JBoss Identity SVN: r537 - in identity-federation/trunk: jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request and 5 other directories.
1:52 p.m.
Author: anil.saldhana(a)jboss.com
Date: 2009-05-26 14:52:06 -0400 (Tue, 26 May 2009)
New Revision: 537
Added:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
Log:
signature updates
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-05-26
15:43:37 UTC (rev 536)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-05-26
18:52:06 UTC (rev 537)
@@ -21,20 +21,24 @@
*/
package org.jboss.identity.federation.api.saml.v2.request;
+import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Writer;
+import javax.xml.bind.Binder;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import javax.xml.datatype.DatatypeConfigurationException;
+import javax.xml.parsers.ParserConfigurationException;
import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants;
import
org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.saml.v2.util.JAXBElementMappingUtil;
import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
@@ -42,6 +46,9 @@
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.LogoutRequestType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
import org.xml.sax.SAXException;
/**
@@ -193,6 +200,43 @@
}
/**
+ * Return the DOM object
+ * @param rat
+ * @return
+ * @throws SAXException
+ * @throws IOException
+ * @throws JAXBException
+ * @throws ParserConfigurationException
+ */
+ public Document convert(RequestAbstractType rat)
+ throws SAXException, IOException, JAXBException, ParserConfigurationException
+ {
+ JAXBContext jaxb = JAXBContext.newInstance(RequestAbstractType.class);
+ Binder<Node> binder = jaxb.createBinder();
+
+ Document doc = DocumentUtil.createDocument();
+ binder.marshal(JAXBElementMappingUtil.get(rat), doc);
+ return doc;
+ }
+
+ /**
+ * Convert a SAML2 Response into a Document
+ * @param responseType
+ * @return
+ * @throws JAXBException
+ * @throws ParserConfigurationException
+ */
+ public Document convert(ResponseType responseType) throws JAXBException,
ParserConfigurationException
+ {
+ JAXBContext jaxb = JAXBContext.newInstance(ResponseType.class);
+ Binder<Node> binder = jaxb.createBinder();
+
+ Document doc = DocumentUtil.createDocument();
+ binder.marshal(JAXBElementMappingUtil.get(responseType), doc);
+ return doc;
+ }
+
+ /**
* Marshall the AuthnRequestType to an output stream
* @param requestType
* @param os
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-05-26
15:43:37 UTC (rev 536)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-05-26
18:52:06 UTC (rev 537)
@@ -37,8 +37,10 @@
import javax.xml.parsers.ParserConfigurationException;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import
org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
+import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.jboss.identity.federation.core.saml.v2.factories.SAMLProtocolFactory;
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
@@ -49,8 +51,11 @@
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
+import org.jboss.identity.federation.saml.v2.assertion.AuthnContextType;
+import org.jboss.identity.federation.saml.v2.assertion.AuthnStatementType;
import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
+import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
@@ -64,6 +69,24 @@
public class SAML2Response
{
/**
+ * Create an AuthnStatement
+ * @param authnContextDeclRef such as
JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT
+ * @param issueInstant
+ * @return
+ */
+ public AuthnStatementType createAuthnStatement(String authnContextDeclRef,
+ XMLGregorianCalendar issueInstant)
+ {
+ ObjectFactory objectFactory = SAMLAssertionFactory.getObjectFactory();
+ AuthnStatementType authnStatement = objectFactory.createAuthnStatementType();
+ authnStatement.setAuthnInstant(issueInstant);
+ AuthnContextType act = objectFactory.createAuthnContextType();
+ String authContextDeclRef =
JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get();
+ act.getContent().add(objectFactory.createAuthnContextDeclRef(authContextDeclRef));
+ authnStatement.setAuthnContext(act);
+ return authnStatement;
+ }
+ /**
* Given a set of roles, create an attribute statement
* @param roles
* @return
Added:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java 2009-05-26
18:52:06 UTC (rev 537)
@@ -0,0 +1,90 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.saml.v2.sig;
+
+import java.security.KeyPair;
+
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.api.util.XMLSignatureUtil;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+
+/**
+ * Class that deals with SAML2 Signature
+ * @author Anil.Saldhana(a)redhat.com
+ * @since May 26, 2009
+ */
+public class SAML2Signature
+{
+ /**
+ * Sign an RequestType at the root
+ * @param request
+ * @param keypair Key Pair
+ * @param digestMethod (Example: DigestMethod.SHA1)
+ * @param signatureMethod (Example: SignatureMethod.DSA_SHA1)
+ * @return
+ * @throws Exception
+ */
+ public Document sign(RequestAbstractType request, KeyPair keypair,
+ String digestMethod, String signatureMethod) throws Exception
+ {
+ SAML2Request saml2Request = new SAML2Request();
+ Document doc = saml2Request.convert(request);
+
+ String referenceURI = "#" + request.getID();
+
+ Node root = doc.getDocumentElement();
+ return XMLSignatureUtil.sign(doc, root,
+ keypair.getPrivate(),
+ keypair.getPublic(),
+ digestMethod, signatureMethod,
+ referenceURI);
+ }
+
+ /**
+ * Sign an ResponseType at the root
+ * @param response
+ * @param keypair Key Pair
+ * @param digestMethod (Example: DigestMethod.SHA1)
+ * @param signatureMethod (Example: SignatureMethod.DSA_SHA1)
+ * @return
+ * @throws Exception
+ */
+ public Document sign(ResponseType response,KeyPair keypair,
+ String digestMethod, String signatureMethod) throws Exception
+ {
+ SAML2Response saml2Request = new SAML2Response();
+ Document doc = saml2Request.convert(response);
+
+ String referenceURI = "#" + response.getID();
+
+ Node root = doc.getDocumentElement();
+ return XMLSignatureUtil.sign(doc, root,
+ keypair.getPrivate(),
+ keypair.getPublic(),
+ digestMethod, signatureMethod,
+ referenceURI);
+ }
+}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-05-26
15:43:37 UTC (rev 536)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-05-26
18:52:06 UTC (rev 537)
@@ -21,19 +21,20 @@
*/
package org.jboss.identity.federation.api.util;
-import java.io.ByteArrayInputStream;
-import java.io.ByteArrayOutputStream;
import java.io.OutputStream;
import java.security.Key;
-import java.security.KeyPair;
import java.security.PrivateKey;
+import java.security.PublicKey;
import java.util.Collections;
+import java.util.List;
import javax.security.cert.X509Certificate;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.Marshaller;
import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.crypto.dsig.SignedInfo;
import javax.xml.crypto.dsig.Transform;
import javax.xml.crypto.dsig.XMLSignature;
@@ -45,20 +46,16 @@
import javax.xml.crypto.dsig.keyinfo.KeyValue;
import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-import javax.xml.parsers.DocumentBuilder;
-import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
-
-import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+
import org.jboss.identity.federation.core.util.JAXBUtil;
-import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.xmlsec.w3.xmldsig.ObjectFactory;
import org.jboss.identity.xmlsec.w3.xmldsig.SignatureType;
import org.w3c.dom.Document;
+import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
/**
@@ -75,7 +72,7 @@
private static XMLSignatureFactory fac = getXMLSignatureFactory();
- private static XMLSignatureFactory getXMLSignatureFactory()
+ public static XMLSignatureFactory getXMLSignatureFactory()
{
XMLSignatureFactory xsf = null;
@@ -93,112 +90,79 @@
}
/**
- * Sign an AuthnRequestType
- * @param request
- * @param signingKey Private Key for signing
- * @param cert X509Certificate public key certificate (may be null)
+ * Sign a node in a document
+ * @param doc Document
+ * @param parentOfNodeToBeSigned Parent Node of the node to be signed
+ * @param signingKey Private Key
+ * @param certificate X509 Certificate holding the public key
* @param digestMethod (Example: DigestMethod.SHA1)
* @param signatureMethod (Example: SignatureMethod.DSA_SHA1)
- * @return
+ * @param referenceURI
+ * @return Document that contains the signed node
* @throws Exception
*/
- public static Document sign(AuthnRequestType request, PrivateKey signingKey,
- X509Certificate certificate,
- String digestMethod, String signatureMethod) throws Exception
+ public static Document sign(Document doc,
+ Node parentOfNodeToBeSigned,
+ PrivateKey signingKey,
+ X509Certificate certificate,
+ String digestMethod,
+ String signatureMethod,
+ String referenceURI) throws Exception
{
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
-
- SAML2Request saml2Request = new SAML2Request();
-
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- saml2Request.marshall(request, baos);
-
- DocumentBuilder builder = dbf.newDocumentBuilder();
- Document doc = builder.parse(new ByteArrayInputStream(baos.toByteArray()) );
-
- DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
-
- String referenceURI = "#" + request.getID();
-
- Reference ref = fac.newReference
- ( referenceURI, fac.newDigestMethod(digestMethod, null),
- Collections.singletonList
- (fac.newTransform(Transform.ENVELOPED,
- (TransformParameterSpec) null)), null, null);
-
- SignedInfo si = fac.newSignedInfo
- (fac.newCanonicalizationMethod
- (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
- (C14NMethodParameterSpec) null),
- fac.newSignatureMethod(signatureMethod, null),
- Collections.singletonList(ref));
-
- KeyInfo ki = null;
- if(certificate != null)
- {
- KeyInfoFactory kif = fac.getKeyInfoFactory();
- KeyValue kv = kif.newKeyValue(certificate.getPublicKey());
- ki = kif.newKeyInfo(Collections.singletonList(kv));
- }
-
- XMLSignature signature = fac.newXMLSignature(si, ki);
-
- signature.sign(dsc);
-
- return doc;
+ return sign(doc,parentOfNodeToBeSigned, signingKey, certificate.getPublicKey(),
+ digestMethod, signatureMethod, referenceURI);
}
/**
- * Sign an RequestType
- * @param request
- * @param keypair Key Pair
- * @param digestMethod (Example: DigestMethod.SHA1)
- * @param signatureMethod (Example: SignatureMethod.DSA_SHA1)
+ *
+ * @param doc
+ * @param parentOfNodeToBeSigned
+ * @param signingKey
+ * @param publicKey
+ * @param digestMethod
+ * @param signatureMethod
+ * @param referenceURI
* @return
* @throws Exception
*/
- public static Document sign(RequestAbstractType request, KeyPair keypair,
- String digestMethod, String signatureMethod) throws Exception
- {
- DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
- dbf.setNamespaceAware(true);
-
- SAML2Request saml2Request = new SAML2Request();
-
- ByteArrayOutputStream baos = new ByteArrayOutputStream();
- saml2Request.marshall(request, baos);
-
- DocumentBuilder builder = dbf.newDocumentBuilder();
- Document doc = builder.parse(new ByteArrayInputStream(baos.toByteArray()) );
-
- DOMSignContext dsc = new DOMSignContext(keypair.getPrivate(),
doc.getDocumentElement());
+ public static Document sign(Document doc,
+ Node parentOfNodeToBeSigned,
+ PrivateKey signingKey,
+ PublicKey publicKey,
+ String digestMethod,
+ String signatureMethod,
+ String referenceURI) throws Exception
+ {
+ DOMSignContext dsc = new DOMSignContext(signingKey, parentOfNodeToBeSigned);
- String referenceURI = "#" + request.getID();
-
- Reference ref = fac.newReference
- ( referenceURI, fac.newDigestMethod(digestMethod, null),
- Collections.singletonList
- (fac.newTransform(Transform.ENVELOPED,
- (TransformParameterSpec) null)), null, null);
-
- SignedInfo si = fac.newSignedInfo
- (fac.newCanonicalizationMethod
- (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS,
- (C14NMethodParameterSpec) null),
- fac.newSignatureMethod(signatureMethod, null),
- Collections.singletonList(ref));
-
- KeyInfoFactory kif = fac.getKeyInfoFactory();
- KeyValue kv = kif.newKeyValue(keypair.getPublic());
- KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
+ DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
+ Transform transform = fac.newTransform(Transform.ENVELOPED,
+ (TransformParameterSpec) null);
+
+ List<Transform> transformList = Collections.singletonList(transform);
+ Reference ref = fac.newReference
+ ( referenceURI, digestMethodObj,transformList,null, null);
+
+ String canonicalizationMethodType = CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS;
+ CanonicalizationMethod canonicalizationMethod
+ = fac.newCanonicalizationMethod
+ (canonicalizationMethodType, (C14NMethodParameterSpec) null);
+
+ List<Reference> referenceList = Collections.singletonList(ref);
+ SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null);
+ SignedInfo si = fac.newSignedInfo (canonicalizationMethod, signatureMethodObj ,
+ referenceList);
+
+ KeyInfoFactory kif = fac.getKeyInfoFactory();
+ KeyValue kv = kif.newKeyValue(publicKey);
+ KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
- XMLSignature signature = fac.newXMLSignature(si, ki);
+ XMLSignature signature = fac.newXMLSignature(si, ki);
- signature.sign(dsc);
-
- return doc;
- }
+ signature.sign(dsc);
+
+ return doc;
+ }
/**
* Validate a signed document with the given public key
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2009-05-26
15:43:37 UTC (rev 536)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2009-05-26
18:52:06 UTC (rev 537)
@@ -29,11 +29,22 @@
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.SignatureMethod;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.api.saml.v2.sig.SAML2Signature;
import org.jboss.identity.federation.api.util.XMLSignatureUtil;
-import
org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
+import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
+import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.AuthnStatementType;
+import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.junit.Test;
import org.w3c.dom.Document;
@@ -53,19 +64,66 @@
@Test
public void testAuthnRequestCreationWithSignature() throws Exception
{
- AuthnRequestType authnRequest =
JBossSAMLAuthnRequestFactory.createAuthnRequestType(
- IDGenerator.create("ID_"), "http://sp",
"http://idp", "http://sp");
+ SAML2Request saml2Request = new SAML2Request();
+ String id = IDGenerator.create("ID_");
+ String assertionConsumerURL= "http://sp";
+ String destination = "http://idp";
+ String issuerValue = "http://sp";
+ AuthnRequestType authnRequest =
+ saml2Request.createAuthnRequestType(id, assertionConsumerURL, destination,
issuerValue);
+
KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
KeyPair kp = kpg.genKeyPair();
- Document signedDoc = XMLSignatureUtil.sign(authnRequest, kp.getPrivate(), null,
- DigestMethod.SHA1, SignatureMethod.DSA_SHA1);
+ SAML2Signature ss = new SAML2Signature();
+ Document signedDoc = ss.sign(authnRequest, kp, DigestMethod.SHA1,
SignatureMethod.DSA_SHA1);
+
//Validate the signature
boolean isValid = XMLSignatureUtil.validate(signedDoc, kp.getPublic());
assertTrue(isValid);
}
/**
+ * Test the signature for ResponseType
+ * @throws Exception
+ */
+ @Test
+ public void testSigningAssertionWithSignature() throws Exception
+ {
+ IssuerInfoHolder issuerInfo = new IssuerInfoHolder("testIssuer");
+ String id = IDGenerator.create("ID_");
+
+
+ SAML2Response response = new SAML2Response();
+
+ String authnContextDeclRef =
JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get();
+
+ AuthnStatementType authnStatement =
+ response.createAuthnStatement(authnContextDeclRef,
XMLTimeUtil.getIssueInstant());
+
+ ObjectFactory objectFactory = SAMLAssertionFactory.getObjectFactory();
+
+ AssertionType assertion = objectFactory.createAssertionType();
+
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(authnStatement);
+ assertion.setID(id);
+ assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get());
+ assertion.setIssuer(issuerInfo.getIssuer());
+
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA");
+ KeyPair kp = kpg.genKeyPair();
+
+ id = IDGenerator.create("ID_"); //regenerate
+ ResponseType responseType = response.createResponseType(id, issuerInfo,
assertion);
+
+ SAML2Signature ss = new SAML2Signature();
+ Document signedDoc = ss.sign(responseType, kp, DigestMethod.SHA1,
SignatureMethod.DSA_SHA1);
+
+ //Validate the signature
+ boolean isValid = XMLSignatureUtil.validate(signedDoc, kp.getPublic());
+ assertTrue(isValid);
+ }
+
+ /**
* Test signing a string
* @throws Exception
*/
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-05-26
15:43:37 UTC (rev 536)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-05-26
18:52:06 UTC (rev 537)
@@ -174,7 +174,7 @@
* @param node
* @return
* @throws TransformerFactoryConfigurationError
- * @throws TransformerException s
+ * @throws TransformerException
*/
public static InputStream getNodeAsStream(Node node)
throws TransformerFactoryConfigurationError, TransformerException
5712
days inactive
5712
days old
jboss-identity-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
jboss-identity-commits@lists.jboss.org