Author: sguilhen(a)redhat.com
Date: 2009-06-15 17:25:56 -0400 (Mon, 15 Jun 2009)
New Revision: 612
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
Log:
Added a few more tests to
SignatureValidationUnitTestCase.testSigningAssertionWithinResponse() method to show how
validation fails if the response is unmarshaled
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2009-06-15
12:57:41 UTC (rev 611)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2009-06-15
21:25:56 UTC (rev 612)
@@ -50,44 +50,46 @@
/**
* Signatures related unit test cases
+ *
* @author Anil.Saldhana(a)redhat.com
* @since Dec 15, 2008
*/
public class SignatureValidationUnitTestCase
{
/**
- * Test the creation of AuthnRequestType with signature creation
- * with a private key and then validate the signature with a public
- * key
+ * Test the creation of AuthnRequestType with signature creation with a private key
and then validate the signature
+ * with a public key
+ *
* @throws Exception
- */
+ */
@Test
public void testAuthnRequestCreationWithSignature() throws Exception
{
SAML2Request saml2Request = new SAML2Request();
String id = IDGenerator.create("ID_");
- String assertionConsumerURL= "http://sp";
+ String assertionConsumerURL = "http://sp";
String destination = "http://idp";
String issuerValue = "http://sp";
- AuthnRequestType authnRequest =
- saml2Request.createAuthnRequestType(id, assertionConsumerURL, destination,
issuerValue);
-
+ AuthnRequestType authnRequest = saml2Request.createAuthnRequestType(id,
assertionConsumerURL, destination,
+ issuerValue);
+
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
KeyPair kp = kpg.genKeyPair();
-
+
SAML2Signature ss = new SAML2Signature();
ss.setSignatureMethod(SignatureMethod.DSA_SHA1);
Document signedDoc = ss.sign(authnRequest, kp);
-
- //System.out.println(DocumentUtil.getDocumentAsString(signedDoc));
-
- //Validate the signature
+
+ // System.out.println(DocumentUtil.getDocumentAsString(signedDoc));
+
+ // Validate the signature
boolean isValid = XMLSignatureUtil.validate(signedDoc, kp.getPublic());
assertTrue(isValid);
}
-
+
/**
* Test the signature for ResponseType
+ *
* @throws Exception
*/
@Test
@@ -95,86 +97,97 @@
{
IssuerInfoHolder issuerInfo = new IssuerInfoHolder("testIssuer");
String id = IDGenerator.create("ID_");
-
-
+
SAML2Response response = new SAML2Response();
-
+
String authnContextDeclRef =
JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get();
-
- AuthnStatementType authnStatement =
- response.createAuthnStatement(authnContextDeclRef,
XMLTimeUtil.getIssueInstant());
-
- //Create an assertion
+
+ AuthnStatementType authnStatement =
response.createAuthnStatement(authnContextDeclRef, XMLTimeUtil
+ .getIssueInstant());
+
+ // Create an assertion
AssertionType assertion = response.createAssertion(id, issuerInfo.getIssuer());
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(authnStatement);
-
-
+
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
KeyPair kp = kpg.genKeyPair();
-
- id = IDGenerator.create("ID_"); //regenerate
+
+ id = IDGenerator.create("ID_"); // regenerate
ResponseType responseType = response.createResponseType(id, issuerInfo,
assertion);
-
+
SAML2Signature ss = new SAML2Signature();
ss.setSignatureMethod(SignatureMethod.DSA_SHA1);
Document signedDoc = ss.sign(responseType, kp);
-
- //Validate the signature
+
+ // Validate the signature
boolean isValid = XMLSignatureUtil.validate(signedDoc, kp.getPublic());
assertTrue(isValid);
}
-
+
@Test
public void testSigningAnAssertionWithinResponse() throws Exception
{
SAML2Response response = new SAML2Response();
String fileName = "xml/dom/saml-response-2-assertions.xml";
- ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
InputStream is = tcl.getResourceAsStream(fileName);
- if(is == null)
+ if (is == null)
throw new RuntimeException("InputStream is null");
-
+
ResponseType responseType = response.getResponseType(is);
-
+
Document doc = response.convert(responseType);
-
+
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
KeyPair kp = kpg.genKeyPair();
-
- //String id = "ID_0be488d8-7089-4892-8aeb-83594c800706";
+
+ // String id = "ID_0be488d8-7089-4892-8aeb-83594c800706";
String id = "ID_976d8310-658a-450d-be39-f33c73c8afa6";
-
- //Get the second assertion
- Node assert2 = DocumentUtil.getNodeWithAttribute(doc,
- "urn:oasis:names:tc:SAML:2.0:assertion",
- "Assertion",
- "ID", id);
-
+
+ // Get the second assertion
+ Node assert2 = DocumentUtil.getNodeWithAttribute(doc,
"urn:oasis:names:tc:SAML:2.0:assertion", "Assertion", "ID",
+ id);
+
String referenceURI = "#" + id;
assertNotNull("Found assertion?", assert2);
SAML2Signature ss = new SAML2Signature();
- Document signedDoc = ss.sign(responseType, id, kp,referenceURI);
-
- //System.out.println(DocumentUtil.getDocumentAsString(signedDoc));
-
- Node signedNode = DocumentUtil.getNodeWithAttribute(signedDoc,
- "urn:oasis:names:tc:SAML:2.0:assertion",
- "Assertion",
- "ID", id);
-
- //Let us just validate the signature of the assertion
+ Document signedDoc = ss.sign(responseType, id, kp, referenceURI);
+
+ // System.out.println(DocumentUtil.getDocumentAsString(signedDoc));
+
+ Node signedNode = DocumentUtil.getNodeWithAttribute(signedDoc,
"urn:oasis:names:tc:SAML:2.0:assertion",
+ "Assertion", "ID", id);
+
+ // Let us just validate the signature of the assertion
Document validatingDoc = DocumentUtil.createDocument();
Node importedSignedNode = validatingDoc.importNode(signedNode, true);
validatingDoc.appendChild(importedSignedNode);
-
- //Validate the signature
+
+ // Validate the signature
boolean isValid = XMLSignatureUtil.validate(validatingDoc, kp.getPublic());
assertTrue("Signature is valid:", isValid);
- }
-
+
+ // Let's say someone sends the signed doc to a remote client and that the
client unmarshals the response.
+ responseType = response.getResponseType(DocumentUtil.getNodeAsStream(signedDoc));
+
+ // Now the remote client wants to validate the response. So he marshals it again to
Document.
+ signedDoc = response.convert(responseType);
+ signedNode = DocumentUtil.getNodeWithAttribute(signedDoc,
"urn:oasis:names:tc:SAML:2.0:assertion",
+ "Assertion", "ID", id);
+
+ // The client creates a validating document, importing the signed assertion.
+ validatingDoc = DocumentUtil.createDocument();
+ importedSignedNode = validatingDoc.importNode(signedNode, true);
+ validatingDoc.appendChild(importedSignedNode);
+
+ // The client re-validates the signature.
+ assertTrue("Signature is valid:",
XMLSignatureUtil.validate(validatingDoc, kp.getPublic()));
+}
+
/**
* Test signing a string
+ *
* @throws Exception
*/
@Test
@@ -182,13 +195,12 @@
{
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
KeyPair kp = kpg.genKeyPair();
-
+
String arbitContent = "I am A String";
-
+
byte[] sigVal = SignatureUtil.sign(arbitContent, kp.getPrivate());
-
- boolean valid = SignatureUtil.validate(arbitContent.getBytes(),
- sigVal, kp.getPublic());
+
+ boolean valid = SignatureUtil.validate(arbitContent.getBytes(), sigVal,
kp.getPublic());
assertTrue(valid);
}
}
\ No newline at end of file