Author: anil.saldhana(a)jboss.com
Date: 2011-07-01 16:57:08 -0400 (Fri, 01 Jul 2011)
New Revision: 1056
Added:
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResponseParserTestCase.java
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-authnrequest.xml
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-response.xml
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/protocol/ArtifactResponseType.java
Log:
PLFED-116: saml artifact resolve writing
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-07-01
20:29:06 UTC (rev 1055)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-07-01
20:57:08 UTC (rev 1056)
@@ -115,6 +115,12 @@
SAMLArtifactResolveParser artifactResolverParser = new
SAMLArtifactResolveParser();
return artifactResolverParser.parse(xmlEventReader);
}
+ else if (JBossSAMLURIConstants.PROTOCOL_NSURI.get().equals(nsURI)
+ &&
JBossSAMLConstants.ARTIFACT_RESPONSE.get().equals(startElementName.getLocalPart()))
+ {
+ SAMLArtifactResponseParser responseParser = new
SAMLArtifactResponseParser();
+ return responseParser.parse(xmlEventReader);
+ }
else if
(JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY.get().equals(localPart))
{
SAMLXACMLRequestParser samlXacmlParser = new SAMLXACMLRequestParser();
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2011-07-01
20:29:06 UTC (rev 1055)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2011-07-01
20:57:08 UTC (rev 1056)
@@ -32,6 +32,7 @@
ALLOW_CREATE( "AllowCreate" ),
ARTIFACT( "Artifact" ),
ARTIFACT_RESOLVE( "ArtifactResolve" ),
+ ARTIFACT_RESPONSE( "ArtifactResponse" ),
ARTIFACT_RESOLUTION_SERVICE( "ArtifactResolutionService" ),
ASSERTION( "Assertion" ),
ASSERTION_CONSUMER_SERVICE( "AssertionConsumerService" ),
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java 2011-07-01
20:29:06 UTC (rev 1055)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java 2011-07-01
20:57:08 UTC (rev 1056)
@@ -37,6 +37,8 @@
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.EncryptedAssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType;
import org.picketlink.identity.federation.saml.v2.protocol.StatusCodeType;
@@ -82,6 +84,12 @@
write(issuer, new QName(ASSERTION_NSURI.get(),
JBossSAMLConstants.ISSUER.get()));
}
+ Element sig = response.getSignature();
+ if (sig != null)
+ {
+ StaxUtil.writeDOMElement(writer, sig);
+ }
+
StatusType status = response.getStatus();
write(status);
@@ -108,6 +116,51 @@
StaxUtil.flush(writer);
}
+ public void write(ArtifactResponseType response) throws ProcessingException
+ {
+ StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX,
JBossSAMLConstants.ARTIFACT_RESPONSE.get(),
+ PROTOCOL_NSURI.get());
+
+ StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, PROTOCOL_NSURI.get());
+ StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
+ StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
+
+ writeBaseAttributes(response);
+
+ NameIDType issuer = response.getIssuer();
+ if (issuer != null)
+ {
+ write(issuer, new QName(ASSERTION_NSURI.get(),
JBossSAMLConstants.ISSUER.get()));
+ }
+
+ Element sig = response.getSignature();
+ if (sig != null)
+ {
+ StaxUtil.writeDOMElement(writer, sig);
+ }
+
+ StatusType status = response.getStatus();
+ if (status != null)
+ {
+ write(status);
+ }
+ Object anyObj = response.getAny();
+ if (anyObj instanceof AuthnRequestType)
+ {
+ AuthnRequestType authn = (AuthnRequestType) anyObj;
+ SAMLRequestWriter requestWriter = new SAMLRequestWriter(writer);
+ requestWriter.write(authn);
+ }
+ else if (anyObj instanceof ResponseType)
+ {
+ ResponseType rt = (ResponseType) anyObj;
+ write(rt);
+ }
+
+ StaxUtil.writeEndElement(writer);
+ StaxUtil.flush(writer);
+ }
+
/**
* Write a {@code StatusResponseType}
* @param response
Added:
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResponseParserTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResponseParserTestCase.java
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResponseParserTestCase.java 2011-07-01
20:57:08 UTC (rev 1056)
@@ -0,0 +1,117 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
+import org.w3c.dom.Document;
+
+/**
+ * Unit test the parsing of {@link ArtifactResponseType}
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 1, 2011
+ */
+public class SAMLArtifactResponseParserTestCase
+{
+ @Test
+ public void testSAMLArtifactResponseWithAuthnRequestParse() throws Exception
+ {
+ String file = "parser/saml2/saml2-artifact-response-authnrequest.xml";
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream(file);
+
+ JAXPValidationUtil.validate(configStream);
+ configStream = tcl.getResourceAsStream(file);
+
+ SAMLParser parser = new SAMLParser();
+ ArtifactResponseType artifactResponse = (ArtifactResponseType)
parser.parse(configStream);
+ assertNotNull("ArtifactResponseType is not null", artifactResponse);
+
+ assertEquals("ID_d84a49e5958803dedcff4c984c2b0d95",
artifactResponse.getID());
+ assertEquals(XMLTimeUtil.parse("2004-12-05T09:21:59Z"),
artifactResponse.getIssueInstant());
+ assertEquals("ID_cce4ee769ed970b501d680f697989d14",
artifactResponse.getInResponseTo());
+ assertTrue(artifactResponse.getAny() instanceof AuthnRequestType);
+
+ StatusType status = artifactResponse.getStatus();
+ assertNotNull(status);
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Success",
status.getStatusCode().getValue().toString());
+
+ //Try out writing
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLResponseWriter writer = new
SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(artifactResponse);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ Document doc = DocumentUtil.getDocument(bis); //throws exceptions
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+
+ @Test
+ public void testSAMLArtifactResponseWithResponseParse() throws Exception
+ {
+ String file = "parser/saml2/saml2-artifact-response-response.xml";
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream(file);
+
+ JAXPValidationUtil.validate(configStream);
+ configStream = tcl.getResourceAsStream(file);
+
+ SAMLParser parser = new SAMLParser();
+ ArtifactResponseType artifactResponse = (ArtifactResponseType)
parser.parse(configStream);
+ assertNotNull("ArtifactResponseType is not null", artifactResponse);
+
+ assertEquals("ID_d84a49e5958803dedcff4c984c2b0d95",
artifactResponse.getID());
+ assertEquals(XMLTimeUtil.parse("2004-12-05T09:21:59Z"),
artifactResponse.getIssueInstant());
+ assertEquals("ID_cce4ee769ed970b501d680f697989d14",
artifactResponse.getInResponseTo());
+ assertTrue(artifactResponse.getAny() instanceof ResponseType);
+
+ StatusType status = artifactResponse.getStatus();
+ assertNotNull(status);
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Success",
status.getStatusCode().getValue().toString());
+
+ //Try out writing
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLResponseWriter writer = new
SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(artifactResponse);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ Document doc = DocumentUtil.getDocument(bis); //throws exceptions
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added:
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-authnrequest.xml
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-authnrequest.xml
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-authnrequest.xml 2011-07-01
20:57:08 UTC (rev 1056)
@@ -0,0 +1,57 @@
+<samlp:ArtifactResponse
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ ID="ID_d84a49e5958803dedcff4c984c2b0d95"
+ InResponseTo="ID_cce4ee769ed970b501d680f697989d14"
+ Version="2.0"
+ IssueInstant="2004-12-05T09:21:59Z">
+ <ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod
+
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
+ <ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmlds#rsa-sha1"
/>
+ <ds:Reference URI="#ID_ab0392ef-b557-4453-95a8-a7e168da8ac5">
+ <ds:Transforms>
+ <ds:Transform
Algorithm="http://www.w3.org/2000/09/xmlds#enveloped-signature" />
+ <ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
+ </ds:Transforms>
+ <ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmlds#sha1" />
+ <ds:DigestValue>0Y9QM5c5qCShz5UWmbFzBmbuTus=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>
+ se/flQ2htUQ0IUYieVkXNn9cfjnfgv6H99nFarsTNTpRI9xuSlw5OTai/2PYdZI2Va9+QzzBf99m
+ VFyigfFdfrqug6aKFhF0lsujzlFfPfmXBbDRiTFX+4SkBeV71uuy7rOUI/jRiitEA0QrKqs0e/pV
+ +C8PoaariisK96Mtt7A=
+ </ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:KeyValue>
+ <ds:RSAKeyValue>
+ <ds:Modulus>
+ suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1
+ dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJwspqVnMuRK19ju2dxpKw
+ lYGGtrP5VQv00dfNPbs=
+ </ds:Modulus>
+ <ds:Exponent>AQAB</ds:Exponent>
+ </ds:RSAKeyValue>
+ </ds:KeyValue>
+ </ds:KeyInfo>
+ </ds:Signature>
+ <samlp:Status>
+ <samlp:StatusCode
+ Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+ </samlp:Status>
+ <samlp:AuthnRequest
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ ID="_306f8ec5b618f361c70b6ffb1480eade"
+ Version="2.0"
+ IssueInstant="2004-12-05T09:21:59Z"
+
Destination="https://idp.example.org/SAML2/SSO/Artifact"
+ ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+
AssertionConsumerServiceURL="https://sp.example.com/SAML2/SSO/Artifa...
+ <
saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
+ <samlp:NameIDPolicy
+ AllowCreate="false"
+ Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
+ </samlp:AuthnRequest>
+ </samlp:ArtifactResponse>
\ No newline at end of file
Added:
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-response.xml
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-response.xml
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-response.xml 2011-07-01
20:57:08 UTC (rev 1056)
@@ -0,0 +1,95 @@
+<samlp:ArtifactResponse
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ ID="ID_d84a49e5958803dedcff4c984c2b0d95"
+ InResponseTo="ID_cce4ee769ed970b501d680f697989d14"
+ Version="2.0"
+ IssueInstant="2004-12-05T09:21:59Z">
+ <ds:Signature
+
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedI...
+ <ds:CanonicalizationMethod
+
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
+ <ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmlds#rsa-sha1"
/>
+ <ds:Reference URI="#ID_ab0392ef-b557-4453-95a8-a7e168da8ac5">
+ <ds:Transforms>
+ <ds:Transform
Algorithm="http://www.w3.org/2000/09/xmlds#enveloped-signature" />
+ <ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
+ </ds:Transforms>
+ <ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmlds#sha1" />
+ <ds:DigestValue>0Y9QM5c5qCShz5UWmbFzBmbuTus=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>
+ se/flQ2htUQ0IUYieVkXNn9cfjnfgv6H99nFarsTNTpRI9xuSlw5OTai/2PYdZI2Va9+QzzBf99m
+ VFyigfFdfrqug6aKFhF0lsujzlFfPfmXBbDRiTFX+4SkBeV71uuy7rOUI/jRiitEA0QrKqs0e/pV
+ +C8PoaariisK96Mtt7A=
+ </ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:KeyValue>
+ <ds:RSAKeyValue>
+ <ds:Modulus>
+ suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1
+ dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJwspqVnMuRK19ju2dxpKw
+ lYGGtrP5VQv00dfNPbs=
+ </ds:Modulus>
+ <ds:Exponent>AQAB</ds:Exponent>
+ </ds:RSAKeyValue>
+ </ds:KeyValue>
+ </ds:KeyInfo>
+ </ds:Signature>
+ <samlp:Status>
+ <samlp:StatusCode
+ Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+ </samlp:Status>
+
+ <samlp:Response
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ ID="identifier_6"
+ InResponseTo="identifier_3"
+ Version="2.0"
+ IssueInstant="2004-12-05T09:22:05Z"
+
Destination="https://sp.example.com/SAML2/SSO/Artifact">
+ <
saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
+
+ <samlp:Status>
+ <samlp:StatusCode
+ Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+ </samlp:Status>
+ <saml:Assertion
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ ID="identifier_7"
+ Version="2.0"
+ IssueInstant="2004-12-05T09:22:05Z">
+ <
saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
+ <saml:Subject>
+ <saml:NameID
+ Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
+ user(a)mail.example.org
+ </saml:NameID>
+ <saml:SubjectConfirmation
+ Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+ <saml:SubjectConfirmationData
+ InResponseTo="identifier_3"
+
Recipient="https://sp.example.com/SAML2/SSO/Artifact"
+ NotOnOrAfter="2004-12-05T09:27:05Z"/>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Conditions
+ NotBefore="2004-12-05T09:17:05Z"
+ NotOnOrAfter="2004-12-05T09:27:05Z">
+ <saml:AudienceRestriction>
+ <
saml:Audience>https://sp.example.com/SAML2</saml:Audience>
+ </saml:AudienceRestriction>
+ </saml:Conditions>
+ <saml:AuthnStatement
+ AuthnInstant="2004-12-05T09:22:00Z"
+ SessionIndex="identifier_7">
+ <saml:AuthnContext>
+ <saml:AuthnContextClassRef>
+ urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+ </saml:AuthnContextClassRef>
+ </saml:AuthnContext>
+ </saml:AuthnStatement>
+ </saml:Assertion>
+ </samlp:Response>
+ </samlp:ArtifactResponse>
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/protocol/ArtifactResponseType.java
===================================================================
---
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/protocol/ArtifactResponseType.java 2011-07-01
20:29:06 UTC (rev 1055)
+++
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/protocol/ArtifactResponseType.java 2011-07-01
20:57:08 UTC (rev 1056)
@@ -55,6 +55,11 @@
super(id, issueInstant);
}
+ public ArtifactResponseType(StatusResponseType srt)
+ {
+ super(srt);
+ }
+
/**
* Gets the value of the any property.
*