[jboss-cvs] Picketlink SVN: r1124 - in product/trunk/picketlink-core/src: main/java/org/picketlink/identity/federation/core/saml/v2/constants and 17 other directories.
jboss-cvs-commits at lists.jboss.org
jboss-cvs-commits at lists.jboss.org
Mon Jul 25 15:24:07 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-07-25 15:24:06 -0400 (Mon, 25 Jul 2011)
New Revision: 1124
Added:
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/ConfigUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/MetadataToSPTypeUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/PBEUtilsUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/STSConfigParserUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/DOMTransformerTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/SystemPropertyAsStringUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/AbstractParserTest.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11AssertionParserTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11ResponseParserTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParserTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResponseParserTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAttributeQueryParserTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloRequestParserTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloResponseParserTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTResponseAssertionHOKCertificateTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchIssueParsingTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueAppliesToTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicCertificateTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicKeyTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustOnBehalfOfTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/FileBasedMetadataConfigurationStoreUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataWriterUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/stax/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/stax/DomElementToStaxWritingTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/util/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/util/KeystoreUtilUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/util/XMLTimeUtilUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSConfigUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/STSClientConfigUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/TestPrincipal.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/auth/
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/handlers/
product/trunk/picketlink-core/src/test/resources/parser/saml2/saml2-response-adfs-claims.xml
product/trunk/picketlink-core/src/test/resources/saml/v2/response/
product/trunk/picketlink-core/src/test/resources/saml/v2/response/saml2-response-adfs-claims.xml
Modified:
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java
Log:
merge in r1108
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java 2011-07-25 19:06:43 UTC (rev 1123)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -45,6 +45,7 @@
import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextClassRefType;
import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextDeclRefType;
import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextType;
+import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextType.AuthnContextTypeSequence;
import org.picketlink.identity.federation.saml.v2.assertion.AuthnStatementType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.saml.v2.assertion.SubjectLocalityType;
@@ -310,7 +311,10 @@
String text = StaxParserUtil.getElementText(xmlEventReader);
AuthnContextClassRefType aAuthnContextClassRefType = new AuthnContextClassRefType(URI.create(text));
- authnContextType.addURIType(aAuthnContextClassRefType);
+ AuthnContextTypeSequence authnContextSequence = authnContextType.new AuthnContextTypeSequence();
+ authnContextSequence.setClassRef(aAuthnContextClassRefType);
+
+ authnContextType.setSequence(authnContextSequence);
EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
StaxParserUtil.validate(endElement, JBossSAMLConstants.AUTHN_CONTEXT.get());
}
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java
___________________________________________________________________
Added: svn:mergeinfo
+ /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAMLParserUtil.java:1095-1108
Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2011-07-25 19:06:43 UTC (rev 1123)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -36,13 +36,36 @@
AC_UNSPECIFIED("urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified"),
AC_IP("urn:oasis:names:tc:SAML:2.0:ac:classes:InternetProtocol"),
-
- BEARER( "urn:oasis:names:tc:SAML:2.0:cm:bearer" ),
-
ASSERTION_NSURI("urn:oasis:names:tc:SAML:2.0:assertion"),
ATTRIBUTE_FORMAT_BASIC("urn:oasis:names:tc:SAML:2.0:attrname-format:basic"),
ATTRIBUTE_FORMAT_URI("urn:oasis:names:tc:SAML:2.0:attrname-format:uri"),
+
+
+ BEARER( "urn:oasis:names:tc:SAML:2.0:cm:bearer" ),
+ CLAIMS_EMAIL_ADDRESS_2005( "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress"),
+ CLAIMS_EMAIL_ADDRESS( "http://schemas.xmlsoap.org/claims/EmailAddress"),
+ CLAIMS_GIVEN_NAME( "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname"),
+ CLAIMS_NAME("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"),
+ CLAIMS_USER_PRINCIPAL_NAME_2005("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/upn"),
+ CLAIMS_USER_PRINCIPAL_NAME("http://schemas.xmlsoap.org/claims/UPN"),
+ CLAIMS_COMMON_NAME("http://schemas.xmlsoap.org/claims/CommonName"),
+ CLAIMS_GROUP("http://schemas.xmlsoap.org/claims/Group"),
+ CLAIMS_ROLE("http://schemas.microsoft.com/ws/2008/06/identity/claims/role"),
+ CLAIMS_SURNAME("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"),
+ CLAIMS_PRIVATE_ID("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/privatepersonalidentifier"),
+ CLAIMS_NAME_IDENTIFIER("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier"),
+ CLAIMS_AUTHENTICATION_METHOD("http://schemas.microsoft.com/ws/2008/06/identity/claims/authenticationmethod"),
+ CLAIMS_DENY_ONLY_GROUP_SID("http://schemas.xmlsoap.org/ws/2005/05/identity/claims/denyonlysid"),
+ CLAIMS_DENY_ONLY_PRIMARY_SID("http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarysid"),
+ CLAIMS_DENY_ONLY_PRIMARY_GROUP_SID("http://schemas.microsoft.com/ws/2008/06/identity/claims/denyonlyprimarygroupsid"),
+ CLAIMS_GROUP_SID("http://schemas.microsoft.com/ws/2008/06/identity/claims/groupsid"),
+ CLAIMS_PRIMARY_GROUP_SID("http://schemas.microsoft.com/ws/2008/06/identity/claims/primarygroupsid"),
+ CLAIMS_PRIMARY_SID("http://schemas.microsoft.com/ws/2008/06/identity/claims/primarysid"),
+ CLAIMS_WINDOWS_ACCOUNT_NAME("http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname"),
+ CLAIMS_PUID("http://schemas.xmlsoap.org/claims/PUID"),
+
+
HOLDER_OF_KEY( "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key" ),
METADATA_NSURI( "urn:oasis:names:tc:SAML:2.0:metadata" ),
Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java
___________________________________________________________________
Added: svn:mergeinfo
+ /federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLURIConstants.java:1095-1108
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.api.saml.v2;
+
+import static org.junit.Assert.assertNotNull;
+
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
+import org.picketlink.identity.federation.saml.v2.SAML2Object;
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 21, 2011
+ */
+public class SAML2ResponseUnitTestCase
+{
+ @Test
+ public void parseADFSClaims() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("saml/v2/response/saml2-response-adfs-claims.xml");
+ SAML2Response samlResponse = new SAML2Response();
+ SAML2Object samlObject = samlResponse.getSAML2ObjectFromStream(configStream);
+ assertNotNull(samlObject);
+ }
+
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/ConfigUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/ConfigUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/ConfigUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,222 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.config;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.InputStream;
+import java.util.List;
+
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.config.AuthPropertyType;
+import org.picketlink.identity.federation.core.config.IDPType;
+import org.picketlink.identity.federation.core.config.KeyProviderType;
+import org.picketlink.identity.federation.core.config.KeyValueType;
+import org.picketlink.identity.federation.core.config.SPType;
+import org.picketlink.identity.federation.core.config.STSType;
+import org.picketlink.identity.federation.core.config.ServiceProviderType;
+import org.picketlink.identity.federation.core.config.ServiceProvidersType;
+import org.picketlink.identity.federation.core.config.TokenProviderType;
+import org.picketlink.identity.federation.core.config.TokenProvidersType;
+import org.picketlink.identity.federation.core.config.TrustType;
+import org.picketlink.identity.federation.core.handler.config.Handler;
+import org.picketlink.identity.federation.core.handler.config.Handlers;
+import org.picketlink.identity.federation.core.parsers.config.SAMLConfigParser;
+import org.picketlink.identity.federation.core.parsers.sts.STSConfigParser;
+
+/**
+ * Unit Test the various config
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 21, 2009
+ */
+public class ConfigUnitTestCase
+{
+ String config = "config/test-config-";
+
+ @Test
+ public void test01() throws Exception
+ {
+ Object object = this.unmarshall(config + "1.xml");
+ assertNotNull("IDP is not null", object);
+ /*assertTrue(object instanceof JAXBElement);
+
+ IDPType idp = ((JAXBElement<IDPType>) object).getValue();*/
+ IDPType idp = (IDPType) object;
+ assertEquals("300000", 300000L, idp.getAssertionValidity());
+ assertEquals("org.picketlink.identity.federation.bindings.tomcat.TomcatRoleGenerator", idp.getRoleGenerator());
+
+ TrustType trust = idp.getTrust();
+ assertNotNull("Trust is not null", trust);
+ String domains = trust.getDomains();
+ assertTrue("localhost trusted", domains.indexOf("localhost") > -1);
+ assertTrue("jboss.com trusted", domains.indexOf("jboss.com") > -1);
+ }
+
+ @Test
+ public void test02() throws Exception
+ {
+ Object object = this.unmarshall(config + "2.xml");
+ assertNotNull("IDP is not null", object);
+
+ IDPType idp = (IDPType) object;
+ assertEquals("20000", 20000L, idp.getAssertionValidity());
+ assertEquals("somefqn", idp.getRoleGenerator());
+ assertTrue(idp.isEncrypt());
+ assertEquals( CanonicalizationMethod.EXCLUSIVE , idp.getCanonicalizationMethod() );
+ KeyProviderType kp = idp.getKeyProvider();
+ assertNotNull("KeyProvider is not null", kp);
+ assertEquals("SomeClass", "SomeClass", kp.getClassName());
+ List<AuthPropertyType> authProps = kp.getAuth();
+ AuthPropertyType authProp = authProps.get(0);
+ assertEquals("SomeKey", "SomeKey", authProp.getKey());
+ assertEquals("SomeValue", "SomeValue", authProp.getValue());
+
+ authProp = authProps.get(1);
+ assertEquals("DBURL", "DBURL", authProp.getKey());
+ assertEquals("SomeDBURL", "SomeDBURL", authProp.getValue());
+
+ List<KeyValueType> validatingAliases = kp.getValidatingAlias();
+ assertEquals("Validating Alias length is 2", 2, validatingAliases.size());
+
+ KeyValueType kv = validatingAliases.get(0);
+ assertEquals("localhost", kv.getKey());
+ assertEquals("localhostalias", kv.getValue());
+
+ kv = validatingAliases.get(1);
+ assertEquals("jboss.com", kv.getKey());
+ assertEquals("jbossalias", kv.getValue());
+
+ TrustType trust = idp.getTrust();
+ assertNotNull("Trust is not null", trust);
+ String domains = trust.getDomains();
+ assertTrue("localhost trusted", domains.indexOf("localhost") > -1);
+ assertTrue("jboss.com trusted", domains.indexOf("jboss.com") > -1);
+ }
+
+ @Test
+ public void test03() throws Exception
+ {
+ Object object = this.unmarshall(config + "3.xml");
+ assertNotNull("SP is null", object);
+
+ SPType sp = (SPType) object;
+ assertEquals("http://localhost:8080/idp", sp.getIdentityURL());
+ assertEquals("http://localhost:8080/sales", sp.getServiceURL());
+ assertEquals( CanonicalizationMethod.EXCLUSIVE , sp.getCanonicalizationMethod() );
+ }
+
+ /**
+ * <p>
+ * Tests the parsing of a Security Token Service configuration.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ @Test
+ public void test04() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream( this.config + "4.xml" );
+ assertNotNull("Inputstream not null for config file:" + this.config + "4.xml", is);
+
+ STSConfigParser parser = new STSConfigParser();
+
+ Object object = parser.parse(is);
+ assertNotNull("Found a null STS configuration", object);
+
+ STSType stsType = (STSType) object;
+ // general STS configurations.
+ assertEquals("Unexpected STS name", "Test STS", stsType.getSTSName());
+ assertEquals("Unexpected token timeout value", 7200, stsType.getTokenTimeout());
+ assertTrue("Encryption of tokens should have been enabled", stsType.isEncryptToken());
+ // we don't verify all values of the key provider config as it has been done in the other test scenarios.
+ assertNotNull("Unexpected null key provider", stsType.getKeyProvider());
+ // request handler and configurations based on the token type.
+ assertEquals("Unexpected request handler class", "org.picketlink.identity.federation.wstrust.Handler", stsType
+ .getRequestHandler());
+ // configuration of the token providers.
+ TokenProvidersType tokenProviders = stsType.getTokenProviders();
+ assertNotNull("Unexpected null list of token providers", tokenProviders);
+ assertEquals("Unexpected number of token providers", 1, tokenProviders.getTokenProvider().size());
+ TokenProviderType tokenProvider = tokenProviders.getTokenProvider().get(0);
+ assertNotNull("Unexpected null token provider", tokenProvider);
+ assertEquals("Unexpected provider class name", "org.jboss.SpecialTokenProvider", tokenProvider.getProviderClass());
+ assertEquals("Unexpected token type", "specialToken", tokenProvider.getTokenType());
+ assertEquals("Unexpected token element name", "SpecialToken", tokenProvider.getTokenElement());
+ assertEquals("Unexpected token namespace", "http://www.tokens.org", tokenProvider.getTokenElementNS());
+ List<KeyValueType> properties = tokenProvider.getProperty();
+ assertEquals("Invalid number of properties", 2, properties.size());
+ // configuration of the service providers.
+ ServiceProvidersType serviceProviders = stsType.getServiceProviders();
+ assertNotNull("Unexpected null list of service providers", serviceProviders);
+ assertEquals("Unexpected number of service providers", 1, serviceProviders.getServiceProvider().size());
+ ServiceProviderType serviceProvider = serviceProviders.getServiceProvider().get(0);
+ assertNotNull("Unexpected null service provider", serviceProvider);
+ assertEquals("Unexpected provider endpoint", "http://provider.endpoint/provider", serviceProvider.getEndpoint());
+ assertEquals("Unexpected truststore alias", "providerAlias", serviceProvider.getTruststoreAlias());
+ assertEquals("Unexpected token type", "specialToken", serviceProvider.getTokenType());
+ }
+
+ @Test
+ public void test05() throws Exception
+ {
+ Handlers handlers = (Handlers) this.unmarshall(config + "5.xml");
+ List<Handler> handlerList = handlers.getHandler();
+ assertEquals("1 handler",1, handlerList.size());
+
+ Handler handler = handlerList.get(0);
+ assertEquals("Class Name","a", handler.getClazz());
+ List<KeyValueType> options = handler.getOption();
+ assertEquals("2 options", 2, options.size());
+ KeyValueType k1 = options.get(0);
+ assertEquals("1", "1", k1.getKey());
+ assertEquals("1.1", "1.1", k1.getValue());
+ KeyValueType k2 = options.get(1);
+ assertEquals("2", "2", k2.getKey());
+ assertEquals("2.2", "2.2", k2.getValue());
+ }
+
+ private Object unmarshall(String configFile) throws Exception
+ {
+
+ /*String[] schemas = new String[] { "schema/config/picketlink-fed.xsd",
+ "schema/config/picketlink-fed-handler.xsd"};*/
+
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream(configFile);
+ assertNotNull("Inputstream not null for config file:" + configFile, is);
+
+ SAMLConfigParser parser = new SAMLConfigParser();
+ return parser.parse( is );
+
+ /* String[] pkgNames = new String[] {"org.picketlink.identity.federation.core.config",
+ "org.picketlink.identity.federation.core.handler.config"};
+ Unmarshaller un = JAXBUtil.getValidatingUnmarshaller(pkgNames,
+ schemas);
+ return un.unmarshal(is);*/
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/MetadataToSPTypeUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/MetadataToSPTypeUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/MetadataToSPTypeUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,60 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.config;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.config.SPType;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.util.CoreConfigUtil;
+import org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType;
+import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
+
+/**
+ * Given an IDP metadata, construct {@link SPType}
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 28, 2011
+ */
+public class MetadataToSPTypeUnitTestCase
+{
+ private final String idpMetadata = "saml2/metadata/testshib.org.idp-metadata.xml";
+
+ @Test
+ public void testMetadataToSP() throws Exception
+ {
+ InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(idpMetadata);
+ assertNotNull(is);
+ SAMLParser parser = new SAMLParser();
+ EntitiesDescriptorType entities = (EntitiesDescriptorType) parser.parse(is);
+ assertNotNull(entities);
+
+ SPType sp = CoreConfigUtil.getSPConfiguration((EntityDescriptorType) entities.getEntityDescriptor().get(0),
+ JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
+ assertNotNull(sp);
+ assertEquals("https://idp.testshib.org/idp/profile/SAML2/POST/SSO", sp.getIdentityURL());
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/PBEUtilsUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/PBEUtilsUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/PBEUtilsUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,66 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.config;
+
+import static org.junit.Assert.assertEquals;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.PBEParameterSpec;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.constants.PicketLinkFederationConstants;
+import org.picketlink.identity.federation.core.util.PBEUtils;
+
+/**
+ * Test the masking of the password using {@code PBEUtils}
+ * @author Anil.Saldhana at redhat.com
+ * @since May 25, 2010
+ */
+public class PBEUtilsUnitTestCase
+{
+ @Test
+ public void testPBE() throws Exception
+ {
+ String pass = "testpass";
+
+ String salt = "18273645";
+ int iterationCount = 56;
+
+ String pbeAlgo = PicketLinkFederationConstants.PBE_ALGORITHM;
+ SecretKeyFactory factory = SecretKeyFactory.getInstance(pbeAlgo);
+
+ char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray();
+ PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(), iterationCount);
+ PBEKeySpec keySpec = new PBEKeySpec(password);
+ SecretKey cipherKey = factory.generateSecret(keySpec);
+
+ String encodedPass = PBEUtils.encode64(pass.getBytes(), pbeAlgo, cipherKey, cipherSpec);
+
+ //Decode the stuff
+ cipherKey = factory.generateSecret(keySpec);
+ String decodedPass = PBEUtils.decode64(encodedPass, pbeAlgo, cipherKey, cipherSpec);
+
+ assertEquals("Passwords match", pass, decodedPass);
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/STSConfigParserUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/STSConfigParserUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/config/STSConfigParserUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,152 @@
+/*
+ * JBoss, Home of Professional Open Source. Copyright 2009, Red Hat Middleware LLC, and individual contributors as
+ * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual
+ * contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any
+ * later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to
+ * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site:
+ * http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.config;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+
+import java.io.InputStream;
+import java.util.List;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.config.AuthPropertyType;
+import org.picketlink.identity.federation.core.config.ClaimsProcessorType;
+import org.picketlink.identity.federation.core.config.KeyProviderType;
+import org.picketlink.identity.federation.core.config.KeyValueType;
+import org.picketlink.identity.federation.core.config.STSType;
+import org.picketlink.identity.federation.core.config.ServiceProviderType;
+import org.picketlink.identity.federation.core.config.TokenProviderType;
+import org.picketlink.identity.federation.core.parsers.sts.STSConfigParser;
+
+/**
+ * <p>
+ * This class tests the STS configuration file parser.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class STSConfigParserUnitTestCase
+{
+
+ /**
+ * <p>
+ * Parses a sample configuration file and verifies if the all data has been extracted as expected.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ @Test
+ public void testSTSConfiguration() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/config/picketlink-sts.xml");
+
+ // parse the test configuration file.
+ STSConfigParser parser = new STSConfigParser();
+ STSType stsType = (STSType) parser.parse(configStream);
+
+ // check if the STS attributes have been correctly set, including the ones with default values.
+ assertEquals("PicketLinkSTS", stsType.getSTSName());
+ assertEquals(7200, stsType.getTokenTimeout());
+ assertEquals(true, stsType.isSignToken());
+ assertEquals(false, stsType.isEncryptToken());
+ assertEquals("http://www.w3.org/2001/10/xml-exc-c14n#WithComments", stsType.getCanonicalizationMethod());
+
+ // check if the key provider has been set according to the configuration file.
+ KeyProviderType keyProvider = stsType.getKeyProvider();
+ assertNotNull(keyProvider);
+ assertEquals("org.picketlink.identity.federation.core.impl.KeyStoreKeyManager", keyProvider.getClassName());
+ assertNull(keyProvider.getSigningAlias());
+ List<AuthPropertyType> authProperties = keyProvider.getAuth();
+ assertEquals(4, authProperties.size());
+ assertEquals("KeyStoreURL", authProperties.get(0).getKey());
+ assertEquals("sts_keystore.jks", authProperties.get(0).getValue());
+ assertEquals("KeyStorePass", authProperties.get(1).getKey());
+ assertEquals("testpass", authProperties.get(1).getValue());
+ assertEquals("SigningKeyAlias", authProperties.get(2).getKey());
+ assertEquals("sts", authProperties.get(2).getValue());
+ assertEquals("SigningKeyPass", authProperties.get(3).getKey());
+ assertEquals("keypass", authProperties.get(3).getValue());
+ List<KeyValueType> validatingAliases = keyProvider.getValidatingAlias();
+ assertEquals(2, validatingAliases.size());
+ assertEquals("http://services.testcorp.org/provider1", validatingAliases.get(0).getKey());
+ assertEquals("service1", validatingAliases.get(0).getValue());
+ assertEquals("http://services.testcorp.org/provider2", validatingAliases.get(1).getKey());
+ assertEquals("service2", validatingAliases.get(1).getValue());
+
+ // check if the request handler has been set according to the configuration file.
+ assertNotNull(stsType.getRequestHandler());
+ assertEquals("org.picketlink.identity.federation.core.wstrust.StandardRequestHandler", stsType
+ .getRequestHandler());
+
+ // check if the claims processors have been set according to the configuration file.
+ assertNotNull(stsType.getClaimsProcessors());
+ List<ClaimsProcessorType> claimsProcessors = stsType.getClaimsProcessors().getClaimsProcessor();
+ assertEquals(2, claimsProcessors.size());
+ ClaimsProcessorType claimsProcessor = claimsProcessors.get(0);
+ assertEquals("org.picketlink.test.Processor1", claimsProcessor.getProcessorClass());
+ assertEquals("urn:test-org:test-dialect:1.0", claimsProcessor.getDialect());
+ assertEquals(0, claimsProcessor.getProperty().size());
+ claimsProcessor = claimsProcessors.get(1);
+ assertEquals("org.picketlink.test.Processor2", claimsProcessor.getProcessorClass());
+ assertEquals("urn:test-org:test-dialect:2.0", claimsProcessor.getDialect());
+ assertEquals(1, claimsProcessor.getProperty().size());
+ assertEquals("SomeKey", claimsProcessor.getProperty().get(0).getKey());
+ assertEquals("SomeValue", claimsProcessor.getProperty().get(0).getValue());
+
+ // check if the token providers have been set according to the configuration file.
+ assertNotNull(stsType.getTokenProviders());
+ List<TokenProviderType> tokenProviders = stsType.getTokenProviders().getTokenProvider();
+ assertEquals(2, tokenProviders.size());
+ TokenProviderType tokenProvider = tokenProviders.get(0);
+ assertEquals("org.picketlink.test.identity.federation.core.wstrust.SpecialTokenProvider", tokenProvider
+ .getProviderClass());
+ assertEquals("http://www.tokens.org/SpecialToken", tokenProvider.getTokenType());
+ assertEquals("SpecialToken", tokenProvider.getTokenElement());
+ assertEquals("http://www.tokens.org", tokenProvider.getTokenElementNS());
+ assertEquals(2, tokenProvider.getProperty().size());
+ assertEquals("Property1", tokenProvider.getProperty().get(0).getKey());
+ assertEquals("Value1", tokenProvider.getProperty().get(0).getValue());
+ assertEquals("Property2", tokenProvider.getProperty().get(1).getKey());
+ assertEquals("Value2", tokenProvider.getProperty().get(1).getValue());
+ tokenProvider = tokenProviders.get(1);
+ assertEquals("org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider", tokenProvider
+ .getProviderClass());
+ assertEquals("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0", tokenProvider
+ .getTokenType());
+ assertEquals("Assertion", tokenProvider.getTokenElement());
+ assertEquals("urn:oasis:names:tc:SAML:2.0:assertion", tokenProvider.getTokenElementNS());
+ assertEquals(0, tokenProvider.getProperty().size());
+
+ // finally check if the service providers have been set according to the configuration file.
+ assertNotNull(stsType.getServiceProviders());
+ List<ServiceProviderType> serviceProviders = stsType.getServiceProviders().getServiceProvider();
+ assertEquals(2, serviceProviders.size());
+ ServiceProviderType serviceProvider = serviceProviders.get(0);
+ assertEquals("http://services.testcorp.org/provider1", serviceProvider.getEndpoint());
+ assertEquals("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0", serviceProvider
+ .getTokenType());
+ assertEquals("service1", serviceProvider.getTruststoreAlias());
+ serviceProvider = serviceProviders.get(1);
+ assertEquals("http://services.testcorp.org/provider2", serviceProvider.getEndpoint());
+ assertEquals("http://www.tokens.org/SpecialToken", serviceProvider
+ .getTokenType());
+ assertEquals("service2", serviceProvider.getTruststoreAlias());
+ }
+}
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/DOMTransformerTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/DOMTransformerTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/DOMTransformerTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayInputStream;
+
+import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.events.EndElement;
+import javax.xml.stream.events.StartElement;
+import javax.xml.stream.events.XMLEvent;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.dom.DOMResult;
+import javax.xml.transform.stax.StAXSource;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.TransformerUtil;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Parse an xml file partially using StAX and then use JAXP Transformer
+ * to parse a DOM Element and resume stax
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 22, 2010
+ */
+public class DOMTransformerTestCase
+{
+ String xml = "<a xmlns=\'urn:a\'><b><c><d>SomeD</d></c></b></a>";
+
+ @Test
+ public void testDOMTransformer() throws Exception
+ {
+ ByteArrayInputStream bis = new ByteArrayInputStream(xml.getBytes());
+ XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader(bis);
+
+ StartElement a = StaxParserUtil.getNextStartElement(xmlEventReader);
+ StaxParserUtil.validate(a, "a");
+
+ Document resultDocument = DocumentUtil.createDocument();
+ DOMResult domResult = new DOMResult(resultDocument);
+
+ //Let us parse <b><c><d> using transformer
+ StAXSource source = new StAXSource(xmlEventReader);
+
+ Transformer transformer = TransformerUtil.getStaxSourceToDomResultTransformer();
+ transformer.transform(source, domResult);
+
+ Document doc = (Document) domResult.getNode();
+ Element elem = doc.getDocumentElement();
+ assertEquals("b", elem.getLocalName());
+
+ XMLEvent xmlEvent = xmlEventReader.nextEvent();
+ assertTrue(xmlEvent instanceof EndElement);
+ StaxParserUtil.validate((EndElement) xmlEvent, "a");
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/SystemPropertyAsStringUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/SystemPropertyAsStringUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/SystemPropertyAsStringUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,86 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.fail;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.picketlink.identity.federation.core.util.StringUtil;
+
+/**
+ * Unit Test {@link StringUtil#getSystemPropertyAsString(String)}
+ * that parses a string that represents a system property
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 22, 2011
+ */
+public class SystemPropertyAsStringUnitTestCase
+{
+ @Before
+ public void setup()
+ {
+ System.setProperty("test", "anil");
+ System.setProperty("person", "marcus");
+ }
+
+ @Test
+ public void testSystemProperty() throws Exception
+ {
+ try
+ {
+ assertEquals(null, StringUtil.getSystemPropertyAsString(null));
+ fail("should not have passed");
+ }
+ catch (IllegalArgumentException iae)
+ {
+
+ }
+ catch (Exception e)
+ {
+ fail("unknown ex");
+ }
+ assertEquals("test", StringUtil.getSystemPropertyAsString("test"));
+ assertEquals("test/test", StringUtil.getSystemPropertyAsString("test/test"));
+
+ assertEquals("anil", StringUtil.getSystemPropertyAsString("${test::something}"));
+
+ assertEquals("anil", StringUtil.getSystemPropertyAsString("${test}"));
+ assertEquals("test/anil", StringUtil.getSystemPropertyAsString("test/${test}"));
+
+ assertEquals("anil:anil:marcus//anil", StringUtil.getSystemPropertyAsString("${test}:${test}:${person}//${test}"));
+
+ //Test if any of the parantheses are not correctly closed
+ assertEquals("anil:anil:marcus//${test",
+ StringUtil.getSystemPropertyAsString("${test}:${test}:${person}//${test"));
+
+ //Test the default values
+ assertEquals("http://something", StringUtil.getSystemPropertyAsString("${dummy::http://something}"));
+ assertEquals("http://something__hi",
+ StringUtil.getSystemPropertyAsString("${dummy::http://something}__${to::hi}"));
+ assertEquals("anil:anil:marcus//anilhi",
+ StringUtil.getSystemPropertyAsString("${test}:${test}:${person}//${test}${to::hi}"));
+ assertEquals("anil:anil:marcus//anilhihttp://something",
+ StringUtil
+ .getSystemPropertyAsString("${test}:${test}:${person}//${test}${to::hi}${dummy::http://something}"));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/AbstractParserTest.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/AbstractParserTest.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/AbstractParserTest.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,56 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertNotNull;
+
+import java.io.InputStream;
+import java.io.StringReader;
+
+import javax.xml.transform.stream.StreamSource;
+import javax.xml.validation.Validator;
+
+import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
+
+/**
+ * Base class for the parser unit tests
+ * @author Anil.Saldhana at redhat.com
+ * @since Jun 30, 2011
+ */
+public class AbstractParserTest
+{
+ public void validateSchema(String value) throws Exception
+ {
+ System.setProperty("jaxp.debug", "true");
+ Validator validator = StaxParserUtil.getSchemaValidator();
+ assertNotNull(validator);
+ validator.validate(new StreamSource(new StringReader(value)));
+ }
+
+ public void validateSchema(InputStream is) throws Exception
+ {
+ System.setProperty("jaxp.debug", "true");
+ Validator validator = StaxParserUtil.getSchemaValidator();
+ assertNotNull(validator);
+ validator.validate(new StreamSource(is));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11AssertionParserTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11AssertionParserTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11AssertionParserTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,318 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.net.URI;
+import java.util.List;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v1.writers.SAML11AssertionWriter;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeStatementType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11AudienceRestrictionCondition;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthenticationStatementType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionAbstractType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11NameIdentifierType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11StatementAbstractType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectConfirmationType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType.SAML11SubjectTypeChoice;
+import org.w3c.dom.Element;
+
+/**
+ * Unit Test the parsing of SAML 1.1 assertion
+ * @author Anil.Saldhana at redhat.com
+ * @since Jun 21, 2011
+ */
+public class SAML11AssertionParserTestCase extends AbstractParserTest
+{
+ @Test
+ public void testSAML11Assertion() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-assertion.xml");
+
+ SAMLParser parser = new SAMLParser();
+ SAML11AssertionType assertion = (SAML11AssertionType) parser.parse(configStream);
+ assertNotNull(assertion);
+
+ //Validate assertion
+ assertEquals(1, assertion.getMajorVersion());
+ assertEquals(1, assertion.getMinorVersion());
+ assertEquals("buGxcG4gILg5NlocyLccDz6iXrUa", assertion.getID());
+ assertEquals("https://idp.example.org/saml", assertion.getIssuer());
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), assertion.getIssueInstant());
+
+ SAML11ConditionsType conditions = assertion.getConditions();
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:00:37.795Z"), conditions.getNotBefore());
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:10:37.795Z"), conditions.getNotOnOrAfter());
+
+ SAML11AuthenticationStatementType stat = (SAML11AuthenticationStatementType) assertion.getStatements().get(0);
+ assertEquals("urn:oasis:names:tc:SAML:1.0:am:password", stat.getAuthenticationMethod().toString());
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:17.706Z"), stat.getAuthenticationInstant());
+
+ SAML11SubjectType subject = stat.getSubject();
+ SAML11SubjectType.SAML11SubjectTypeChoice choice = subject.getChoice();
+ assertEquals("user at idp.example.org", choice.getNameID().getValue());
+ assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", choice.getNameID().getFormat().toString());
+
+ SAML11SubjectConfirmationType subjectConfirm = subject.getSubjectConfirmation();
+ URI confirmationMethod = subjectConfirm.getConfirmationMethod().get(0);
+ assertEquals("urn:oasis:names:tc:SAML:1.0:cm:bearer", confirmationMethod.toString());
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAML11AssertionWriter writer = new SAML11AssertionWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(assertion);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+
+ @Test
+ public void testSAML11AssertionWithAttributeStatements() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-assertion-attribstat.xml");
+
+ SAMLParser parser = new SAMLParser();
+ SAML11AssertionType assertion = (SAML11AssertionType) parser.parse(configStream);
+ assertNotNull(assertion);
+
+ //Validate assertion
+ assertEquals(1, assertion.getMajorVersion());
+ assertEquals(1, assertion.getMinorVersion());
+ assertEquals("buGxcG4gILg5NlocyLccDz6iXrUb", assertion.getID());
+ assertEquals("https://idp.example.org/saml", assertion.getIssuer());
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), assertion.getIssueInstant());
+
+ SAML11ConditionsType conditions = assertion.getConditions();
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), conditions.getNotBefore());
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:15:37.795Z"), conditions.getNotOnOrAfter());
+
+ SAML11AuthenticationStatementType stat = (SAML11AuthenticationStatementType) assertion.getStatements().get(0);
+ assertEquals("urn:oasis:names:tc:SAML:1.0:am:password", stat.getAuthenticationMethod().toString());
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:08:37.795Z"), stat.getAuthenticationInstant());
+
+ SAML11SubjectType subject = stat.getSubject();
+ SAML11SubjectType.SAML11SubjectTypeChoice choice = subject.getChoice();
+ assertEquals("user at idp.example.org", choice.getNameID().getValue());
+ assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", choice.getNameID().getFormat().toString());
+
+ SAML11SubjectConfirmationType subjectConfirm = subject.getSubjectConfirmation();
+ URI confirmationMethod = subjectConfirm.getConfirmationMethod().get(0);
+ assertEquals("urn:oasis:names:tc:SAML:1.0:cm:bearer", confirmationMethod.toString());
+
+ SAML11AttributeStatementType attribStat = (SAML11AttributeStatementType) assertion.getStatements().get(1);
+ assertNotNull(attribStat);
+ subject = attribStat.getSubject();
+
+ choice = subject.getChoice();
+ assertEquals("user at idp.example.org", choice.getNameID().getValue());
+ assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress", choice.getNameID().getFormat().toString());
+
+ subjectConfirm = subject.getSubjectConfirmation();
+ confirmationMethod = subjectConfirm.getConfirmationMethod().get(0);
+ assertEquals("urn:oasis:names:tc:SAML:1.0:cm:bearer", confirmationMethod.toString());
+
+ List<SAML11AttributeType> attribs = attribStat.get();
+ assertEquals(1, attribs.size());
+ SAML11AttributeType attrib = attribs.get(0);
+ assertEquals("urn:mace:dir:attribute-def:eduPersonAffiliation", attrib.getAttributeName());
+ assertEquals("urn:mace:shibboleth:1.0:attributeNamespace:uri", attrib.getAttributeNamespace().toString());
+
+ List<Object> attribValues = attrib.get();
+ assertTrue(attribValues.contains("member"));
+ assertTrue(attribValues.contains("student"));
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAML11AssertionWriter writer = new SAML11AssertionWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(assertion);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+
+ @Test
+ public void testSAML11AssertionWithAuthzDecisionStatement() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-assertion-authzdecision.xml");
+
+ SAMLParser parser = new SAMLParser();
+ SAML11AssertionType assertion = (SAML11AssertionType) parser.parse(configStream);
+ assertNotNull(assertion);
+
+ //Validate assertion
+ assertEquals(1, assertion.getMajorVersion());
+ assertEquals(1, assertion.getMinorVersion());
+ assertEquals("buGxcG4gILg5NlocyLccDz6iXrUb", assertion.getID());
+ assertEquals("https://idp.example.org/saml", assertion.getIssuer());
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), assertion.getIssueInstant());
+
+ SAML11ConditionsType conditions = assertion.getConditions();
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), conditions.getNotBefore());
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:15:37.795Z"), conditions.getNotOnOrAfter());
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAML11AssertionWriter writer = new SAML11AssertionWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(assertion);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+
+ @Test
+ public void testSAML11AssertionWithAuthAndAuthz() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-assertion-auth-authz.xml");
+
+ SAMLParser parser = new SAMLParser();
+ SAML11AssertionType assertion = (SAML11AssertionType) parser.parse(configStream);
+ assertNotNull(assertion);
+
+ //Validate assertion
+ assertEquals(1, assertion.getMajorVersion());
+ assertEquals(1, assertion.getMinorVersion());
+ assertEquals("_e5c23ff7a3889e12fa01802a47331653", assertion.getID());
+ assertEquals("localhost", assertion.getIssuer());
+ assertEquals(XMLTimeUtil.parse("2008-12-10T14:12:14.817Z"), assertion.getIssueInstant());
+
+ SAML11ConditionsType conditions = assertion.getConditions();
+ assertEquals(XMLTimeUtil.parse("2008-12-10T14:12:14.817Z"), conditions.getNotBefore());
+ assertEquals(XMLTimeUtil.parse("2008-12-10T14:12:44.817Z"), conditions.getNotOnOrAfter());
+ List<SAML11ConditionAbstractType> theConditions = conditions.get();
+ assertEquals(1, theConditions.size());
+ SAML11AudienceRestrictionCondition restrictCond = (SAML11AudienceRestrictionCondition) theConditions.get(0);
+ assertEquals("https://some-service.example.com/app/", restrictCond.get().get(0).toString());
+
+ List<SAML11StatementAbstractType> statements = assertion.getStatements();
+ assertEquals(2, statements.size());
+
+ SAML11AttributeStatementType attrStat = (SAML11AttributeStatementType) statements.get(0);
+ SAML11SubjectType subject = attrStat.getSubject();
+ SAML11SubjectTypeChoice choice = subject.getChoice();
+ SAML11NameIdentifierType nameID = choice.getNameID();
+ assertEquals("johnq", nameID.getValue());
+ SAML11SubjectConfirmationType subjConf = subject.getSubjectConfirmation();
+ URI confirmationMethod = subjConf.getConfirmationMethod().get(0);
+ assertEquals("urn:oasis:names:tc:SAML:1.0:cm:artifact", confirmationMethod.toString());
+
+ List<SAML11AttributeType> attributes = attrStat.get();
+ assertEquals(4, attributes.size());
+ SAML11AttributeType attr = attributes.get(0);
+ assertEquals("uid", attr.getAttributeName());
+ assertEquals("http://jboss.org/test", attr.getAttributeNamespace().toString());
+ assertEquals("12345", attr.get().get(0));
+
+ attr = attributes.get(1);
+ assertEquals("groupMembership", attr.getAttributeName());
+ assertEquals("http://jboss.org/test", attr.getAttributeNamespace().toString());
+ assertEquals("uugid=middleware.staff,ou=Groups,dc=vt,dc=edu", attr.get().get(0));
+
+ attr = attributes.get(2);
+ assertEquals("eduPersonAffiliation", attr.getAttributeName());
+ assertEquals("http://jboss.org/test", attr.getAttributeNamespace().toString());
+ assertEquals("staff", attr.get().get(0));
+
+ attr = attributes.get(3);
+ assertEquals("accountState", attr.getAttributeName());
+ assertEquals("http://jboss.org/test", attr.getAttributeNamespace().toString());
+ assertEquals("ACTIVE", attr.get().get(0));
+
+ SAML11AuthenticationStatementType authStat = (SAML11AuthenticationStatementType) statements.get(1);
+ assertEquals(XMLTimeUtil.parse("2008-12-10T14:12:14.741Z"), authStat.getAuthenticationInstant());
+ assertEquals("urn:oasis:names:tc:SAML:1.0:am:password", authStat.getAuthenticationMethod().toString());
+ subject = authStat.getSubject();
+ choice = subject.getChoice();
+ nameID = choice.getNameID();
+ assertEquals("johnq", nameID.getValue());
+ subjConf = subject.getSubjectConfirmation();
+ confirmationMethod = subjConf.getConfirmationMethod().get(0);
+ assertEquals("urn:oasis:names:tc:SAML:1.0:cm:artifact", confirmationMethod.toString());
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAML11AssertionWriter writer = new SAML11AssertionWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(assertion);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+
+ @Test
+ public void testSAML11AssertionWithKeyInfo() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-assertion-keyinfo.xml");
+
+ SAMLParser parser = new SAMLParser();
+ SAML11AssertionType assertion = (SAML11AssertionType) parser.parse(configStream);
+ assertNotNull(assertion);
+
+ //Validate assertion
+ assertEquals(1, assertion.getMajorVersion());
+ assertEquals(1, assertion.getMinorVersion());
+ assertEquals("s69f7e2599d4eb0c548782432bf", assertion.getID());
+ assertEquals("http://jboss.org/test", assertion.getIssuer());
+ assertEquals(XMLTimeUtil.parse("2006-05-24T05:52:32Z"), assertion.getIssueInstant());
+
+ List<SAML11StatementAbstractType> statements = assertion.getStatements();
+ assertEquals(1, statements.size());
+ SAML11AuthenticationStatementType authStat = (SAML11AuthenticationStatementType) statements.get(0);
+ assertEquals(XMLTimeUtil.parse("2006-05-24T05:52:30Z"), authStat.getAuthenticationInstant());
+ assertEquals("urn:picketlink:auth", authStat.getAuthenticationMethod().toString());
+ SAML11SubjectType subject = authStat.getSubject();
+ SAML11SubjectTypeChoice choice = subject.getChoice();
+ SAML11NameIdentifierType nameID = choice.getNameID();
+ assertEquals("anil", nameID.getValue());
+ SAML11SubjectConfirmationType subjConf = subject.getSubjectConfirmation();
+ URI confirmationMethod = subjConf.getConfirmationMethod().get(0);
+ assertEquals("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key", confirmationMethod.toString());
+ assertNotNull(subjConf.getKeyInfo());
+
+ Element sig = assertion.getSignature();
+ assertNotNull(sig);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAML11AssertionWriter writer = new SAML11AssertionWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(assertion);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,209 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.List;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v1.SAML11Constants;
+import org.picketlink.identity.federation.core.saml.v1.writers.SAML11RequestWriter;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11ActionType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType;
+import org.picketlink.identity.federation.saml.v1.protocol.SAML11AttributeQueryType;
+import org.picketlink.identity.federation.saml.v1.protocol.SAML11AuthenticationQueryType;
+import org.picketlink.identity.federation.saml.v1.protocol.SAML11AuthorizationDecisionQueryType;
+import org.picketlink.identity.federation.saml.v1.protocol.SAML11QueryAbstractType;
+import org.picketlink.identity.federation.saml.v1.protocol.SAML11RequestType;
+
+/**
+ * Unit Test SAML 1.1 Request Parsing
+ * @author Anil.Saldhana at redhat.com
+ * @since Jun 24, 2011
+ */
+public class SAML11RequestParserTestCase extends AbstractParserTest
+{
+ @Test
+ public void testSAML11RequestWithAuthQuery() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-request-authquery.xml");
+
+ SAMLParser parser = new SAMLParser();
+ SAML11RequestType request = (SAML11RequestType) parser.parse(configStream);
+ assertNotNull(request);
+
+ assertEquals(1, request.getMajorVersion());
+ assertEquals(1, request.getMinorVersion());
+ assertEquals("aaf23196-1773-2113-474a-fe114412ab72", request.getID());
+ assertEquals(XMLTimeUtil.parse("2006-07-17T22:26:40Z"), request.getIssueInstant());
+
+ SAML11QueryAbstractType query = request.getQuery();
+ assertTrue(query instanceof SAML11AuthenticationQueryType);
+ SAML11AuthenticationQueryType attQuery = (SAML11AuthenticationQueryType) query;
+
+ SAML11SubjectType subject = attQuery.getSubject();
+ SAML11SubjectType.SAML11SubjectTypeChoice choice = subject.getChoice();
+ assertEquals("myusername", choice.getNameID().getValue());
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAML11RequestWriter writer = new SAML11RequestWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(request);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+
+ @Test
+ public void testSAML11RequestWithAttributeQuery() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-request-attributequery.xml");
+
+ SAMLParser parser = new SAMLParser();
+ SAML11RequestType request = (SAML11RequestType) parser.parse(configStream);
+ assertNotNull(request);
+
+ assertEquals(1, request.getMajorVersion());
+ assertEquals(1, request.getMinorVersion());
+ assertEquals("aaf23196-1773-2113-474a-fe114412ab72", request.getID());
+ assertEquals(XMLTimeUtil.parse("2006-07-17T22:26:40Z"), request.getIssueInstant());
+
+ SAML11QueryAbstractType query = request.getQuery();
+ assertTrue(query instanceof SAML11AttributeQueryType);
+ SAML11AttributeQueryType attQuery = (SAML11AttributeQueryType) query;
+
+ SAML11SubjectType subject = attQuery.getSubject();
+ SAML11SubjectType.SAML11SubjectTypeChoice choice = subject.getChoice();
+ assertEquals("testID", choice.getNameID().getValue());
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAML11RequestWriter writer = new SAML11RequestWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(request);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+
+ @Test
+ public void testSAML11RequestWithAuthorizationQuery() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-request-authzquery.xml");
+
+ SAMLParser parser = new SAMLParser();
+ SAML11RequestType request = (SAML11RequestType) parser.parse(configStream);
+ assertNotNull(request);
+
+ assertEquals(1, request.getMajorVersion());
+ assertEquals(1, request.getMinorVersion());
+ assertEquals("R1234", request.getID());
+ assertEquals(XMLTimeUtil.parse("2002-08-05T10:04:15"), request.getIssueInstant());
+
+ SAML11QueryAbstractType query = request.getQuery();
+ assertTrue(query instanceof SAML11AuthorizationDecisionQueryType);
+ SAML11AuthorizationDecisionQueryType attQuery = (SAML11AuthorizationDecisionQueryType) query;
+
+ SAML11SubjectType subject = attQuery.getSubject();
+ SAML11SubjectType.SAML11SubjectTypeChoice choice = subject.getChoice();
+ assertEquals("anil at anil.org", choice.getNameID().getValue());
+ assertEquals(SAML11Constants.FORMAT_EMAIL_ADDRESS, choice.getNameID().getFormat().toString());
+ assertEquals("http://jboss.org", choice.getNameID().getNameQualifier());
+
+ assertEquals("urn:jboss.resource", attQuery.getResource().toString());
+ List<SAML11ActionType> actions = attQuery.get();
+ assertEquals(1, actions.size());
+ SAML11ActionType action = actions.get(0);
+ assertEquals("create", action.getValue());
+ assertEquals("http://www.jboss.org", action.getNamespace());
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAML11RequestWriter writer = new SAML11RequestWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(request);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+
+ @Test
+ public void testSAML11RequestWithAssertionArtifact() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-request-assertionartifact.xml");
+
+ SAMLParser parser = new SAMLParser();
+ SAML11RequestType request = (SAML11RequestType) parser.parse(configStream);
+ assertNotNull(request);
+
+ assertEquals(1, request.getMajorVersion());
+ assertEquals(1, request.getMinorVersion());
+ assertEquals("rid", request.getID());
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:03:44.022Z"), request.getIssueInstant());
+
+ assertEquals("abcd", request.getAssertionArtifact().get(0));
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAML11RequestWriter writer = new SAML11RequestWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(request);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+
+ @Test
+ public void testSAML11RequestWithAssertionIDReference() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-request-assertionIDref.xml");
+
+ SAMLParser parser = new SAMLParser();
+ SAML11RequestType request = (SAML11RequestType) parser.parse(configStream);
+ assertNotNull(request);
+
+ assertEquals(1, request.getMajorVersion());
+ assertEquals(1, request.getMinorVersion());
+ assertEquals("rid", request.getID());
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:03:44.022Z"), request.getIssueInstant());
+
+ assertEquals("abcd", request.getAssertionIDRef().get(0));
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAML11RequestWriter writer = new SAML11RequestWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(request);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11ResponseParserTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11ResponseParserTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11ResponseParserTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,83 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.List;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAML11ResponseParser;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v1.writers.SAML11ResponseWriter;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
+import org.picketlink.identity.federation.saml.v1.protocol.SAML11ResponseType;
+import org.picketlink.identity.federation.saml.v1.protocol.SAML11StatusCodeType;
+import org.picketlink.identity.federation.saml.v1.protocol.SAML11StatusType;
+
+/**
+ * Unit Test the {@link SAML11ResponseParser}
+ * @author Anil.Saldhana at redhat.com
+ * @since Jun 23, 2011
+ */
+public class SAML11ResponseParserTestCase extends AbstractParserTest
+{
+ @Test
+ public void testSAML11Response() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-response.xml");
+
+ SAMLParser parser = new SAMLParser();
+ SAML11ResponseType response = (SAML11ResponseType) parser.parse(configStream);
+ assertNotNull(response);
+
+ assertEquals(1, response.getMajorVersion());
+ assertEquals(1, response.getMinorVersion());
+ assertEquals("P1234", response.getID());
+ assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), response.getIssueInstant());
+
+ assertNotNull(response.getSignature());
+
+ SAML11StatusType status = response.getStatus();
+ SAML11StatusCodeType statusCode = status.getStatusCode();
+ assertEquals("samlp:Success", statusCode.getValue().toString());
+
+ List<SAML11AssertionType> assertions = response.get();
+ assertEquals(1, assertions.size());
+ SAML11AssertionType assertion = assertions.get(0);
+ assertEquals("buGxcG4gILg5NlocyLccDz6iXrUa", assertion.getID());
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAML11ResponseWriter writer = new SAML11ResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(response);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParserTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParserTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParserTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,76 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResolveType;
+import org.w3c.dom.Document;
+
+/**
+ * Unit test the parsing of {@link ArtifactResolveType}
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 1, 2011
+ */
+public class SAMLArtifactResolveParserTestCase
+{
+ @Test
+ public void testSAMLArtifactResolveParse() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-artifact-resolve.xml");
+
+ JAXPValidationUtil.validate(configStream);
+ configStream = tcl.getResourceAsStream("parser/saml2/saml2-artifact-resolve.xml");
+
+ SAMLParser parser = new SAMLParser();
+ ArtifactResolveType artifactResolve = (ArtifactResolveType) parser.parse(configStream);
+ assertNotNull("ArtifactResolveType is not null", artifactResolve);
+
+ assertEquals("ID_cce4ee769ed970b501d680f697989d14", artifactResolve.getID());
+ assertEquals(XMLTimeUtil.parse("2004-12-05T09:21:58Z"), artifactResolve.getIssueInstant());
+ assertEquals("https://sp.example.com/SAML2/ArtifactResolution", artifactResolve.getDestination().toString());
+ assertEquals("https://idp.example.org/SAML2", artifactResolve.getIssuer().getValue());
+ assertEquals("AAQAAMh48/1oXIM+sDo7Dh2qMp1HM4IF5DaRNmDj6RdUmllwn9jJHyEgIi8=", artifactResolve.getArtifact());
+
+ //Try out writing
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLRequestWriter writer = new SAMLRequestWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(artifactResolve);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ Document doc = DocumentUtil.getDocument(bis); //throws exceptions
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResponseParserTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResponseParserTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResponseParserTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,117 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
+import org.w3c.dom.Document;
+
+/**
+ * Unit test the parsing of {@link ArtifactResponseType}
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 1, 2011
+ */
+public class SAMLArtifactResponseParserTestCase
+{
+ @Test
+ public void testSAMLArtifactResponseWithAuthnRequestParse() throws Exception
+ {
+ String file = "parser/saml2/saml2-artifact-response-authnrequest.xml";
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream(file);
+
+ JAXPValidationUtil.validate(configStream);
+ configStream = tcl.getResourceAsStream(file);
+
+ SAMLParser parser = new SAMLParser();
+ ArtifactResponseType artifactResponse = (ArtifactResponseType) parser.parse(configStream);
+ assertNotNull("ArtifactResponseType is not null", artifactResponse);
+
+ assertEquals("ID_d84a49e5958803dedcff4c984c2b0d95", artifactResponse.getID());
+ assertEquals(XMLTimeUtil.parse("2004-12-05T09:21:59Z"), artifactResponse.getIssueInstant());
+ assertEquals("ID_cce4ee769ed970b501d680f697989d14", artifactResponse.getInResponseTo());
+ assertTrue(artifactResponse.getAny() instanceof AuthnRequestType);
+
+ StatusType status = artifactResponse.getStatus();
+ assertNotNull(status);
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Success", status.getStatusCode().getValue().toString());
+
+ //Try out writing
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(artifactResponse);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ Document doc = DocumentUtil.getDocument(bis); //throws exceptions
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+
+ @Test
+ public void testSAMLArtifactResponseWithResponseParse() throws Exception
+ {
+ String file = "parser/saml2/saml2-artifact-response-response.xml";
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream(file);
+
+ JAXPValidationUtil.validate(configStream);
+ configStream = tcl.getResourceAsStream(file);
+
+ SAMLParser parser = new SAMLParser();
+ ArtifactResponseType artifactResponse = (ArtifactResponseType) parser.parse(configStream);
+ assertNotNull("ArtifactResponseType is not null", artifactResponse);
+
+ assertEquals("ID_d84a49e5958803dedcff4c984c2b0d95", artifactResponse.getID());
+ assertEquals(XMLTimeUtil.parse("2004-12-05T09:21:59Z"), artifactResponse.getIssueInstant());
+ assertEquals("ID_cce4ee769ed970b501d680f697989d14", artifactResponse.getInResponseTo());
+ assertTrue(artifactResponse.getAny() instanceof ResponseType);
+
+ StatusType status = artifactResponse.getStatus();
+ assertNotNull(status);
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Success", status.getStatusCode().getValue().toString());
+
+ //Try out writing
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(artifactResponse);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ Document doc = DocumentUtil.getDocument(bis); //throws exceptions
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,230 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import javax.xml.namespace.QName;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.saml.v2.assertion.AudienceRestrictionType;
+import org.picketlink.identity.federation.saml.v2.assertion.AuthnStatementType;
+import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
+import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectType.STSubType;
+
+/**
+ * Test the parsing of saml assertions
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 12, 2010
+ */
+public class SAMLAssertionParserTestCase extends AbstractParserTest
+{
+ @Test
+ public void testSAMLAssertionParsing() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-assertion.xml");
+
+ SAMLParser parser = new SAMLParser();
+ AssertionType assertion = (AssertionType) parser.parse(configStream);
+ assertNotNull(assertion);
+
+ assertEquals("ID_ab0392ef-b557-4453-95a8-a7e168da8ac5", assertion.getID());
+ assertEquals(XMLTimeUtil.parse("2010-09-30T19:13:37.869Z"), assertion.getIssueInstant());
+ //Issuer
+ assertEquals("Test STS", assertion.getIssuer().getValue());
+
+ //Subject
+ SubjectType subject = assertion.getSubject();
+
+ STSubType subType = subject.getSubType();
+ NameIDType subjectNameID = (NameIDType) subType.getBaseID();
+ assertEquals("jduke", subjectNameID.getValue());
+ assertEquals("urn:picketlink:identity-federation", subjectNameID.getNameQualifier());
+
+ ConditionsType conditions = assertion.getConditions();
+ assertEquals(XMLTimeUtil.parse("2010-09-30T19:13:37.869Z"), conditions.getNotBefore());
+ assertEquals(XMLTimeUtil.parse("2010-09-30T21:13:37.869Z"), conditions.getNotOnOrAfter());
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAMLAssertionWriter writer = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(assertion);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+
+ /**
+ * This test validates the parsing of audience restrictions inside the conditions
+ * @throws Exception
+ */
+ @Test
+ public void testSAMLAssertionParsingWithAudienceRestriction() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-assertion-audiencerestriction.xml");
+
+ SAMLParser parser = new SAMLParser();
+ AssertionType assertion = (AssertionType) parser.parse(configStream);
+ assertNotNull(assertion);
+
+ assertEquals("ID_cf9efbf0-9d7f-4b4a-b77f-d83ecaafd374", assertion.getID());
+ assertEquals(XMLTimeUtil.parse("2010-09-30T19:13:37.911Z"), assertion.getIssueInstant());
+ assertEquals("2.0", assertion.getVersion());
+
+ //Issuer
+ assertEquals("Test STS", assertion.getIssuer().getValue());
+
+ //Subject
+ SubjectType subject = assertion.getSubject();
+
+ STSubType subType = subject.getSubType();
+ NameIDType subjectNameID = (NameIDType) subType.getBaseID();
+ assertEquals("jduke", subjectNameID.getValue());
+ assertEquals("urn:picketlink:identity-federation", subjectNameID.getNameQualifier());
+
+ SubjectConfirmationType subjectConfirmation = subject.getConfirmation().get(0);
+ assertEquals("urn:oasis:names:tc:SAML:2.0:cm:bearer", subjectConfirmation.getMethod());
+
+ ConditionsType conditions = assertion.getConditions();
+ assertEquals(XMLTimeUtil.parse("2010-09-30T19:13:37.911Z"), conditions.getNotBefore());
+ assertEquals(XMLTimeUtil.parse("2010-09-30T21:13:37.911Z"), conditions.getNotOnOrAfter());
+
+ AudienceRestrictionType audienceRestrictionType = (AudienceRestrictionType) conditions.getConditions().get(0);
+ assertEquals(1, audienceRestrictionType.getAudience().size());
+ assertEquals("http://services.testcorp.org/provider2", audienceRestrictionType.getAudience().get(0)
+ .toASCIIString());
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAMLAssertionWriter writer = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(assertion);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+
+ @Test
+ public void testAssertionWithX500Attribute() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-assertion-x500attrib.xml");
+
+ SAMLParser parser = new SAMLParser();
+ AssertionType assertion = (AssertionType) parser.parse(configStream);
+ assertNotNull(assertion);
+
+ assertEquals("ID_b07b804c-7c29-ea16-7300-4f3d6f7928ac", assertion.getID());
+ assertEquals(XMLTimeUtil.parse("2004-12-05T09:22:05Z"), assertion.getIssueInstant());
+ assertEquals("2.0", assertion.getVersion());
+
+ //Issuer
+ assertEquals("https://idp.example.org/SAML2", assertion.getIssuer().getValue());
+
+ Set<StatementAbstractType> statements = assertion.getStatements();
+ assertEquals(2, statements.size());
+
+ Iterator<StatementAbstractType> iter = statements.iterator();
+ AuthnStatementType authnStatement = (AuthnStatementType) iter.next();
+ assertEquals(XMLTimeUtil.parse("2004-12-05T09:22:00Z"), authnStatement.getAuthnInstant());
+ assertEquals("b07b804c-7c29-ea16-7300-4f3d6f7928ac", authnStatement.getSessionIndex());
+
+ AttributeStatementType attributeStatement = (AttributeStatementType) iter.next();
+ List<ASTChoiceType> attributes = attributeStatement.getAttributes();
+ assertEquals(1, attributes.size());
+ AttributeType attribute = attributes.get(0).getAttribute();
+ assertEquals("eduPersonAffiliation", attribute.getFriendlyName());
+ assertEquals("urn:oid:1.3.6.1.4.1.5923.1.1.1.1", attribute.getName());
+ assertEquals("urn:oasis:names:tc:SAML:2.0:attrname-format:uri", attribute.getNameFormat());
+
+ //Ensure that we have x500:encoding
+ QName x500EncodingName = new QName(JBossSAMLURIConstants.X500_NSURI.get(), JBossSAMLConstants.ENCODING.get());
+ String encodingValue = attribute.getOtherAttributes().get(x500EncodingName);
+ assertEquals("LDAP", encodingValue);
+
+ List<Object> attributeValues = attribute.getAttributeValue();
+ assertEquals(2, attributeValues.size());
+
+ String str = (String) attributeValues.get(0);
+ if (!(str.equals("member") || str.equals("staff")))
+ throw new RuntimeException("attrib value not found");
+
+ //Subject
+ SubjectType subject = assertion.getSubject();
+ STSubType subType = subject.getSubType();
+ NameIDType subjectNameID = (NameIDType) subType.getBaseID();
+ assertEquals("3f7b3dcf-1674-4ecd-92c8-1544f346baf8", subjectNameID.getValue());
+ assertEquals("urn:oasis:names:tc:SAML:2.0:nameid-format:transient", subjectNameID.getFormat().toString());
+
+ SubjectConfirmationType subjectConfirmation = subject.getConfirmation().get(0);
+ assertEquals("urn:oasis:names:tc:SAML:2.0:cm:bearer", subjectConfirmation.getMethod());
+
+ SubjectConfirmationDataType subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
+ assertEquals("ID_aaf23196-1773-2113-474a-fe114412ab72", subjectConfirmationData.getInResponseTo());
+ assertEquals(XMLTimeUtil.parse("2004-12-05T09:27:05Z"), subjectConfirmationData.getNotOnOrAfter());
+ assertEquals("https://sp.example.com/SAML2/SSO/POST", subjectConfirmationData.getRecipient());
+
+ ConditionsType conditions = assertion.getConditions();
+ assertEquals(XMLTimeUtil.parse("2004-12-05T09:17:05Z"), conditions.getNotBefore());
+ assertEquals(XMLTimeUtil.parse("2004-12-05T09:27:05Z"), conditions.getNotOnOrAfter());
+
+ AudienceRestrictionType audienceRestrictionType = (AudienceRestrictionType) conditions.getConditions().get(0);
+ assertEquals(1, audienceRestrictionType.getAudience().size());
+ assertEquals("https://sp.example.com/SAML2", audienceRestrictionType.getAudience().get(0).toString());
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLAssertionWriter writer = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(assertion);
+
+ byte[] bytes = baos.toByteArray();
+ ByteArrayInputStream bis = new ByteArrayInputStream(bytes);
+ DocumentUtil.getDocument(bis); //throws exceptions
+
+ String writtenString = new String(bytes);
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAttributeQueryParserTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAttributeQueryParserTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAttributeQueryParserTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,86 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.List;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResolveType;
+import org.picketlink.identity.federation.saml.v2.protocol.AttributeQueryType;
+import org.w3c.dom.Document;
+
+/**
+ * Unit test the parsing of {@link ArtifactResolveType}
+ * @author Anil.Saldhana at redhat.com
+ * @since Jul 1, 2011
+ */
+public class SAMLAttributeQueryParserTestCase
+{
+ @Test
+ public void testSAMLAttributeQueryParse() throws Exception
+ {
+ String file = "parser/saml2/saml2-attributequery.xml";
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream(file);
+
+ JAXPValidationUtil.validate(configStream);
+ configStream = tcl.getResourceAsStream(file);
+
+ SAMLParser parser = new SAMLParser();
+ AttributeQueryType attributeQuery = (AttributeQueryType) parser.parse(configStream);
+ assertNotNull("ArtifactResolveType is not null", attributeQuery);
+
+ assertEquals("ID_aaf23196-1773-2113-474a-fe114412ab72", attributeQuery.getID());
+ assertEquals(XMLTimeUtil.parse("2006-07-17T20:31:40Z"), attributeQuery.getIssueInstant());
+ assertEquals("CN=anil,OU=User,O=TEST,C=US", attributeQuery.getIssuer().getValue());
+
+ SubjectType subject = attributeQuery.getSubject();
+ NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
+ assertEquals("CN=anil,OU=User,O=TEST,C=US", nameID.getValue());
+ List<AttributeType> attributes = attributeQuery.getAttribute();
+ assertEquals(2, attributes.size());
+
+ //Try out writing
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLRequestWriter writer = new SAMLRequestWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(attributeQuery);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ Document doc = DocumentUtil.getDocument(bis); //throws exceptions
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,86 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.saml.v2.protocol.NameIDPolicyType;
+import org.w3c.dom.Document;
+
+/**
+ * Validate the SAML2 AuthnRequest parse
+ * @author Anil.Saldhana at redhat.com
+ * @since Nov 2, 2010
+ */
+public class SAMLAuthnRequestParserTestCase extends AbstractParserTest
+{
+ @Test
+ public void testSAMLAuthnRequestParse() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-authnrequest.xml");
+
+ SAMLParser parser = new SAMLParser();
+ AuthnRequestType authnRequest = (AuthnRequestType) parser.parse(configStream);
+ assertNotNull("AuthnRequestType is not null", authnRequest);
+
+ assertEquals("http://localhost/org.eclipse.higgins.saml2idp.test/SAMLEndpoint", authnRequest
+ .getAssertionConsumerServiceURL().toString());
+ assertEquals("http://localhost/org.eclipse.higgins.saml2idp.server/SAMLEndpoint", authnRequest.getDestination()
+ .toString());
+ assertEquals("a2sffdlgdhgfg32fdldsdghdsgdgfdglgx", authnRequest.getID());
+ assertEquals(XMLTimeUtil.parse("2007-12-17T18:40:52.203Z"), authnRequest.getIssueInstant());
+ assertEquals("urn:oasis:names.tc:SAML:2.0:bindings:HTTP-Redirect", authnRequest.getProtocolBinding().toString());
+ assertEquals("Test SAML2 SP", authnRequest.getProviderName());
+ assertEquals("2.0", authnRequest.getVersion());
+
+ //Issuer
+ assertEquals("Test SAML2 SP", authnRequest.getIssuer().getValue());
+
+ //NameID Policy
+ NameIDPolicyType nameIDPolicy = authnRequest.getNameIDPolicy();
+ assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", nameIDPolicy.getFormat().toString());
+ assertEquals(Boolean.TRUE, nameIDPolicy.isAllowCreate());
+
+ //Try out writing
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLRequestWriter writer = new SAMLRequestWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(authnRequest);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ Document doc = DocumentUtil.getDocument(bis); //throws exceptions
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,304 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Set;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextDeclRefType;
+import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextType;
+import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextType.AuthnContextTypeSequence;
+import org.picketlink.identity.federation.saml.v2.assertion.AuthnStatementType;
+import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectLocalityType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType;
+import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
+
+/**
+ * Validate the parsing of SAML2 Response
+ * @author Anil.Saldhana at redhat.com
+ * @since Nov 2, 2010
+ */
+public class SAMLResponseParserTestCase extends AbstractParserTest
+{
+ @Test
+ public void testSAMLResponseParse() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-response.xml");
+
+ SAMLParser parser = new SAMLParser();
+ ResponseType response = (ResponseType) parser.parse(configStream);
+ assertNotNull("ResponseType is not null", response);
+
+ assertEquals(XMLTimeUtil.parse("2009-05-26T14:06:26.362-05:00"), response.getIssueInstant());
+ assertEquals("2.0", response.getVersion());
+ assertEquals("ID_1164e0fc-576d-4797-b11c-3d049520f566", response.getID());
+
+ //Issuer
+ assertEquals("testIssuer", response.getIssuer().getValue());
+
+ //Status
+ StatusType status = response.getStatus();
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Success", status.getStatusCode().getValue().toString());
+
+ List<RTChoiceType> assertionList = response.getAssertions();
+ assertEquals(2, assertionList.size());
+
+ AssertionType assertion1 = assertionList.get(0).getAssertion();
+ assertEquals("ID_0be488d8-7089-4892-8aeb-83594c800706", assertion1.getID());
+ assertEquals(XMLTimeUtil.parse("2009-05-26T14:06:26.362-05:00"), assertion1.getIssueInstant());
+ assertEquals("2.0", assertion1.getVersion());
+ assertEquals("testIssuer", assertion1.getIssuer().getValue());
+
+ Iterator<StatementAbstractType> iterator = assertion1.getStatements().iterator();
+
+ AuthnStatementType authnStatement = (AuthnStatementType) iterator.next();
+ assertEquals(XMLTimeUtil.parse("2009-05-26T14:06:26.359-05:00"), authnStatement.getAuthnInstant());
+
+ AuthnContextType authnContext = authnStatement.getAuthnContext();
+
+ AuthnContextDeclRefType refType = (AuthnContextDeclRefType) authnContext.getURIType().iterator().next();
+ assertEquals("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", refType.getValue()
+ .toASCIIString());
+ /*
+ JAXBElement<?> authnContextDeclRefJaxb = (JAXBElement<?>) authnStatement.getAuthnContext().getContent().get(0);
+ assertEquals( "urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", authnContextDeclRefJaxb.getValue() );*/
+
+ AssertionType assertion2 = assertionList.get(1).getAssertion();
+ assertEquals("ID_976d8310-658a-450d-be39-f33c73c8afa6", assertion2.getID());
+ assertEquals(XMLTimeUtil.parse("2009-05-26T14:06:26.363-05:00"), assertion2.getIssueInstant());
+ assertEquals("2.0", assertion2.getVersion());
+ assertEquals("testIssuer", assertion2.getIssuer().getValue());
+
+ authnStatement = (AuthnStatementType) assertion2.getStatements().iterator().next();
+ assertEquals(XMLTimeUtil.parse("2009-05-26T14:06:26.359-05:00"), authnStatement.getAuthnInstant());
+ SubjectLocalityType subjectLocality = authnStatement.getSubjectLocality();
+ assertNotNull(subjectLocality);
+ assertEquals("127.0.0.1", subjectLocality.getAddress());
+ authnContext = authnStatement.getAuthnContext();
+
+ refType = (AuthnContextDeclRefType) authnContext.getURIType().iterator().next();
+ assertEquals("urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport", refType.getValue()
+ .toASCIIString());
+
+ //Let us do some writing - currently only visual inspection. We will do proper validation later.
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(response);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ DocumentUtil.getDocument(bis); //throws exceptions
+
+ baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(response);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+
+ @Test
+ public void testAssertionWithSubjectAndAttributes() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-response-assertion-subject.xml");
+
+ SAMLParser parser = new SAMLParser();
+ ResponseType response = (ResponseType) parser.parse(configStream);
+ assertNotNull(response);
+
+ assertEquals("ID_45df1ea5-81e4-4147-a39a-43a4ef613f4e", response.getID());
+ assertEquals(XMLTimeUtil.parse("2010-11-04T00:19:16.847-05:00"), response.getIssueInstant());
+ assertEquals("2.0", response.getVersion());
+ assertEquals("http://localhost:8080/employee/", response.getDestination());
+ assertEquals("ID_04ded476-d73c-48af-b3a9-232a52905ffb", response.getInResponseTo());
+
+ //Issuer
+ assertEquals("http://localhost:8080/idp/", response.getIssuer().getValue());
+
+ //Status
+ StatusType status = response.getStatus();
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Success", status.getStatusCode().getValue().toString());
+
+ //Get the assertion
+ AssertionType assertion = response.getAssertions().get(0).getAssertion();
+ assertEquals("ID_8be1534d-9155-4837-9f26-70ea2c15e327", assertion.getID());
+ assertEquals(XMLTimeUtil.parse("2010-11-04T00:19:16.842-05:00"), assertion.getIssueInstant());
+ assertEquals("2.0", assertion.getVersion());
+
+ assertEquals("http://localhost:8080/idp/", assertion.getIssuer().getValue());
+
+ //Subject
+ SubjectType subject = assertion.getSubject();
+
+ NameIDType subjectNameID = (NameIDType) subject.getSubType().getBaseID();
+ assertEquals("anil", subjectNameID.getValue());
+ assertEquals("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent", subjectNameID.getFormat().toString());
+
+ SubjectConfirmationType subjectConfirmation = subject.getConfirmation().get(0);
+
+ assertEquals("urn:oasis:names:tc:SAML:2.0:cm:bearer", subjectConfirmation.getMethod());
+
+ SubjectConfirmationDataType subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData();
+ assertEquals("ID_04ded476-d73c-48af-b3a9-232a52905ffb", subjectConfirmationData.getInResponseTo());
+ assertEquals(XMLTimeUtil.parse("2010-11-04T00:19:16.842-05:00"), subjectConfirmationData.getNotBefore());
+ assertEquals(XMLTimeUtil.parse("2010-11-04T00:19:16.842-05:00"), subjectConfirmationData.getNotOnOrAfter());
+ assertEquals("http://localhost:8080/employee/", subjectConfirmationData.getRecipient());
+
+ AttributeStatementType attributeStatement = (AttributeStatementType) assertion.getStatements().iterator().next();
+
+ List<AttributeStatementType.ASTChoiceType> attributes = attributeStatement.getAttributes();
+ assertEquals(2, attributes.size());
+
+ for (AttributeStatementType.ASTChoiceType attr : attributes)
+ {
+ AttributeType attribute = attr.getAttribute();
+ assertEquals("role", attribute.getFriendlyName());
+ assertEquals("role", attribute.getName());
+ assertEquals("role", attribute.getNameFormat());
+ List<Object> attributeValues = attribute.getAttributeValue();
+ assertEquals(1, attributeValues.size());
+
+ String str = (String) attributeValues.get(0);
+ if (!(str.equals("employee") || str.equals("manager")))
+ throw new RuntimeException("attrib value not found");
+ }
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(response);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+
+ @Test
+ public void testXACMLDecisionStatements() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("saml-xacml/saml-xacml-response-1.xml");
+ validateSchema(configStream);
+ configStream = tcl.getResourceAsStream("saml-xacml/saml-xacml-response-1.xml");
+ SAMLParser parser = new SAMLParser();
+ ResponseType response = (ResponseType) parser.parse(configStream);
+ assertNotNull("ResponseType is not null", response);
+
+ //Get the assertion
+ AssertionType assertion = response.getAssertions().get(0).getAssertion();
+ assertEquals("ID_response-id_1", assertion.getID());
+ assertEquals(XMLTimeUtil.parse("2008-03-19T22:17:13Z"), assertion.getIssueInstant());
+ assertEquals("2.0", assertion.getVersion());
+
+ XACMLAuthzDecisionStatementType xacmlStat = (XACMLAuthzDecisionStatementType) assertion.getStatements()
+ .iterator().next();
+ assertNotNull(xacmlStat.getRequest());
+ assertNotNull(xacmlStat.getResponse());
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(response);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+
+ @Test
+ public void testSAMLResponseADFSClaims() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-response-adfs-claims.xml");
+
+ SAMLParser parser = new SAMLParser();
+ ResponseType response = (ResponseType) parser.parse(configStream);
+ assertNotNull("ResponseType is not null", response);
+
+ List<RTChoiceType> choices = response.getAssertions();
+ assertEquals(1, choices.size());
+ RTChoiceType rtc = choices.get(0);
+ AssertionType assertion = rtc.getAssertion();
+ Set<StatementAbstractType> statements = assertion.getStatements();
+ for (StatementAbstractType statement : statements)
+ {
+ if (statement instanceof AuthnStatementType)
+ {
+ AuthnStatementType authnStat = (AuthnStatementType) statement;
+ AuthnContextType authnContext = authnStat.getAuthnContext();
+
+ AuthnContextTypeSequence sequence = authnContext.getSequence();
+ assertNotNull(sequence);
+ assertEquals("urn:federation:authentication:windows", sequence.getClassRef().getValue().toString());
+ }
+ else if (statement instanceof AttributeStatementType)
+ {
+ AttributeStatementType attribStat = (AttributeStatementType) statement;
+ List<ASTChoiceType> attributes = attribStat.getAttributes();
+ assertEquals(2, attributes.size());
+ for (ASTChoiceType astChoice : attributes)
+ {
+ AttributeType attribute = astChoice.getAttribute();
+ String attributeName = attribute.getName();
+ if (!(JBossSAMLURIConstants.CLAIMS_EMAIL_ADDRESS.get().equals(attributeName) || JBossSAMLURIConstants.CLAIMS_PUID
+ .get().equals(attributeName)))
+ throw new RuntimeException("Unknown attr name:" + attributeName);
+ }
+ }
+ else
+ throw new RuntimeException("Unknown statement type:" + statement);
+ }
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(response);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloRequestParserTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloRequestParserTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloRequestParserTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,78 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
+
+/**
+ * Validate the parsing of SLO (log out) Request
+ * @author Anil.Saldhana at redhat.com
+ * @since Nov 3, 2010
+ */
+public class SAMLSloRequestParserTestCase extends AbstractParserTest
+{
+ @Test
+ public void testSAMLLogOutRequestParsing() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-logout-request.xml");
+
+ SAMLParser parser = new SAMLParser();
+ LogoutRequestType lotRequest = (LogoutRequestType) parser.parse(configStream);
+ assertNotNull(lotRequest);
+
+ assertEquals("ID_c3b5ae86-7fea-4d8b-a438-a3f47d8e92c3", lotRequest.getID());
+ assertEquals(XMLTimeUtil.parse("2010-07-29T13:46:20.647-05:00"), lotRequest.getIssueInstant());
+ assertEquals("2.0", lotRequest.getVersion());
+ //Issuer
+ assertEquals("http://localhost:8080/sales/", lotRequest.getIssuer().getValue());
+
+ //Try out writing
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLRequestWriter writer = new SAMLRequestWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(lotRequest);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ DocumentUtil.getDocument(bis); //throws exceptions
+
+ baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ writer = new SAMLRequestWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(lotRequest);
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloResponseParserTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloResponseParserTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloResponseParserTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,114 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants.LOGOUT_RESPONSE;
+import static org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants.PROTOCOL_NSURI;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import javax.xml.namespace.QName;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
+
+/**
+ * Validate the parsing of SLO Response
+ * @author Anil.Saldhana at redhat.com
+ * @since Nov 3, 2010
+ */
+public class SAMLSloResponseParserTestCase extends AbstractParserTest
+{
+ @Test
+ public void testSAMLResponseParse() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-logout-response.xml");
+
+ SAMLParser parser = new SAMLParser();
+ StatusResponseType response = (StatusResponseType) parser.parse(configStream);
+ assertNotNull("ResponseType is not null", response);
+
+ assertEquals(XMLTimeUtil.parse("2010-07-29T13:46:03.862-05:00"), response.getIssueInstant());
+ assertEquals("2.0", response.getVersion());
+ assertEquals("ID_97d332a8-3224-4653-a1ff-65c966e56852", response.getID());
+
+ //Issuer
+ assertEquals("http://localhost:8080/employee-post/", response.getIssuer().getValue());
+
+ //Status
+ StatusType status = response.getStatus();
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Responder", status.getStatusCode().getValue().toString());
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Success", status.getStatusCode().getStatusCode().getValue()
+ .toString());
+
+ //Let us do some writing - currently only visual inspection. We will do proper validation later.
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(response, new QName(PROTOCOL_NSURI.get(), LOGOUT_RESPONSE.get(), "samlp"));
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ DocumentUtil.getDocument(bis); //throws exceptions
+
+ baos = new ByteArrayOutputStream();
+ //Lets do the writing
+ writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(response, new QName(PROTOCOL_NSURI.get(), LOGOUT_RESPONSE.get(), "samlp"));
+ String writtenString = new String(baos.toByteArray());
+ System.out.println(writtenString);
+ validateSchema(writtenString);
+ }
+
+ @Test
+ public void testSLOResponseWithSig() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-logout-response-sig.xml");
+
+ SAMLParser parser = new SAMLParser();
+ StatusResponseType response = (StatusResponseType) parser.parse(configStream);
+ assertNotNull("ResponseType is not null", response);
+
+ assertEquals(XMLTimeUtil.parse("2011-04-04T11:48:32.372-05:00"), response.getIssueInstant());
+ assertEquals("2.0", response.getVersion());
+ assertEquals("ID_2b178fbb-224c-4f01-950d-e3d1be2d3821", response.getID());
+
+ //Issuer
+ assertEquals("http://localhost:8080/idp-sig/", response.getIssuer().getValue());
+
+ //Status
+ StatusType status = response.getStatus();
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Responder", status.getStatusCode().getValue().toString());
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Success", status.getStatusCode().getStatusCode().getValue()
+ .toString());
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTResponseAssertionHOKCertificateTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTResponseAssertionHOKCertificateTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTResponseAssertionHOKCertificateTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,92 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.wst;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.InputStream;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
+import org.picketlink.identity.federation.ws.addressing.EndpointReferenceType;
+import org.picketlink.identity.federation.ws.trust.RequestedReferenceType;
+import org.picketlink.identity.federation.ws.wss.secext.KeyIdentifierType;
+import org.picketlink.identity.federation.ws.wss.secext.SecurityTokenReferenceType;
+import org.w3c.dom.Element;
+
+/**
+ * @author Anil.Saldhana at redhat.com
+ * @since Nov 11, 2010
+ */
+public class WSTResponseAssertionHOKCertificateTestCase
+{
+ @Test
+ public void testWST_RSTR_Assertion() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-response-assertion-hok-certificate.xml");
+
+ WSTrustParser parser = new WSTrustParser();
+ RequestSecurityTokenResponseCollection coll = (RequestSecurityTokenResponseCollection) parser.parse(configStream);
+ assertEquals(1, coll.getRequestSecurityTokenResponses().size());
+
+ RequestSecurityTokenResponse rstr = coll.getRequestSecurityTokenResponses().get(0);
+
+ assertEquals("testcontext", rstr.getContext());
+ assertEquals(SAMLUtil.SAML2_TOKEN_TYPE, rstr.getTokenType().toASCIIString());
+
+ assertEquals(XMLTimeUtil.parse("2010-11-11T16:34:19.602Z"), rstr.getLifetime().getCreated());
+ assertEquals(XMLTimeUtil.parse("2010-11-11T18:34:19.602Z"), rstr.getLifetime().getExpires());
+
+ EndpointReferenceType endpoint = (EndpointReferenceType) rstr.getAppliesTo().getAny().get(0);
+ assertEquals("http://services.testcorp.org/provider2", endpoint.getAddress().getValue());
+
+ assertEquals(128, rstr.getKeySize());
+ assertEquals(WSTrustConstants.KEY_TYPE_PUBLIC, rstr.getKeyType().toASCIIString());
+
+ Element assertionElement = (Element) rstr.getRequestedSecurityToken().getAny().get(0);
+ String id = assertionElement.getAttribute("ID");
+
+ assertEquals("ID_5a15fc70-daa1-4808-b70e-9cbf6b8e4d4f", id);
+
+ RequestedReferenceType ref = rstr.getRequestedAttachedReference();
+ SecurityTokenReferenceType secRef = ref.getSecurityTokenReference();
+ assertNotNull(secRef);
+ Map<QName, String> map = secRef.getOtherAttributes();
+ QName wsseTokenType = new QName(WSTrustConstants.WSSE11_NS, WSTrustConstants.TOKEN_TYPE,
+ WSTrustConstants.WSSE.PREFIX_11);
+ assertEquals(SAMLUtil.SAML2_TOKEN_TYPE, map.get(wsseTokenType));
+
+ KeyIdentifierType keyId = (KeyIdentifierType) secRef.getAny().get(0);
+ assertEquals("#ID_5a15fc70-daa1-4808-b70e-9cbf6b8e4d4f", keyId.getValue());
+ assertEquals(WSTrustConstants.WSSE.KEY_IDENTIFIER_VALUETYPE_SAML, keyId.getValueType());
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchIssueParsingTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchIssueParsingTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchIssueParsingTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,86 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.wst;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.List;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection;
+import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
+import org.w3c.dom.Document;
+
+/**
+ * Unit Test the WS Trust batch issue
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 11, 2010
+ */
+public class WSTrustBatchIssueParsingTestCase
+{
+ /**
+ * Parse and validate the parser/wst/wst-batch-issue.xml file
+ * @throws Exception
+ */
+ @Test
+ public void testWST_BatchIssue() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-batch-issue.xml");
+
+ WSTrustParser parser = new WSTrustParser();
+ RequestSecurityTokenCollection requestCollection = (RequestSecurityTokenCollection) parser.parse(configStream);
+ assertNotNull("Request Security Token Collection is null?", requestCollection);
+
+ List<RequestSecurityToken> tokens = requestCollection.getRequestSecurityTokens();
+ assertEquals(2, tokens.size());
+
+ RequestSecurityToken rst1 = tokens.get(0);
+ assertEquals("context1", rst1.getContext());
+ assertEquals(WSTrustConstants.BATCH_ISSUE_REQUEST, rst1.getRequestType().toASCIIString());
+ assertEquals(SAMLUtil.SAML2_TOKEN_TYPE, rst1.getTokenType().toASCIIString());
+
+ RequestSecurityToken rst2 = tokens.get(1);
+ assertEquals("context2", rst2.getContext());
+ assertEquals(WSTrustConstants.BATCH_ISSUE_REQUEST, rst2.getRequestType().toASCIIString());
+ assertEquals("http://www.tokens.org/SpecialToken", rst2.getTokenType().toASCIIString());
+
+ //Now for the writing part
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos);
+
+ rstWriter.write(requestCollection);
+
+ Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,85 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.wst;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.List;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection;
+import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
+import org.w3c.dom.Document;
+
+/**
+ * Validate the parsing of wst-batch-validate.xml
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 12, 2010
+ */
+public class WSTrustBatchValidateParsingTestCase
+{
+ @Test
+ public void testWST_BatchValidate() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-batch-validate.xml");
+
+ WSTrustParser parser = new WSTrustParser();
+ RequestSecurityTokenCollection requestCollection = (RequestSecurityTokenCollection) parser.parse(configStream);
+ assertNotNull("Request Security Token Collection is null?", requestCollection);
+
+ List<RequestSecurityToken> tokens = requestCollection.getRequestSecurityTokens();
+ assertEquals(2, tokens.size());
+
+ RequestSecurityToken rst1 = tokens.get(0);
+ assertEquals("validatecontext1", rst1.getContext());
+ assertEquals(WSTrustConstants.BATCH_VALIDATE_REQUEST, rst1.getRequestType().toASCIIString());
+ assertEquals(WSTrustConstants.RSTR_STATUS_TOKEN_TYPE, rst1.getTokenType().toASCIIString());
+
+ RequestSecurityToken rst2 = tokens.get(1);
+ assertEquals("validatecontext2", rst2.getContext());
+ assertEquals(WSTrustConstants.BATCH_VALIDATE_REQUEST, rst2.getRequestType().toASCIIString());
+ assertEquals(WSTrustConstants.RSTR_STATUS_TOKEN_TYPE, rst2.getTokenType().toASCIIString());
+
+ //Now for the writing part
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos);
+
+ rstWriter.write(requestCollection);
+
+ Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
+ baos.close();
+
+ System.out.println(DocumentUtil.asString(doc));
+
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,136 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.wst;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import javax.xml.datatype.DatatypeFactory;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
+import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
+import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.ws.trust.CancelTargetType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Validate the WST Cancel Target for SAML assertions
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 14, 2010
+ */
+public class WSTrustCancelTargetSamlTestCase
+{
+ @Test
+ public void testWST_CancelTargetSaml() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-cancel-saml.xml");
+
+ WSTrustParser parser = new WSTrustParser();
+ RequestSecurityToken requestToken = (RequestSecurityToken) parser.parse(configStream);
+ assertEquals("cancelcontext", requestToken.getContext());
+ assertEquals(WSTrustConstants.CANCEL_REQUEST, requestToken.getRequestType().toASCIIString());
+
+ CancelTargetType cancelTarget = requestToken.getCancelTarget();
+
+ Element assertionElement = (Element) cancelTarget.getAny().get(0);
+ AssertionType assertion = SAMLUtil.fromElement(assertionElement);
+ validateAssertion(assertion);
+
+ //Now for the writing part
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos);
+
+ rstWriter.write(requestToken);
+
+ Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+
+ private void validateAssertion(AssertionType assertion) throws Exception
+ {
+ DatatypeFactory dtf = DatatypeFactory.newInstance();
+
+ assertNotNull(assertion);
+
+ assertEquals("ID_cb1eadf5-50a6-4fdf-96bc-412514f52882", assertion.getID());
+ assertEquals(dtf.newXMLGregorianCalendar("2010-09-30T19:13:37.603Z"), assertion.getIssueInstant());
+ //Issuer
+ assertEquals("Test STS", assertion.getIssuer().getValue());
+
+ //Subject
+ SubjectType subject = assertion.getSubject();
+
+ NameIDType subjectNameID = (NameIDType) subject.getSubType().getBaseID();
+
+ assertEquals("jduke", subjectNameID.getValue());
+ assertEquals("urn:picketlink:identity-federation", subjectNameID.getNameQualifier());
+
+ SubjectConfirmationType subjectConfirmationType = subject.getConfirmation().get(0);
+ assertEquals(JBossSAMLURIConstants.BEARER.get(), subjectConfirmationType.getMethod());
+
+ /*List<JAXBElement<?>> content = subject.getContent();
+
+ int size = content.size();
+
+ assertEquals( 2, size );
+
+ for( int i = 0 ; i < size; i++ )
+ {
+ JAXBElement<?> node = content.get(i);
+ if( node.getDeclaredType().equals( NameIDType.class ))
+ {
+ NameIDType subjectNameID = (NameIDType) node.getValue();
+
+ assertEquals( "jduke", subjectNameID.getValue() );
+ assertEquals( "urn:picketlink:identity-federation", subjectNameID.getNameQualifier() );
+ }
+
+ if( node.getDeclaredType().equals( SubjectConfirmationType.class ))
+ {
+ SubjectConfirmationType subjectConfirmationType = (SubjectConfirmationType) node.getValue();
+ assertEquals( JBossSAMLURIConstants.BEARER.get(), subjectConfirmationType.getMethod() );
+ }
+ } */
+
+ //Conditions
+ ConditionsType conditions = assertion.getConditions();
+ assertEquals(dtf.newXMLGregorianCalendar("2010-09-30T19:13:37.603Z"), conditions.getNotBefore());
+ assertEquals(dtf.newXMLGregorianCalendar("2010-09-30T21:13:37.603Z"), conditions.getNotOnOrAfter());
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueAppliesToTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueAppliesToTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueAppliesToTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,73 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.wst;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
+import org.picketlink.identity.federation.ws.addressing.EndpointReferenceType;
+import org.picketlink.identity.federation.ws.policy.AppliesTo;
+import org.w3c.dom.Document;
+
+/**
+ * Validate the wst applies to parsing
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 14, 2010
+ */
+public class WSTrustIssueAppliesToTestCase
+{
+ @Test
+ public void testAppliesTo() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-issue-appliesto.xml");
+
+ WSTrustParser parser = new WSTrustParser();
+ RequestSecurityToken requestToken = (RequestSecurityToken) parser.parse(configStream);
+
+ assertEquals("testcontext", requestToken.getContext());
+ assertEquals(WSTrustConstants.ISSUE_REQUEST, requestToken.getRequestType().toASCIIString());
+
+ AppliesTo appliesTo = requestToken.getAppliesTo();
+ EndpointReferenceType endpoint = (EndpointReferenceType) appliesTo.getAny().get(0);
+ assertEquals("http://services.testcorp.org/provider2", endpoint.getAddress().getValue());
+
+ //Now for the writing part
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos);
+
+ rstWriter.write(requestToken);
+
+ Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicCertificateTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicCertificateTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicCertificateTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,84 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.wst;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.wst.WSTRequestSecurityTokenParser;
+import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
+import org.picketlink.identity.federation.ws.addressing.EndpointReferenceType;
+import org.picketlink.identity.federation.ws.policy.AppliesTo;
+import org.picketlink.identity.federation.ws.trust.UseKeyType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Validate parsing of RST with Use Key set to a X509 certificate
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 18, 2010
+ */
+public class WSTrustIssuePublicCertificateTestCase
+{
+ @Test
+ public void testPublicCert() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-issue-public-certificate.xml");
+
+ WSTrustParser parser = new WSTrustParser();
+ RequestSecurityToken requestToken = (RequestSecurityToken) parser.parse(configStream);
+
+ assertEquals("testcontext", requestToken.getContext());
+ assertEquals(WSTrustConstants.ISSUE_REQUEST, requestToken.getRequestType().toASCIIString());
+
+ AppliesTo appliesTo = requestToken.getAppliesTo();
+ EndpointReferenceType endpoint = (EndpointReferenceType) appliesTo.getAny().get(0);
+ assertEquals("http://services.testcorp.org/provider2", endpoint.getAddress().getValue());
+
+ assertEquals("http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey", requestToken.getKeyType()
+ .toASCIIString());
+
+ UseKeyType useKeyType = requestToken.getUseKey();
+ Element certEl = (Element) useKeyType.getAny().get(0);
+
+ assertEquals("ds:" + WSTRequestSecurityTokenParser.X509CERTIFICATE, certEl.getTagName());
+
+ //Now for the writing part
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos);
+
+ rstWriter.write(requestToken);
+
+ Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicKeyTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicKeyTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicKeyTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as
+ * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual
+ * contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any
+ * later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to
+ * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site:
+ * http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.wst;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.wst.WSTRequestSecurityTokenParser;
+import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
+import org.picketlink.identity.federation.ws.addressing.EndpointReferenceType;
+import org.picketlink.identity.federation.ws.policy.AppliesTo;
+import org.picketlink.identity.federation.ws.trust.UseKeyType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Validate parsing of RST with Use Key set to a RSA Public Key
+ *
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 18, 2010
+ */
+public class WSTrustIssuePublicKeyTestCase
+{
+ @Test
+ public void testPublicKey() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-issue-public-key.xml");
+
+ WSTrustParser parser = new WSTrustParser();
+ RequestSecurityToken requestToken = (RequestSecurityToken) parser.parse(configStream);
+
+ assertEquals("testcontext", requestToken.getContext());
+ assertEquals(WSTrustConstants.ISSUE_REQUEST, requestToken.getRequestType().toASCIIString());
+
+ AppliesTo appliesTo = requestToken.getAppliesTo();
+ EndpointReferenceType endpoint = (EndpointReferenceType) appliesTo.getAny().get(0);
+ assertEquals("http://services.testcorp.org/provider2", endpoint.getAddress().getValue());
+
+ assertEquals("http://docs.oasis-open.org/ws-sx/ws-trust/200512/PublicKey", requestToken.getKeyType()
+ .toASCIIString());
+
+ UseKeyType useKeyType = requestToken.getUseKey();
+ Element certEl = (Element) useKeyType.getAny().get(0);
+
+ assertEquals("ds:" + WSTRequestSecurityTokenParser.KEYVALUE, certEl.getTagName());
+
+ // Now for the writing part
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos);
+
+ rstWriter.write(requestToken);
+
+ Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,83 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.wst;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
+import org.picketlink.identity.federation.ws.addressing.EndpointReferenceType;
+import org.picketlink.identity.federation.ws.policy.AppliesTo;
+import org.picketlink.identity.federation.ws.trust.BinarySecretType;
+import org.picketlink.identity.federation.ws.trust.EntropyType;
+import org.w3c.dom.Document;
+
+/**
+ * Validate parsing of RST with Use Key set to Symmetric Key
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 18, 2010
+ */
+public class WSTrustIssueSymmetricKeyTestCase
+{
+ @Test
+ public void testSymKey() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-issue-symmetric-key.xml");
+
+ WSTrustParser parser = new WSTrustParser();
+ RequestSecurityToken requestToken = (RequestSecurityToken) parser.parse(configStream);
+
+ assertEquals("testcontext", requestToken.getContext());
+ assertEquals(WSTrustConstants.ISSUE_REQUEST, requestToken.getRequestType().toASCIIString());
+
+ AppliesTo appliesTo = requestToken.getAppliesTo();
+ EndpointReferenceType endpoint = (EndpointReferenceType) appliesTo.getAny().get(0);
+ assertEquals("http://services.testcorp.org/provider2", endpoint.getAddress().getValue());
+
+ assertEquals(WSTrustConstants.BS_TYPE_SYMMETRIC, requestToken.getKeyType().toASCIIString());
+
+ EntropyType entropy = requestToken.getEntropy();
+ BinarySecretType binarySecret = (BinarySecretType) entropy.getAny().get(0);
+
+ assertEquals(WSTrustConstants.BS_TYPE_NONCE, binarySecret.getType());
+ assertEquals("M0/7qLpV49c=", new String(binarySecret.getValue()));
+
+ //Now for the writing part
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos);
+
+ rstWriter.write(requestToken);
+
+ Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,69 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.wst;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
+import org.w3c.dom.Document;
+
+/**
+ * Validate simple RST parsing
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 18, 2010
+ */
+public class WSTrustIssueTestCase
+{
+ @Test
+ public void testIssue() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-issue.xml");
+
+ WSTrustParser parser = new WSTrustParser();
+ RequestSecurityToken requestToken = (RequestSecurityToken) parser.parse(configStream);
+
+ assertEquals("testcontext", requestToken.getContext());
+ assertEquals(WSTrustConstants.ISSUE_REQUEST, requestToken.getRequestType().toASCIIString());
+ assertEquals(SAMLUtil.SAML2_TOKEN_TYPE, requestToken.getTokenType().toASCIIString());
+
+ //Now for the writing part
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos);
+
+ rstWriter.write(requestToken);
+
+ Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustOnBehalfOfTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustOnBehalfOfTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustOnBehalfOfTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,78 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.wst;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.List;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
+import org.picketlink.identity.federation.ws.trust.OnBehalfOfType;
+import org.picketlink.identity.federation.ws.wss.secext.UsernameTokenType;
+import org.w3c.dom.Document;
+
+/**
+ * Validate the OnBehalfOf parsing
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 18, 2010
+ */
+public class WSTrustOnBehalfOfTestCase
+{
+ @Test
+ public void testOnBehalfOfParsing() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-issue-onbehalfof.xml");
+
+ WSTrustParser parser = new WSTrustParser();
+ RequestSecurityToken requestToken = (RequestSecurityToken) parser.parse(configStream);
+
+ assertEquals("testcontext", requestToken.getContext());
+ assertEquals(WSTrustConstants.ISSUE_REQUEST, requestToken.getRequestType().toASCIIString());
+
+ OnBehalfOfType onBehalfOf = requestToken.getOnBehalfOf();
+ List<Object> theList = onBehalfOf.getAny();
+ assertNotNull(theList);
+ UsernameTokenType userNameToken = (UsernameTokenType) theList.get(0);
+ assertEquals("id", userNameToken.getId());
+ assertEquals("anotherduke", userNameToken.getUsername().getValue());
+
+ //Now for the writing part
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos);
+
+ rstWriter.write(requestToken);
+
+ Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,81 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.wst;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
+import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.ws.trust.RenewTargetType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Validate the parsing of wst-batch-validate.xml
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 12, 2010
+ */
+public class WSTrustRenewTargetParsingTestCase
+{
+ @Test
+ public void testWST_RenewTarget() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-renew-saml.xml");
+
+ WSTrustParser parser = new WSTrustParser();
+ RequestSecurityToken requestToken = (RequestSecurityToken) parser.parse(configStream);
+ assertEquals("renewcontext", requestToken.getContext());
+ assertEquals(WSTrustConstants.RENEW_REQUEST, requestToken.getRequestType().toASCIIString());
+ assertEquals(SAMLUtil.SAML2_TOKEN_TYPE, requestToken.getTokenType().toASCIIString());
+
+ RenewTargetType renewTarget = requestToken.getRenewTarget();
+ Element assertionElement = (Element) renewTarget.getAny().get(0);
+ AssertionType assertion = SAMLUtil.fromElement(assertionElement);
+ assertEquals("ID_654b6092-c725-40ea-8044-de453b59cb28", assertion.getID());
+ assertEquals("Test STS", assertion.getIssuer().getValue());
+ SubjectType subject = assertion.getSubject();
+ assertEquals("jduke", ((NameIDType) subject.getSubType().getBaseID()).getValue());
+
+ //Now for the writing part
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos);
+
+ rstWriter.write(requestToken);
+
+ Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,76 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.wst;
+
+import static org.junit.Assert.assertEquals;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
+import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.ws.trust.ValidateTargetType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * Validate the parsing of wst-validate-saml.xml
+ * @author Anil.Saldhana at redhat.com
+ * @since Oct 12, 2010
+ */
+public class WSTrustValidateSamlTestCase
+{
+ @Test
+ public void testWST_ValidateSaml() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-validate-saml.xml");
+
+ WSTrustParser parser = new WSTrustParser();
+ RequestSecurityToken rst1 = (RequestSecurityToken) parser.parse(configStream);
+ assertEquals("validatecontext", rst1.getContext());
+ assertEquals(WSTrustConstants.VALIDATE_REQUEST, rst1.getRequestType().toASCIIString());
+ assertEquals(WSTrustConstants.RSTR_STATUS_TOKEN_TYPE, rst1.getTokenType().toASCIIString());
+
+ ValidateTargetType validateTarget = rst1.getValidateTarget();
+ Element assertionElement = (Element) validateTarget.getAny().get(0);
+ AssertionType assertion = SAMLUtil.fromElement(assertionElement);
+ assertEquals("ID_654b6092-c725-40ea-8044-de453b59cb28", assertion.getID());
+
+ //Now for the writing part
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos);
+
+ rstWriter.write(rst1);
+
+ Document doc = DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray()));
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,100 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.saml.v2;
+
+import java.io.ByteArrayOutputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+import junit.framework.TestCase;
+
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.X500SAMLProfileConstants;
+import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
+import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * Unit test the X500 Profile of SAML2
+ * @author Anil.Saldhana at redhat.com
+ * @since Sep 14, 2009
+ */
+public class X500AttributeUnitTestCase extends TestCase
+{
+ public void testX500Marshalling() throws Exception
+ {
+ Map<String, Object> attributes = new HashMap<String, Object>();
+ attributes.put(X500SAMLProfileConstants.EMAIL_ADDRESS.getFriendlyName(), "test at a");
+ attributes.put(X500SAMLProfileConstants.GIVEN_NAME.getFriendlyName(), "anil");
+
+ AttributeStatementType attrStat = StatementUtil.createAttributeStatement(attributes);
+
+ IssuerInfoHolder issuerHolder = new IssuerInfoHolder("http://idp");
+ issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
+
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue(IDGenerator.create());
+
+ ResponseType rt = JBossSAMLAuthnResponseFactory.createResponseType("response111", new SPInfoHolder(), idp,
+ issuerHolder);
+ assertNotNull(rt);
+
+ AssertionType assertion = rt.getAssertions().get(0).getAssertion();
+ assertion.addStatement(attrStat);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(rt);
+
+ Document samlDom = DocumentUtil.getDocument(new String(baos.toByteArray()));
+
+ NodeList nl = samlDom.getElementsByTagNameNS(JBossSAMLURIConstants.ASSERTION_NSURI.get(), "Attribute");
+ assertEquals("nodes = 2", 2, nl.getLength());
+
+ String x500NS = JBossSAMLURIConstants.X500_NSURI.get();
+ String encodingLocalName = "Encoding";
+
+ Element attrib = (Element) nl.item(0);
+ assertTrue("Has ldap encoding?", attrib.hasAttributeNS(x500NS, encodingLocalName));
+ assertEquals("LDAP", attrib.getAttributeNodeNS(x500NS, encodingLocalName).getNodeValue());
+
+ NodeList nla = attrib.getElementsByTagNameNS(JBossSAMLURIConstants.ASSERTION_NSURI.get(), "AttributeValue");
+
+ Node attribNode = nla.item(0);
+ String nodeValue = attribNode.getTextContent();
+ assertTrue(nodeValue.equals("test at a") || nodeValue.equals("anil"));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/FileBasedMetadataConfigurationStoreUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/FileBasedMetadataConfigurationStoreUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/FileBasedMetadataConfigurationStoreUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,112 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.saml.v2.metadata;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import java.io.InputStream;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.metadata.store.FileBasedMetadataConfigurationStore;
+import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
+
+
+/**
+ * Unit test the FileBasedMetadataConfigurationStore
+ * @author Anil.Saldhana at redhat.com
+ * @since Apr 28, 2009
+ */
+public class FileBasedMetadataConfigurationStoreUnitTestCase
+{
+ String pkgName = "org.picketlink.identity.federation.saml.v2.metadata";
+ String id = "test";
+
+ @Test
+ public void testStore() throws Exception
+ {
+ SAMLParser parser = new SAMLParser();
+
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is =
+ tcl.getResourceAsStream("saml2/metadata/idp-entitydescriptor.xml");
+ assertNotNull("Inputstream not null", is);
+
+ EntityDescriptorType edt = (EntityDescriptorType) parser.parse(is);
+ assertNotNull( edt );
+ /*
+ Unmarshaller un = JAXBUtil.getUnmarshaller(pkgName);
+ JAXBElement<EntityDescriptorType> je = (JAXBElement<EntityDescriptorType>) un.unmarshal(is);
+ EntityDescriptorType edt = je.getValue();
+ assertNotNull("EntityDescriptorType not null", edt);
+ */
+ FileBasedMetadataConfigurationStore fbd = new FileBasedMetadataConfigurationStore();
+ fbd.persist(edt, id);
+
+ EntityDescriptorType loaded = fbd.load(id);
+ assertNotNull("loaded EntityDescriptorType not null", loaded);
+ fbd.delete(id);
+
+ try
+ {
+ fbd.load(id);
+ fail("Did not delete the metadata persistent file");
+ }
+ catch(Exception t)
+ {
+ //pass
+ }
+ }
+
+ @Test
+ public void testTrustedProviders() throws Exception
+ {
+ FileBasedMetadataConfigurationStore fbd = new FileBasedMetadataConfigurationStore();
+ Map<String, String> trustedProviders = new HashMap<String, String>();
+ trustedProviders.put("idp1", "http://localhost:8080/idp1/metadata");
+ trustedProviders.put("idp2", "http://localhost:8080/idp2/metadata");
+ fbd.persistTrustedProviders(id, trustedProviders);
+
+ //Lets get back
+ Map<String, String> loadTP = fbd.loadTrustedProviders(id);
+ assertNotNull("Loaded Trusted Providers not null", loadTP);
+
+ assertTrue("idp1", loadTP.containsKey("idp1"));
+ assertTrue("idp2", loadTP.containsKey("idp2"));
+ assertTrue("size 2", loadTP.size() == 2);
+
+ fbd.deleteTrustedProviders(id);
+ try
+ {
+ fbd.loadTrustedProviders(id);
+ fail("Did not delete the trusted providers file");
+ }
+ catch(Exception t)
+ {
+ //pass
+ }
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,147 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.saml.v2.metadata;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.security.cert.X509Certificate;
+import java.util.List;
+
+import javax.xml.stream.XMLStreamWriter;
+
+import junit.framework.Assert;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.SAMLMetadataUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLMetadataWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v2.metadata.ContactType;
+import org.picketlink.identity.federation.saml.v2.metadata.EntitiesDescriptorType;
+import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
+import org.picketlink.identity.federation.saml.v2.metadata.IDPSSODescriptorType;
+import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
+import org.picketlink.identity.federation.saml.v2.metadata.OrganizationType;
+
+/**
+ * Unit test the SAML metadata parsing
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 31, 2011
+ */
+public class SAMLMetadataParsingUnitTestCase
+{
+ @Test
+ public void testEntitiesDescriptor() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream("saml2/metadata/seam-entities.xml");
+ assertNotNull("Inputstream not null", is);
+
+ SAMLParser parser = new SAMLParser();
+ EntitiesDescriptorType entities = (EntitiesDescriptorType) parser.parse(is);
+ Assert.assertNotNull(entities);
+ Assert.assertEquals(2, entities.getEntityDescriptor().size());
+ EntityDescriptorType entity = (EntityDescriptorType) entities.getEntityDescriptor().get(0);
+ IDPSSODescriptorType idp = entity.getChoiceType().get(0).getDescriptors().get(0).getIdpDescriptor();
+ KeyDescriptorType keyDescriptor = idp.getKeyDescriptor().get(0);
+ X509Certificate cert = SAMLMetadataUtil.getCertificate(keyDescriptor);
+ Assert.assertNotNull(cert);
+ Assert.assertEquals("CN=test, OU=OpenSSO, O=Sun, L=Santa Clara, ST=California, C=US", cert.getIssuerDN()
+ .getName());
+ }
+
+ @Test
+ public void parseOrganizationAndContactPerson() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream("saml2/metadata/sp-entitydescOrgContact.xml");
+ assertNotNull("Inputstream not null", is);
+
+ SAMLParser parser = new SAMLParser();
+ EntityDescriptorType entity = (EntityDescriptorType) parser.parse(is);
+ assertNotNull(entity);
+ OrganizationType org = entity.getOrganization();
+ assertNotNull(org);
+
+ List<ContactType> contactPersons = entity.getContactPerson();
+ assertNotNull(contactPersons);
+ assertTrue(contactPersons.size() == 1);
+
+ assertEquals("technical", contactPersons.get(0).getContactType().value());
+ assertEquals("SAML SP Support", contactPersons.get(0).getSurName());
+ assertEquals("mailto:saml-support at sp.example.com", contactPersons.get(0).getEmailAddress().get(0));
+ }
+
+ /**
+ * PLFED-39
+ * @throws Exception
+ */
+ @Test
+ public void testShibbolethMetadataExtensions() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream("saml2/metadata/testshib.org.idp-metadata.xml");
+ assertNotNull("Inputstream not null", is);
+ SAMLParser parser = new SAMLParser();
+
+ EntitiesDescriptorType entities = (EntitiesDescriptorType) parser.parse(is);
+ assertNotNull(entities);
+
+ //Another md
+ is = tcl.getResourceAsStream("saml2/metadata/shib.idp-metadata.xml");
+ assertNotNull("Inputstream not null", is);
+
+ EntityDescriptorType entity = (EntityDescriptorType) parser.parse(is);
+ assertNotNull(entity);
+ }
+
+ @Test
+ public void testShibbolethMetadata() throws Exception
+ {
+ boolean runTest = false;
+ System.out.println("Test is disabled because of heap space issues in test env");
+ if (runTest)
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream("saml2/metadata/testshib-two-metadata.xml");
+ assertNotNull("Inputstream not null", is);
+ SAMLParser parser = new SAMLParser();
+
+ EntitiesDescriptorType entities = (EntitiesDescriptorType) parser.parse(is);
+ assertNotNull(entities);
+ assertEquals("urn:mace:shibboleth:testshib:two", entities.getName());
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ XMLStreamWriter writer = StaxUtil.getXMLStreamWriter(baos);
+
+ //write it back
+ SAMLMetadataWriter mdWriter = new SAMLMetadataWriter(writer);
+ mdWriter.writeEntitiesDescriptor(entities);
+
+ }
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataWriterUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataWriterUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataWriterUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,124 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.saml.v2.metadata;
+
+import static org.junit.Assert.assertNotNull;
+
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
+
+import javax.xml.stream.XMLStreamWriter;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.md.providers.MetaDataBuilderDelegate;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLMetadataWriter;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.saml.v2.metadata.EndpointType;
+import org.picketlink.identity.federation.saml.v2.metadata.EntityDescriptorType;
+import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
+import org.picketlink.identity.federation.saml.v2.metadata.OrganizationType;
+import org.picketlink.identity.federation.saml.v2.metadata.SPSSODescriptorType;
+
+/**
+ * Unit test the {@code SAMLMetadataWriter}
+ * @author Anil.Saldhana at redhat.com
+ * @since Feb 11, 2011
+ */
+public class SAMLMetadataWriterUnitTestCase
+{
+ @Test
+ public void testWriteSPSSODescriptor() throws Exception
+ {
+ String fileName = "saml2/metadata/sp-entitydescriptor.xml";
+ InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(fileName);
+ assertNotNull(is);
+
+ SAMLParser parser = new SAMLParser();
+ EntityDescriptorType entityDesc = (EntityDescriptorType) parser.parse(is);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ XMLStreamWriter writer = StaxUtil.getXMLStreamWriter(baos);
+
+ //write it back
+ SAMLMetadataWriter mdWriter = new SAMLMetadataWriter(writer);
+ mdWriter.writeEntityDescriptor(entityDesc);
+
+ }
+
+ @Test
+ public void testWriteEntityDescWithContactPerson() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream("saml2/metadata/sp-entitydescOrgContact.xml");
+ assertNotNull("Inputstream not null", is);
+
+ SAMLParser parser = new SAMLParser();
+ EntityDescriptorType entity = (EntityDescriptorType) parser.parse(is);
+ assertNotNull(entity);
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ XMLStreamWriter writer = StaxUtil.getXMLStreamWriter(baos);
+
+ //write it back
+ SAMLMetadataWriter mdWriter = new SAMLMetadataWriter(writer);
+ mdWriter.writeEntityDescriptor(entity);
+
+ }
+
+ /**
+ * PLFED-142
+ * @throws Exception
+ */
+ @Test
+ public void testDynamicMetadataCreation() throws Exception
+ {
+ OrganizationType org = new OrganizationType();
+ AttributeType attributeType = new AttributeType("hello");
+ List<AttributeType> attributes = new ArrayList<AttributeType>();
+ attributes.add(attributeType);
+
+ URI test = URI.create("http://test");
+ EndpointType sloEndPoint = new EndpointType(test, test);
+ KeyDescriptorType keyDescriptorType = new KeyDescriptorType();
+ String str = "<a/>";
+ keyDescriptorType.setKeyInfo(DocumentUtil.getDocument(str).getDocumentElement());
+
+ SPSSODescriptorType spSSO = MetaDataBuilderDelegate.createSPSSODescriptor(false, keyDescriptorType, sloEndPoint,
+ attributes, org);
+ EntityDescriptorType entity = MetaDataBuilderDelegate.createEntityDescriptor(spSSO);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ XMLStreamWriter writer = StaxUtil.getXMLStreamWriter(baos);
+
+ //write it back
+ SAMLMetadataWriter mdWriter = new SAMLMetadataWriter(writer);
+ mdWriter.writeEntityDescriptor(entity);
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,110 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.saml.v2.util;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.InputStream;
+import java.util.List;
+
+import javax.xml.datatype.XMLGregorianCalendar;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
+import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType;
+
+/**
+ * Unit test the AssertionUtil
+ * @author Anil.Saldhana at redhat.com
+ * @since Jun 3, 2009
+ */
+public class AssertionUtilUnitTestCase
+{
+ @Test
+ public void testValidAssertion() throws Exception
+ {
+ NameIDType nameIdType = new NameIDType();
+ nameIdType.setValue("somename");
+
+ AssertionType assertion = new AssertionType("SomeID", XMLTimeUtil.getIssueInstant());
+ assertion.setIssuer(nameIdType);
+
+ //Assertions with no conditions are everlasting
+ assertTrue(AssertionUtil.hasExpired(assertion) == false);
+
+ XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
+
+ XMLGregorianCalendar sometimeLater = XMLTimeUtil.add(now, 5555);
+
+ ConditionsType conditions = new ConditionsType();
+ conditions.setNotBefore(now);
+ conditions.setNotOnOrAfter(sometimeLater);
+ assertion.setConditions(conditions);
+ assertTrue(AssertionUtil.hasExpired(assertion) == false);
+ }
+
+ @Test
+ public void testExpiredAssertion() throws Exception
+ {
+ NameIDType nameIdType = new NameIDType();
+ nameIdType.setValue("somename");
+
+ AssertionType assertion = new AssertionType("SomeID", XMLTimeUtil.getIssueInstant());
+ assertion.setIssuer(nameIdType);
+
+ XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
+
+ XMLGregorianCalendar sometimeAgo = XMLTimeUtil.subtract(now, 55555);
+
+ ConditionsType conditions = new ConditionsType();
+ conditions.setNotBefore(XMLTimeUtil.subtract(now, 55575));
+ conditions.setNotOnOrAfter(sometimeAgo);
+ assertion.setConditions(conditions);
+ assertTrue(AssertionUtil.hasExpired(assertion));
+ }
+
+ @Test
+ public void testRoleExtraction() throws Exception
+ {
+ String file = "parser/saml2/saml2-response-assertion-subject.xml";
+ InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(file);
+ assertNotNull(is);
+ SAMLParser parser = new SAMLParser();
+ ResponseType response = (ResponseType) parser.parse(is);
+ List<RTChoiceType> assertionList = response.getAssertions();
+ assertEquals(1, assertionList.size());
+ RTChoiceType rtc = assertionList.get(0);
+ AssertionType assertion = rtc.getAssertion();
+ List<String> roles = AssertionUtil.getRoles(assertion, null);
+ assertEquals(2, roles.size());
+ assertTrue(roles.contains("manager"));
+ assertTrue(roles.contains("employee"));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/stax/DomElementToStaxWritingTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/stax/DomElementToStaxWritingTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/stax/DomElementToStaxWritingTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,55 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.stax;
+
+import java.io.ByteArrayOutputStream;
+
+import javax.xml.stream.XMLStreamWriter;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.w3c.dom.Document;
+
+/**
+ * Test how we write a DOM Element to Stax writer
+ * @author Anil.Saldhana at redhat.com
+ * @since Nov 8, 2010
+ */
+public class DomElementToStaxWritingTestCase
+{
+ @Test
+ public void testDOM2Stax() throws Exception
+ {
+ String xml = "<a xmlns=\'urn:hello\' > <b> <c/> <d xmlns=\'urn:t\' test=\'tt\'/> </b></a>";
+
+ Document doc = DocumentUtil.getDocument(xml);
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+
+ XMLStreamWriter writer = StaxUtil.getXMLStreamWriter(baos);
+ StaxUtil.writeDOMElement(writer, doc.getDocumentElement());
+
+ String writtenDoc = new String(baos.toByteArray());
+ doc = DocumentUtil.getDocument(writtenDoc);
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/util/KeystoreUtilUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/util/KeystoreUtilUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/util/KeystoreUtilUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,93 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.util;
+
+import java.io.InputStream;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.Enumeration;
+
+import junit.framework.TestCase;
+
+import org.picketlink.identity.federation.core.saml.v2.util.SignatureUtil;
+import org.picketlink.identity.federation.core.util.KeyStoreUtil;
+
+/**
+ * Test the KeyStore Util
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 15, 2009
+ */
+public class KeystoreUtilUnitTestCase extends TestCase
+{
+
+ /**
+ * Keystore (created 15Jan2009 and valid for 200K days)
+ * The Keystore has been created with the command (all in one line)
+keytool -genkey -alias servercert
+ -keyalg RSA
+ -keysize 1024
+ -dname "CN=jbossidentity.jboss.org,OU=RD,O=JBOSS,L=Chicago,S=Illinois,C=US"
+ -keypass test123
+ -keystore jbid_test_keystore.jks
+ -storepass store123
+ -validity 200000
+ */
+ private String keystoreLocation = "keystore/jbid_test_keystore.jks";
+ private String keystorePass = "store123";
+ private String alias = "servercert";
+ private String keyPass = "test123";
+
+
+ /**
+ Generated a selfsigned cert
+ keytool -selfcert
+ -alias servercert
+ -keypass test123
+ -keystore jbid_test_keystore.jks
+ -dname "cn=jbid test, ou=JBoss, o=JBoss, c=US"
+ -storepass store123
+ */
+ public void testSignatureValidationInvalidation() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream ksStream = tcl.getResourceAsStream(keystoreLocation);
+ assertNotNull("Input keystore stream is not null", ksStream);
+
+ KeyStore ks = KeyStoreUtil.getKeyStore(ksStream, keystorePass.toCharArray());
+ assertNotNull("KeyStore is not null",ks);
+
+ //Check that there are aliases in the keystore
+ Enumeration<String> aliases = ks.aliases();
+ assertTrue("Aliases are not empty", aliases.hasMoreElements());
+
+ PublicKey publicKey = KeyStoreUtil.getPublicKey(ks, alias, keyPass.toCharArray());
+ assertNotNull("Public Key is not null", publicKey);
+
+ PrivateKey privateKey = (PrivateKey) ks.getKey(alias, keyPass.toCharArray());
+
+ String content = "Hello";
+ byte[] sigValue = SignatureUtil.sign(content, privateKey);
+ boolean isValid = SignatureUtil.validate(content.getBytes("UTF-8"), sigValue, publicKey);
+ assertTrue("Valid sig?", isValid);
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/util/SAMLXACMLUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,85 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.util;
+
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.InputStream;
+
+import org.jboss.security.xacml.core.model.context.RequestType;
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.picketlink.identity.federation.saml.v2.protocol.XACMLAuthzDecisionQueryType;
+
+/**
+ * Read a SAML-XACML request
+ *
+ * @see {@code SAMLResponseParserTestCase#testXACMLDecisionStatements()}
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 8, 2009
+ */
+public class SAMLXACMLUnitTestCase
+{
+ /**
+ * Usage of samlp with xsi-type
+ */
+ @Test
+ public void testSAML_XACML_Read() throws Exception
+ {
+ String resourceName = "saml-xacml/saml-xacml-request.xml";
+
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream(resourceName);
+
+ SAMLParser parser = new SAMLParser();
+ RequestAbstractType req = (RequestAbstractType) parser.parse( is );
+ assertNotNull(req);
+ assertTrue( req instanceof XACMLAuthzDecisionQueryType );
+
+ XACMLAuthzDecisionQueryType xadqt = (XACMLAuthzDecisionQueryType) req;
+ RequestType requestType = xadqt.getRequest();
+ assertNotNull(requestType);
+ }
+
+ /**
+ * Usage of xacml-samlp
+ */
+ @Test
+ public void testSAML_XACML_Read_2() throws Exception
+ {
+ String resourceName = "saml-xacml/saml-xacml-request-2.xml";
+
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream is = tcl.getResourceAsStream(resourceName);
+
+ SAMLParser parser = new SAMLParser();
+ RequestAbstractType req = (RequestAbstractType) parser.parse( is );
+ assertNotNull(req);
+ assertTrue( req instanceof XACMLAuthzDecisionQueryType );
+
+ XACMLAuthzDecisionQueryType xadqt = (XACMLAuthzDecisionQueryType) req;
+ RequestType requestType = xadqt.getRequest();
+ assertNotNull(requestType);
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/util/XMLTimeUtilUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/util/XMLTimeUtilUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/util/XMLTimeUtilUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,83 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.util;
+
+import java.util.Calendar;
+import java.util.GregorianCalendar;
+
+import javax.xml.datatype.DatatypeConstants;
+import javax.xml.datatype.DatatypeFactory;
+import javax.xml.datatype.XMLGregorianCalendar;
+
+import junit.framework.TestCase;
+
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+
+/**
+ * Unit Test the XML Time Util
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 6, 2009
+ */
+public class XMLTimeUtilUnitTestCase extends TestCase
+{
+ public void testCompareViaParsing() throws Exception
+ {
+ DatatypeFactory dt = DatatypeFactory.newInstance();
+ XMLGregorianCalendar now = dt.newXMLGregorianCalendar("2009-06-03T17:42:09.322-04:00");
+ XMLGregorianCalendar notBefore = dt.newXMLGregorianCalendar("2009-06-03T17:42:05.901-04:00");
+ XMLGregorianCalendar notOnOrAfter = dt.newXMLGregorianCalendar("2009-06-03T17:47:05.901-04:00");
+ assertTrue(XMLTimeUtil.isValid(now, notBefore, notOnOrAfter));
+ }
+
+ public void testAdd() throws Exception
+ {
+ XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
+ long min5 = XMLTimeUtil.inMilis(5);
+
+ XMLGregorianCalendar after5M = XMLTimeUtil.add(now, min5);
+ assertTrue(now.compare(after5M) == DatatypeConstants.LESSER);
+
+ GregorianCalendar nowG = now.toGregorianCalendar();
+ GregorianCalendar now5M = after5M.toGregorianCalendar();
+
+ //Add 5 minutes
+ nowG.roll(Calendar.MINUTE, 5);
+
+ int val = nowG.compareTo(now5M);
+
+ assertTrue("Compared value is 0", val <= 0);
+ }
+
+ public void testIsValid() throws Exception
+ {
+ XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
+
+ long milisFor5Mins = XMLTimeUtil.inMilis(5);
+
+ XMLGregorianCalendar after5M = XMLTimeUtil.add(now, milisFor5Mins);
+ XMLGregorianCalendar after10M = XMLTimeUtil.add(now, milisFor5Mins * 2);
+
+ //isValid(now, notbefore, notOnOrAfter)
+ assertTrue(XMLTimeUtil.isValid(after5M, now, after10M));
+ assertFalse(XMLTimeUtil.isValid(now, after5M, after10M));
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSConfigUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSConfigUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSConfigUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,75 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.wstrust;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.security.cert.Certificate;
+
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.wstrust.STSConfiguration;
+import org.picketlink.test.identity.federation.core.wstrust.PicketLinkSTSUnitTestCase.TestSTS;
+
+/**
+ * Unit test various aspects of the sts configuration
+ * @author Anil.Saldhana at redhat.com
+ * @since May 25, 2010
+ */
+public class PicketLinkSTSConfigUnitTestCase
+{
+ /**
+ * Test the masking of passwords
+ * @throws Exception
+ */
+ @Test
+ public void testMaskedPassword() throws Exception
+ {
+ PicketLinkSTSUnitTestCase plstsTest = new PicketLinkSTSUnitTestCase();
+ TestSTS sts = plstsTest.new TestSTS("sts/picketlink-sts-maskedpasswd.xml");
+
+ STSConfiguration stsConfiguration = sts.getConfiguration();
+ Certificate cert = stsConfiguration.getCertificate( "service1" );
+ assertNotNull( "cert is not null", cert );
+
+ cert = stsConfiguration.getCertificate( "service2" );
+ assertNotNull( "cert is not null", cert );
+ }
+
+ /**
+ * Test the introduction of the CanonicalizationMethod attribute
+ * on the STSType
+ * @throws Exception
+ */
+ @Test
+ public void testXMLDSigCanonicalization() throws Exception
+ {
+ PicketLinkSTSUnitTestCase plstsTest = new PicketLinkSTSUnitTestCase();
+ TestSTS sts = plstsTest.new TestSTS("sts/picketlink-sts-xmldsig-Canonicalization.xml");
+
+ STSConfiguration stsConfiguration = sts.getConfiguration();
+ assertNotNull( "STS Configuration is not null", stsConfiguration );
+ assertEquals( CanonicalizationMethod.EXCLUSIVE, stsConfiguration.getXMLDSigCanonicalizationMethod() );
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,1878 @@
+/*
+ * JBoss, Home of Professional Open Source. Copyright 2009, Red Hat Middleware LLC, and individual contributors as
+ * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual
+ * contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any
+ * later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to
+ * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site:
+ * http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.wstrust;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertFalse;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.math.BigInteger;
+import java.net.URI;
+import java.net.URL;
+import java.security.KeyFactory;
+import java.security.KeyStore;
+import java.security.Principal;
+import java.security.cert.Certificate;
+import java.security.cert.CertificateFactory;
+import java.security.interfaces.RSAPublicKey;
+import java.security.spec.RSAPublicKeySpec;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.datatype.DatatypeConstants;
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPException;
+import javax.xml.soap.SOAPMessage;
+import javax.xml.transform.Source;
+import javax.xml.transform.dom.DOMResult;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.ws.EndpointReference;
+import javax.xml.ws.WebServiceContext;
+import javax.xml.ws.WebServiceException;
+import javax.xml.ws.handler.MessageContext;
+
+import org.junit.Before;
+import org.junit.Test;
+import org.picketlink.identity.federation.core.config.STSType;
+import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.exceptions.ParsingException;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import org.picketlink.identity.federation.core.parsers.sts.STSConfigParser;
+import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser;
+import org.picketlink.identity.federation.core.saml.v1.SAML11Constants;
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.Base64;
+import org.picketlink.identity.federation.core.util.SOAPUtil;
+import org.picketlink.identity.federation.core.wstrust.PicketLinkSTS;
+import org.picketlink.identity.federation.core.wstrust.PicketLinkSTSConfiguration;
+import org.picketlink.identity.federation.core.wstrust.STSConfiguration;
+import org.picketlink.identity.federation.core.wstrust.StandardRequestHandler;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.WSTrustException;
+import org.picketlink.identity.federation.core.wstrust.WSTrustRequestHandler;
+import org.picketlink.identity.federation.core.wstrust.WSTrustUtil;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML11TokenProvider;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.picketlink.identity.federation.core.wstrust.wrappers.BaseRequestSecurityTokenResponse;
+import org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
+import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthenticationStatementType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11NameIdentifierType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11StatementAbstractType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectConfirmationType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType;
+import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.saml.v2.assertion.AudienceRestrictionType;
+import org.picketlink.identity.federation.saml.v2.assertion.ConditionAbstractType;
+import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
+import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.ws.trust.BinarySecretType;
+import org.picketlink.identity.federation.ws.trust.CancelTargetType;
+import org.picketlink.identity.federation.ws.trust.ComputedKeyType;
+import org.picketlink.identity.federation.ws.trust.EntropyType;
+import org.picketlink.identity.federation.ws.trust.OnBehalfOfType;
+import org.picketlink.identity.federation.ws.trust.RenewTargetType;
+import org.picketlink.identity.federation.ws.trust.RequestedProofTokenType;
+import org.picketlink.identity.federation.ws.trust.RequestedReferenceType;
+import org.picketlink.identity.federation.ws.trust.RequestedSecurityTokenType;
+import org.picketlink.identity.federation.ws.trust.StatusType;
+import org.picketlink.identity.federation.ws.trust.UseKeyType;
+import org.picketlink.identity.federation.ws.trust.ValidateTargetType;
+import org.picketlink.identity.federation.ws.wss.secext.KeyIdentifierType;
+import org.picketlink.identity.federation.ws.wss.secext.SecurityTokenReferenceType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.KeyValueType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.RSAKeyValueType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * <p>
+ * This {@code TestCase} tests the behavior of the {@code PicketLinkSTS} service.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class PicketLinkSTSUnitTestCase
+{
+
+ private TestSTS tokenService;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see junit.framework.TestCase#setUp()
+ */
+ @Before
+ public void setUp() throws Exception
+ {
+ // for testing purposes we can instantiate the TestSTS as a regular POJO.
+ this.tokenService = new TestSTS();
+ TestContext context = new TestContext();
+ context.setUserPrincipal(new TestPrincipal("jduke"));
+ this.tokenService.setContext(context);
+ }
+
+ /**
+ * <p>
+ * This test verifies that the STS service can read and load all configuration parameters correctly. The
+ * configuration file (picketlink-sts.xml) looks like the following:
+ *
+ * <pre>
+ * <PicketLinkSTS xmlns="urn:picketlink:identity-federation:config:1.0"
+ * STSName="Test STS" TokenTimeout="7200" EncryptToken="true">
+ * <KeyProvider ClassName="org.jboss.identity.federation.bindings.tomcat.KeyStoreKeyManager">
+ * <Auth Key="KeyStoreURL" Value="keystore/sts_keystore.jks"/>
+ * <Auth Key="KeyStorePass" Value="testpass"/>
+ * <Auth Key="SigningKeyAlias" Value="sts"/>
+ * <Auth Key="SigningKeyPass" Value="keypass"/>
+ * <ValidatingAlias Key="http://services.testcorp.org/provider1" Value="service1"/>
+ * <ValidatingAlias Key="http://services.testcorp.org/provider2" Value="service2"/>
+ * </KeyProvider>
+ * <RequestHandler>org.jboss.identity.federation.core.wstrust.StandardRequestHandler</RequestHandler>
+ * <TokenProviders>
+ * <TokenProvider ProviderClass="org.jboss.test.identity.federation.bindings.trust.SpecialTokenProvider"
+ * TokenType="http://www.tokens.org/SpecialToken"
+ * TokenElement="SpecialToken"
+ * TokenElementNS="http://www.tokens.org">
+ * <Property Key="Property1" Value="Value1"/>
+ * <Property Key="Property2" Value="Value2"/>
+ * </TokenProvider>
+ * <TokenProvider ProviderClass="org.jboss.identity.federation.core.wstrust.SAML11TokenProvider"
+ * TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"
+ * TokenElement="Assertion"
+ * TokenElementNS="urn:oasis:names:tc:SAML:1.0:assertion"/>
+ * <TokenProvider ProviderClass="org.jboss.identity.federation.core.wstrust.SAML20TokenProvider"
+ * TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
+ * TokenElement="Assertion"
+ * TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/>/>
+ * </TokenProviders>
+ * <ServiceProviders>
+ * <ServiceProvider Endpoint="http://services.testcorp.org/provider1" TokenType="http://www.tokens.org/SpecialToken"
+ * TruststoreAlias="service1"/>
+ * <ServiceProvider Endpoint="http://services.testcorp.org/provider2" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"
+ * TruststoreAlias="service2"/>
+ * </ServiceProviders>
+ * </PicketLinkSTS> *
+ * </pre>
+ *
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testSTSConfiguration() throws Exception
+ {
+ // make the STS read the configuration file.
+ STSConfiguration config = this.tokenService.getConfiguration();
+
+ // check the values that have been configured.
+ assertEquals("Unexpected service name", "Test STS", config.getSTSName());
+ assertEquals("Unexpected token timeout value", 7200 * 1000, config.getIssuedTokenTimeout());
+ assertFalse("Encrypt token should be true", config.encryptIssuedToken());
+ WSTrustRequestHandler handler = config.getRequestHandler();
+ assertNotNull("Unexpected null request handler found", handler);
+ assertTrue("Unexpected request handler type", handler instanceof StandardRequestHandler);
+
+ // check the token type -> token provider mapping.
+ SecurityTokenProvider provider = config.getProviderForTokenType("http://www.tokens.org/SpecialToken");
+ assertNotNull("Unexpected null token provider", provider);
+ assertTrue("Unexpected token provider type", provider instanceof SpecialTokenProvider);
+ Map<String, String> properties = ((SpecialTokenProvider) provider).getProperties();
+ assertNotNull("Unexpected null properties map", properties);
+ assertEquals("Unexpected number of properties", 2, properties.size());
+ assertEquals("Invalid property found", "Value1", properties.get("Property1"));
+ assertEquals("Invalid property found", "Value2", properties.get("Property2"));
+ provider = config.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE);
+ assertNotNull("Unexpected null token provider", provider);
+ assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider);
+ provider = config.getProviderForTokenType(SAMLUtil.SAML11_TOKEN_TYPE);
+ assertNotNull("Unexpected null token provider", provider);
+ assertTrue("Unexpected token provider type", provider instanceof SAML11TokenProvider);
+ assertNull(config.getProviderForTokenType("unexistentType"));
+
+ // check the service provider -> token provider mapping.
+ provider = config.getProviderForService("http://services.testcorp.org/provider1");
+ assertNotNull("Unexpected null token provider", provider);
+ assertTrue("Unexpected token provider type", provider instanceof SpecialTokenProvider);
+ provider = config.getProviderForService("http://services.testcorp.org/provider2");
+ assertNotNull("Unexpected null token provider", provider);
+ assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider);
+ assertNull(config.getProviderForService("http://invalid.service/service"));
+
+ String family = SecurityTokenProvider.FAMILY_TYPE.WS_TRUST.toString();
+
+ // check the token element and namespace -> token provider mapping.
+ provider = config.getProviderForTokenElementNS(family, new QName("http://www.tokens.org", "SpecialToken"));
+ assertNotNull("Unexpected null token provider", provider);
+ assertTrue("Unexpected token provider type", provider instanceof SpecialTokenProvider);
+ provider = config.getProviderForTokenElementNS(family, new QName(JBossSAMLURIConstants.ASSERTION_NSURI.get(),
+ JBossSAMLConstants.ASSERTION.get()));
+ assertNotNull("Unexpected null token provider", provider);
+ assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider);
+ provider = config.getProviderForTokenElementNS(family, new QName(SAML11Constants.ASSERTION_11_NSURI,
+ JBossSAMLConstants.ASSERTION.get()));
+ assertNotNull("Unexpected null token provider", provider);
+ assertTrue("Unexpected token provider type", provider instanceof SAML11TokenProvider);
+ assertNull(config.getProviderForTokenElementNS(family, new QName("InvalidNamespace", "SpecialToken")));
+
+ // check the service provider -> token type mapping.
+ assertEquals("Invalid token type for service provider 1", "http://www.tokens.org/SpecialToken", config
+ .getTokenTypeForService("http://services.testcorp.org/provider1"));
+ assertEquals("Invalid token type for service provider 2", SAMLUtil.SAML2_TOKEN_TYPE, config
+ .getTokenTypeForService("http://services.testcorp.org/provider2"));
+ assertNull(config.getTokenTypeForService("http://invalid.service/service"));
+
+ // check the keystore configuration.
+ assertNotNull("Invalid null STS key pair", config.getSTSKeyPair());
+ assertNotNull("Invalid null STS public key", config.getSTSKeyPair().getPublic());
+ assertNotNull("Invalid null STS private key", config.getSTSKeyPair().getPrivate());
+ assertNotNull("Invalid null validating key for service provider 1", config
+ .getServiceProviderPublicKey("http://services.testcorp.org/provider1"));
+ assertNotNull("Invalid null validating key for service provider 2", config
+ .getServiceProviderPublicKey("http://services.testcorp.org/provider2"));
+ }
+
+ /**
+ * <p>
+ * This tests sends a security token request to PicketLinkSTS custom {@code SpecialTokenProvider}. The returned
+ * response is verified to make sure the expected tokens have been returned by the service. The token that is
+ * generated in this test looks as follows:
+ *
+ * <pre>
+ * <token:SpecialToken xmlns:token="http://www.tokens.org" TokenType="http://www.tokens.org/SpecialToken">
+ * Principal:sguilhen
+ * </token:SpecialToken>
+ * </pre>
+ *
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeCustom() throws Exception
+ {
+ // create a simple token request, asking for a "special" test token.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
+ "http://www.tokens.org/SpecialToken", null);
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser()
+ .parse(DocumentUtil.getSourceAsStream(responseMessage));
+ // validate the security token response.
+ this.validateCustomTokenResponse(baseResponse);
+ }
+
+ /**
+ * <p>
+ * This tests sends a SAMLV2.0 security token request to PicketLinkSTS. This request should be handled by the {@code
+ * SAML11TokenProvider} and should result in a SAMLV1.1 assertion.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeSAML11() throws Exception
+ {
+ // create a simple token request, asking for a SAMLv1.1 token.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
+ SAMLUtil.SAML11_TOKEN_TYPE, null);
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ InputStream is = DocumentUtil.getSourceAsStream(responseMessage);
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser().parse(is);
+ // validate the security token response.
+ this.validateSAML11AssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML11_BEARER_URI);
+ }
+
+ /**
+ * <p>
+ * This tests sends a SAMLV2.0 security token request to PicketLinkSTS. This request should be handled by the
+ * standard {@code SAML20TokenProvider} and should result in a SAMLV2.0 assertion that looks like the following:
+ *
+ * <pre>
+ * <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ * xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ * xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ * ID="ID-cc541137-74dc-4fc0-8bcc-7e9e3a4c899d"
+ * IssueInstant="2009-05-29T18:02:13.458Z">
+ * <saml2:Issuer>
+ * PicketLinkSTS
+ * </saml2:Issuer>
+ * <saml2:Subject>
+ * <saml2:NameID NameQualifier="http://www.jboss.org">
+ * sguilhen
+ * </saml2:NameID>
+ * <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
+ * </saml2:Subject>
+ * <saml2:Conditions NotBefore="2009-05-29T18:02:13.458Z" NotOnOrAfter="2009-05-29T19:02:13.458Z">
+ * <saml2:AudienceRestriction>
+ * <saml2:Audience>
+ * http://services.testcorp.org/provider2
+ * </saml2:Audience>
+ * </saml2:AudienceRestriction>
+ * </saml2:Conditions>
+ * <ds:Signature>
+ * ...
+ * </ds:Signature>
+ * </saml2:Assertion>
+ * </pre>
+ *
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeSAML20() throws Exception
+ {
+ // create a simple token request, asking for a SAMLv2.0 token.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
+ SAMLUtil.SAML2_TOKEN_TYPE, null);
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ InputStream is = DocumentUtil.getSourceAsStream(responseMessage);
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser().parse(is);
+ // validate the security token response.
+ this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML2_BEARER_URI);
+ }
+
+ /**
+ * <p>
+ * This test requests a token to the STS using the {@code AppliesTo} to identify the service provider. The STS must
+ * be able to find out the type of the token that must be issued using the service provider URI. In this specific
+ * case, the request should be handled by the custom {@code SpecialTokenProvider}.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeCustomAppliesTo() throws Exception
+ {
+ // create a simple token request, this time using the applies to get to the token type.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST, null,
+ "http://services.testcorp.org/provider1");
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser()
+ .parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+ // validate the security token response.
+ this.validateCustomTokenResponse(baseResponse);
+ }
+
+ /**
+ * <p>
+ * This test requests a token to the STS using the {@code AppliesTo} to identify the service provider. The STS must
+ * be able to find out the type of the token that must be issued using the service provider URI. In this specific
+ * case, the request should be handled by the standard {@code SAML20TokenProvider}.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeSAML20AppliesTo() throws Exception
+ {
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST, null,
+ "http://services.testcorp.org/provider2");
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser()
+ .parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+ // validate the security token response.
+ AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke",
+ SAMLUtil.SAML2_BEARER_URI);
+
+ // in this scenario, the conditions section should have an audience restriction.
+ ConditionsType conditions = assertion.getConditions();
+ assertEquals("Unexpected restriction list size", 1, conditions.getConditions().size());
+ ConditionAbstractType abstractType = conditions.getConditions().get(0);
+ assertTrue("Unexpected restriction type", abstractType instanceof AudienceRestrictionType);
+ AudienceRestrictionType audienceRestriction = (AudienceRestrictionType) abstractType;
+ assertEquals("Unexpected audience restriction list size", 1, audienceRestriction.getAudience().size());
+ assertEquals("Unexpected audience restriction item", "http://services.testcorp.org/provider2",
+ audienceRestriction.getAudience().get(0).toString());
+ }
+
+ /**
+ * <p>
+ * This test requests a SAMLV2.0 assertion on behalf of another identity. The STS must issue an assertion for the
+ * identity contained in the {@code OnBehalfOf} section of the WS-Trust request (and not for the identity that sent
+ * the request).
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeSAML20OnBehalfOf() throws Exception
+ {
+ // create a simple token request, asking for a SAMLv2.0 token.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
+ SAMLUtil.SAML2_TOKEN_TYPE, null);
+ OnBehalfOfType onBehalfOf = WSTrustUtil.createOnBehalfOfWithUsername("anotherduke", "id");
+ request.setOnBehalfOf(onBehalfOf);
+
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser()
+ .parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+ // validate the security token response (assertion principal should be anotherduke as specified by OnBehalfOf).
+ this.validateSAMLAssertionResponse(baseResponse, "testcontext", "anotherduke", SAMLUtil.SAML2_SENDER_VOUCHES_URI);
+ }
+
+ /**
+ * <p>
+ * This test requests a SAMLV2.0 assertion and requires a symmetric key to be used as a proof-of-possession token. As
+ * the request doesn't contain any client-specified key, the STS is responsible for generating a random key and use
+ * this key as the proof token. The WS-Trust response should contain the STS-generated key.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeSAML20WithSTSGeneratedSymmetricKey() throws Exception
+ {
+ // create a simple token request, asking for a SAMLv2.0 token.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST, null,
+ "http://services.testcorp.org/provider2");
+
+ // add a symmetric key type to the request, but don't supply any client key - STS should generate one.
+ request.setKeyType(URI.create(WSTrustConstants.KEY_TYPE_SYMMETRIC));
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser()
+ .parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+ // validate the security token response.
+ AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke",
+ SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
+ // validate the holder of key contents.
+ SubjectConfirmationType subjConfirmation = assertion.getSubject().getConfirmation().get(0);
+ this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false);
+
+ // check if the response contains the STS-generated key.
+ RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
+ RequestedProofTokenType proofToken = response.getRequestedProofToken();
+ assertNotNull("Unexpected null proof token", proofToken);
+ assertTrue(proofToken.getAny().get(0) instanceof BinarySecretType);
+ BinarySecretType serverBinarySecret = (BinarySecretType) proofToken.getAny().get(0);
+ assertNotNull("Unexpected null secret", serverBinarySecret.getValue());
+ // default key size is 128 bits (16 bytes).
+ byte[] encodedSecret = serverBinarySecret.getValue();
+ assertEquals("Unexpected secret size", 16, Base64.decode(encodedSecret, 0, encodedSecret.length).length);
+ }
+
+ /**
+ * <p>
+ * This test requests a SAMLV2.0 assertion and requires a symmetric key to be used as a proof-of-possession token. In
+ * this case, the client supplies a secret key in the WS-Trust request, so the STS should combine the client-
+ * specified key with the STS-generated key and use this combined key as the proof token. The WS-Trust response
+ * should include the STS key to allow reconstruction of the combined key and the algorithm used to combine the keys.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeSAML20WithCombinedSymmetricKey() throws Exception
+ {
+ // create a 64-bit random client secret.
+ byte[] clientSecret = WSTrustUtil.createRandomSecret(8);
+ BinarySecretType clientBinarySecret = new BinarySecretType();
+ clientBinarySecret.setType(WSTrustConstants.BS_TYPE_NONCE);
+ clientBinarySecret.setValue(Base64.encodeBytes(clientSecret).getBytes());
+
+ // set the client secret in the client entropy.
+ EntropyType clientEntropy = new EntropyType();
+ clientEntropy.addAny(clientBinarySecret);
+
+ // create a token request specifying the key type, key size, and client entropy.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST, null,
+ "http://services.testcorp.org/provider2");
+ request.setKeyType(URI.create(WSTrustConstants.KEY_TYPE_SYMMETRIC));
+ request.setEntropy(clientEntropy);
+ request.setKeySize(64);
+
+ // invoke the token service.
+ Source requestMessage = this.createSourceFromRequest(request);
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser()
+ .parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+ // validate the security token response.
+ AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke",
+ SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
+ // validate the holder of key contents.
+ SubjectConfirmationType subjConfirmation = assertion.getSubject().getConfirmation().get(0);
+ this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false);
+
+ RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
+ RequestedProofTokenType proofToken = response.getRequestedProofToken();
+ assertNotNull("Unexpected null proof token", proofToken);
+ assertTrue(proofToken.getAny().get(0) instanceof ComputedKeyType);
+ ComputedKeyType computedKey = (ComputedKeyType) proofToken.getAny().get(0);
+ assertEquals("Unexpected computed key algorithm", WSTrustConstants.CK_PSHA1, computedKey.getAlgorithm());
+
+ // server entropy must have been included in the response to allow reconstruction of the computed key.
+ EntropyType serverEntropy = response.getEntropy();
+ assertNotNull("Unexpected null server entropy");
+ assertEquals("Invalid number of elements in server entropy", 1, serverEntropy.getAny().size());
+ BinarySecretType serverBinarySecret = (BinarySecretType) serverEntropy.getAny().get(0);
+ assertEquals("Unexpected binary secret type", WSTrustConstants.BS_TYPE_NONCE, serverBinarySecret.getType());
+ assertNotNull("Unexpected null secret value", serverBinarySecret.getValue());
+ // get the base64 decoded
+ byte[] encodedSecret = serverBinarySecret.getValue();
+ assertEquals("Unexpected secret size", 8, Base64.decode(encodedSecret, 0, encodedSecret.length).length);
+ }
+
+ /**
+ * <p>
+ * This test requests a SAMLV2.0 assertion and sends a X.509 certificate to be used as the proof-of-possession token.
+ * The STS must include the specified certificate in the SAML subject confirmation.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeSAML20WithCertificate() throws Exception
+ {
+ // create a simple token request.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST, null,
+ "http://services.testcorp.org/provider2");
+ request.setKeyType(URI.create(WSTrustConstants.KEY_TYPE_PUBLIC));
+
+ // include a UseKey section that specifies the certificate in the request.
+ Certificate certificate = this.getCertificate("keystore/sts_keystore.jks", "testpass", "service1");
+ UseKeyType useKey = new UseKeyType();
+ useKey.add(Base64.encodeBytes(certificate.getEncoded()).getBytes());
+ request.setUseKey(useKey);
+
+ // invoke the token service.
+ Source requestMessage = this.createSourceFromRequest(request);
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser()
+ .parse(DocumentUtil.getSourceAsStream(responseMessage));
+ // validate the security token response.
+ AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke",
+ SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
+ // validate the holder of key contents.
+ SubjectConfirmationType subjConfirmation = assertion.getSubject().getConfirmation().get(0);
+ this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_PUBLIC, certificate, false);
+ }
+
+ /**
+ * <p>
+ * This test requests a SAMLV2.0 assertion and sends a public key to be used as the proof-of-possession token. The
+ * STS must include the specified public key in the SAML subject confirmation.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeSAML20WithPublicKey() throws Exception
+ {
+ // create a simple token request.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST, null,
+ "http://services.testcorp.org/provider2");
+ request.setKeyType(URI.create(WSTrustConstants.KEY_TYPE_PUBLIC));
+
+ // include a UseKey section that sets the public key in the request.
+ Certificate certificate = this.getCertificate("keystore/sts_keystore.jks", "testpass", "service1");
+ KeyValueType keyValue = WSTrustUtil.createKeyValue(certificate.getPublicKey());
+ UseKeyType useKey = new UseKeyType();
+ useKey.add(keyValue);
+ request.setUseKey(useKey);
+
+ // invoke the token service.
+ Source requestMessage = this.createSourceFromRequest(request);
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) new WSTrustParser()
+ .parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+ // validate the security token response.
+ AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke",
+ SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
+ // validate the holder of key contents.
+ SubjectConfirmationType subjConfirmation = assertion.getSubject().getConfirmation().get(0);
+ this.validateHolderOfKeyContents(subjConfirmation, WSTrustConstants.KEY_TYPE_PUBLIC, certificate, true);
+ }
+
+ /**
+ * <p>
+ * This test case first generates a SAMLV1.1 assertion and then sends a WS-Trust validate message to the STS to get
+ * the assertion validated, checking the validation results.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeSAML11Validate() throws Exception
+ {
+ // create a simple token request.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
+ SAMLUtil.SAML11_TOKEN_TYPE, null);
+
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ WSTrustParser parser = new WSTrustParser();
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil
+ .getSourceAsStream(responseMessage));
+
+ // validate the response and get the SAML assertion from the request.
+ this.validateSAML11AssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML11_BEARER_URI);
+ RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ Element assertion = (Element) collection.getRequestSecurityTokenResponses().get(0).getRequestedSecurityToken()
+ .getAny().get(0);
+
+ // now construct a WS-Trust validate request with the generated assertion.
+ request = this.createRequest("validatecontext", WSTrustConstants.VALIDATE_REQUEST, WSTrustConstants.STATUS_TYPE,
+ null);
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.add(assertion);
+ request.setValidateTarget(validateTarget);
+
+ // invoke the token service.
+ responseMessage = this.tokenService.invoke(this.createSourceFromRequest(request));
+ baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+ // validate the response contents.
+ assertNotNull("Unexpected null response", baseResponse);
+ assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection);
+ collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+ RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected response context", "validatecontext", response.getContext());
+ assertEquals("Unexpected token type", WSTrustConstants.STATUS_TYPE, response.getTokenType().toString());
+ StatusType status = response.getStatus();
+ assertNotNull("Unexpected null status", status);
+ assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_VALID, status.getCode());
+ assertEquals("Unexpected status reason", "SAMLV1.1 Assertion successfuly validated", status.getReason());
+
+ // now let's temper the SAML assertion and try to validate it again.
+ // assertion.getAttributeNode("Issuer").setNodeValue("ABC");
+ // request.getValidateTarget().add(assertion);
+ // Source theRequest = this.createSourceFromRequest(request);
+ // responseMessage = this.tokenService.invoke(theRequest);
+ // collection = (RequestSecurityTokenResponseCollection) parser.parse(DocumentUtil
+ // .getSourceAsStream(responseMessage));
+ // assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+ // response = collection.getRequestSecurityTokenResponses().get(0);
+ // assertEquals("Unexpected response context", "validatecontext", response.getContext());
+ // assertEquals("Unexpected token type", WSTrustConstants.STATUS_TYPE, response.getTokenType().toString());
+ // status = response.getStatus();
+ // assertNotNull("Unexpected null status", status);
+ // assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_INVALID, status.getCode());
+ // assertEquals("Unexpected status reason", "Validation failure: digital signature is invalid",
+ // status.getReason());
+ }
+
+ /**
+ * <p>
+ * This test case first generates a SAMLV2.0 assertion and then sends a WS-Trust validate message to the STS to get
+ * the assertion validated, checking the validation results.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeSAML20Validate() throws Exception
+ {
+ // create a simple token request.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
+ SAMLUtil.SAML2_TOKEN_TYPE, null);
+
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ WSTrustParser parser = new WSTrustParser();
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil
+ .getSourceAsStream(responseMessage));
+
+ // validate the response and get the SAML assertion from the request.
+ this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML2_BEARER_URI);
+ RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ Element assertion = (Element) collection.getRequestSecurityTokenResponses().get(0).getRequestedSecurityToken()
+ .getAny().get(0);
+
+ // now construct a WS-Trust validate request with the generated assertion.
+ request = this.createRequest("validatecontext", WSTrustConstants.VALIDATE_REQUEST, WSTrustConstants.STATUS_TYPE,
+ null);
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.add(assertion);
+ request.setValidateTarget(validateTarget);
+
+ // invoke the token service.
+ responseMessage = this.tokenService.invoke(this.createSourceFromRequest(request));
+ baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+ // validate the response contents.
+ assertNotNull("Unexpected null response", baseResponse);
+ assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection);
+ collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+ RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected response context", "validatecontext", response.getContext());
+ assertEquals("Unexpected token type", WSTrustConstants.STATUS_TYPE, response.getTokenType().toString());
+ StatusType status = response.getStatus();
+ assertNotNull("Unexpected null status", status);
+ assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_VALID, status.getCode());
+ assertEquals("Unexpected status reason", "SAMLV2.0 Assertion successfuly validated", status.getReason());
+
+ // now let's temper the SAML assertion and try to validate it again.
+ assertion.setAttribute("Version", "X");
+ request.getValidateTarget().add(assertion);
+ Source theRequest = this.createSourceFromRequest(request);
+ responseMessage = this.tokenService.invoke(theRequest);
+ collection = (RequestSecurityTokenResponseCollection) parser.parse(DocumentUtil
+ .getSourceAsStream(responseMessage));
+ assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+ response = collection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected response context", "validatecontext", response.getContext());
+ assertEquals("Unexpected token type", WSTrustConstants.STATUS_TYPE, response.getTokenType().toString());
+ status = response.getStatus();
+ assertNotNull("Unexpected null status", status);
+ assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_INVALID, status.getCode());
+ assertEquals("Unexpected status reason", "Validation failure: digital signature is invalid", status.getReason());
+ }
+
+ /**
+ * <p>
+ * This test case first generates a SAMLV1.1 assertion and then sends a WS-Trust renew message to the STS to get the
+ * assertion renewed (i.e. get a new assertion with an updated lifetime).
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeSAML11Renew() throws Exception
+ {
+ // create a simple token request.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
+ SAMLUtil.SAML11_TOKEN_TYPE, null);
+
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ WSTrustParser parser = new WSTrustParser();
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil
+ .getSourceAsStream(responseMessage));
+
+ // validate the response and get the SAML assertion from the request.
+ this.validateSAML11AssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML11_BEARER_URI);
+ RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ Element assertionElement = (Element) collection.getRequestSecurityTokenResponses().get(0)
+ .getRequestedSecurityToken().getAny().get(0);
+
+ // now construct a WS-Trust renew request with the generated assertion.
+ request = this.createRequest("renewcontext", WSTrustConstants.RENEW_REQUEST, SAMLUtil.SAML11_TOKEN_TYPE, null);
+ RenewTargetType renewTarget = new RenewTargetType();
+ renewTarget.add(assertionElement);
+ request.setRenewTarget(renewTarget);
+
+ // invoke the token service.
+ responseMessage = this.tokenService.invoke(this.createSourceFromRequest(request));
+ baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+ // validate the renew response contents and get the renewed token.
+ this.validateSAML11AssertionResponse(baseResponse, "renewcontext", "jduke", SAMLUtil.SAML11_BEARER_URI);
+ collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ Element renewedAssertionElement = (Element) collection.getRequestSecurityTokenResponses().get(0)
+ .getRequestedSecurityToken().getAny().get(0);
+
+ // compare the assertions, checking if the lifetime has been updated.
+ SAML11AssertionType originalAssertion = SAMLUtil.saml11FromElement(assertionElement);
+ SAML11AssertionType renewedAssertion = SAMLUtil.saml11FromElement(renewedAssertionElement);
+
+ // assertions should have different ids and lifetimes.
+ assertFalse("Renewed assertion should have a unique id", originalAssertion.getID().equals(
+ renewedAssertion.getID()));
+ assertEquals(DatatypeConstants.LESSER, originalAssertion.getConditions().getNotBefore().compare(
+ renewedAssertion.getConditions().getNotBefore()));
+ assertEquals(DatatypeConstants.LESSER, originalAssertion.getConditions().getNotOnOrAfter().compare(
+ renewedAssertion.getConditions().getNotOnOrAfter()));
+ }
+
+ /**
+ * <p>
+ * This test case first generates a SAMLV2.0 assertion and then sends a WS-Trust renew message to the STS to get the
+ * assertion renewed (i.e. get a new assertion with an updated lifetime).
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeSAML20Renew() throws Exception
+ {
+ // create a simple token request, using applies-to to identify the token type.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST, null,
+ "http://services.testcorp.org/provider2");
+
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ WSTrustParser parser = new WSTrustParser();
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil
+ .getSourceAsStream(responseMessage));
+
+ // validate the response and get the SAML assertion from the request.
+ this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML2_BEARER_URI);
+ RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ Element assertionElement = (Element) collection.getRequestSecurityTokenResponses().get(0)
+ .getRequestedSecurityToken().getAny().get(0);
+
+ // now construct a WS-Trust renew request with the generated assertion.
+ request = this.createRequest("renewcontext", WSTrustConstants.RENEW_REQUEST, SAMLUtil.SAML2_TOKEN_TYPE, null);
+ RenewTargetType renewTarget = new RenewTargetType();
+ renewTarget.add(assertionElement);
+ request.setRenewTarget(renewTarget);
+
+ // invoke the token service.
+ responseMessage = this.tokenService.invoke(this.createSourceFromRequest(request));
+ baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+ // validate the renew response contents and get the renewed token.
+ this.validateSAMLAssertionResponse(baseResponse, "renewcontext", "jduke", SAMLUtil.SAML2_BEARER_URI);
+ collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ Element renewedAssertionElement = (Element) collection.getRequestSecurityTokenResponses().get(0)
+ .getRequestedSecurityToken().getAny().get(0);
+
+ // compare the assertions, checking if the lifetime has been updated.
+ AssertionType originalAssertion = SAMLUtil.fromElement(assertionElement);
+ AssertionType renewedAssertion = SAMLUtil.fromElement(renewedAssertionElement);
+
+ // assertions should have different ids and lifetimes.
+ assertFalse("Renewed assertion should have a unique id", originalAssertion.getID().equals(
+ renewedAssertion.getID()));
+ assertEquals(DatatypeConstants.LESSER, originalAssertion.getConditions().getNotBefore().compare(
+ renewedAssertion.getConditions().getNotBefore()));
+ assertEquals(DatatypeConstants.LESSER, originalAssertion.getConditions().getNotOnOrAfter().compare(
+ renewedAssertion.getConditions().getNotOnOrAfter()));
+ }
+
+ /**
+ * <p>
+ * This test case first generates a SAMLV1.1 assertion and then sends a WS-Trust cancel message to the STS to cancel
+ * the assertion. A canceled assertion cannot be renewed or considered valid anymore.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeSAML11Cancel() throws Exception
+ {
+ // create a simple token request.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
+ SAMLUtil.SAML11_TOKEN_TYPE, null);
+
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ WSTrustParser parser = new WSTrustParser();
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil
+ .getSourceAsStream(responseMessage));
+
+ // validate the response and get the SAML assertion from the request.
+ this.validateSAML11AssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML11_BEARER_URI);
+ RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ Element assertion = (Element) collection.getRequestSecurityTokenResponses().get(0).getRequestedSecurityToken()
+ .getAny().get(0);
+
+ // now construct a WS-Trust cancel request with the generated assertion.
+ request = this.createRequest("cancelcontext", WSTrustConstants.CANCEL_REQUEST, null, null);
+ CancelTargetType cancelTarget = new CancelTargetType();
+ cancelTarget.add(assertion);
+ request.setCancelTarget(cancelTarget);
+
+ // invoke the token service.
+ responseMessage = this.tokenService.invoke(this.createSourceFromRequest(request));
+ baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+ // validate the response contents.
+ assertNotNull("Unexpected null response", baseResponse);
+ assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection);
+ collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+ RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected response context", "cancelcontext", response.getContext());
+ assertNotNull("Cancel response should contain a RequestedTokenCancelled element", response
+ .getRequestedTokenCancelled());
+
+ // try to validate the canceled assertion.
+ request = this.createRequest("validatecontext", WSTrustConstants.VALIDATE_REQUEST, null, null);
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.add(assertion);
+ request.setValidateTarget(validateTarget);
+
+ // the response should contain a status indicating that the token is not valid.
+ responseMessage = this.tokenService.invoke(this.createSourceFromRequest(request));
+ collection = (RequestSecurityTokenResponseCollection) parser.parse(DocumentUtil
+ .getSourceAsStream(responseMessage));
+ assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+ response = collection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected response context", "validatecontext", response.getContext());
+ assertEquals("Unexpected token type", WSTrustConstants.STATUS_TYPE, response.getTokenType().toString());
+ StatusType status = response.getStatus();
+ assertNotNull("Unexpected null status", status);
+ assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_INVALID, status.getCode());
+ assertEquals("Unexpected status reason", "Validation failure: assertion with id "
+ + assertion.getAttribute("AssertionID") + " has been canceled", status.getReason());
+
+ // now try to renew the canceled assertion.
+ request = this.createRequest("renewcontext", WSTrustConstants.RENEW_REQUEST, null, null);
+ RenewTargetType renewTarget = new RenewTargetType();
+ renewTarget.add(assertion);
+ request.setRenewTarget(renewTarget);
+
+ // we should receive an exception when renewing the token.
+ try
+ {
+ this.tokenService.invoke(this.createSourceFromRequest(request));
+ fail("Renewing a canceled token should result in an exception being thrown");
+ }
+ catch (WebServiceException we)
+ {
+ assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
+ assertEquals("Unexpected exception message", "SAMLV1.1 Assertion with id "
+ + assertion.getAttribute("AssertionID") + " has been canceled and cannot be renewed", we.getCause()
+ .getCause().getMessage());
+ }
+ }
+
+ /**
+ * <p>
+ * This test case first generates a SAMLV2.0 assertion and then sends a WS-Trust cancel message to the STS to cancel
+ * the assertion. A canceled assertion cannot be renewed or considered valid anymore.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeSAML20Cancel() throws Exception
+ {
+ // create a simple token request.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
+ SAMLUtil.SAML2_TOKEN_TYPE, null);
+
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ WSTrustParser parser = new WSTrustParser();
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil
+ .getSourceAsStream(responseMessage));
+
+ // validate the response and get the SAML assertion from the request.
+ this.validateSAMLAssertionResponse(baseResponse, "testcontext", "jduke", SAMLUtil.SAML2_BEARER_URI);
+ RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ Element assertion = (Element) collection.getRequestSecurityTokenResponses().get(0).getRequestedSecurityToken()
+ .getAny().get(0);
+
+ // now construct a WS-Trust cancel request with the generated assertion.
+ request = this.createRequest("cancelcontext", WSTrustConstants.CANCEL_REQUEST, null, null);
+ CancelTargetType cancelTarget = new CancelTargetType();
+ cancelTarget.add(assertion);
+ request.setCancelTarget(cancelTarget);
+
+ // invoke the token service.
+ responseMessage = this.tokenService.invoke(this.createSourceFromRequest(request));
+ baseResponse = (BaseRequestSecurityTokenResponse) parser.parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+ // validate the response contents.
+ assertNotNull("Unexpected null response", baseResponse);
+ assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection);
+ collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+ RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected response context", "cancelcontext", response.getContext());
+ assertNotNull("Cancel response should contain a RequestedTokenCancelled element", response
+ .getRequestedTokenCancelled());
+
+ // try to validate the canceled assertion.
+ request = this.createRequest("validatecontext", WSTrustConstants.VALIDATE_REQUEST, null, null);
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.add(assertion);
+ request.setValidateTarget(validateTarget);
+
+ // the response should contain a status indicating that the token is not valid.
+ responseMessage = this.tokenService.invoke(this.createSourceFromRequest(request));
+ collection = (RequestSecurityTokenResponseCollection) parser.parse(DocumentUtil
+ .getSourceAsStream(responseMessage));
+ assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+ response = collection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected response context", "validatecontext", response.getContext());
+ assertEquals("Unexpected token type", WSTrustConstants.STATUS_TYPE, response.getTokenType().toString());
+ StatusType status = response.getStatus();
+ assertNotNull("Unexpected null status", status);
+ assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_INVALID, status.getCode());
+ assertEquals("Unexpected status reason", "Validation failure: assertion with id " + assertion.getAttribute("ID")
+ + " has been canceled", status.getReason());
+
+ // now try to renew the canceled assertion.
+ request = this.createRequest("renewcontext", WSTrustConstants.RENEW_REQUEST, null, null);
+ RenewTargetType renewTarget = new RenewTargetType();
+ renewTarget.add(assertion);
+ request.setRenewTarget(renewTarget);
+
+ // we should receive an exception when renewing the token.
+ try
+ {
+ this.tokenService.invoke(this.createSourceFromRequest(request));
+ fail("Renewing a canceled token should result in an exception being thrown");
+ }
+ catch (WebServiceException we)
+ {
+ assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
+ assertEquals("Unexpected exception message", "Assertion with id " + assertion.getAttribute("ID")
+ + " has been canceled and cannot be renewed", we.getCause().getCause().getMessage());
+ }
+ }
+
+ /**
+ * <p>
+ * This test tries to request a token of an unknown type, checking if an exception is correctly thrown by the
+ * security token service.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvokeUnknownTokenType() throws Exception
+ {
+ // create a simple token request, asking for an "unknown" test token.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST,
+ "http://www.tokens.org/UnknownToken", null);
+
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the security token service.
+ try
+ {
+ this.tokenService.invoke(requestMessage);
+ fail("An exception should have been raised by the security token service");
+ }
+ catch (WebServiceException we)
+ {
+ assertNotNull("Unexpected null cause", we.getCause());
+ assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
+ }
+ }
+
+ /**
+ * <p>
+ * This test verifies if the token service is correctly identifying invalid issue requests.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvalidIssueRequests() throws Exception
+ {
+ // lets create an issue request that container neither an applies-to nor a token type.
+ RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST, null, null);
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service. A WSTrustException should be raised.
+ try
+ {
+ this.tokenService.invoke(requestMessage);
+ fail("An exception should have been raised by the security token service");
+ }
+ catch (WebServiceException we)
+ {
+ assertNotNull("Unexpected null cause", we.getCause());
+ assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
+ /*
+ * assertEquals("Either AppliesTo or TokenType must be present in a security token request", we.getCause()
+ * .getMessage());
+ */
+ }
+
+ // a request that asks for a public key to be used as proof key will fail if the public key is not available.
+ request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
+ request.setKeyType(URI.create(WSTrustConstants.KEY_TYPE_PUBLIC));
+ requestMessage = this.createSourceFromRequest(request);
+
+ try
+ {
+ this.tokenService.invoke(requestMessage);
+ fail("An exception should have been raised by the security token service");
+ }
+ catch (WebServiceException we)
+ {
+ assertNotNull("Unexpected null cause", we.getCause());
+ assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
+ assertEquals("Unexpected exception message", "Unable to locate client public key", we.getCause().getMessage());
+ }
+ }
+
+ /**
+ * <p>
+ * This test verifies if the token service is correctly identifying invalid renew requests.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvalidRenewRequests() throws Exception
+ {
+ // first create a request that doesn't have a renew target element.
+ RequestSecurityToken request = this.createRequest("renewcontext", WSTrustConstants.RENEW_REQUEST,
+ SAMLUtil.SAML2_TOKEN_TYPE, null);
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ try
+ {
+ this.tokenService.invoke(requestMessage);
+ fail("An exception should have been raised by the security token service");
+ }
+ catch (WebServiceException we)
+ {
+ assertNotNull("Unexpected null cause", we.getCause());
+ assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
+ assertEquals("Unable to renew token: request does not have a renew target", we.getCause().getMessage());
+ }
+
+ // a request with an empty renew target should also result in a failure.
+ request.setRenewTarget(new RenewTargetType());
+ requestMessage = this.createSourceFromRequest(request);
+ try
+ {
+ this.tokenService.invoke(requestMessage);
+ fail("An exception should have been raised by the security token service");
+ }
+ catch (WebServiceException we)
+ {
+ assertNotNull("Unexpected null cause", we.getCause());
+ assertTrue("Unexpected cause type", we.getCause() instanceof ParsingException);
+ assertEquals("Unable to parse renew token request: security token is null", we.getCause().getMessage());
+ }
+
+ // a request to renew an unknown token (i.e. there's no provider can handle the token) should also fail.
+ request.getRenewTarget().add(this.createUnknownToken());
+ requestMessage = this.createSourceFromRequest(request);
+ try
+ {
+ this.tokenService.invoke(requestMessage);
+ fail("An exception should have been raised by the security token service");
+ }
+ catch (WebServiceException we)
+ {
+ assertNotNull("Unexpected null cause", we.getCause());
+ assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
+ /*
+ * assertEquals("No SecurityTokenProvider configured for http://www.unknowntoken.org:UnknownToken",
+ * we.getCause() .getMessage());
+ */
+ }
+ }
+
+ /**
+ * <p>
+ * This test verifies if the token service is correctly identifying invalid validate requests.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvalidValidateRequests() throws Exception
+ {
+ // first create a request that doesn't have a validate target element.
+ RequestSecurityToken request = this.createRequest("validatecontext", WSTrustConstants.VALIDATE_REQUEST,
+ SAMLUtil.SAML2_TOKEN_TYPE, null);
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ try
+ {
+ this.tokenService.invoke(requestMessage);
+ fail("An exception should have been raised by the security token service");
+ }
+ catch (WebServiceException we)
+ {
+ assertNotNull("Unexpected null cause", we.getCause());
+ assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
+ assertEquals("Unable to validate token: request does not have a validate target", we.getCause().getMessage());
+ }
+
+ // a request with an empty validate target should also result in a failure.
+ request.setValidateTarget(new ValidateTargetType());
+ requestMessage = this.createSourceFromRequest(request);
+ try
+ {
+ this.tokenService.invoke(requestMessage);
+ fail("An exception should have been raised by the security token service");
+ }
+ catch (WebServiceException we)
+ {
+ assertNotNull("Unexpected null cause", we.getCause());
+ assertTrue("Unexpected cause type", we.getCause() instanceof ParsingException);
+ assertEquals("Unable to parse validate token request: security token is null", we.getCause().getMessage());
+ }
+
+ // a request to validate an unknown token (i.e. there's no provider can handle the token) should also fail.
+ request.getValidateTarget().add(this.createUnknownToken());
+ requestMessage = this.createSourceFromRequest(request);
+ try
+ {
+ this.tokenService.invoke(requestMessage);
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ RequestSecurityTokenResponseCollection baseResponseColl = (RequestSecurityTokenResponseCollection) new WSTrustParser()
+ .parse(DocumentUtil.getSourceAsStream(responseMessage));
+
+ RequestSecurityTokenResponse response = baseResponseColl.getRequestSecurityTokenResponses().get(0);
+ StatusType status = response.getStatus();
+ assertTrue(status.getCode().equals(WSTrustConstants.STATUS_CODE_INVALID));
+ // fail("An exception should have been raised by the security token service");
+ }
+ catch (WebServiceException we)
+ {
+ assertNotNull("Unexpected null cause", we.getCause());
+ assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
+ assertEquals("No SecurityTokenProvider configured for http://www.unknowntoken.org:UnknownToken", we.getCause()
+ .getMessage());
+ }
+ }
+
+ /**
+ * <p>
+ * This test verifies if the token service is correctly identifying invalid cancel requests.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testInvalidCancelRequests() throws Exception
+ {
+ // first create a request that doesn't have a cancel target element.
+ RequestSecurityToken request = this.createRequest("cancelcontext", WSTrustConstants.CANCEL_REQUEST,
+ SAMLUtil.SAML2_TOKEN_TYPE, null);
+ Source requestMessage = this.createSourceFromRequest(request);
+
+ // invoke the token service.
+ try
+ {
+ this.tokenService.invoke(requestMessage);
+ fail("An exception should have been raised by the security token service");
+ }
+ catch (WebServiceException we)
+ {
+ assertNotNull("Unexpected null cause", we.getCause());
+ assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
+ assertEquals("Unable to cancel token: request does not have a cancel target", we.getCause().getMessage());
+ }
+
+ // a request with an empty cancel target should also result in a failure.
+ request.setCancelTarget(new CancelTargetType());
+ requestMessage = this.createSourceFromRequest(request);
+ try
+ {
+ this.tokenService.invoke(requestMessage);
+ fail("An exception should have been raised by the security token service");
+ }
+ catch (WebServiceException we)
+ {
+ assertNotNull("Unexpected null cause", we.getCause());
+ assertTrue("Unexpected cause type", we.getCause() instanceof ParsingException);
+ assertEquals("Unable to parse cancel token request: security token is null", we.getCause().getMessage());
+ }
+
+ // a request to cancel an unknown token (i.e. there's no provider can handle the token) should also fail.
+ request.getCancelTarget().add(this.createUnknownToken());
+ requestMessage = this.createSourceFromRequest(request);
+ try
+ {
+ this.tokenService.invoke(requestMessage);
+ fail("An exception should have been raised by the security token service");
+ }
+ catch (WebServiceException we)
+ {
+ assertNotNull("Unexpected null cause", we.getCause());
+ assertTrue("Unexpected cause type", we.getCause() instanceof WSTrustException);
+ assertEquals("No SecurityTokenProvider configured for http://www.unknowntoken.org:UnknownToken", we.getCause()
+ .getCause().getMessage());
+ }
+ }
+
+ /**
+ * <p>
+ * Validates the contents of a WS-Trust response message that contains a custom token issued by the test {@code
+ * SpecialTokenProvider}.
+ * </p>
+ *
+ * @param baseResponse
+ * a reference to the WS-Trust response that was sent by the STS.
+ * @throws Exception
+ * if one of the validation performed fail.
+ */
+ private void validateCustomTokenResponse(BaseRequestSecurityTokenResponse baseResponse) throws Exception
+ {
+
+ // =============================== WS-Trust Security Token Response Validation ===============================//
+
+ assertNotNull("Unexpected null response", baseResponse);
+ assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection);
+ RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+ RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected response context", "testcontext", response.getContext());
+ assertEquals("Unexpected token type", "http://www.tokens.org/SpecialToken", response.getTokenType().toString());
+ Lifetime lifetime = response.getLifetime();
+ assertNotNull("Unexpected null token lifetime", lifetime);
+
+ // ========================================= Custom Token Validation =========================================//
+
+ RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
+ assertNotNull("Unexpected null requested security token", requestedToken);
+ Object token = requestedToken.getAny().get(0);
+ assertNotNull("Unexpected null token", token);
+ assertTrue("Unexpected token class", token instanceof Element);
+ Element element = (Element) requestedToken.getAny().get(0);
+ assertEquals("Unexpected root element name", "SpecialToken", element.getLocalName());
+ assertEquals("Unexpected namespace value", "http://www.tokens.org", element.getNamespaceURI());
+ assertEquals("Unexpected attribute value", "http://www.tokens.org/SpecialToken", element
+ .getAttribute("TokenType"));
+ element = (Element) element.getFirstChild();
+ assertEquals("Unexpected child element name", "SpecialTokenValue", element.getLocalName());
+ assertEquals("Unexpected token value", "Principal:jduke", element.getFirstChild().getNodeValue());
+ }
+
+ private SAML11AssertionType validateSAML11AssertionResponse(BaseRequestSecurityTokenResponse baseResponse,
+ String context, String principal, String confirmationMethod) throws Exception
+ {
+
+ // =============================== WS-Trust Security Token Response Validation ===============================//
+
+ assertNotNull("Unexpected null response", baseResponse);
+ assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection);
+ RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+ RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected response context", context, response.getContext());
+ assertEquals("Unexpected token type", SAMLUtil.SAML11_TOKEN_TYPE, response.getTokenType().toString());
+ Lifetime lifetime = response.getLifetime();
+ assertNotNull("Unexpected null token lifetime", lifetime);
+
+ // validate the attached token reference.
+ RequestedReferenceType reference = response.getRequestedAttachedReference();
+ assertNotNull("Unexpected null attached reference", reference);
+ SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
+ assertNotNull("Unexpected null security reference", securityRef);
+ String tokenTypeAttr = securityRef.getOtherAttributes().get(new QName(WSTrustConstants.WSSE11_NS, "TokenType"));
+ assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
+ assertEquals("TokenType attribute has an unexpected value", SAMLUtil.SAML11_TOKEN_TYPE, tokenTypeAttr);
+ KeyIdentifierType keyId = (KeyIdentifierType) securityRef.getAny().get(0);
+ assertEquals("Unexpected key value type", SAMLUtil.SAML11_VALUE_TYPE, keyId.getValueType());
+ assertNotNull("Unexpected null key identifier value", keyId.getValue());
+
+ // ====================================== SAMLV1.1 Assertion Validation ======================================//
+
+ RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
+ assertNotNull("Unexpected null requested security token", requestedToken);
+
+ // unmarshall the SAMLV1.1 assertion.
+ Element assertionElement = (Element) requestedToken.getAny().get(0);
+ SAML11AssertionType assertion = SAMLUtil.saml11FromElement(assertionElement);
+
+ // verify the contents of the unmarshalled assertion.
+ assertNotNull("Invalid null assertion ID", assertion.getID());
+ assertEquals(keyId.getValue().substring(1), assertion.getID());
+ assertEquals(lifetime.getCreated(), assertion.getIssueInstant());
+ assertEquals(1, assertion.getMajorVersion());
+ assertEquals(1, assertion.getMinorVersion());
+
+ // validate the assertion issuer.
+ assertNotNull("Unexpected null assertion issuer", assertion.getIssuer());
+ assertEquals("Unexpected assertion issuer name", "Test STS", assertion.getIssuer());
+
+ // validate the assertion authentication statement.
+ List<SAML11StatementAbstractType> statements = assertion.getStatements();
+ assertTrue("At least one statement is expected in a SAMLV1.1 assertion", statements.size() > 0);
+ SAML11AuthenticationStatementType authStatement = null;
+ for (SAML11StatementAbstractType statement : statements)
+ {
+ if (statement instanceof SAML11AuthenticationStatementType)
+ {
+ authStatement = (SAML11AuthenticationStatementType) statement;
+ break;
+ }
+ }
+ assertNotNull("SAMLV1.1 assertion is missing the authentication statement", authStatement);
+
+ // validate the assertion subject.
+ assertNotNull("Unexpected null subject", authStatement.getSubject());
+ SAML11SubjectType subject = authStatement.getSubject();
+
+ SAML11NameIdentifierType nameID = subject.getChoice().getNameID();
+ assertEquals("Unexpected NameIdentifier format", SAML11Constants.FORMAT_UNSPECIFIED, nameID.getFormat()
+ .toString());
+ assertEquals("Unexpected NameIdentifier value", principal, nameID.getValue());
+
+ SAML11SubjectConfirmationType subjType = subject.getSubjectConfirmation();
+ assertEquals("Unexpected confirmation method", confirmationMethod, subjType.getConfirmationMethod().get(0)
+ .toString());
+
+ // validate the assertion conditions.
+ assertNotNull("Unexpected null conditions", assertion.getConditions());
+ assertEquals(lifetime.getCreated(), assertion.getConditions().getNotBefore());
+ assertEquals(lifetime.getExpires(), assertion.getConditions().getNotOnOrAfter());
+
+ assertNotNull("Assertion should have been signed", assertion.getSignature());
+
+ return assertion;
+ }
+
+ /**
+ * <p>
+ * Validates the contents of a WS-Trust response message that contains a SAMLV2.0 assertion issued by the {@code
+ * SAML20TokenProvider}.
+ * </p>
+ *
+ * @param baseResponse
+ * a reference to the WS-Trust response that was sent by the STS.
+ * @param context
+ * the expected name of the response context.
+ * @param principal
+ * the principal that is expected to be seen in the assertion subject.
+ * @param confirmationMethod
+ * the confirmation method that is expected to be seen in the assertion subject.
+ * @return the SAMLV2.0 assertion that has been extracted from the response. This object can be used by the test
+ * methods to perform extra validations depending on the scenario being tested.
+ * @throws Exception
+ * if an error occurs while performing the validation.
+ */
+ private AssertionType validateSAMLAssertionResponse(BaseRequestSecurityTokenResponse baseResponse, String context,
+ String principal, String confirmationMethod) throws Exception
+ {
+
+ // =============================== WS-Trust Security Token Response Validation ===============================//
+
+ assertNotNull("Unexpected null response", baseResponse);
+ assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection);
+ RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
+ RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected response context", context, response.getContext());
+ assertEquals("Unexpected token type", SAMLUtil.SAML2_TOKEN_TYPE, response.getTokenType().toString());
+ Lifetime lifetime = response.getLifetime();
+ assertNotNull("Unexpected null token lifetime", lifetime);
+
+ // validate the attached token reference.
+ RequestedReferenceType reference = response.getRequestedAttachedReference();
+ assertNotNull("Unexpected null attached reference", reference);
+ SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
+ assertNotNull("Unexpected null security reference", securityRef);
+ String tokenTypeAttr = securityRef.getOtherAttributes().get(new QName(WSTrustConstants.WSSE11_NS, "TokenType"));
+ assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
+ assertEquals("TokenType attribute has an unexpected value", SAMLUtil.SAML2_TOKEN_TYPE, tokenTypeAttr);
+ KeyIdentifierType keyId = (KeyIdentifierType) securityRef.getAny().get(0);
+ assertEquals("Unexpected key value type", SAMLUtil.SAML2_VALUE_TYPE, keyId.getValueType());
+ assertNotNull("Unexpected null key identifier value", keyId.getValue());
+
+ // ====================================== SAMLV2.0 Assertion Validation ======================================//
+
+ RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
+ assertNotNull("Unexpected null requested security token", requestedToken);
+
+ // unmarshall the SAMLV2.0 assertion.
+ Element assertionElement = (Element) requestedToken.getAny().get(0);
+ AssertionType assertion = SAMLUtil.fromElement(assertionElement);
+
+ // verify the contents of the unmarshalled assertion.
+ assertNotNull("Invalid null assertion ID", assertion.getID());
+ assertEquals(keyId.getValue().substring(1), assertion.getID());
+ assertEquals(lifetime.getCreated(), assertion.getIssueInstant());
+
+ // validate the assertion issuer.
+ assertNotNull("Unexpected null assertion issuer", assertion.getIssuer());
+ assertEquals("Unexpected assertion issuer name", "Test STS", assertion.getIssuer().getValue());
+
+ // validate the assertion subject.
+ assertNotNull("Unexpected null subject", assertion.getSubject());
+ SubjectType subject = assertion.getSubject();
+
+ NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
+ assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID.getNameQualifier());
+ assertEquals("Unexpected name id value", principal, nameID.getValue());
+
+ SubjectConfirmationType subjType = subject.getConfirmation().get(0);
+ assertEquals("Unexpected confirmation method", confirmationMethod, subjType.getMethod());
+
+ // validate the assertion conditions.
+ assertNotNull("Unexpected null conditions", assertion.getConditions());
+ assertEquals(lifetime.getCreated(), assertion.getConditions().getNotBefore());
+ assertEquals(lifetime.getExpires(), assertion.getConditions().getNotOnOrAfter());
+
+ assertNotNull("Assertion should have been signed", assertion.getSignature());
+
+ return assertion;
+ }
+
+ /**
+ * <p>
+ * Validates the contents of the specified {@code SubjectConfirmationType} when the {@code HOLDER_OF_KEY}
+ * confirmation method has been used.
+ * </p>
+ *
+ * @param subjectConfirmation
+ * the {@code SubjectConfirmationType} to be validated.
+ * @param keyType
+ * the type of the proof-of-possession key (Symmetric or Public).
+ * @param certificate
+ * the certificate used in the Public Key scenarios.
+ * @param usePublicKey
+ * {@code true} if the certificate's Public Key was used as the proof-of-possession token; {@code false}
+ * otherwise.
+ * @throws Exception
+ * if an error occurs while performing the validation.
+ */
+ private void validateHolderOfKeyContents(SubjectConfirmationType subjectConfirmation, String keyType,
+ Certificate certificate, boolean usePublicKey) throws Exception
+ {
+ SubjectConfirmationDataType subjConfirmationDataType = subjectConfirmation.getSubjectConfirmationData();
+ assertNotNull("Unexpected null subject confirmation data", subjConfirmationDataType);
+ KeyInfoType keyInfo = (KeyInfoType) subjConfirmationDataType.getAnyType();
+ assertEquals("Unexpected key info content size", 1, keyInfo.getContent().size());
+
+ // if the key is a symmetric key, the KeyInfo should contain an encrypted element.
+ if (WSTrustConstants.KEY_TYPE_SYMMETRIC.equals(keyType))
+ {
+ Element encKeyElement = (Element) keyInfo.getContent().get(0);
+ assertEquals("Unexpected key info content type", WSTrustConstants.XMLEnc.ENCRYPTED_KEY, encKeyElement
+ .getLocalName());
+ }
+ // if the key is public, KeyInfo should either contain an encoded certificate or an encoded public key.
+ else if (WSTrustConstants.KEY_TYPE_PUBLIC.equals(keyType))
+ {
+ // if the public key has been used as proof, we should be able to retrieve it from KeyValueType.
+ if (usePublicKey == true)
+ {
+ KeyValueType keyValue = (KeyValueType) keyInfo.getContent().get(0);
+ List<Object> keyValueContent = keyValue.getContent();
+ assertEquals("Unexpected key value content size", 1, keyValueContent.size());
+ assertEquals("Unexpected key value content type", RSAKeyValueType.class, keyValueContent.get(0).getClass());
+ RSAKeyValueType rsaKeyValue = (RSAKeyValueType) keyValueContent.get(0);
+
+ // reconstruct the public key and check if it matches the public key of the provided certificate.
+ BigInteger modulus = new BigInteger(1, Base64.decode(new String(rsaKeyValue.getModulus())));
+ BigInteger exponent = new BigInteger(1, Base64.decode(new String(rsaKeyValue.getExponent())));
+ KeyFactory factory = KeyFactory.getInstance("RSA");
+ RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent);
+ RSAPublicKey genKey = (RSAPublicKey) factory.generatePublic(spec);
+ assertEquals("Invalid public key", certificate.getPublicKey(), genKey);
+ }
+ // if the whole certificate was used as proof, we should be able to retrieve it from X509DataType.
+ else
+ {
+ X509DataType x509Data = (X509DataType) keyInfo.getContent().get(0);
+ assertEquals("Unexpected X509 data content size", 1, x509Data.getDataObjects().size());
+ Object content = x509Data.getDataObjects().get(0);
+ assertTrue("Unexpected X509 data content type", content instanceof X509CertificateType);
+ byte[] encodedCertificate = ((X509CertificateType) content).getEncodedCertificate();
+
+ // reconstruct the certificate and check if it matches the provided certificate.
+ ByteArrayInputStream byteInputStream = new ByteArrayInputStream(Base64.decode(encodedCertificate, 0,
+ encodedCertificate.length));
+ assertEquals("Invalid certificate in key info", certificate, CertificateFactory.getInstance("X.509")
+ .generateCertificate(byteInputStream));
+ }
+ }
+ }
+
+ /**
+ * <p>
+ * Utility method that creates a simple WS-Trust request using the specified information.
+ * </p>
+ *
+ * @param context
+ * a {@code String} that represents the request context.
+ * @param requestType
+ * a {@code String} that represents the WS-Trust request type.
+ * @param tokenType
+ * a {@code String} that represents the requested token type.
+ * @param appliesToString
+ * a {@code String} that represents the URL of a service provider.
+ * @return the constructed {@code RequestSecurityToken} object.
+ */
+ private RequestSecurityToken createRequest(String context, String requestType, String tokenType,
+ String appliesToString)
+ {
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setContext(context);
+ request.setRequestType(URI.create(requestType));
+ if (tokenType != null)
+ request.setTokenType(URI.create(tokenType));
+ if (appliesToString != null)
+ request.setAppliesTo(WSTrustUtil.createAppliesTo(appliesToString));
+ return request;
+ }
+
+ /**
+ * <p>
+ * Creates a simple token that is not known to the STS for testing purposes.
+ * </p>
+ *
+ * @return an {@code Element} representing the unknown token.
+ * @throws Exception
+ * if an error occurs while creating the token.
+ */
+ private Element createUnknownToken() throws Exception
+ {
+ Document doc = DocumentUtil.createDocument();
+ String namespaceURI = "http://www.unknowntoken.org";
+ Element root = doc.createElementNS(namespaceURI, "token:UnknownToken");
+ Element child = doc.createElementNS(namespaceURI, "token:UnknownTokenValue");
+ child.appendChild(doc.createTextNode("Unknown content"));
+ root.appendChild(child);
+ String id = IDGenerator.create("ID_");
+ root.setAttributeNS(namespaceURI, "ID", id);
+ root.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:token", namespaceURI);
+ return root;
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code Certificate} stored under the specified alias in the specified keystore.
+ * </p>
+ *
+ * @param keyStoreFile
+ * the name of the file that contains a JKS keystore.
+ * @param passwd
+ * the keystore password.
+ * @param certificateAlias
+ * the alias of a certificate in the keystore.
+ * @return a reference to the {@code Certificate} stored under the given alias.
+ * @throws Exception
+ * if an error occurs while handling the keystore.
+ */
+ private Certificate getCertificate(String keyStoreFile, String passwd, String certificateAlias) throws Exception
+ {
+ InputStream stream = Thread.currentThread().getContextClassLoader().getResourceAsStream(keyStoreFile);
+ KeyStore keyStore = KeyStore.getInstance("JKS");
+ keyStore.load(stream, passwd.toCharArray());
+
+ Certificate certificate = keyStore.getCertificate(certificateAlias);
+ return certificate;
+ }
+
+ private Source createSourceFromRequest(RequestSecurityToken request) throws Exception
+ {
+ // write the request XML to a DOMResult
+ DOMResult result = new DOMResult(DocumentUtil.createDocument());
+ WSTrustRequestWriter writer = new WSTrustRequestWriter(result);
+ writer.write(request);
+ return new DOMSource(result.getNode());
+ }
+
+ /**
+ * <p>
+ * Helper class that exposes the PicketLinkSTS methods as public for the tests to work.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+ class TestSTS extends PicketLinkSTS
+ {
+ private String configFileName = "sts/picketlink-sts.xml";
+
+ TestSTS()
+ {
+ }
+
+ TestSTS(String configFileName)
+ {
+ this.configFileName = configFileName;
+ }
+
+ public Source invoke(Source source)
+ {
+ try
+ {
+ SOAPMessage request = SOAPUtil.create();
+ SOAPUtil.addData(source, request);
+ SOAPMessage response = super.invoke(request);
+ return new DOMSource(SOAPUtil.getSOAPData(response));
+ }
+ catch (SOAPException e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Override
+ public STSConfiguration getConfiguration() throws ConfigurationException
+ {
+ InputStream stream;
+ try
+ {
+ URL configURL = Thread.currentThread().getContextClassLoader().getResource(configFileName);
+ stream = configURL.openStream();
+
+ STSType stsConfig = (STSType) new STSConfigParser().parse(stream);
+ return new PicketLinkSTSConfiguration(stsConfig);
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ public void setContext(WebServiceContext context)
+ {
+ super.context = context;
+ }
+ }
+
+ /**
+ * <p>
+ * Helper class that mocks a {@code WebServiceContext}. It is used in the PicketLink STS test cases.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+ class TestContext implements WebServiceContext
+ {
+
+ private Principal principal;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see javax.xml.ws.WebServiceContext#getEndpointReference(java.lang.Class, org.w3c.dom.Element[])
+ */
+ public <T extends EndpointReference> T getEndpointReference(Class<T> arg0, Element... arg1)
+ {
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see javax.xml.ws.WebServiceContext#getEndpointReference(org.w3c.dom.Element[])
+ */
+ public EndpointReference getEndpointReference(Element... arg0)
+ {
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see javax.xml.ws.WebServiceContext#getMessageContext()
+ */
+ public MessageContext getMessageContext()
+ {
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see javax.xml.ws.WebServiceContext#getUserPrincipal()
+ */
+ public Principal getUserPrincipal()
+ {
+ return this.principal;
+ }
+
+ /**
+ * <p>
+ * Sets the principal to be used in the test case.
+ * </p>
+ *
+ * @param principal
+ * the {@code Principal} to be set.
+ */
+ public void setUserPrincipal(Principal principal)
+ {
+ this.principal = principal;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see javax.xml.ws.WebServiceContext#isUserInRole(java.lang.String)
+ */
+ public boolean isUserInRole(String arg0)
+ {
+ return false;
+ }
+ }
+}
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,390 @@
+/*
+ * JBoss, Home of Professional Open Source. Copyright 2009, Red Hat Middleware LLC, and individual contributors as
+ * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual
+ * contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public
+ * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any
+ * later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to
+ * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site:
+ * http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.wstrust;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.InputStream;
+import java.net.URI;
+import java.security.KeyStore;
+import java.security.PublicKey;
+import java.security.cert.Certificate;
+import java.util.Arrays;
+import java.util.GregorianCalendar;
+import java.util.HashMap;
+
+import javax.xml.namespace.QName;
+import javax.xml.transform.Source;
+import javax.xml.transform.dom.DOMResult;
+import javax.xml.transform.dom.DOMSource;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLAssertionParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.Base64;
+import org.picketlink.identity.federation.core.wstrust.SecurityToken;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext;
+import org.picketlink.identity.federation.core.wstrust.WSTrustUtil;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime;
+import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRequestWriter;
+import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.saml.v2.assertion.AudienceRestrictionType;
+import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
+import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.ws.trust.RequestedReferenceType;
+import org.picketlink.identity.federation.ws.trust.StatusType;
+import org.picketlink.identity.federation.ws.trust.ValidateTargetType;
+import org.picketlink.identity.federation.ws.wss.secext.KeyIdentifierType;
+import org.picketlink.identity.federation.ws.wss.secext.SecurityTokenReferenceType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * <p>
+ * This {@code TestCase} tests the functionalities of the {@code SAML20TokenProvider} class.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class SAML20TokenProviderUnitTestCase
+{
+
+ private SAML20TokenProvider provider;
+
+ /**
+ * <p>
+ * Tests the issuance of a SAMLV2.0 Assertion.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testIssueSAMLV20Token() throws Exception
+ {
+ this.provider = new SAML20TokenProvider();
+ provider.initialize(new HashMap<String, String>());
+
+ SAMLAssertionParser assertionParser = new SAMLAssertionParser();
+
+ // create a WSTrustRequestContext with a simple WS-Trust request.
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setLifetime(WSTrustUtil.createDefaultLifetime(3600000));
+ request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.testcorp.org/provider2"));
+ request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
+
+ WSTrustRequestContext context = new WSTrustRequestContext(request, new TestPrincipal("sguilhen"));
+ context.setTokenIssuer("PicketLinkSTS");
+
+ // call the SAML token provider and check the generated token.
+ this.provider.issueToken(context);
+ assertNotNull("Unexpected null security token", context.getSecurityToken());
+
+ SecurityToken securityToken = context.getSecurityToken();
+
+ AssertionType assertion = assertionParser.fromElement((Element) securityToken.getTokenValue());
+ /*
+ * JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.assertion");
+ * Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); JAXBElement<?> parsedElement = (JAXBElement<?>)
+ * unmarshaller.unmarshal((Element) context.getSecurityToken() .getTokenValue());
+ * assertNotNull("Unexpected null element", parsedElement); assertEquals("Unexpected element type",
+ * AssertionType.class, parsedElement.getDeclaredType());
+ *
+ * AssertionType assertion = (AssertionType) parsedElement.getValue(); StandardSecurityToken securityToken =
+ * (StandardSecurityToken) context.getSecurityToken();
+ */
+ assertEquals("Unexpected token id", securityToken.getTokenID(), assertion.getID());
+ assertEquals("Unexpected token issuer", "PicketLinkSTS", assertion.getIssuer().getValue());
+
+ // check the contents of the assertion conditions.
+ ConditionsType conditions = assertion.getConditions();
+ assertNotNull("Unexpected null conditions", conditions);
+ assertNotNull("Unexpected null value for NotBefore attribute", conditions.getNotBefore());
+ assertNotNull("Unexpected null value for NotOnOrAfter attribute", conditions.getNotOnOrAfter());
+ assertEquals("Unexpected number of conditions", 1, conditions.getConditions().size());
+
+ AudienceRestrictionType restrictionType = (AudienceRestrictionType) conditions.getConditions().get(0);
+ assertNotNull("Unexpected null audience list", restrictionType.getAudience());
+ assertEquals("Unexpected number of audience elements", 1, restrictionType.getAudience().size());
+ assertEquals("Unexpected audience value", "http://services.testcorp.org/provider2", restrictionType.getAudience()
+ .get(0).toString());
+
+ // check the contents of the assertion subject.
+ SubjectType subject = assertion.getSubject();
+ assertNotNull("Unexpected null subject", subject);
+
+ NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
+ assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID.getNameQualifier());
+ assertEquals("Unexpected name id", "sguilhen", nameID.getValue());
+
+ SubjectConfirmationType confirmation = subject.getConfirmation().get(0);
+ assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_BEARER_URI, confirmation.getMethod());
+
+ // validate the attached token reference created by the SAML provider.
+ RequestedReferenceType reference = context.getAttachedReference();
+ assertNotNull("Unexpected null attached reference", reference);
+ SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
+ assertNotNull("Unexpected null security reference", securityRef);
+ String tokenTypeAttr = securityRef.getOtherAttributes().get(new QName(WSTrustConstants.WSSE11_NS, "TokenType"));
+ assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
+ assertEquals("TokenType attribute has an unexpected value", SAMLUtil.SAML2_TOKEN_TYPE, tokenTypeAttr);
+ KeyIdentifierType keyId = (KeyIdentifierType) securityRef.getAny().get(0);
+ assertEquals("Unexpected key value type", SAMLUtil.SAML2_VALUE_TYPE, keyId.getValueType());
+ assertNotNull("Unexpected null key identifier value", keyId.getValue());
+ assertEquals(assertion.getID(), keyId.getValue().substring(1));
+ }
+
+ /**
+ * <p>
+ * This method tests the creation of SAMLV.20 assertions that contain a proof-of-possession token - that is,
+ * assertions that use the Holder Of Key confirmation method.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testIssueSAMLV20HolderOfKeyToken() throws Exception
+ {
+
+ this.provider = new SAML20TokenProvider();
+ provider.initialize(new HashMap<String, String>());
+ // create a WSTrustRequestContext with a simple WS-Trust request.
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setLifetime(WSTrustUtil.createDefaultLifetime(3600000));
+ request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.testcorp.org/provider2"));
+ request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
+
+ WSTrustRequestContext context = new WSTrustRequestContext(request, new TestPrincipal("sguilhen"));
+ context.setTokenIssuer("PicketLinkSTS");
+
+ // let's set a symmetric key proof-of-possession token in the context.
+ byte[] secret = WSTrustUtil.createRandomSecret(32);
+ PublicKey serviceKey = this.getCertificate("keystore/sts_keystore.jks", "testpass", "service2").getPublicKey();
+ context.setProofTokenInfo(WSTrustUtil.createKeyInfo(secret, serviceKey, null));
+
+ // call the SAML token provider and check the generated token.
+ this.provider.issueToken(context);
+ assertNotNull("Unexpected null security token", context.getSecurityToken());
+
+ // check if the assertion has a subject confirmation that contains the encrypted symmetric key.
+ AssertionType assertion = SAMLUtil.fromElement((Element) context.getSecurityToken().getTokenValue());
+ SubjectType subject = assertion.getSubject();
+ assertNotNull("Unexpected null subject", subject);
+
+ NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
+ assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID.getNameQualifier());
+ assertEquals("Unexpected name id", "sguilhen", nameID.getValue());
+
+ SubjectConfirmationType confirmation = subject.getConfirmation().get(0);
+ assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_HOLDER_OF_KEY_URI, confirmation.getMethod());
+
+ SubjectConfirmationDataType confirmData = confirmation.getSubjectConfirmationData();
+ KeyInfoType keyInfo = (KeyInfoType) confirmData.getAnyType();
+ assertEquals("Unexpected key info content size", 1, keyInfo.getContent().size());
+ Element encKeyElement = (Element) keyInfo.getContent().get(0);
+ assertEquals("Unexpected key info content type", WSTrustConstants.XMLEnc.ENCRYPTED_KEY,
+ encKeyElement.getLocalName());
+
+ // Now let's set an asymmetric proof of possession token in the context.
+ Certificate certificate = this.getCertificate("keystore/sts_keystore.jks", "testpass", "service1");
+ context.setProofTokenInfo(WSTrustUtil.createKeyInfo(certificate));
+
+ // call the SAML token provider and check the generated token.
+ this.provider.issueToken(context);
+ assertNotNull("Unexpected null security token", context.getSecurityToken());
+
+ // check if the assertion has a subject confirmation that contains the encoded certificate.
+ assertion = SAMLUtil.fromElement((Element) context.getSecurityToken().getTokenValue());
+ subject = assertion.getSubject();
+ nameID = (NameIDType) subject.getSubType().getBaseID();
+ assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID.getNameQualifier());
+ assertEquals("Unexpected name id", "sguilhen", nameID.getValue());
+ confirmation = subject.getConfirmation().get(0);
+ assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_HOLDER_OF_KEY_URI, confirmation.getMethod());
+
+ /*
+ * confirmationContent = confirmation.getSubjectConfirmationData().getContent();
+ * assertEquals("Unexpected subject confirmation content size", 1, confirmationContent.size()); keyInfoElement =
+ * (JAXBElement<?>) confirmationContent.get(0); assertEquals("Unexpected subject confirmation context type",
+ * KeyInfoType.class, keyInfoElement.getDeclaredType());
+ */
+ keyInfo = (KeyInfoType) confirmation.getSubjectConfirmationData().getAnyType();
+ assertEquals("Unexpected key info content size", 1, keyInfo.getContent().size());
+
+ // key info should contain a X509Data section with the encoded certificate.
+ X509DataType x509Data = (X509DataType) keyInfo.getContent().get(0);
+ assertEquals("Unexpected X509 data content size", 1, x509Data.getDataObjects().size());
+ X509CertificateType cert = (X509CertificateType) x509Data.getDataObjects().get(0);
+
+ // certificate should have been encoded to Base64, so we need to decode it first.
+ byte[] encodedCert = Base64.decode(new String(cert.getEncodedCertificate()));
+ assertTrue("Invalid encoded certificate found", Arrays.equals(certificate.getEncoded(), encodedCert));
+ }
+
+ /**
+ * <p>
+ * Tests the validation of a SAMLV2.0 Assertion.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ @Test
+ public void testValidateSAMLV20Token() throws Exception
+ {
+ this.provider = new SAML20TokenProvider();
+ provider.initialize(new HashMap<String, String>());
+
+ // issue a SAMLV2.0 assertion.
+ WSTrustRequestContext context = this.createIssuingContext(WSTrustUtil.createDefaultLifetime(3600000));
+ this.provider.issueToken(context);
+
+ // get the issued SAMLV2.0 assertion.
+ Element assertion = (Element) context.getSecurityToken().getTokenValue();
+
+ // now create a WS-Trust validate context.
+ context = this.createValidatingContext(assertion);
+
+ // validate the SAMLV2.0 assertion.
+ this.provider.validateToken(context);
+ StatusType status = context.getStatus();
+ assertNotNull("Unexpected null status type", status);
+ assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_VALID, status.getCode());
+ assertEquals("Unexpected status reason", "SAMLV2.0 Assertion successfuly validated", status.getReason());
+
+ // now let's create a new SAMLV2.0 assertion with an expired lifetime.
+ long currentTimeMillis = System.currentTimeMillis();
+ GregorianCalendar created = new GregorianCalendar();
+ created.setTimeInMillis(currentTimeMillis - 3600000);
+ GregorianCalendar expires = new GregorianCalendar();
+ expires.setTimeInMillis(currentTimeMillis - 1800000);
+ context = this.createIssuingContext(new Lifetime(created, expires));
+
+ provider.issueToken(context);
+ assertion = (Element) context.getSecurityToken().getTokenValue();
+
+ // try to validate the expired token.
+ context = this.createValidatingContext(assertion);
+ provider.validateToken(context);
+ status = context.getStatus();
+ assertNotNull("Unexpected null status type", status);
+ assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_INVALID, status.getCode());
+ assertEquals("Unexpected status reason",
+ "Validation failure: assertion expired or used before its lifetime period", status.getReason());
+ }
+
+ /**
+ * <p>
+ * Creates a {@code WSTrustRequestContext} using the specified lifetime. The created context is used in the issuing
+ * test scenarios.
+ * </p>
+ *
+ * @param lifetime
+ * the {@code Lifetime} of the assertion to be issued.
+ * @return the constructed {@code WSTrustRequestHandler} instance.
+ * @throws Exception
+ * if an error occurs while creating the context.
+ */
+ private WSTrustRequestContext createIssuingContext(Lifetime lifetime) throws Exception
+ {
+ // create a WSTrustRequestContext with a simple WS-Trust issue request.
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setLifetime(lifetime);
+ request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.testcorp.org/provider2"));
+ request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
+ request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
+
+ WSTrustRequestContext context = new WSTrustRequestContext(request, new TestPrincipal("sguilhen"));
+ context.setTokenIssuer("PicketLinkSTS");
+
+ return context;
+ }
+
+ /**
+ * <p>
+ * Creates a {@code WSTrustRequestContext} for validating the specified assertion.
+ * </p>
+ *
+ * @param assertion
+ * an {@code Element} representing the SAMLV2.0 assertion to be validated.
+ * @return the constructed {@code WSTrustRequestContext} instance.
+ * @throws Exception
+ * if an error occurs while creating the validating context.
+ */
+ private WSTrustRequestContext createValidatingContext(Element assertion) throws Exception
+ {
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST));
+ request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.add(assertion);
+ request.setValidateTarget(validateTarget);
+ // we need to set the request document in the request object for the test.
+ DOMSource requestSource = (DOMSource) this.createSourceFromRequest(request);
+ request.setRSTDocument((Document) requestSource.getNode());
+
+ WSTrustRequestContext context = new WSTrustRequestContext(request, new TestPrincipal("sguilhen"));
+ return context;
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code Certificate} stored under the specified alias in the specified keystore.
+ * </p>
+ *
+ * @param keyStoreFile
+ * the name of the file that contains a JKS keystore.
+ * @param passwd
+ * the keystore password.
+ * @param certificateAlias
+ * the alias of a certificate in the keystore.
+ * @return a reference to the {@code Certificate} stored under the given alias.
+ * @throws Exception
+ * if an error occurs while handling the keystore.
+ */
+ private Certificate getCertificate(String keyStoreFile, String passwd, String certificateAlias) throws Exception
+ {
+ InputStream stream = Thread.currentThread().getContextClassLoader().getResourceAsStream(keyStoreFile);
+ KeyStore keyStore = KeyStore.getInstance("JKS");
+ keyStore.load(stream, passwd.toCharArray());
+
+ Certificate certificate = keyStore.getCertificate(certificateAlias);
+ return certificate;
+ }
+
+ private Source createSourceFromRequest(RequestSecurityToken request) throws Exception
+ {
+ DOMResult result = new DOMResult(DocumentUtil.createDocument());
+ WSTrustRequestWriter writer = new WSTrustRequestWriter(result);
+ writer.write(request);
+ return new DOMSource(result.getNode());
+ }
+}
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/STSClientConfigUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/STSClientConfigUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/STSClientConfigUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,76 @@
+/*
+ * JBoss, Home of Professional Open Source Copyright 2009, Red Hat Middleware
+ * LLC, and individual contributors by the @authors tag. See the copyright.txt
+ * in the distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the
+ * terms of the GNU Lesser General Public License as published by the Free
+ * Software Foundation; either version 2.1 of the License, or (at your option)
+ * any later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+ * FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License
+ * along with this software; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF
+ * site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.wstrust;
+
+import junit.framework.TestCase;
+
+import org.picketlink.identity.federation.core.wstrust.STSClientConfig;
+import org.picketlink.identity.federation.core.wstrust.STSClientConfig.Builder;
+
+/**
+ * Unit test for {@link WSTrustClientConfig}.
+ *
+ * @author <a href="mailto:dbevenius at jboss.com">Daniel Bevenius</a>
+ *
+ */
+public class STSClientConfigUnitTestCase extends TestCase
+{
+ final String serviceName = "PicketLinkSTS";
+ final String portName = "PicketLinkSTSPort";
+ final String endpointAddress = "http://localhost:8080/picketlink-sts/PicketLinkSTS";
+ final String username = "admin";
+ final String password = "admin";
+
+ public void testBuild()
+ {
+ final Builder builder = new STSClientConfig.Builder();
+ final STSClientConfig config = builder.serviceName(serviceName).portName(portName).endpointAddress(endpointAddress).username(username).password(password).build();
+ assertAllProperties(config);
+ }
+
+ public void testBuildFromConfigPropertiesFile()
+ {
+ final Builder builder = new STSClientConfig.Builder("wstrust/sts-client.properties");
+ assertAllProperties(builder.build());
+ }
+
+ public void testBuildFromConfigPropertiesFileOverridePassword()
+ {
+ final Builder builder = new STSClientConfig.Builder("wstrust/sts-client.properties");
+ assertAllProperties(builder.build());
+
+ final String overriddenPassword = "newPassword";
+ builder.password(overriddenPassword);
+ final STSClientConfig config = builder.build();
+ assertEquals(overriddenPassword, config.getPassword());
+ }
+
+ private void assertAllProperties(final STSClientConfig config)
+ {
+ assertEquals(serviceName, config.getServiceName());
+ assertEquals(portName, config.getPortName());
+ assertEquals(endpointAddress, config.getEndPointAddress());
+ assertEquals(username, config.getUsername());
+ assertEquals(password, config.getPassword());
+
+ }
+
+}
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,180 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.wstrust;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+
+import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.interfaces.ProtocolContext;
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.wstrust.SecurityToken;
+import org.picketlink.identity.federation.core.wstrust.StandardSecurityToken;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
+import org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * <p>
+ * Mock {@code SecurityTokenProvider} used in the test scenarios.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class SpecialTokenProvider implements SecurityTokenProvider
+{
+
+ private Map<String, String> properties;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#initialize(java.util.Map)
+ */
+ public void initialize(Map<String, String> properties)
+ {
+ this.properties = properties;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#cancelToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
+ */
+ public void cancelToken( ProtocolContext protoContext ) throws ProcessingException
+ {
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#issueToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
+ */
+ public void issueToken( ProtocolContext protoContext) throws ProcessingException
+ {
+ WSTrustRequestContext context = (WSTrustRequestContext) protoContext;
+
+ // create a simple sample token using the info from the request.
+ String caller = context.getCallerPrincipal() == null ? "anonymous" : context.getCallerPrincipal().getName();
+ URI tokenType = context.getRequestSecurityToken().getTokenType();
+ if (tokenType == null)
+ {
+ try
+ {
+ tokenType = new URI("http://www.tokens.org/SpecialToken");
+ }
+ catch (URISyntaxException ignore)
+ {
+ }
+ }
+
+ // we will use DOM to create the token.
+ try
+ {
+ Document doc = DocumentUtil.createDocument();
+
+ String namespaceURI = "http://www.tokens.org";
+ Element root = doc.createElementNS(namespaceURI, "token:SpecialToken");
+ Element child = doc.createElementNS(namespaceURI, "token:SpecialTokenValue");
+ child.appendChild(doc.createTextNode("Principal:" + caller));
+ root.appendChild(child);
+ String id = IDGenerator.create("ID_");
+ root.setAttributeNS(namespaceURI, "ID", id);
+ root.setAttributeNS(namespaceURI, "TokenType", tokenType.toString());
+ root.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns:token", namespaceURI);
+
+ doc.appendChild(root);
+
+ SecurityToken token = new StandardSecurityToken(tokenType.toString(), root, id);
+ context.setSecurityToken(token);
+ }
+ catch (ConfigurationException pce)
+ {
+ pce.printStackTrace();
+ }
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#renewToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
+ */
+ public void renewToken( ProtocolContext protoContext ) throws ProcessingException
+ {
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#validateToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext)
+ */
+ public void validateToken( ProtocolContext protoContext ) throws ProcessingException
+ {
+ }
+
+ /**
+ * <p>
+ * Just returns a reference to the properties that have been configured for testing purposes.
+ * </p>
+ *
+ * @return a reference to the properties map.
+ */
+ public Map<String, String> getProperties()
+ {
+ return this.properties;
+ }
+
+ /**
+ *
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#supports(java.lang.String)
+ */
+ public boolean supports(String namespace)
+ {
+ return WSTrustConstants.BASE_NAMESPACE.equals(namespace);
+ }
+
+ /**
+ *
+ * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#tokenType()
+ */
+ public String tokenType()
+ {
+ return WSTrustConstants.BASE_NAMESPACE;
+ }
+
+ public QName getSupportedQName()
+ {
+ return new QName( tokenType(), "SpecialToken" );
+ }
+
+ public String family()
+ {
+ return SecurityTokenProvider.FAMILY_TYPE.WS_TRUST.toString();
+ }
+}
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/TestPrincipal.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/TestPrincipal.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/TestPrincipal.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,59 @@
+/*
+ * JBoss, Home of Professional Open Source.
+
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.wstrust;
+
+import java.security.Principal;
+
+/**
+ * <p>
+ * Simple {@code Principal} implementation used in the test scenarios.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class TestPrincipal implements Principal
+{
+ private final String name;
+
+ /**
+ * <p>
+ * Creates an instance of {@code TestPrincipal} with the specified name.
+ * </p>
+ *
+ * @param name a {@code String} representing the principal name.
+ */
+ public TestPrincipal(String name)
+ {
+ this.name = name;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see java.security.Principal#getName()
+ */
+ public String getName()
+ {
+ return this.name;
+ }
+}
Added: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java (rev 0)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,107 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.wstrust;
+
+import java.util.HashMap;
+
+import junit.framework.TestCase;
+
+import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider;
+import org.picketlink.identity.federation.core.wstrust.PicketLinkSTSConfiguration;
+import org.picketlink.identity.federation.core.wstrust.STSConfiguration;
+import org.picketlink.identity.federation.core.wstrust.StandardRequestHandler;
+import org.picketlink.identity.federation.core.wstrust.WSTrustRequestHandler;
+import org.picketlink.identity.federation.core.wstrust.WSTrustServiceFactory;
+import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider;
+
+/**
+ * <p>
+ * This {@code TestCase} tests the behavior of the {@code WSTrustServiceFactory} class.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
+ */
+public class WSTrustServiceFactoryUnitTestCase extends TestCase
+{
+
+ /**
+ * <p>
+ * Tests the creation of a {@code WSTrustRequestHandler} instance.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testCreateRequestHandler() throws Exception
+ {
+ STSConfiguration config = new PicketLinkSTSConfiguration();
+ WSTrustServiceFactory factory = WSTrustServiceFactory.getInstance();
+
+ // tests the creation of the request handler.
+ WSTrustRequestHandler handler = factory.createRequestHandler(
+ "org.picketlink.identity.federation.core.wstrust.StandardRequestHandler", config);
+ assertNotNull("Unexpected null request handler", handler);
+ assertTrue("Unexpected request handler type", handler instanceof StandardRequestHandler);
+
+ // try to create an invalid instance of request handler.
+ try
+ {
+ factory.createRequestHandler("InvalidHandler", config);
+ fail("An exception should have been raised");
+ }
+ catch (RuntimeException re)
+ {
+ assertTrue(re.getCause().getMessage().contains("could not be loaded"));
+ }
+ }
+
+ /**
+ * <p>
+ * Tests the creation of {@code SecurityTokenProvider}s.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testCreateTokenProvider() throws Exception
+ {
+ WSTrustServiceFactory factory = WSTrustServiceFactory.getInstance();
+ SecurityTokenProvider provider = factory.createTokenProvider(
+ "org.picketlink.test.identity.federation.core.wstrust.SpecialTokenProvider", null);
+ assertNotNull("Unexpected null token provider", provider);
+ assertTrue("Unexpected token provider type", provider instanceof SpecialTokenProvider);
+ provider = factory.createTokenProvider(
+ "org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider",
+ new HashMap<String, String>());
+ assertNotNull("Unexpected null token provider", provider);
+ assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider);
+
+ // try to create an invalid token provider.
+ try
+ {
+ factory.createTokenProvider("InvalidTokenProvider", null);
+ fail("An exception should have been raised");
+ }
+ catch (RuntimeException re)
+ {
+ assertTrue(re.getCause().getMessage().contains("could not be loaded"));
+ }
+ }
+}
Added: product/trunk/picketlink-core/src/test/resources/parser/saml2/saml2-response-adfs-claims.xml
===================================================================
--- product/trunk/picketlink-core/src/test/resources/parser/saml2/saml2-response-adfs-claims.xml (rev 0)
+++ product/trunk/picketlink-core/src/test/resources/parser/saml2/saml2-response-adfs-claims.xml 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,66 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
+ Destination="https://something"
+ ID="_48db7f2f-a2d2-4e45-94bc-bb680a47d073" InResponseTo="CPSID_47811a63-caf3-4e4e-84cb-fa872cafff05"
+ IssueInstant="2011-07-19T21:23:42.077Z" Version="2.0">
+ <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">urn:adfs:services:trust
+ </Issuer>
+ <samlp:Status>
+ <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
+ </samlp:Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_334b1e3d-8783-4ea6-b5a9-0dd6317999d2"
+ IssueInstant="2011-07-19T21:23:42.077Z" Version="2.0">
+ <Issuer>urn:adfs:services:trust</Issuer>
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ <ds:SignatureMethod
+ Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
+ <ds:Reference URI="#_334b1e3d-8783-4ea6-b5a9-0dd6317999d2">
+ <ds:Transforms>
+ <ds:Transform
+ Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
+ <ds:DigestValue>6UvO3uhEz2ErtcrijZ4WfvhrPGEoP+fdmiMOg0mOeMQ=
+ </ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>JGR4KOgUKksRKGn0c2OvyVhCIbOX5rafDiaXezTyGPsQJnVhbYUa6xDnDEb1kMXefL3IxAWL2o1PgYlnrrGfuP3QgAeF1B+w9JlO4/H7DTeumMWz7ZvpsmUMARrcFBJjsOXgIZxDU3UY1yzn6IMZonQRz2CO6kVo2q3zemlb8TAssZttj71Wl/fceRDlkV/+suQChaaXeDWVW2T+ITnt2JSJY2GL6PpT8K+hHAyfS0PgC9o3RedAwIZT73ZiCQugZYxBgjQbZXT72x6arh8phWVtENCr6JEcXFUrAGnYzOn3/48M6w9MQ2GhHB4XqgWAQrrpcG6nw47q+Z4zn+9Wig==
+ </ds:SignatureValue>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIIC7jCCAdagAwIBAgIQXp/JPRE5SaJCiQcYG8wqBzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhBREZTIFNpZ25pbmcgLSBDUFMtRVhULUZTLmV4dC5zdy5yaW0ubmV0MB4XDTExMDUwODIyMDQ1OVoXDTEyMDUwNzIyMDQ1OVowMzExMC8GA1UEAxMoQURGUyBTaWduaW5nIC0gQ1BTLUVYVC1GUy5leHQuc3cucmltLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANN57C+4eyqeB44BiUB4xmyTcUMhJR55yjnJWWse8KllXJYnFzZzJPvVC1SPlACz2EzuATT5gWFhHyhqolgqAR5a0pke1wXVN4aHKOkUzmDhdd2JfOGFoJRIV9wgkX1bbA2FS+kJMl0ewdgxKdjOlKM+LXNmFteqRYZq2+0ss7vtZJ8/ls9t6cRNd2qI+7zJvPqvs1Beaiia9P45oXn7YPK4TJKIR3aq4vmI1q2cSFK1a1b76YDvzYYAASCpeGJ+20lh3j81/5D408MrjaDb1pMXWhK01okcypQeNwaGoEQwlFm8M5eQCRgnJbHzASE8NMdV+2NW2vn+GNbp327gOk0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkYq2FmFTkP9NRXJn/J3XU+9Idv4h76vNdIT4hvfnzhlKGqVZANgIVgXk6aIzSv22x3vxkjSvMDQkhINHLEcKzabWdpAtwUUiqBUykwg+MvzolLkuG6yNT59KrUPbteqxQrhK5O+VCsDIaxjWjvSW0O7ACuPgQFPcnDZDcVXJWOCy6sUmnMSuD1kMmCJ6ubu72IrlnPKWp1obfVl1EV1GOWwx6LSn/WyZ0+ca4bkOLhMku5v+7myQLMWxS5sqb9578ZG51qrfJRde3wCOGAfRBCUa/8H/6xvkp7T6j0Fx4uH!
j8XBn8wjL8epgWSyH381owGepLRJ+evRIjtbYVEAs7w==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </KeyInfo>
+ </ds:Signature>
+ <Subject>
+ <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+ <SubjectConfirmationData
+ InResponseTo="CPSID_47811a63-caf3-4e4e-84cb-fa872cafff05"
+ NotOnOrAfter="2011-07-19T21:28:42.077Z" Recipient="https://somebody" />
+ </SubjectConfirmation>
+ </Subject>
+ <Conditions NotBefore="2011-07-19T21:23:42.077Z"
+ NotOnOrAfter="2011-07-19T22:23:42.077Z">
+ <AudienceRestriction>
+ <Audience>https://somebody</Audience>
+ </AudienceRestriction>
+ </Conditions>
+ <AttributeStatement>
+ <Attribute Name="http://schemas.xmlsoap.org/claims/EmailAddress">
+ <AttributeValue>admin at test.net</AttributeValue>
+ </Attribute>
+ <Attribute Name="http://schemas.xmlsoap.org/claims/PUID">
+ <AttributeValue>1004567899</AttributeValue>
+ </Attribute>
+ </AttributeStatement>
+ <AuthnStatement AuthnInstant="2011-07-19T21:10:57.923Z">
+ <AuthnContext>
+ <AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef>
+ </AuthnContext>
+ </AuthnStatement>
+ </Assertion>
+</samlp:Response>
\ No newline at end of file
Added: product/trunk/picketlink-core/src/test/resources/saml/v2/response/saml2-response-adfs-claims.xml
===================================================================
--- product/trunk/picketlink-core/src/test/resources/saml/v2/response/saml2-response-adfs-claims.xml (rev 0)
+++ product/trunk/picketlink-core/src/test/resources/saml/v2/response/saml2-response-adfs-claims.xml 2011-07-25 19:24:06 UTC (rev 1124)
@@ -0,0 +1,66 @@
+<samlp:Response xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ Consent="urn:oasis:names:tc:SAML:2.0:consent:unspecified"
+ Destination="https://something"
+ ID="_48db7f2f-a2d2-4e45-94bc-bb680a47d073" InResponseTo="CPSID_47811a63-caf3-4e4e-84cb-fa872cafff05"
+ IssueInstant="2011-07-19T21:23:42.077Z" Version="2.0">
+ <Issuer xmlns="urn:oasis:names:tc:SAML:2.0:assertion">urn:adfs:services:trust
+ </Issuer>
+ <samlp:Status>
+ <samlp:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" />
+ </samlp:Status>
+ <Assertion xmlns="urn:oasis:names:tc:SAML:2.0:assertion" ID="_334b1e3d-8783-4ea6-b5a9-0dd6317999d2"
+ IssueInstant="2011-07-19T21:23:42.077Z" Version="2.0">
+ <Issuer>urn:adfs:services:trust</Issuer>
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ <ds:SignatureMethod
+ Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256" />
+ <ds:Reference URI="#_334b1e3d-8783-4ea6-b5a9-0dd6317999d2">
+ <ds:Transforms>
+ <ds:Transform
+ Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" />
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256" />
+ <ds:DigestValue>6UvO3uhEz2ErtcrijZ4WfvhrPGEoP+fdmiMOg0mOeMQ=
+ </ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>JGR4KOgUKksRKGn0c2OvyVhCIbOX5rafDiaXezTyGPsQJnVhbYUa6xDnDEb1kMXefL3IxAWL2o1PgYlnrrGfuP3QgAeF1B+w9JlO4/H7DTeumMWz7ZvpsmUMARrcFBJjsOXgIZxDU3UY1yzn6IMZonQRz2CO6kVo2q3zemlb8TAssZttj71Wl/fceRDlkV/+suQChaaXeDWVW2T+ITnt2JSJY2GL6PpT8K+hHAyfS0PgC9o3RedAwIZT73ZiCQugZYxBgjQbZXT72x6arh8phWVtENCr6JEcXFUrAGnYzOn3/48M6w9MQ2GhHB4XqgWAQrrpcG6nw47q+Z4zn+9Wig==
+ </ds:SignatureValue>
+ <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#">
+ <ds:X509Data>
+ <ds:X509Certificate>MIIC7jCCAdagAwIBAgIQXp/JPRE5SaJCiQcYG8wqBzANBgkqhkiG9w0BAQsFADAzMTEwLwYDVQQDEyhBREZTIFNpZ25pbmcgLSBDUFMtRVhULUZTLmV4dC5zdy5yaW0ubmV0MB4XDTExMDUwODIyMDQ1OVoXDTEyMDUwNzIyMDQ1OVowMzExMC8GA1UEAxMoQURGUyBTaWduaW5nIC0gQ1BTLUVYVC1GUy5leHQuc3cucmltLm5ldDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANN57C+4eyqeB44BiUB4xmyTcUMhJR55yjnJWWse8KllXJYnFzZzJPvVC1SPlACz2EzuATT5gWFhHyhqolgqAR5a0pke1wXVN4aHKOkUzmDhdd2JfOGFoJRIV9wgkX1bbA2FS+kJMl0ewdgxKdjOlKM+LXNmFteqRYZq2+0ss7vtZJ8/ls9t6cRNd2qI+7zJvPqvs1Beaiia9P45oXn7YPK4TJKIR3aq4vmI1q2cSFK1a1b76YDvzYYAASCpeGJ+20lh3j81/5D408MrjaDb1pMXWhK01okcypQeNwaGoEQwlFm8M5eQCRgnJbHzASE8NMdV+2NW2vn+GNbp327gOk0CAwEAATANBgkqhkiG9w0BAQsFAAOCAQEAkYq2FmFTkP9NRXJn/J3XU+9Idv4h76vNdIT4hvfnzhlKGqVZANgIVgXk6aIzSv22x3vxkjSvMDQkhINHLEcKzabWdpAtwUUiqBUykwg+MvzolLkuG6yNT59KrUPbteqxQrhK5O+VCsDIaxjWjvSW0O7ACuPgQFPcnDZDcVXJWOCy6sUmnMSuD1kMmCJ6ubu72IrlnPKWp1obfVl1EV1GOWwx6LSn/WyZ0+ca4bkOLhMku5v+7myQLMWxS5sqb9578ZG51qrfJRde3wCOGAfRBCUa/8H/6xvkp7T6j0Fx4uH!
j8XBn8wjL8epgWSyH381owGepLRJ+evRIjtbYVEAs7w==
+ </ds:X509Certificate>
+ </ds:X509Data>
+ </KeyInfo>
+ </ds:Signature>
+ <Subject>
+ <SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+ <SubjectConfirmationData
+ InResponseTo="CPSID_47811a63-caf3-4e4e-84cb-fa872cafff05"
+ NotOnOrAfter="2011-07-19T21:28:42.077Z" Recipient="https://somebody" />
+ </SubjectConfirmation>
+ </Subject>
+ <Conditions NotBefore="2011-07-19T21:23:42.077Z"
+ NotOnOrAfter="2011-07-19T22:23:42.077Z">
+ <AudienceRestriction>
+ <Audience>https://somebody</Audience>
+ </AudienceRestriction>
+ </Conditions>
+ <AttributeStatement>
+ <Attribute Name="http://schemas.xmlsoap.org/claims/EmailAddress">
+ <AttributeValue>admin at test.net</AttributeValue>
+ </Attribute>
+ <Attribute Name="http://schemas.xmlsoap.org/claims/PUID">
+ <AttributeValue>1004567899</AttributeValue>
+ </Attribute>
+ </AttributeStatement>
+ <AuthnStatement AuthnInstant="2011-07-19T21:10:57.923Z">
+ <AuthnContext>
+ <AuthnContextClassRef>urn:federation:authentication:windows</AuthnContextClassRef>
+ </AuthnContext>
+ </AuthnStatement>
+ </Assertion>
+</samlp:Response>
\ No newline at end of file
More information about the jboss-cvs-commits
mailing list