[jboss-identity-commits] JBoss Identity SVN: r966 - identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust.

Author: sguilhen(a)redhat.com Date: 2009-11-17 10:26:04 -0500 (Tue, 17 Nov 2009) New Revision: 966 Modified: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/JBossSTSUnitTestCase.java Log: JBID-212: added renew token test to JBossSTSUnitTestCase Modified: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/JBossSTSUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/JBossSTSUnitTestCase.java 2009-11-17 15:13:59 UTC (rev 965) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/JBossSTSUnitTestCase.java 2009-11-17 15:26:04 UTC (rev 966) @@ -26,9 +26,8 @@ import java.util.List; import java.util.Map; -import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBElement; -import javax.xml.bind.Unmarshaller; +import javax.xml.datatype.DatatypeConstants; import javax.xml.namespace.QName; import javax.xml.transform.Source; import javax.xml.ws.EndpointReference; @@ -68,6 +67,7 @@ import org.jboss.identity.federation.ws.policy.AppliesTo; import org.jboss.identity.federation.ws.trust.BinarySecretType; import org.jboss.identity.federation.ws.trust.EntropyType; +import org.jboss.identity.federation.ws.trust.RenewTargetType; import org.jboss.identity.federation.ws.trust.RequestedProofTokenType; import org.jboss.identity.federation.ws.trust.RequestedReferenceType; import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType; @@ -297,7 +297,7 @@ .parseRequestSecurityTokenResponse(responseMessage); // validate the security token response. - this.validateSAMLAssertionResponse(baseResponse, SAMLUtil.SAML2_BEARER_URI); + this.validateSAMLAssertionResponse(baseResponse, "testcontext", SAMLUtil.SAML2_BEARER_URI); } /** @@ -354,7 +354,8 @@ .parseRequestSecurityTokenResponse(responseMessage); // validate the security token response. - AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, SAMLUtil.SAML2_BEARER_URI); + AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse, "testcontext", + SAMLUtil.SAML2_BEARER_URI); // in this scenario, the conditions section should have an audience restriction. ConditionsType conditions = assertion.getConditions(); @@ -397,7 +398,7 @@ .parseRequestSecurityTokenResponse(responseMessage); // validate the security token response. - this.validateSAMLAssertionResponse(baseResponse, SAMLUtil.SAML2_HOLDER_OF_KEY_URI); + this.validateSAMLAssertionResponse(baseResponse, "testcontext", SAMLUtil.SAML2_HOLDER_OF_KEY_URI); // check if the response contains the STS-generated key. RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse; @@ -451,7 +452,7 @@ .parseRequestSecurityTokenResponse(responseMessage); // validate the security token response. - this.validateSAMLAssertionResponse(baseResponse, SAMLUtil.SAML2_HOLDER_OF_KEY_URI); + this.validateSAMLAssertionResponse(baseResponse, "testcontext", SAMLUtil.SAML2_HOLDER_OF_KEY_URI); RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse; RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0); @@ -459,11 +460,11 @@ assertNotNull("Unexpected null proof token", proofToken); assertTrue(proofToken.getAny() instanceof JAXBElement); JAXBElement<?> proofElement = (JAXBElement<?>) proofToken.getAny(); - + // proof token should contain only the computed key algorithm. assertEquals("Unexpected proof token content", "ComputedKey", proofElement.getName().getLocalPart()); assertEquals("Unexpected computed key algorithm", WSTrustConstants.CK_PSHA1, proofElement.getValue()); - + // server entropy must have been included in the response to allow reconstruction of the computed key. EntropyType serverEntropy = response.getEntropy(); assertNotNull("Unexpected null server entropy"); @@ -487,7 +488,7 @@ */ public void testInvokeSAML20Validate() throws Exception { - // create a simple token request, this time using the applies to get to the token type. + // create a simple token request. RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST, SAMLUtil.SAML2_TOKEN_TYPE, null); @@ -499,7 +500,8 @@ Source responseMessage = this.tokenService.invoke(requestMessage); BaseRequestSecurityTokenResponse baseResponse = factory.parseRequestSecurityTokenResponse(responseMessage); - // get the SAML assertion from the request. + // validate the response and get the SAML assertion from the request. + this.validateSAMLAssertionResponse(baseResponse, "testcontext", SAMLUtil.SAML2_BEARER_URI); RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse; Element assertion = (Element) collection.getRequestSecurityTokenResponses().get(0).getRequestedSecurityToken() .getAny(); @@ -546,6 +548,64 @@ /** * <p> + * This test case first generates a SAMLV2.0 assertion and then sends a WS-Trust renew message to the STS to get + * the assertion renewed (i.e. get a new assertion with an updated lifetime). + * </p> + * + * @throws Exception + * if an error occurs while running the test. + */ + public void testInvokeSAML20Renew() throws Exception + { + // create a simple token request, using applies-to to identify the token type. + RequestSecurityToken request = this.createRequest("testcontext", WSTrustConstants.ISSUE_REQUEST, null, + "http://services.testcorp.org/provider2"); + + // use the factory to marshall the request. + WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance(); + Source requestMessage = factory.marshallRequestSecurityToken(request); + + // invoke the token service. + Source responseMessage = this.tokenService.invoke(requestMessage); + BaseRequestSecurityTokenResponse baseResponse = factory.parseRequestSecurityTokenResponse(responseMessage); + + // validate the response and get the SAML assertion from the request. + this.validateSAMLAssertionResponse(baseResponse, "testcontext", SAMLUtil.SAML2_BEARER_URI); + RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse; + Element assertionElement = (Element) collection.getRequestSecurityTokenResponses().get(0) + .getRequestedSecurityToken().getAny(); + + // now construct a WS-Trust renew request with the generated assertion. + request = this.createRequest("renewcontext", WSTrustConstants.RENEW_REQUEST, SAMLUtil.SAML2_TOKEN_TYPE, null); + RenewTargetType renewTarget = new RenewTargetType(); + renewTarget.setAny(assertionElement); + request.setRenewTarget(renewTarget); + + // invoke the token service. + responseMessage = this.tokenService.invoke(factory.marshallRequestSecurityToken(request)); + baseResponse = factory.parseRequestSecurityTokenResponse(responseMessage); + + // validate the renew response contents and get the renewed token. + this.validateSAMLAssertionResponse(baseResponse, "renewcontext", SAMLUtil.SAML2_BEARER_URI); + collection = (RequestSecurityTokenResponseCollection) baseResponse; + Element renewedAssertionElement = (Element) collection.getRequestSecurityTokenResponses().get(0) + .getRequestedSecurityToken().getAny(); + + // compare the assertions, checking if the lifetime has been updated. + AssertionType originalAssertion = SAMLUtil.fromElement(assertionElement); + AssertionType renewedAssertion = SAMLUtil.fromElement(renewedAssertionElement); + + // assertions should have different ids and lifetimes. + assertFalse("Renewed assertion should have a unique id", originalAssertion.getID().equals( + renewedAssertion.getID())); + assertEquals(DatatypeConstants.LESSER, originalAssertion.getConditions().getNotBefore().compare( + renewedAssertion.getConditions().getNotBefore())); + assertEquals(DatatypeConstants.LESSER, originalAssertion.getConditions().getNotOnOrAfter().compare( + renewedAssertion.getConditions().getNotOnOrAfter())); + } + + /** + * <p> * This test tries to request a token of an unknown type, checking if an exception is correctly thrown by the * security token service. * </p> @@ -633,7 +693,7 @@ * @throws Exception * if one of the validation performed fail. */ - private AssertionType validateSAMLAssertionResponse(BaseRequestSecurityTokenResponse baseResponse, + private AssertionType validateSAMLAssertionResponse(BaseRequestSecurityTokenResponse baseResponse, String context, String confirmationMethod) throws Exception { @@ -644,7 +704,7 @@ RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse; assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size()); RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0); - assertEquals("Unexpected response context", "testcontext", response.getContext()); + assertEquals("Unexpected response context", context, response.getContext()); assertEquals("Unexpected token type", SAMLUtil.SAML2_TOKEN_TYPE, response.getTokenType().toString()); Lifetime lifetime = response.getLifetime(); assertNotNull("Unexpected null token lifetime", lifetime); @@ -668,11 +728,7 @@ assertNotNull("Unexpected null requested security token", requestedToken); // unmarshall the SAMLV2.0 assertion. - JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion"); - Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); - JAXBElement<?> assertionElement = (JAXBElement<?>) unmarshaller.unmarshal((Element) requestedToken.getAny()); - assertEquals("Unexpected assertion type", AssertionType.class, assertionElement.getDeclaredType()); - AssertionType assertion = (AssertionType) assertionElement.getValue(); + AssertionType assertion = SAMLUtil.fromElement((Element) requestedToken.getAny()); // verify the contents of the unmarshalled assertion. assertNotNull("Invalid null assertion ID", assertion.getID()); @@ -708,7 +764,7 @@ .getDeclaredType()); KeyInfoType keyInfo = (KeyInfoType) keyInfoElement.getValue(); assertEquals("Unexpected key info content size", 1, keyInfo.getContent().size()); - + // if they key is a symmetric key, the KeyInfo should contain an encrypted element. if (WSTrustConstants.KEY_TYPE_SYMMETRIC.equals(response.getKeyType().toString())) { @@ -716,14 +772,15 @@ assertEquals("Unexpected key info content type", EncryptedKeyType.class, encKeyElement.getDeclaredType()); } // if the key is a public key, the KeyInfo should contain an encoded certificate. - else if(WSTrustConstants.KEY_TYPE_PUBLIC.equals(response.getKeyType().toString())) + else if (WSTrustConstants.KEY_TYPE_PUBLIC.equals(response.getKeyType().toString())) { JAXBElement<?> x509DataElement = (JAXBElement<?>) keyInfo.getContent().get(0); assertEquals("Unexpected key info content type", X509DataType.class, x509DataElement.getDeclaredType()); X509DataType x509Data = (X509DataType) x509DataElement.getValue(); - assertEquals("Unexpected X509 data content size", 1, x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName(). - size()); - JAXBElement<?> x509CertElement = (JAXBElement<?>) x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0); + assertEquals("Unexpected X509 data content size", 1, x509Data + .getX509IssuerSerialOrX509SKIOrX509SubjectName().size()); + JAXBElement<?> x509CertElement = (JAXBElement<?>) x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName() + .get(0); assertEquals("Unexpected X509 data content type", byte[].class, x509CertElement.getDeclaredType()); } }