Author: jonananas Date: 2011-05-03 06:13:49 -0400 (Tue, 03 May 2011) New Revision: 924 Added: picketlink-seam/trunk/picketlink-seam/src/test/java/org/picketlink/test/identity/seam/federation/SamlMetaDataProviderTestCase.java Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutSender.java picketlink-seam/trunk/picketlink-seam/src/test/java/org/picketlink/test/identity/seam/federation/SamlConfigurationUnitTestCase.java Log: PLFED-182 MetaDataService throws exception - Added SamlMetaDataProviderTestCase - SamlMetaDataProvider.getKeyInfoDOM now adds ds namespace Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java =================================================================== --- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java 2011-05-03 08:29:14 UTC (rev 923) +++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlMetaDataProvider.java 2011-05-03 10:13:49 UTC (rev 924) @@ -58,43 +58,47 @@ public void writeMetaData(OutputStream stream) { try - { - String acsRedirectServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE); - IndexedEndpointType acsRedirectEndpoint = new IndexedEndpointType( URI.create( SamlConstants.HTTP_REDIRECT_BINDING ), URI.create( acsRedirectServiceURL )); + { + String acsRedirectServiceURL = serviceProvider + .getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE); + IndexedEndpointType acsRedirectEndpoint = new IndexedEndpointType( + URI.create(SamlConstants.HTTP_REDIRECT_BINDING), URI.create(acsRedirectServiceURL)); - String acsPostServiceURL = serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE); - IndexedEndpointType acsPostEndpoint = new IndexedEndpointType( URI.create( SamlConstants.HTTP_POST_BINDING ), URI.create( acsPostServiceURL ) ); + String acsPostServiceURL = serviceProvider + .getServiceURL(ExternalAuthenticationService.SAML_ASSERTION_CONSUMER_SERVICE); + IndexedEndpointType acsPostEndpoint = new IndexedEndpointType(URI.create(SamlConstants.HTTP_POST_BINDING), + URI.create(acsPostServiceURL)); - IndexedEndpointType sloRedirectEndpoint = new IndexedEndpointType( URI.create(SamlConstants.HTTP_REDIRECT_BINDING), URI.create(serviceProvider - .getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE)) ); + IndexedEndpointType sloRedirectEndpoint = new IndexedEndpointType( + URI.create(SamlConstants.HTTP_REDIRECT_BINDING), URI.create(serviceProvider + .getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE))); - IndexedEndpointType sloPostEndpoint = new IndexedEndpointType( URI.create( SamlConstants.HTTP_POST_BINDING), URI.create( serviceProvider - .getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE)) ); + IndexedEndpointType sloPostEndpoint = new IndexedEndpointType(URI.create(SamlConstants.HTTP_POST_BINDING), + URI.create(serviceProvider.getServiceURL(ExternalAuthenticationService.SAML_SINGLE_LOGOUT_SERVICE))); List<String> protocolSupport = new ArrayList<String>(); - protocolSupport.add( JBossSAMLURIConstants.PROTOCOL_NSURI.get() ); - - SPSSODescriptorType spSsoDescriptor = new SPSSODescriptorType( protocolSupport ); + protocolSupport.add(JBossSAMLURIConstants.PROTOCOL_NSURI.get()); + + SPSSODescriptorType spSsoDescriptor = new SPSSODescriptorType(protocolSupport); spSsoDescriptor.setAuthnRequestsSigned(serviceProvider.getSamlConfiguration().isAuthnRequestsSigned()); spSsoDescriptor.setWantAssertionsSigned(serviceProvider.getSamlConfiguration().isWantAssertionsSigned()); - spSsoDescriptor.addAssertionConsumerService( acsRedirectEndpoint ); - spSsoDescriptor.addAssertionConsumerService( acsPostEndpoint ); - spSsoDescriptor.addSingleLogoutService( sloRedirectEndpoint ); - spSsoDescriptor.addSingleLogoutService( sloPostEndpoint ); + spSsoDescriptor.addAssertionConsumerService(acsRedirectEndpoint); + spSsoDescriptor.addAssertionConsumerService(acsPostEndpoint); + spSsoDescriptor.addSingleLogoutService(sloRedirectEndpoint); + spSsoDescriptor.addSingleLogoutService(sloPostEndpoint); - spSsoDescriptor.addNameIDFormat( "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"); - spSsoDescriptor.addNameIDFormat( "urn:oasis:names:tc:SAML:2.0:nameid-format:transient"); - spSsoDescriptor.addNameIDFormat( "urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"); - spSsoDescriptor.addNameIDFormat( "urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"); - + spSsoDescriptor.addNameIDFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"); + spSsoDescriptor.addNameIDFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:transient"); + spSsoDescriptor.addNameIDFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"); + spSsoDescriptor.addNameIDFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:emailAddress"); X509Certificate certificate = serviceProvider.getSamlConfiguration().getCertificate(); - if(certificate == null) + if (certificate == null) throw new RuntimeException("Certificate obtained from configuration is null"); - Element keyInfoElement = getKeyInfoDOM( certificate ); - + Element keyInfoElement = getKeyInfoDOM(certificate); + /*JAXBElement<byte[]> X509Certificate; try { @@ -113,49 +117,56 @@ KeyDescriptorType keyDescriptor = new KeyDescriptorType(); keyDescriptor.setKeyInfo(keyInfoElement); - + /*keyDescriptor.setUse(KeyTypes.SIGNING); keyDescriptor.setKeyInfo(keyInfo);*/ - spSsoDescriptor.addKeyDescriptor( keyDescriptor ); + spSsoDescriptor.addKeyDescriptor(keyDescriptor); - EDTDescriptorChoiceType edtDescriptorChoice = new EDTDescriptorChoiceType( spSsoDescriptor ); + EDTDescriptorChoiceType edtDescriptorChoice = new EDTDescriptorChoiceType(spSsoDescriptor); List<EDTDescriptorChoiceType> edtChoices = new ArrayList<EntityDescriptorType.EDTDescriptorChoiceType>(); edtChoices.add(edtDescriptorChoice); - + EDTChoiceType edtChoice = new EDTChoiceType(edtChoices); - - EntityDescriptorType entityDescriptor = new EntityDescriptorType( serviceProvider.getSamlConfiguration().getEntityId()); + + EntityDescriptorType entityDescriptor = new EntityDescriptorType(serviceProvider.getSamlConfiguration() + .getEntityId()); entityDescriptor.addChoiceType(edtChoice); - - - SAMLMetadataWriter metadataWriter = new SAMLMetadataWriter( StaxUtil.getXMLStreamWriter( stream ) ); + + SAMLMetadataWriter metadataWriter = new SAMLMetadataWriter(StaxUtil.getXMLStreamWriter(stream)); metadataWriter.writeEntityDescriptor(entityDescriptor); - + /*JAXBContext jaxbContext = JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.metadata"); Marshaller marshaller = jaxbContext.createMarshaller(); marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8"); marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.TRUE); marshaller.marshal(metaDataFactory.createEntityDescriptor(entityDescriptor), stream);*/ } - catch ( Exception e) + catch (Exception e) { throw new RuntimeException(e); } } - - private Element getKeyInfoDOM( X509Certificate certificate ) - { + + private Element getKeyInfoDOM(X509Certificate certificate) + { try { - StringBuilder builder = new StringBuilder( "<ds:KeyInfo><ds:X509Data><ds:X509Certificate>"); - builder.append( KeyUtil.encodeAsString( certificate )).append( "</ds:X509Certificate></ds:X509Data></ds:KeyInfo>"); + // TODO: JA This is not pretty, would prefer to create DOM directly + StringBuilder builder = new StringBuilder("<ds:KeyInfo xmlns:ds=\"" + + JBossSAMLURIConstants.XMLDSIG_NSURI.get() + "\"><ds:X509Data><ds:X509Certificate>"); + builder.append(KeyUtil.encodeAsString(certificate)).append("</ds:X509Certificate></ds:X509Data></ds:KeyInfo>"); return DocumentUtil.getDocument(builder.toString()).getDocumentElement(); } - catch ( Exception e) - { - throw new RuntimeException( e ); + catch (Exception e) + { + throw new RuntimeException(e); } - + } -} \ No newline at end of file + + public void setServiceProvider(ServiceProvider serviceProvider) + { + this.serviceProvider = serviceProvider; + } +} Modified: picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutSender.java =================================================================== --- picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutSender.java 2011-05-03 08:29:14 UTC (rev 923) +++ picketlink-seam/trunk/picketlink-seam/src/main/java/org/picketlink/identity/seam/federation/SamlSingleLogoutSender.java 2011-05-03 10:13:49 UTC (rev 924) @@ -29,7 +29,6 @@ import org.jboss.seam.annotations.In; import org.jboss.seam.annotations.Name; import org.jboss.seam.security.Identity; -import org.picketlink.identity.federation.core.exceptions.ConfigurationException; import org.picketlink.identity.federation.newmodel.saml.v2.protocol.LogoutRequestType; import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider; @@ -54,17 +53,10 @@ public void sendSingleLogoutRequestToIDP(HttpServletRequest request, HttpServletResponse response, Identity identity) { SeamSamlPrincipal principal = (SeamSamlPrincipal) identity.getPrincipal(); - SamlIdentityProvider idp = (SamlIdentityProvider) principal.getIdentityProvider(); + SamlIdentityProvider idp = principal.getIdentityProvider(); LogoutRequestType logoutRequest; - try - { - logoutRequest = samlMessageFactory.createLogoutRequest(principal); - requests.addRequest(logoutRequest.getID(), idp, null); - } - catch (ConfigurationException e) - { - throw new RuntimeException(e); - } + logoutRequest = samlMessageFactory.createLogoutRequest(principal); + requests.addRequest(logoutRequest.getID(), idp, null); samlMessageSender.sendRequestToIDP(request, response, idp, SamlProfile.SINGLE_LOGOUT, logoutRequest); } Modified: picketlink-seam/trunk/picketlink-seam/src/test/java/org/picketlink/test/identity/seam/federation/SamlConfigurationUnitTestCase.java =================================================================== --- picketlink-seam/trunk/picketlink-seam/src/test/java/org/picketlink/test/identity/seam/federation/SamlConfigurationUnitTestCase.java 2011-05-03 08:29:14 UTC (rev 923) +++ picketlink-seam/trunk/picketlink-seam/src/test/java/org/picketlink/test/identity/seam/federation/SamlConfigurationUnitTestCase.java 2011-05-03 10:13:49 UTC (rev 924) @@ -22,11 +22,6 @@ package org.picketlink.test.identity.seam.federation; import static org.junit.Assert.*; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; - -import static org.hamcrest.CoreMatchers.*; - import java.io.InputStream; import java.util.HashMap; import java.util.List; @@ -39,11 +34,7 @@ import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTChoiceType; import org.picketlink.identity.federation.newmodel.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType; import org.picketlink.identity.federation.newmodel.saml.v2.metadata.IDPSSODescriptorType; -import org.picketlink.identity.seam.federation.configuration.Configuration; import org.picketlink.identity.seam.federation.configuration.SamlConfiguration; -import org.picketlink.identity.seam.federation.configuration.SamlIdentityProvider; -import org.picketlink.identity.seam.federation.configuration.ServiceProvider; -import org.picketlink.identity.seam.federation.jaxb.config.SamlConfigType; /** * Unit test the {@link SamlConfiguration} class Added: picketlink-seam/trunk/picketlink-seam/src/test/java/org/picketlink/test/identity/seam/federation/SamlMetaDataProviderTestCase.java =================================================================== --- picketlink-seam/trunk/picketlink-seam/src/test/java/org/picketlink/test/identity/seam/federation/SamlMetaDataProviderTestCase.java (rev 0) +++ picketlink-seam/trunk/picketlink-seam/src/test/java/org/picketlink/test/identity/seam/federation/SamlMetaDataProviderTestCase.java 2011-05-03 10:13:49 UTC (rev 924) @@ -0,0 +1,58 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2011, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.identity.seam.federation; + +import static org.hamcrest.CoreMatchers.is; +import static org.junit.Assert.*; + +import java.io.ByteArrayOutputStream; +import java.io.OutputStream; + +import org.junit.Test; +import org.picketlink.identity.seam.federation.SamlMetaDataProvider; +import org.picketlink.identity.seam.federation.configuration.Configuration; +import org.picketlink.identity.seam.federation.configuration.ServiceProvider; + +/** + * @author Jonas Andersson + * @since 29 apr 2011 + */ +public class SamlMetaDataProviderTestCase +{ + + @Test + public void shouldReturnMetaData() throws Exception + { + Configuration config = new Configuration(); + config.init(); + + SamlMetaDataProvider metaDataProvider = new SamlMetaDataProvider(); + ServiceProvider serviceProvider = config.getServiceProvider("localhost"); + assertNotNull(serviceProvider.getSamlConfiguration().getCertificate()); + metaDataProvider.setServiceProvider(serviceProvider); + OutputStream stream = new ByteArrayOutputStream(); + metaDataProvider.writeMetaData(stream); + assertThat( + stream.toString(), + is("<md:EntityDescriptor xmlns=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:md=\"urn:oasis:names:tc:SAML:2.0:metadata\" xmlns:saml=\"urn:oasis:names:tc:SAML:2.0:assertion\" xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\" entityID=\"http://localhost:8080/seam-sp\"><md:SPSSODescriptor protocolSupportEnumeration=\"urn:oasis:names:tc:SAML:2.0:protocol\" WantAuthnRequestsSigned=\"false\" WantAssertionsSigned=\"true\"><md:KeyDescriptor><ds:KeyInfo xmlns:ds=\"http://www.w3.org/2000/09/xmldsig#\"><ds:X509D...! Y9VSeA4uQViPYUvDLQQ\nlN/6XCySQmn4TZj2PDZ7X0Gf3p/wmpeTvcg5xDjAuHYfRLYM4r0maIGGCPMdyT94tqDoL28F+DWq\n1ty4hv/+SUx+rdLBe0r2u+JtVeeBAOxs6HA9ih47dXEu4fV5AgMBAAEwDQYJKoZIhvcNAQEFBQAD\ngYEAKFxUWw/QJA//rUNYjv3fgfQ+Sjhjjdh4lFDuYMcvkSAQLfNBwXy8gTAp+qxzmvgrRALlMMOt\nOzI3D9IuiLZkG/j2l7d7ILhwX210b1sKl4AIf/9wo4vQYlrhzszqYBwt9j7bhOe1Lm2uMJXX6WOP\nKVbytds53HGH/yyzoVz85Yc=</ds:X509Certificate></ds:X509Data></ds:KeyInfo></md:KeyDescriptor><md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://localhost:8080null/SingleLogoutService.seam\"></md:SingleLogoutService><md:SingleLogoutService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8080null/SingleLogoutService.seam\"></md:SingleLogoutService><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</md:NameIDFormat><md:NameIDFormat>urn:oasis:names:tc:SAML:2.! 0:nameid-format:unspecified</md:NameIDFormat><md:NameIDFormat>! urn:oasi s:names:tc:SAML:2.0:nameid-format:emailAddress</md:NameIDFormat><md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect\" Location=\"http://localhost:8080null/AssertionConsumerService.seam\" index=\"0\"></md:AssertionConsumerService><md:AssertionConsumerService Binding=\"urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST\" Location=\"http://localhost:8080null/AssertionConsumerService.seam\" index=\"0\"></md:AssertionConsumerService></md:SPSSODescriptor></md:EntityDescriptor>")); + } +}