Author: anil.saldhana(a)jboss.com
Date: 2009-06-03 12:56:25 -0400 (Wed, 03 Jun 2009)
New Revision: 569
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/exceptions/IssueInstantMissingException.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/util/
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java
Log:
JBID-125: assertionutil test case
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-06-03
14:44:13 UTC (rev 568)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-06-03
16:56:25 UTC (rev 569)
@@ -56,6 +56,7 @@
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
@@ -347,7 +348,14 @@
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
//Add timed conditions
- saml2Response.createTimedConditions(assertion, this.assertionValidity);
+ try
+ {
+ saml2Response.createTimedConditions(assertion, this.assertionValidity);
+ }
+ catch (IssueInstantMissingException e1)
+ {
+ log.error(e1);
+ }
//Lets see how the response looks like
if(log.isTraceEnabled())
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-06-03
14:44:13 UTC (rev 568)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-06-03
16:56:25 UTC (rev 569)
@@ -36,8 +36,8 @@
import javax.xml.parsers.ParserConfigurationException;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import
org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
@@ -45,15 +45,14 @@
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.saml.v2.util.JAXBElementMappingUtil;
-import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
import org.jboss.identity.federation.saml.v2.assertion.AuthnContextType;
import org.jboss.identity.federation.saml.v2.assertion.AuthnStatementType;
-import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
@@ -77,11 +76,7 @@
*/
public AssertionType createAssertion(String id, NameIDType issuer)
{
- AssertionType assertion =
SAMLAssertionFactory.getObjectFactory().createAssertionType();
- assertion.setID(id);
- assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get());
- assertion.setIssuer(issuer);
- return assertion;
+ return AssertionUtil.createAssertion(id, issuer);
}
/**
@@ -161,19 +156,12 @@
* @param assertion
* @param durationInMilis
* @throws ConfigurationException
+ * @throws IssueInstantMissingException
*/
public void createTimedConditions(AssertionType assertion, long durationInMilis)
- throws ConfigurationException
+ throws ConfigurationException, IssueInstantMissingException
{
- XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
- if(issueInstant == null)
- throw new IllegalStateException("assertion does not have issue
instant");
- XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant,
durationInMilis);
- ConditionsType conditionsType =
JBossSAMLBaseFactory.getObjectFactory().createConditionsType();
- conditionsType.setNotBefore(issueInstant);
- conditionsType.setNotOnOrAfter(assertionValidityLength);
-
- assertion.setConditions(conditionsType);
+ AssertionUtil.createTimedConditions(assertion, durationInMilis);
}
/**
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/exceptions/IssueInstantMissingException.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/exceptions/IssueInstantMissingException.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/exceptions/IssueInstantMissingException.java 2009-06-03
16:56:25 UTC (rev 569)
@@ -0,0 +1,54 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.exceptions;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * Exception indicating that the IssueInstant is missing
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jun 3, 2009
+ */
+public class IssueInstantMissingException extends GeneralSecurityException
+{
+ private static final long serialVersionUID = 1L;
+
+ public IssueInstantMissingException()
+ {
+ super();
+ }
+
+ public IssueInstantMissingException(String message, Throwable cause)
+ {
+ super(message, cause);
+ }
+
+ public IssueInstantMissingException(String msg)
+ {
+ super(msg);
+ }
+
+ public IssueInstantMissingException(Throwable cause)
+ {
+ super(cause);
+ }
+}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java 2009-06-03
14:44:13 UTC (rev 568)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/AssertionUtil.java 2009-06-03
16:56:25 UTC (rev 569)
@@ -21,9 +21,16 @@
*/
package org.jboss.identity.federation.core.saml.v2.util;
+import javax.xml.datatype.XMLGregorianCalendar;
+
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
+import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
+import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
+import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
/**
* Utility to deal with assertions
@@ -33,6 +40,42 @@
public class AssertionUtil
{
/**
+ * Create an assertion
+ * @param id
+ * @param issuer
+ * @return
+ */
+ public static AssertionType createAssertion(String id, NameIDType issuer)
+ {
+ AssertionType assertion =
SAMLAssertionFactory.getObjectFactory().createAssertionType();
+ assertion.setID(id);
+ assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get());
+ assertion.setIssuer(issuer);
+ return assertion;
+ }
+
+ /**
+ * Add validity conditions to the SAML2 Assertion
+ * @param assertion
+ * @param durationInMilis
+ * @throws ConfigurationException
+ * @throws IssueInstantMissingException
+ */
+ public static void createTimedConditions(AssertionType assertion, long
durationInMilis)
+ throws ConfigurationException, IssueInstantMissingException
+ {
+ XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
+ if(issueInstant == null)
+ throw new IssueInstantMissingException("assertion does not have issue
instant");
+ XMLGregorianCalendar assertionValidityLength = XMLTimeUtil.add(issueInstant,
durationInMilis);
+ ConditionsType conditionsType =
JBossSAMLBaseFactory.getObjectFactory().createConditionsType();
+ conditionsType.setNotBefore(issueInstant);
+ conditionsType.setNotOnOrAfter(assertionValidityLength);
+
+ assertion.setConditions(conditionsType);
+ }
+
+ /**
* Check whether the assertion has expired
* @param assertion
* @return
@@ -48,6 +91,6 @@
conditionsType.getNotBefore(), conditionsType.getNotOnOrAfter());
}
//TODO: if conditions do not exist, assume the assertion to be everlasting?
- return true;
+ return false;
}
}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java 2009-06-03
14:44:13 UTC (rev 568)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java 2009-06-03
16:56:25 UTC (rev 569)
@@ -62,6 +62,20 @@
newVal.add(duration);
return newVal;
}
+
+ /**
+ * Subtract some miliseconds from the time value
+ * @param value
+ * @param milis miliseconds entered in a positive value
+ * @return
+ * @throws ConfigurationException
+ */
+ public static XMLGregorianCalendar subtract(XMLGregorianCalendar value, long milis)
throws ConfigurationException
+ {
+ if(milis < 0)
+ throw new IllegalArgumentException("milis should be a positive
value");
+ return add(value, -1 * milis);
+ }
/**
* Returns a XMLGregorianCalendar in the timezone specified.
@@ -120,6 +134,11 @@
public static boolean isValid(XMLGregorianCalendar now,
XMLGregorianCalendar notbefore, XMLGregorianCalendar notOnOrAfter)
{
+ if(notbefore == null)
+ throw new IllegalArgumentException("notbefore argument is null");
+ if(notOnOrAfter == null)
+ throw new IllegalArgumentException("notOnOrAfter argument is null");
+
int val = notbefore.compare(now);
if(val == DatatypeConstants.INDETERMINATE || val == DatatypeConstants.GREATER)
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/util/AssertionUtilUnitTestCase.java 2009-06-03
16:56:25 UTC (rev 569)
@@ -0,0 +1,92 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.core.saml.v2.util;
+
+import javax.xml.datatype.XMLGregorianCalendar;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
+import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
+import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
+import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
+
+
+/**
+ * Unit test the AssertionUtil
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jun 3, 2009
+ */
+public class AssertionUtilUnitTestCase extends TestCase
+{
+ private ObjectFactory of = SAMLAssertionFactory.getObjectFactory();
+
+ public void testValidAssertion() throws Exception
+ {
+ NameIDType nameIdType = of.createNameIDType();
+ nameIdType.setValue("somename");
+
+ AssertionType assertion = of.createAssertionType();
+ assertion.setID("SomeID");
+ assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get());
+ assertion.setIssuer(nameIdType);
+
+ //Assertions with no conditions are everlasting
+ assertTrue(AssertionUtil.hasExpired(assertion) == false);
+
+ XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
+
+ XMLGregorianCalendar sometimeLater = XMLTimeUtil.add(now, 5555);
+
+ ConditionsType conditions = of.createConditionsType();
+ conditions.setNotBefore(now);
+ conditions.setNotOnOrAfter(sometimeLater);
+ assertion.setConditions(conditions);
+ assertTrue(AssertionUtil.hasExpired(assertion) == false);
+ }
+
+ public void testExpiredAssertion() throws Exception
+ {
+
+ NameIDType nameIdType = of.createNameIDType();
+ nameIdType.setValue("somename");
+
+ AssertionType assertion = of.createAssertionType();
+ assertion.setID("SomeID");
+ assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get());
+ assertion.setIssuer(nameIdType);
+
+ XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
+
+ XMLGregorianCalendar sometimeAgo = XMLTimeUtil.subtract(now, 55555);
+
+ ConditionsType conditions = of.createConditionsType();
+ conditions.setNotBefore(XMLTimeUtil.subtract(now,55575));
+ conditions.setNotOnOrAfter(sometimeAgo);
+ assertion.setConditions(conditions);
+ assertTrue(AssertionUtil.hasExpired(assertion));
+ }
+}
\ No newline at end of file