[jboss-cvs] Picketlink SVN: r877 - in federation/trunk/picketlink-fed-core/src: test/java/org/picketlink/test/identity/federation/core/saml/v2/util and 1 other directory.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Tue Apr 12 22:51:35 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-04-12 22:51:34 -0400 (Tue, 12 Apr 2011)
New Revision: 877
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java
Log:
PLFED-170: assertion util getRoles
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-04-12 18:23:27 UTC (rev 876)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-04-13 02:51:34 UTC (rev 877)
@@ -21,6 +21,10 @@
*/
package org.picketlink.identity.federation.core.saml.v2.util;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Set;
+
import javax.xml.datatype.XMLGregorianCalendar;
import org.apache.log4j.Logger;
@@ -28,9 +32,13 @@
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.assertion.StatementAbstractType;
+import org.w3c.dom.Node;
/**
* Utility to deal with assertions
@@ -38,10 +46,11 @@
* @since Jun 3, 2009
*/
public class AssertionUtil
-{
+{
private static Logger log = Logger.getLogger(AssertionUtil.class);
+
private static boolean trace = log.isTraceEnabled();
-
+
/**
* Create an assertion
* @param id
@@ -57,13 +66,13 @@
}
catch (ConfigurationException e)
{
- throw new RuntimeException( e );
+ throw new RuntimeException(e);
}
- AssertionType assertion = new AssertionType( id, issueInstant, JBossSAMLConstants.VERSION_2_0.get() );
- assertion.setIssuer( issuer );
- return assertion;
+ AssertionType assertion = new AssertionType(id, issueInstant, JBossSAMLConstants.VERSION_2_0.get());
+ assertion.setIssuer(issuer);
+ return assertion;
}
-
+
/**
* Create an attribute type
* @param name Name of the attribute
@@ -71,22 +80,21 @@
* @param attributeValues an object array of attribute values
* @return
*/
- public static AttributeType createAttribute(String name, String nameFormat,
- Object... attributeValues)
- {
- AttributeType att = new AttributeType( name );
+ public static AttributeType createAttribute(String name, String nameFormat, Object... attributeValues)
+ {
+ AttributeType att = new AttributeType(name);
att.setNameFormat(nameFormat);
- if(attributeValues != null && attributeValues.length > 0)
+ if (attributeValues != null && attributeValues.length > 0)
{
- for(Object attributeValue:attributeValues)
+ for (Object attributeValue : attributeValues)
{
att.addAttributeValue(attributeValue);
- }
+ }
}
-
+
return att;
}
-
+
/**
* <p>
* Add validity conditions to the SAML2 Assertion
@@ -100,20 +108,20 @@
* @throws ConfigurationException
* @throws IssueInstantMissingException
*/
- public static void createTimedConditions(AssertionType assertion, long durationInMilis)
- throws ConfigurationException, IssueInstantMissingException
+ public static void createTimedConditions(AssertionType assertion, long durationInMilis)
+ throws ConfigurationException, IssueInstantMissingException
{
XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
- if(issueInstant == null)
+ if (issueInstant == null)
throw new IssueInstantMissingException("assertion does not have issue instant");
XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis);
ConditionsType conditionsType = new ConditionsType();
conditionsType.setNotBefore(issueInstant);
conditionsType.setNotOnOrAfter(assertionValidityLength);
-
- assertion.setConditions(conditionsType);
+
+ assertion.setConditions(conditionsType);
}
-
+
/**
* Add validity conditions to the SAML2 Assertion
* @param assertion
@@ -121,24 +129,24 @@
* @throws ConfigurationException
* @throws IssueInstantMissingException
*/
- public static void createTimedConditions(AssertionType assertion, long durationInMilis, long clockSkew )
- throws ConfigurationException, IssueInstantMissingException
+ public static void createTimedConditions(AssertionType assertion, long durationInMilis, long clockSkew)
+ throws ConfigurationException, IssueInstantMissingException
{
XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
- if(issueInstant == null)
+ if (issueInstant == null)
throw new IssueInstantMissingException("assertion does not have issue instant");
- XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add( issueInstant, durationInMilis + clockSkew );
-
+ XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant, durationInMilis + clockSkew);
+
ConditionsType conditionsType = new ConditionsType();
-
- XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew );
-
- conditionsType.setNotBefore( beforeInstant );
+
+ XMLGregorianCalendar beforeInstant = XMLTimeUtil.subtract(issueInstant, clockSkew);
+
+ conditionsType.setNotBefore(beforeInstant);
conditionsType.setNotOnOrAfter(assertionValidityLength);
-
- assertion.setConditions(conditionsType);
+
+ assertion.setConditions(conditionsType);
}
-
+
/**
* Check whether the assertion has expired
* @param assertion
@@ -148,41 +156,90 @@
public static boolean hasExpired(AssertionType assertion) throws ConfigurationException
{
boolean expiry = false;
-
+
//Check for validity of assertion
ConditionsType conditionsType = assertion.getConditions();
- if(conditionsType != null)
+ if (conditionsType != null)
{
XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
- if(trace) log.trace("Now="+now.toXMLFormat() + " ::notBefore="+notBefore.toXMLFormat()
- + "::notOnOrAfter="+notOnOrAfter);
- expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter);
- if( expiry )
+ if (trace)
+ log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter="
+ + notOnOrAfter);
+ expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter);
+ if (expiry)
{
- log.info( "Assertion has expired with id=" + assertion.getID() );
+ log.info("Assertion has expired with id=" + assertion.getID());
}
}
-
+
//TODO: if conditions do not exist, assume the assertion to be everlasting?
- return expiry;
- }
-
+ return expiry;
+ }
+
/**
* Extract the expiration time from an {@link AssertionType}
* @param assertion
* @return
*/
- public static XMLGregorianCalendar getExpiration( AssertionType assertion )
+ public static XMLGregorianCalendar getExpiration(AssertionType assertion)
{
XMLGregorianCalendar expiry = null;
-
+
ConditionsType conditionsType = assertion.getConditions();
- if(conditionsType != null)
+ if (conditionsType != null)
{
expiry = conditionsType.getNotOnOrAfter();
}
- return expiry;
+ return expiry;
}
+
+ /**
+ * Given an assertion, return the list of roles it may have
+ * @param assertion The {@link AssertionType}
+ * @param roleKeys a list of string values representing the role keys. The list can be null.
+ * @return
+ */
+ public static List<String> getRoles(AssertionType assertion, List<String> roleKeys)
+ {
+ List<String> roles = new ArrayList<String>();
+ Set<StatementAbstractType> statements = assertion.getStatements();
+ for (StatementAbstractType statement : statements)
+ {
+ if (statement instanceof AttributeStatementType)
+ {
+ AttributeStatementType attributeStatement = (AttributeStatementType) statement;
+ List<ASTChoiceType> attList = attributeStatement.getAttributes();
+ for (ASTChoiceType obj : attList)
+ {
+ AttributeType attr = obj.getAttribute();
+ if (roleKeys != null && roleKeys.size() > 0)
+ {
+ if (!roleKeys.contains(attr.getName()))
+ continue;
+ }
+ List<Object> attributeValues = attr.getAttributeValue();
+ if (attributeValues != null)
+ {
+ for (Object attrValue : attributeValues)
+ {
+ if (attrValue instanceof String)
+ {
+ roles.add((String) attrValue);
+ }
+ else if (attrValue instanceof Node)
+ {
+ Node roleNode = (Node) attrValue;
+ roles.add(roleNode.getFirstChild().getNodeValue());
+ }
+ else
+ throw new RuntimeException("Unknown role object type : " + attrValue);
+ }
+ }
+ }
+ }
+ }
+ return roles;
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java 2011-04-12 18:23:27 UTC (rev 876)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java 2011-04-13 02:51:34 UTC (rev 877)
@@ -21,64 +21,93 @@
*/
package org.picketlink.test.identity.federation.core.saml.v2.util;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.InputStream;
+import java.util.List;
+
import javax.xml.datatype.XMLGregorianCalendar;
-import junit.framework.TestCase;
-
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.ConditionsType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.newmodel.saml.v2.protocol.ResponseType.RTChoiceType;
/**
* Unit test the AssertionUtil
* @author Anil.Saldhana at redhat.com
* @since Jun 3, 2009
*/
-public class AssertionUtilUnitTestCase extends TestCase
-{
-
+public class AssertionUtilUnitTestCase
+{
+ @Test
public void testValidAssertion() throws Exception
{
- NameIDType nameIdType = new NameIDType();
+ NameIDType nameIdType = new NameIDType();
nameIdType.setValue("somename");
-
- AssertionType assertion = new AssertionType( "SomeID", XMLTimeUtil.getIssueInstant(), JBossSAMLConstants.VERSION_2_0.get() );
+
+ AssertionType assertion = new AssertionType("SomeID", XMLTimeUtil.getIssueInstant(),
+ JBossSAMLConstants.VERSION_2_0.get());
assertion.setIssuer(nameIdType);
-
+
//Assertions with no conditions are everlasting
assertTrue(AssertionUtil.hasExpired(assertion) == false);
-
+
XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
-
+
XMLGregorianCalendar sometimeLater = XMLTimeUtil.add(now, 5555);
-
+
ConditionsType conditions = new ConditionsType();
conditions.setNotBefore(now);
conditions.setNotOnOrAfter(sometimeLater);
- assertion.setConditions(conditions);
+ assertion.setConditions(conditions);
assertTrue(AssertionUtil.hasExpired(assertion) == false);
}
-
+
+ @Test
public void testExpiredAssertion() throws Exception
{
-
NameIDType nameIdType = new NameIDType();
nameIdType.setValue("somename");
-
- AssertionType assertion = new AssertionType( "SomeID", XMLTimeUtil.getIssueInstant(), JBossSAMLConstants.VERSION_2_0.get());
- assertion.setIssuer(nameIdType);
-
+
+ AssertionType assertion = new AssertionType("SomeID", XMLTimeUtil.getIssueInstant(),
+ JBossSAMLConstants.VERSION_2_0.get());
+ assertion.setIssuer(nameIdType);
+
XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
-
+
XMLGregorianCalendar sometimeAgo = XMLTimeUtil.subtract(now, 55555);
-
+
ConditionsType conditions = new ConditionsType();
- conditions.setNotBefore(XMLTimeUtil.subtract(now,55575));
+ conditions.setNotBefore(XMLTimeUtil.subtract(now, 55575));
conditions.setNotOnOrAfter(sometimeAgo);
- assertion.setConditions(conditions);
+ assertion.setConditions(conditions);
assertTrue(AssertionUtil.hasExpired(assertion));
- }
+ }
+
+ @Test
+ public void testRoleExtraction() throws Exception
+ {
+ String file = "parser/saml2/saml2-response-assertion-subject.xml";
+ InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(file);
+ assertNotNull(is);
+ SAMLParser parser = new SAMLParser();
+ ResponseType response = (ResponseType) parser.parse(is);
+ List<RTChoiceType> assertionList = response.getAssertions();
+ assertEquals(1, assertionList.size());
+ RTChoiceType rtc = assertionList.get(0);
+ AssertionType assertion = rtc.getAssertion();
+ List<String> roles = AssertionUtil.getRoles(assertion, null);
+ assertEquals(2, roles.size());
+ assertTrue(roles.contains("manager"));
+ assertTrue(roles.contains("employee"));
+ }
}
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list