;
+import javax.swing.text.SimpleAttributeSet;
+import javax.swing.text.StyleConstants;
+
+public class LiveTestingTab extends JPanel {
+
+    public LiveTestingTab() {
+        setBorder(new EmptyBorder(10, 10, 10, 10));
+        var textPane = new JTextPane();
+        textPane.setEditable(false);
+        textPane.setBackground(Color.BLACK);
+        textPane.setForeground(Color.WHITE);
+        textPane.setFont(new Font(Font.MONOSPACED, Font.PLAIN, 14));
+
+        var button = new JButton("Run tests");
+
+        setLayout(new BorderLayout(10, 10));
+        add(new JScrollPane(textPane), BorderLayout.CENTER);
+        add(button, BorderLayout.SOUTH);
+
+        button.addActionListener(listener -> {
+            textPane.setText("");
+
+            var document = textPane.getStyledDocument();
+
+            var inRed = new SimpleAttributeSet();
+            inRed.addAttribute(StyleConstants.Foreground, Color.RED);
+
+            var inGreen = new SimpleAttributeSet();
+            inGreen.addAttribute(StyleConstants.Foreground, Color.GREEN);
+
+            try {
+                var classLoader = this.getClass().getClassLoader();
+
+                var testClasses =
+                        ClassPath.from(classLoader)
+                                .getTopLevelClassesRecursive("livetesting")
+                                .stream()
+                                .filter(classInfo -> classInfo.getName().endsWith("Test"))
+                                .map(ClassPath.ClassInfo::load)
+                                .collect(Collectors.toSet());
+
+                for (var testClass : testClasses) {
+                    document.insertString(document.getLength(), "%s\n".formatted(testClass.getSimpleName()), null);
+                    var testInstance = testClass.getDeclaredConstructor().newInstance();
+
+                    var testMethods = Arrays.stream(testClass.getDeclaredMethods())
+                            .filter(method -> method.canAccess(testInstance))
+                            .filter(method -> method.getReturnType().equals(TestResult.class))
+                            .collect(Collectors.toSet());
+
+                    for (var testMethod : testMethods) {
+                        document.insertString(document.getLength(), "  %s... ".formatted(testMethod.getName()), null);
+                        var result = (TestResult) testMethod.invoke(testInstance);
+                        document.insertString(
+                                document.getLength(),
+                                result.success() ? "success" : "failed",
+                                result.success() ? inGreen : inRed);
+                        if (result.message() != null) {
+                            document.insertString(
+                                    document.getLength(),
+                                    "\n%s".formatted(result.message()),
+                                    inRed);
+                        }
+                        if (result.throwable() != null) {
+                            var byteArrayOutputStream = new ByteArrayOutputStream();
+                            var printStream = new PrintStream(byteArrayOutputStream);
+                            result.throwable().printStackTrace(printStream);
+                            document.insertString(
+                                    document.getLength(),
+                                    "\n%s".formatted(byteArrayOutputStream.toString()),
+                                    inRed);
+                        }
+                        document.insertString(document.getLength(), "\n", null);
+                    }
+                }
+            } catch (Exception exc) {
+                BurpExtender.api.logging().logToError(exc);
+                var byteArrayOutputStream = new ByteArrayOutputStream();
+                var printStream = new PrintStream(byteArrayOutputStream);
+                exc.printStackTrace(printStream);
+                try {
+                    document.insertString(
+                            document.getLength(),
+                            "\n%s".formatted(byteArrayOutputStream.toString()),
+                            inRed);
+                } catch (BadLocationException exc1) {
+                    BurpExtender.api.logging().logToError(exc1);
+                }
+            }
+        });
+    }
+
+    public String caption() {
+        return "SAML Raider Live Testing";
+    }
+}

src/main/java/livetesting/SamlMessageAnalyzerTest.java

@@ -0,0 +1,40 @@
+package livetesting;
+
+import application.SamlMessageAnalyzer;
+import burp.api.montoya.http.message.requests.HttpRequest;
+
+public class SamlMessageAnalyzerTest {
+
+    public TestResult isSAMLMessage() {
+        var raw = """
+                POST /api/oauth/saml HTTP/1.1
+                Host: sso.eu.boxyhq.com
+                Content-Length: 9984
+                Cache-Control: max-age=0
+                Sec-Ch-Ua: "Chromium";v="125", "Not.A/Brand";v="24"
+                Sec-Ch-Ua-Mobile: ?0
+                Sec-Ch-Ua-Platform: "Linux"
+                Upgrade-Insecure-Requests: 1
+                Origin: https://mocksaml.com
+                Content-Type: application/x-www-form-urlencoded
+                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.6422.112 Safari/537.36
+                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
+                Sec-Fetch-Site: cross-site
+                Sec-Fetch-Mode: navigate
+                Sec-Fetch-User: ?1
+                Sec-Fetch-Dest: document
+                Referer: https://mocksaml.com/
+                Accept-Encoding: gzip, deflate, br
+                Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
+                Priority: u=0, i
+                Connection: keep-alive
+                                
+                RelayState=undefined&SAMLResponse=PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48c2FtbHA6UmVzcG9uc2UgRGVzdGluYXRpb249Imh0dHBzOi8vc3NvLmV1LmJveHlocS5jb20vYXBpL29hdXRoL3NhbWwiIElEPSJfNjhiYmM3NDlmM2Q5Nzc4Yzg4MDAiIElzc3VlSW5zdGFudD0iMjAyNC0wNi0xN1QwODo0OTo1NS40NzhaIiBWZXJzaW9uPSIyLjAiIHhtbG5zOnNhbWxwPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6cHJvdG9jb2wiIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSI%2BPHNhbWw6SXNzdWVyIEZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOm5hbWVpZC1mb3JtYXQ6ZW50aXR5IiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj5odHRwczovL3NhbWwuZXhhbXBsZS5jb20vZW50aXR5aWQ8L3NhbWw6SXNzdWVyPjxTaWduYXR1cmUgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyMiPjxTaWduZWRJbmZvPjxDYW5vbmljYWxpemF0aW9uTWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8xMC94bWwtZXhjLWMxNG4jIi8%2BPFNpZ25hdHVyZU1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZHNpZy1tb3JlI3JzYS1zaGEyNTYiLz48UmVmZXJlbmNlIFVSST0iI182OGJiYzc0OWYzZDk3NzhjODgwMCI%2BPFRyYW5zZm9ybXM%2BPFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvMDkveG1sZHNpZyNlbnZlbG9wZWQtc2lnbmF0dXJlIi8%2BPFRyYW5zZm9ybSBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjwvVHJhbnNmb3Jtcz48RGlnZXN0TWV0aG9kIEFsZ29yaXRobT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS8wNC94bWxlbmMjc2hhMjU2Ii8%2BPERpZ2VzdFZhbHVlPlJXdzlOL2pVK2w5WldUUjZ2dDJxeDNSYm1lNERyY1lvakFCb3I1RjRNdVE9PC9EaWdlc3RWYWx1ZT48L1JlZmVyZW5jZT48L1NpZ25lZEluZm8%2BPFNpZ25hdHVyZVZhbHVlPkdxa0FOY3FyWGZTNDF3dDhMQXRIVDAwWFpUVFZUQlhJSTZHSzZlaldIUVVkMkMrL2cwcjZHSWh0bmxyWDB4U1hpNUtQdG1yV1JiTEpjWU5VVW4rWEx5L21Ic2VLaDBlWXJVWXQxaDA2WHVMSk5NQitMSjBGZGxqSzEzZUZxOFFTR2lWemRWd1lKVWtnZjFNNlByUXZLNVVMOVpiaXhCU2VIcFFaS1FWYjNPN3grNG5UOG5Da3NuUFFjaElxME9Za1plOWhYTW9FZ2hDSG1jQ3Qwa2ZaZjAwMWdJSmZVTGhLM3R1c25KSGM3aktTL21oNVQ5MWlvUWpkNy9qUzBRcUVpWDFnMjdvUzEwaEhONDlLK0d2ZVdGOXB4U2kwaDFrVG52dzFlc0NnYTBud25QVm9QRGJJelcxS1hXTXJEajVyd2VEVHZ5WmFBRGs4WUJQMFNzR1hLdz09PC9TaWduYXR1cmVWYWx1ZT48S2V5SW5mbz48WDUwOURhdGE%2BPFg1MDlDZXJ0aWZpY2F0ZT5NSUlDNGpDQ0Fjb0NDUUMzM3dueWJUNVFaREFOQmdrcWhraUc5dzBCQVFzRkFEQXlNUXN3Q1FZRFZRUUdFd0pWClN6RVBNQTBHQTFVRUNnd0dRbTk0ZVVoUk1SSXdFQVlEVlFRRERBbE5iMk5ySUZOQlRVd3dJQmNOTWpJd01qSTQKTWpFME5qTTRXaGdQTXpBeU1UQTNNREV5TVRRMk16aGFNREl4Q3pBSkJnTlZCQVlUQWxWTE1ROHdEUVlEVlFRSwpEQVpDYjNoNVNGRXhFakFRQmdOVkJBTU1DVTF2WTJzZ1UwRk5URENDQVNJd0RRWUpLb1pJaHZjTkFRRUJCUUFECmdnRVBBRENDQVFvQ2dnRUJBTEdmWWV0dE1zY3QxVDZ0VlV3VHVkTkpINVBuYjlHR25rWGk5WncvZTZ4NDVERDAKUnVST05iRmxKMlQ0UmpBRS91RytBalh4WFE4bzJTWmZiOStHZ21DSHVUSkZOZ0hvWjFuRlZYQ21iL0hnOEhwZAo0dk9BR1huZGl4YVJlT2lxM0VINVh2cE1qTWtKMys4KzlWWU16TVpPamtnUXRBcU8zNmVBRkZmTktYN2RUajNWCnB3TGt2ejYvS0ZDcThPQXdZK0FVaTRlWm01SjU3RDMxR3pqSHdmakg5V1RlWDBNeW5kbW5OQjFxVjc1cVFSM2IKMi9XNXNHSFJ2KzlBYXJnZ0prRitwdFVrWG9MdFZBNTF3Y2ZZbTZoSUxwdHBkZTVGUUM4UldZMVlyc3dCV0FFWgpOZnlyUjRKZVN3ZUVsTkhnNE5WT3M0VHdHak9Qd1dHcXpUZmdUbEVDQXdFQUFUQU5CZ2txaGtpRzl3MEJBUXNGCkFBT0NBUUVBQVlSbFlmbFNYQVdvWnBGZndOaUNRVkU1ZDl6WjBEUHpOZFdoQXliWGNUeU1mMHo1bURmNkZXQlcKNUd5b2k5dTNFTUVEbnpMY0pOa3dKQUFjMzlBcGE0STIvdG1sK0p5MjlkazhiVHlYNm05M25nbUNnZExoNVphNApraHVVM0FNM0w2M2c3VmV4Q3VPN2t3a2poLytMcWRjSVhzVkdPNlhEZnUyUU9zMVhwZTl6SXpMcHdtL1JOWWVYClVqYlNqNWNlL2pla3BBdzdxeVZWTDR4T3loOEF0VVcxZWszd0l3MU1KdkVnRVB0MGQxNm9zaFdKcG9TMU9UOEwKci8yMlN2WUVvM0VtU0dkVFZHZ2szeDNzK0EwcVdBcVRjeWpyN1E0cy9HS1lSRmZvbUd3ejBUWjRJdzFaTjk5TQptMGVvMlVTbFNSVFZsN1FIUlR1aXVTVGhIcExLUVE9PTwvWDUwOUNlcnRpZmljYXRlPjwvWDUwOURhdGE%2BPC9LZXlJbmZvPjwvU2lnbmF0dXJlPjxzYW1scDpTdGF0dXMgeG1sbnM6c2FtbHA9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpwcm90b2NvbCI%2BPHNhbWxwOlN0YXR1c0NvZGUgVmFsdWU9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpzdGF0dXM6U3VjY2VzcyIvPjwvc2FtbHA6U3RhdHVzPjxzYW1sOkFzc2VydGlvbiBJRD0iX2ZmYzM2NmY2ZTgxMWVjNjA3YTA1IiBJc3N1ZUluc3RhbnQ9IjIwMjQtMDYtMTdUMDg6NDk6NTUuNDc4WiIgVmVyc2lvbj0iMi4wIiB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIiB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiPjxzYW1sOklzc3VlciBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpuYW1laWQtZm9ybWF0OmVudGl0eSIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI%2BaHR0cHM6Ly9zYW1sLmV4YW1wbGUuY29tL2VudGl0eWlkPC9zYW1sOklzc3Vlcj48U2lnbmF0dXJlIHhtbG5zPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjIj48U2lnbmVkSW5mbz48Q2Fub25pY2FsaXphdGlvbk1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMTAveG1sLWV4Yy1jMTRuIyIvPjxTaWduYXR1cmVNZXRob2QgQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzA0L3htbGRzaWctbW9yZSNyc2Etc2hhMjU2Ii8%2BPFJlZmVyZW5jZSBVUkk9IiNfZmZjMzY2ZjZlODExZWM2MDdhMDUiPjxUcmFuc2Zvcm1zPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAwLzA5L3htbGRzaWcjZW52ZWxvcGVkLXNpZ25hdHVyZSIvPjxUcmFuc2Zvcm0gQWxnb3JpdGhtPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxLzEwL3htbC1leGMtYzE0biMiLz48L1RyYW5zZm9ybXM%2BPERpZ2VzdE1ldGhvZCBBbGdvcml0aG09Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvMDQveG1sZW5jI3NoYTI1NiIvPjxEaWdlc3RWYWx1ZT54a1NLdTRyeTFkUkw0cHlZb1RXR3hBNnc0bHBybVkybkxiemk1TXM3Vkw4PTwvRGlnZXN0VmFsdWU%2BPC9SZWZlcmVuY2U%2BPC9TaWduZWRJbmZvPjxTaWduYXR1cmVWYWx1ZT5laVh3b0hJRWJjN3paMHZ6YnhXdHNORXNaWDZsRnlNMTZQbXlKWk9mR3dkN1hqaSs5WXRTeDJxeGcxOWNaMUFnL1JzS3FNc1R5SmxOaUVMNU9CN0lzdGF6dmU4K29QY050ZXNnMEpBWTg1SHFRQnZXYmRxem9tSkF2OUVRakg3SkpBQk80azM4eUwvYWtLM3Z4Ky8yNWc3K2dESWNyNUxHc2thQkVTdnlDeTA2dVVtSjNVdDlTMWpIbzVkV3BZeEEvK3VKUmVBcHVGWE1mYUhpdmZ3bkhocldlZ3J4VDY4bGFnUXdzQU42NStTV0p3TFdlVDdLVk5XWVJGZUNweDVOWEpvaUovRkcxcm94MndSSUtRZHVDeHFpT0FDcXdnY0F5M1BDaExWK0k5Q3g1aUFZc0N2ZXZZVUhPcXNpU1JpNUVmeWVZWEtIeHV4dmRwYkJnTU43Wmc9PTwvU2lnbmF0dXJlVmFsdWU%2BPEtleUluZm8%2BPFg1MDlEYXRhPjxYNTA5Q2VydGlmaWNhdGU%2BTUlJQzRqQ0NBY29DQ1FDMzN3bnliVDVRWkRBTkJna3Foa2lHOXcwQkFRc0ZBREF5TVFzd0NRWURWUVFHRXdKVgpTekVQTUEwR0ExVUVDZ3dHUW05NGVVaFJNUkl3RUFZRFZRUUREQWxOYjJOcklGTkJUVXd3SUJjTk1qSXdNakk0Ck1qRTBOak00V2hnUE16QXlNVEEzTURFeU1UUTJNemhhTURJeEN6QUpCZ05WQkFZVEFsVkxNUTh3RFFZRFZRUUsKREFaQ2IzaDVTRkV4RWpBUUJnTlZCQU1NQ1Uxdlkyc2dVMEZOVERDQ0FTSXdEUVlKS29aSWh2Y05BUUVCQlFBRApnZ0VQQURDQ0FRb0NnZ0VCQUxHZllldHRNc2N0MVQ2dFZVd1R1ZE5KSDVQbmI5R0dua1hpOVp3L2U2eDQ1REQwClJ1Uk9OYkZsSjJUNFJqQUUvdUcrQWpYeFhROG8yU1pmYjkrR2dtQ0h1VEpGTmdIb1oxbkZWWENtYi9IZzhIcGQKNHZPQUdYbmRpeGFSZU9pcTNFSDVYdnBNak1rSjMrOCs5VllNek1aT2prZ1F0QXFPMzZlQUZGZk5LWDdkVGozVgpwd0xrdno2L0tGQ3E4T0F3WStBVWk0ZVptNUo1N0QzMUd6akh3ZmpIOVdUZVgwTXluZG1uTkIxcVY3NXFRUjNiCjIvVzVzR0hSdis5QWFyZ2dKa0YrcHRVa1hvTHRWQTUxd2NmWW02aElMcHRwZGU1RlFDOFJXWTFZcnN3QldBRVoKTmZ5clI0SmVTd2VFbE5IZzROVk9zNFR3R2pPUHdXR3F6VGZnVGxFQ0F3RUFBVEFOQmdrcWhraUc5dzBCQVFzRgpBQU9DQVFFQUFZUmxZZmxTWEFXb1pwRmZ3TmlDUVZFNWQ5elowRFB6TmRXaEF5YlhjVHlNZjB6NW1EZjZGV0JXCjVHeW9pOXUzRU1FRG56TGNKTmt3SkFBYzM5QXBhNEkyL3RtbCtKeTI5ZGs4YlR5WDZtOTNuZ21DZ2RMaDVaYTQKa2h1VTNBTTNMNjNnN1ZleEN1Tzdrd2tqaC8rTHFkY0lYc1ZHTzZYRGZ1MlFPczFYcGU5ekl6THB3bS9STlllWApVamJTajVjZS9qZWtwQXc3cXlWVkw0eE95aDhBdFVXMWVrM3dJdzFNSnZFZ0VQdDBkMTZvc2hXSnBvUzFPVDhMCnIvMjJTdllFbzNFbVNHZFRWR2drM3gzcytBMHFXQXFUY3lqcjdRNHMvR0tZUkZmb21Hd3owVFo0SXcxWk45OU0KbTBlbzJVU2xTUlRWbDdRSFJUdWl1U1RoSHBMS1FRPT08L1g1MDlDZXJ0aWZpY2F0ZT48L1g1MDlEYXRhPjwvS2V5SW5mbz48L1NpZ25hdHVyZT48c2FtbDpTdWJqZWN0IHhtbG5zOnNhbWw9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphc3NlcnRpb24iPjxzYW1sOk5hbWVJRCBGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjEuMTpuYW1laWQtZm9ybWF0OmVtYWlsQWRkcmVzcyI%2BamFja3NvbkBleGFtcGxlLmNvbTwvc2FtbDpOYW1lSUQ%2BPHNhbWw6U3ViamVjdENvbmZpcm1hdGlvbiBNZXRob2Q9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDpjbTpiZWFyZXIiPjxzYW1sOlN1YmplY3RDb25maXJtYXRpb25EYXRhIE5vdE9uT3JBZnRlcj0iMjAyNC0wNi0xN1QwODo1NDo1NS40NzhaIiBSZWNpcGllbnQ9Imh0dHBzOi8vc3NvLmV1LmJveHlocS5jb20vYXBpL29hdXRoL3NhbWwiLz48L3NhbWw6U3ViamVjdENvbmZpcm1hdGlvbj48L3NhbWw6U3ViamVjdD48c2FtbDpDb25kaXRpb25zIE5vdEJlZm9yZT0iMjAyNC0wNi0xN1QwODo0NDo1NS40NzhaIiBOb3RPbk9yQWZ0ZXI9IjIwMjQtMDYtMTdUMDg6NTQ6NTUuNDc4WiIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI%2BPHNhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48c2FtbDpBdWRpZW5jZT5odHRwczovL3NhbWwuYm94eWhxLmNvbTwvc2FtbDpBdWRpZW5jZT48L3NhbWw6QXVkaWVuY2VSZXN0cmljdGlvbj48L3NhbWw6Q29uZGl0aW9ucz48c2FtbDpBdXRoblN0YXRlbWVudCBBdXRobkluc3RhbnQ9IjIwMjQtMDYtMTdUMDg6NDk6NTUuNDc4WiIgeG1sbnM6c2FtbD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmFzc2VydGlvbiI%2BPHNhbWw6QXV0aG5Db250ZXh0PjxzYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPnVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphYzpjbGFzc2VzOlBhc3N3b3JkUHJvdGVjdGVkVHJhbnNwb3J0PC9zYW1sOkF1dGhuQ29udGV4dENsYXNzUmVmPjwvc2FtbDpBdXRobkNvbnRleHQ%2BPC9zYW1sOkF1dGhuU3RhdGVtZW50PjxzYW1sOkF0dHJpYnV0ZVN0YXRlbWVudCB4bWxuczpzYW1sPSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXNzZXJ0aW9uIj48c2FtbDpBdHRyaWJ1dGUgTmFtZT0iaWQiIE5hbWVGb3JtYXQ9InVybjpvYXNpczpuYW1lczp0YzpTQU1MOjIuMDphdHRybmFtZS1mb3JtYXQ6dW5zcGVjaWZpZWQiPjxzYW1sOkF0dHJpYnV0ZVZhbHVlIHhtbG5zOnhzPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYSIgeG1sbnM6eHNpPSJodHRwOi8vd3d3LnczLm9yZy8yMDAxL1hNTFNjaGVtYS1pbnN0YW5jZSIgeHNpOnR5cGU9InhzOnN0cmluZyI%2BMWRkYTlmYjQ5MWRjMDFiZDI0ZDI0MjNiYTJmMjJhZTU2MWY1NmRkZjIzNzZiMjlhMTFjODAyODFkMjEyMDFmOTwvc2FtbDpBdHRyaWJ1dGVWYWx1ZT48L3NhbWw6QXR0cmlidXRlPjxzYW1sOkF0dHJpYnV0ZSBOYW1lPSJlbWFpbCIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1bnNwZWNpZmllZCI%2BPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5qYWNrc29uQGV4YW1wbGUuY29tPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU%2BPHNhbWw6QXR0cmlidXRlIE5hbWU9ImZpcnN0TmFtZSIgTmFtZUZvcm1hdD0idXJuOm9hc2lzOm5hbWVzOnRjOlNBTUw6Mi4wOmF0dHJuYW1lLWZvcm1hdDp1bnNwZWNpZmllZCI%2BPHNhbWw6QXR0cmlidXRlVmFsdWUgeG1sbnM6eHM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hIiB4bWxuczp4c2k9Imh0dHA6Ly93d3cudzMub3JnLzIwMDEvWE1MU2NoZW1hLWluc3RhbmNlIiB4c2k6dHlwZT0ieHM6c3RyaW5nIj5qYWNrc29uPC9zYW1sOkF0dHJpYnV0ZVZhbHVlPjwvc2FtbDpBdHRyaWJ1dGU%2BPHNhbWw6QXR0cmlidXRlIE5hbWU9Imxhc3ROYW1lIiBOYW1lRm9ybWF0PSJ1cm46b2FzaXM6bmFtZXM6dGM6U0FNTDoyLjA6YXR0cm5hbWUtZm9ybWF0OnVuc3BlY2lmaWVkIj48c2FtbDpBdHRyaWJ1dGVWYWx1ZSB4bWxuczp4cz0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEiIHhtbG5zOnhzaT0iaHR0cDovL3d3dy53My5vcmcvMjAwMS9YTUxTY2hlbWEtaW5zdGFuY2UiIHhzaTp0eXBlPSJ4czpzdHJpbmciPmphY2tzb248L3NhbWw6QXR0cmlidXRlVmFsdWU%2BPC9zYW1sOkF0dHJpYnV0ZT48L3NhbWw6QXR0cmlidXRlU3RhdGVtZW50Pjwvc2FtbDpBc3NlcnRpb24%2BPC9zYW1scDpSZXNwb25zZT4%3D""";
+
+        var request = HttpRequest.httpRequest(raw);
+        var analysis = SamlMessageAnalyzer.analyze(request, "SAMLRequest", "SAMLResponse");
+        var success = analysis.isSAMLMessage();
+        return new TestResult(success, null, null);
+    }
+
+}

src/main/java/livetesting/TestResult.java

@@ -0,0 +1,4 @@
+package livetesting;
+
+public record TestResult(boolean success,       String message, Throwable throwable) {
+}