Author: anil.saldhana(a)jboss.com
Date: 2009-10-12 22:59:44 -0400 (Mon, 12 Oct 2009)
New Revision: 853
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2SignatureHandler.java
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/saml/handlers/SAML2SignatureHandlerUnitTestCase.java
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerRequest.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerRequest.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLSignatureUtil.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/constants/GeneralConstants.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/saml/handlers/SAML2AttributeHandlerUnitTestCase.java
Log:
JBID-198: SAML2 Signature Handler
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerRequest.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerRequest.java 2009-10-12
18:52:32 UTC (rev 852)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/impl/DefaultSAML2HandlerRequest.java 2009-10-13
02:59:44 UTC (rev 853)
@@ -26,10 +26,12 @@
import java.util.Map;
import org.jboss.identity.federation.core.interfaces.ProtocolContext;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
import org.jboss.identity.federation.saml.v2.SAML2Object;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
+import org.w3c.dom.Document;
/**
* Default SAML2HandlerRequest
@@ -40,19 +42,19 @@
{
private ProtocolContext protocolContext = null;
private NameIDType issuer;
- private SAML2Object saml2Object;
+ private SAMLDocumentHolder documentHolder; ;
private HANDLER_TYPE handlerType;
private Map<String,Object> options = new HashMap<String,Object>();
private GENERATE_REQUEST_TYPE generateRequestType;
private String relayState;
public DefaultSAML2HandlerRequest(ProtocolContext protocolContext,
- NameIDType issuer, SAML2Object saml2Object,
+ NameIDType issuer, SAMLDocumentHolder samlDocumentHolder,
HANDLER_TYPE handlerType)
{
this.protocolContext = protocolContext;
this.issuer = issuer;
- this.saml2Object = saml2Object;
+ this.documentHolder = samlDocumentHolder;
this.handlerType = handlerType;
}
@@ -80,7 +82,7 @@
*/
public SAML2Object getSAML2Object()
{
- return this.saml2Object;
+ return (SAML2Object) this.documentHolder.getSamlObject();
}
/**
* @see SAML2HandlerRequest#getType()
@@ -90,7 +92,16 @@
return handlerType;
}
+
/**
+ * @see {@code SAML2HandlerRequest#addOption(String, Object)}
+ */
+ public void addOption(String key, Object option)
+ {
+ this.options.put(key, option);
+ }
+
+ /**
* @see SAML2HandlerRequest#getOptions()
*/
public Map<String, Object> getOptions()
@@ -128,4 +139,10 @@
{
this.relayState = relay;
}
+
+ public Document getRequestDocument()
+ {
+ return this.documentHolder.getSamlDocument();
+ }
+
}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerRequest.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerRequest.java 2009-10-12
18:52:32 UTC (rev 852)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/interfaces/SAML2HandlerRequest.java 2009-10-13
02:59:44 UTC (rev 853)
@@ -26,6 +26,7 @@
import org.jboss.identity.federation.core.interfaces.ProtocolContext;
import org.jboss.identity.federation.saml.v2.SAML2Object;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
+import org.w3c.dom.Document;
/**
* Request for {@code SAML2Handler}
@@ -33,8 +34,7 @@
* @since Sep 25, 2009
*/
public interface SAML2HandlerRequest
-{
-
+{
public enum GENERATE_REQUEST_TYPE
{
AUTH,LOGOUT;
@@ -54,6 +54,12 @@
SAML2Object getSAML2Object();
/**
+ * Get the request as a DOM
+ * @return
+ */
+ Document getRequestDocument();
+
+ /**
* Return the type of SAML request
* that needs to be generated at the handler
* @return
@@ -87,6 +93,13 @@
String getRelayState();
/**
+ * Add an option
+ * @param key
+ * @param option
+ */
+ void addOption(String key, Object option);
+
+ /**
* Configure options
* @param options
*/
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLSignatureUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLSignatureUtil.java 2009-10-12
18:52:32 UTC (rev 852)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLSignatureUtil.java 2009-10-13
02:59:44 UTC (rev 853)
@@ -283,6 +283,8 @@
@SuppressWarnings("unchecked")
public static boolean validate(Document signedDoc, Key publicKey) throws
MarshalException, XMLSignatureException
{
+ if(signedDoc == null)
+ throw new IllegalArgumentException("Signed Document is null");
NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS,
"Signature");
if (nl == null || nl.getLength() == 0)
{
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/constants/GeneralConstants.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/constants/GeneralConstants.java 2009-10-12
18:52:32 UTC (rev 852)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/constants/GeneralConstants.java 2009-10-13
02:59:44 UTC (rev 853)
@@ -40,6 +40,8 @@
String IGNORE_SIGNATURES = "IGNORE_SIGNATURES";
+ String KEYPAIR = "KEYPAIR";
+
String PRINCIPAL_ID = "jboss_identity.principal";
String ROLES = "ROLES";
String ROLES_ID = "jboss_identity.roles";
@@ -47,6 +49,7 @@
String ROLE_GENERATOR = "ROLE_GENERATOR";
String ROLE_VALIDATOR = "ROLE_VALIDATOR";
+ String SENDER_PUBLIC_KEY = "SENDER_PUBLIC_KEY";
String SIGN_OUTGOING_MESSAGES = "SIGN_OUTGOING_MESSAGES";
String USERNAME_FIELD = "JBID_USERNAME";
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java 2009-10-12
18:52:32 UTC (rev 852)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java 2009-10-13
02:59:44 UTC (rev 853)
@@ -270,6 +270,7 @@
SAML2Response saml2Response = new SAML2Response();
SAML2Object samlObject = saml2Response.getSAML2ObjectFromStream(is);
+ SAMLDocumentHolder documentHolder =
saml2Response.getSamlDocumentHolder();
Set<SAML2Handler> handlers = chain.handlers();
IssuerInfoHolder holder = new IssuerInfoHolder(this.serviceURL);
@@ -277,7 +278,7 @@
//Create the request/response
SAML2HandlerRequest saml2HandlerRequest =
new DefaultSAML2HandlerRequest(protocolContext,
- holder.getIssuer(), samlObject,
+ holder.getIssuer(), documentHolder,
HANDLER_TYPE.SP);
SAML2HandlerResponse saml2HandlerResponse = new
DefaultSAML2HandlerResponse();
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2SignatureHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2SignatureHandler.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/handlers/saml2/SAML2SignatureHandler.java 2009-10-13
02:59:44 UTC (rev 853)
@@ -0,0 +1,115 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.handlers.saml2;
+
+import java.security.KeyPair;
+import java.security.PublicKey;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.sig.SAML2Signature;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import org.jboss.identity.federation.core.util.XMLSignatureUtil;
+import org.jboss.identity.federation.web.constants.GeneralConstants;
+import org.w3c.dom.Document;
+
+/**
+ * Handles SAML2 Signature
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 12, 2009
+ */
+public class SAML2SignatureHandler extends BaseSAML2Handler
+{
+ private static Logger log = Logger.getLogger(SAML2SignatureHandler.class);
+ private boolean trace = log.isTraceEnabled();
+
+ @Override
+ public void generateSAMLRequest(SAML2HandlerRequest request, SAML2HandlerResponse
response)
+ throws ProcessingException
+ {
+ //Generate the signature
+ Document samlDocument = response.getResultingDocument();
+
+ if(samlDocument == null && trace)
+ {
+ log.trace("No document generated in the handler chain. Cannot generate
signature");
+ return;
+ }
+
+ //Get the Key Pair
+ KeyPair keypair = (KeyPair)
this.handlerChainConfig.getParameter(GeneralConstants.KEYPAIR);
+
+ if(keypair == null)
+ {
+ log.error("Key Pair cannot be found");
+ throw new ProcessingException("KeyPair not found");
+ }
+
+ SAML2Signature samlSignature = new SAML2Signature();
+ //Get the ID from the root
+ String id = samlDocument.getDocumentElement().getAttribute("ID");
+
+ try
+ {
+ samlSignature.sign(samlDocument, id, keypair);
+ }
+ catch (Exception e)
+ {
+ log.error("Unable to sign:",e);
+ throw new ProcessingException("Unable to sign");
+ }
+ }
+
+ /**
+ * @see {@code SAML2Handler#handleRequestType(SAML2HandlerRequest,
SAML2HandlerResponse)}
+ */
+ public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse
response) throws ProcessingException
+ {
+ Document signedDocument = request.getRequestDocument();
+ PublicKey publicKey = (PublicKey)
request.getOptions().get(GeneralConstants.SENDER_PUBLIC_KEY);
+ this.validateSender(signedDocument, publicKey);
+ }
+
+ @Override
+ public void handleStatusResponseType(SAML2HandlerRequest request, SAML2HandlerResponse
response)
+ throws ProcessingException
+ {
+ Document signedDocument = request.getRequestDocument();
+ PublicKey publicKey = (PublicKey)
request.getOptions().get(GeneralConstants.SENDER_PUBLIC_KEY);
+ this.validateSender(signedDocument, publicKey);
+ }
+
+ private void validateSender(Document signedDocument, PublicKey publicKey)
+ throws ProcessingException
+ {
+ try
+ {
+ XMLSignatureUtil.validate(signedDocument, publicKey);
+ }
+ catch (Exception e)
+ {
+ log.error("Error validating signature:" , e);
+ throw new ProcessingException("Error validating signature.");
+ }
+ }
+}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java 2009-10-12
18:52:32 UTC (rev 852)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/servlets/IDPServlet.java 2009-10-13
02:59:44 UTC (rev 853)
@@ -54,6 +54,7 @@
import org.jboss.identity.federation.core.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.core.interfaces.TrustKeyManager;
import org.jboss.identity.federation.core.interfaces.TrustKeyProcessingException;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
@@ -264,6 +265,7 @@
if(relayState != null && relayState.length() > 0)
session.removeAttribute("RelayState");
+ SAMLDocumentHolder samlDocumentHolder = null;
SAML2Object samlObject = null;
String destination = null;
Document samlResponse = null;
@@ -273,7 +275,8 @@
StatusResponseType statusResponseType = null;
try
{
- samlObject = webRequestUtil.getSAMLObject(samlResponseMessage);
+ samlDocumentHolder =
webRequestUtil.getSAMLDocumentHolder(samlResponseMessage);
+ samlObject = (SAML2Object) samlDocumentHolder.getSamlObject();
boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
boolean isValid = validate(request.getRemoteAddr(),
@@ -289,7 +292,7 @@
//Create the request/response
SAML2HandlerRequest saml2HandlerRequest =
new DefaultSAML2HandlerRequest(protocolContext,
- idpIssuer.getIssuer(), samlObject,
+ idpIssuer.getIssuer(), samlDocumentHolder,
HANDLER_TYPE.IDP);
saml2HandlerRequest.setRelayState(relayState);
@@ -334,9 +337,11 @@
RequestAbstractType requestAbstractType = null;
try
- {
- samlObject = webRequestUtil.getSAMLObject(samlRequestMessage);
+ {
+ samlDocumentHolder =
webRequestUtil.getSAMLDocumentHolder(samlRequestMessage);
+ samlObject = (SAML2Object) samlDocumentHolder.getSamlObject();
+
boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
boolean isValid = validate(request.getRemoteAddr(),
request.getQueryString(),
@@ -351,14 +356,16 @@
//Create the request/response
SAML2HandlerRequest saml2HandlerRequest =
new DefaultSAML2HandlerRequest(protocolContext,
- idpIssuer.getIssuer(), samlObject,
+ idpIssuer.getIssuer(), samlDocumentHolder,
HANDLER_TYPE.IDP);
saml2HandlerRequest.setRelayState(relayState);
+ //Set the options on the handler request
Map<String, Object> requestOptions = new HashMap<String,
Object>();
requestOptions.put(GeneralConstants.ROLE_GENERATOR, roleGenerator);
requestOptions.put(GeneralConstants.ASSERTIONS_VALIDITY,
this.assertionValidity);
requestOptions.put(GeneralConstants.CONFIGURATION,
this.idpConfiguration);
+
Map<String,Object> attribs =
this.attribManager.getAttributes(userPrincipal, attributeKeys);
requestOptions.put(GeneralConstants.ATTRIBUTES, attribs);
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-10-12
18:52:32 UTC (rev 852)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-10-13
02:59:44 UTC (rev 853)
@@ -50,6 +50,7 @@
import org.jboss.identity.federation.core.interfaces.AttributeManager;
import org.jboss.identity.federation.core.interfaces.TrustKeyManager;
import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
@@ -59,7 +60,6 @@
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.saml.v2.util.StatementUtil;
-import org.jboss.identity.federation.saml.v2.SAML2Object;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
@@ -114,7 +114,7 @@
return postProfile;
}
- public SAML2Object getSAMLObject(String samlMessage)
+ public SAMLDocumentHolder getSAMLDocumentHolder(String samlMessage)
throws ParsingException, IOException
{
InputStream is = null;
@@ -138,7 +138,8 @@
throw new ParsingException(rte);
}
}
- return saml2Request.getSAML2ObjectFromStream(is);
+ saml2Request.getSAML2ObjectFromStream(is);
+ return saml2Request.getSamlDocumentHolder();
}
public RequestAbstractType getSAMLRequest(String samlMessage)
Modified:
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/saml/handlers/SAML2AttributeHandlerUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/saml/handlers/SAML2AttributeHandlerUnitTestCase.java 2009-10-12
18:52:32 UTC (rev 852)
+++
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/saml/handlers/SAML2AttributeHandlerUnitTestCase.java 2009-10-13
02:59:44 UTC (rev 853)
@@ -31,6 +31,7 @@
import org.jboss.identity.federation.core.config.IDPType;
import org.jboss.identity.federation.core.constants.AttributeConstants;
import org.jboss.identity.federation.core.interfaces.AttributeManager;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerChainConfig;
import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerConfig;
@@ -88,9 +89,10 @@
SAML2Object saml2Object = new SAML2Object(){};
+ SAMLDocumentHolder docHolder = new SAMLDocumentHolder(saml2Object, null);
IssuerInfoHolder issuerInfo = new
IssuerInfoHolder("http://localhost:8080/idp/");
SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext,
- issuerInfo.getIssuer(), saml2Object, SAML2Handler.HANDLER_TYPE.IDP);
+ issuerInfo.getIssuer(), docHolder, SAML2Handler.HANDLER_TYPE.IDP);
SAML2HandlerResponse response = new DefaultSAML2HandlerResponse();
session.setAttribute(GeneralConstants.PRINCIPAL_ID, new Principal()
Added:
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/saml/handlers/SAML2SignatureHandlerUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/saml/handlers/SAML2SignatureHandlerUnitTestCase.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/test/java/org/jboss/test/identity/federation/web/saml/handlers/SAML2SignatureHandlerUnitTestCase.java 2009-10-13
02:59:44 UTC (rev 853)
@@ -0,0 +1,125 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.web.saml.handlers;
+
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.util.HashMap;
+import java.util.Map;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.core.config.IDPType;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerChainConfig;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerConfig;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.impl.DefaultSAML2HandlerResponse;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2Handler;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerConfig;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest;
+import org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerResponse;
+import
org.jboss.identity.federation.core.saml.v2.interfaces.SAML2HandlerRequest.GENERATE_REQUEST_TYPE;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.web.constants.GeneralConstants;
+import org.jboss.identity.federation.web.core.HTTPContext;
+import org.jboss.identity.federation.web.handlers.saml2.SAML2AuthenticationHandler;
+import org.jboss.identity.federation.web.handlers.saml2.SAML2SignatureHandler;
+import org.jboss.test.identity.federation.web.mock.MockHttpServletRequest;
+import org.jboss.test.identity.federation.web.mock.MockHttpServletResponse;
+import org.jboss.test.identity.federation.web.mock.MockHttpSession;
+import org.jboss.test.identity.federation.web.mock.MockServletContext;
+import org.w3c.dom.Document;
+
+/**
+ * Unit test the {@code SAML2SignatureHandler}
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 12, 2009
+ */
+public class SAML2SignatureHandlerUnitTestCase extends TestCase
+{
+ public void testSignatures() throws Exception
+ {
+ SAML2Request saml2Request = new SAML2Request();
+ String id = IDGenerator.create("ID_");
+ String assertionConsumerURL = "http://sp";
+ String destination = "http://idp";
+ String issuerValue = "http://sp";
+ AuthnRequestType authnRequest = saml2Request.createAuthnRequestType(id,
assertionConsumerURL, destination,
+ issuerValue);
+
+ Document authDoc = saml2Request.convert(authnRequest);
+
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
+ KeyPair keypair = kpg.genKeyPair();
+
+ SAML2SignatureHandler handler = new SAML2SignatureHandler();
+
+ SAML2HandlerChainConfig chainConfig = new DefaultSAML2HandlerChainConfig();
+ SAML2HandlerConfig handlerConfig = new DefaultSAML2HandlerConfig();
+
+ Map<String,Object> chainOptions = new HashMap<String, Object>();
+ IDPType idpType = new IDPType();
+ chainOptions.put(GeneralConstants.CONFIGURATION, idpType);
+ chainOptions.put(GeneralConstants.KEYPAIR, keypair);
+ chainConfig.set(chainOptions);
+
+ //Initialize the handler
+ handler.initChainConfig(chainConfig);
+ handler.initHandlerConfig(handlerConfig);
+
+ //Create a Protocol Context
+ MockHttpSession session = new MockHttpSession();
+ MockServletContext servletContext = new MockServletContext();
+ MockHttpServletRequest servletRequest = new MockHttpServletRequest(session,
"POST");
+ MockHttpServletResponse servletResponse = new MockHttpServletResponse();
+ HTTPContext httpContext = new HTTPContext(servletRequest, servletResponse,
servletContext);
+
+ SAMLDocumentHolder docHolder = new SAMLDocumentHolder(authnRequest, authDoc);
+ IssuerInfoHolder issuerInfo = new
IssuerInfoHolder("http://localhost:8080/idp/");
+ SAML2HandlerRequest request = new DefaultSAML2HandlerRequest(httpContext,
+ issuerInfo.getIssuer(), docHolder, SAML2Handler.HANDLER_TYPE.IDP);
+ request.setTypeOfRequestToBeGenerated(GENERATE_REQUEST_TYPE.AUTH);
+
+ SAML2HandlerResponse response = new DefaultSAML2HandlerResponse();
+
+ request.addOption(GeneralConstants.SENDER_PUBLIC_KEY, keypair.getPublic());
+
+ (new SAML2AuthenticationHandler()).generateSAMLRequest(request, response);
+ handler.generateSAMLRequest(request, response);
+ Document signedDoc = response.getResultingDocument();
+
+ assertNotNull("Signed Doc is not null", signedDoc);
+ SAMLDocumentHolder signedHolder = new SAMLDocumentHolder(signedDoc);
+ request = new DefaultSAML2HandlerRequest(httpContext,
+ issuerInfo.getIssuer(), signedHolder,
+ SAML2Handler.HANDLER_TYPE.SP);
+
+ request.addOption(GeneralConstants.SENDER_PUBLIC_KEY, keypair.getPublic());
+
+ handler.handleStatusResponseType(request, response);
+ }
+}
\ No newline at end of file