5:03 p.m.
Author: anil.saldhana(a)jboss.com
Date: 2011-07-26 18:03:52 -0400 (Tue, 26 Jul 2011)
New Revision: 1132
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java
Log:
PLFED-215: allow assertion as param
Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2011-07-26
18:56:56 UTC (rev 1131)
+++
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2011-07-26
22:03:52 UTC (rev 1132)
@@ -142,7 +142,70 @@
}
/**
+ * Construct a {@link ResponseType} without calling PicketLink STS for the assertion.
+ * The {@link AssertionType} is generated within this method
+ * @param ID id of the {@link ResponseType}
+ * @param sp
+ * @param idp
+ * @param issuerInfo
+ * @return
+ * @throws ConfigurationException
+ * @throws ProcessingException
+ */
+ public ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp,
IssuerInfoHolder issuerInfo,
+ AssertionType assertion) throws ConfigurationException, ProcessingException
+ {
+ String responseDestinationURI = sp.getResponseDestinationURI();
+
+ XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
+
+ //Create assertion -> subject
+ SubjectType subjectType = new SubjectType();
+
+ //subject -> nameid
+ NameIDType nameIDType = new NameIDType();
+ nameIDType.setFormat(URI.create(idp.getNameIDFormat()));
+ nameIDType.setValue(idp.getNameIDFormatValue());
+
+ SubjectType.STSubType subType = new SubjectType.STSubType();
+ subType.addBaseID(nameIDType);
+ subjectType.setSubType(subType);
+
+ SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
+ subjectConfirmation.setMethod(idp.getSubjectConfirmationMethod());
+
+ SubjectConfirmationDataType subjectConfirmationData = new
SubjectConfirmationDataType();
+ subjectConfirmationData.setInResponseTo(sp.getRequestID());
+ subjectConfirmationData.setRecipient(responseDestinationURI);
+ subjectConfirmationData.setNotBefore(issueInstant);
+ subjectConfirmationData.setNotOnOrAfter(issueInstant);
+
+ subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
+
+ subjectType.addConfirmation(subjectConfirmation);
+
+ //Update the subjectConfirmationData expiry based on the assertion
+ if (assertion.getConditions() != null)
+ {
+
subjectConfirmationData.setNotOnOrAfter(assertion.getConditions().getNotOnOrAfter());
+ }
+
+ ResponseType responseType = createResponseType(ID, issuerInfo, assertion);
+ //InResponseTo ID
+ responseType.setInResponseTo(sp.getRequestID());
+ //Destination
+ responseType.setDestination(responseDestinationURI);
+
+ return responseType;
+ }
+
+ /**
* Create a ResponseType
+ *
+ * <b>NOTE:</b>: The PicketLink STS is used to issue/update the assertion
+ *
+ * If you want to control over the assertion being issued, then
+ * use {@link #createResponseType(String, SPInfoHolder, IDPInfoHolder,
IssuerInfoHolder, AssertionType)}
* @param ID id of the response
* @param sp holder with the information about the Service Provider
* @param idp holder with the information on the Identity Provider
@@ -158,9 +221,6 @@
XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
- //Create an assertion
- //String id = IDGenerator.create( "ID_" );
-
//Create assertion -> subject
SubjectType subjectType = new SubjectType();
@@ -204,7 +264,10 @@
assertionType = samlProtocolContext.getIssuedAssertion();
//Update the subjectConfirmationData expiry based on the assertion
-
subjectConfirmationData.setNotOnOrAfter(assertionType.getConditions().getNotOnOrAfter());
+ if (assertionType.getConditions() != null)
+ {
+
subjectConfirmationData.setNotOnOrAfter(assertionType.getConditions().getNotOnOrAfter());
+ }
ResponseType responseType = createResponseType(ID, issuerInfo, assertionType);
//InResponseTo ID
Modified:
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java 2011-07-26
18:56:56 UTC (rev 1131)
+++
federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java 2011-07-26
22:03:52 UTC (rev 1132)
@@ -29,24 +29,33 @@
import java.security.KeyStore;
import java.security.PrivateKey;
import java.security.cert.Certificate;
+import java.util.HashMap;
+import java.util.Map;
import org.junit.Test;
import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
import org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature;
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
+import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
+import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.picketlink.test.identity.federation.api.util.KeyUtilUnitTestCase;
import org.w3c.dom.Document;
/**
- * Parse a {@link ResponseType} that contains A
+ * Unit test the {@link SAML2Response} API
* @author Anil.Saldhana(a)redhat.com
* @since Jul 21, 2011
*/
public class SAML2ResponseUnitTestCase
{
-
private final String keystoreLocation = "keystore/jbid_test_keystore.jks";
private final String keystorePass = "store123";
@@ -77,6 +86,47 @@
}
/**
+ * This test constructs the {@link ResponseType}. An {@link AssertionType}
+ * is locally constructed and then passed to the construct method
+ * @throws Exception
+ */
+ @Test
+ public void constructAndSign() throws Exception
+ {
+ SAML2Response samlResponse = new SAML2Response();
+ String ID = IDGenerator.create("ID_");
+
+ IssuerInfoHolder issuerInfo = new IssuerInfoHolder("picketlink");
+
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue("anil");
+
+ //create the service provider(in this case BAS) holder object
+ SPInfoHolder sp = new SPInfoHolder();
+ sp.setResponseDestinationURI("http://sombody");
+
+ Map<String, Object> attributes = new HashMap<String, Object>();
+
+ attributes.put("TOKEN_USER_ID", String.valueOf(2));
+ attributes.put("TOKEN_ORGANIZATION_DISPLAY_NAME", "Test Org");
+ attributes.put("TOKEN_USER_DISPLAY_NAME", "Test User");
+
+ AttributeStatementType attributeStatement =
StatementUtil.createAttributeStatement(attributes);
+
+ String assertionId = IDGenerator.create("ID_");
+
+ AssertionType assertion = AssertionUtil.createAssertion(assertionId,
issuerInfo.getIssuer());
+ assertion.addStatement(attributeStatement);
+
+ ResponseType responseType = samlResponse.createResponseType(ID, sp, idp,
issuerInfo, assertion);
+ SAML2Signature sig = new SAML2Signature();
+ Document signedDoc = sig.sign(responseType, getKeyPair());
+ assertNotNull(signedDoc);
+
+ System.out.println("Signed Response=" +
DocumentUtil.asString(signedDoc));
+ }
+
+ /**
* @see {@link KeyUtilUnitTestCase}
* @return
* @throws Exception