Author: anil.saldhana(a)jboss.com
Date: 2011-07-27 15:07:26 -0400 (Wed, 27 Jul 2011)
New Revision: 1135
Modified:
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java
Log:
merge in r1132
Modified:
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
---
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2011-07-27
03:57:27 UTC (rev 1134)
+++
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2011-07-27
19:07:26 UTC (rev 1135)
@@ -142,7 +142,70 @@
}
/**
+ * Construct a {@link ResponseType} without calling PicketLink STS for the assertion.
+ * The {@link AssertionType} is generated within this method
+ * @param ID id of the {@link ResponseType}
+ * @param sp
+ * @param idp
+ * @param issuerInfo
+ * @return
+ * @throws ConfigurationException
+ * @throws ProcessingException
+ */
+ public ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp,
IssuerInfoHolder issuerInfo,
+ AssertionType assertion) throws ConfigurationException, ProcessingException
+ {
+ String responseDestinationURI = sp.getResponseDestinationURI();
+
+ XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
+
+ //Create assertion -> subject
+ SubjectType subjectType = new SubjectType();
+
+ //subject -> nameid
+ NameIDType nameIDType = new NameIDType();
+ nameIDType.setFormat(URI.create(idp.getNameIDFormat()));
+ nameIDType.setValue(idp.getNameIDFormatValue());
+
+ SubjectType.STSubType subType = new SubjectType.STSubType();
+ subType.addBaseID(nameIDType);
+ subjectType.setSubType(subType);
+
+ SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
+ subjectConfirmation.setMethod(idp.getSubjectConfirmationMethod());
+
+ SubjectConfirmationDataType subjectConfirmationData = new
SubjectConfirmationDataType();
+ subjectConfirmationData.setInResponseTo(sp.getRequestID());
+ subjectConfirmationData.setRecipient(responseDestinationURI);
+ subjectConfirmationData.setNotBefore(issueInstant);
+ subjectConfirmationData.setNotOnOrAfter(issueInstant);
+
+ subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
+
+ subjectType.addConfirmation(subjectConfirmation);
+
+ //Update the subjectConfirmationData expiry based on the assertion
+ if (assertion.getConditions() != null)
+ {
+
subjectConfirmationData.setNotOnOrAfter(assertion.getConditions().getNotOnOrAfter());
+ }
+
+ ResponseType responseType = createResponseType(ID, issuerInfo, assertion);
+ //InResponseTo ID
+ responseType.setInResponseTo(sp.getRequestID());
+ //Destination
+ responseType.setDestination(responseDestinationURI);
+
+ return responseType;
+ }
+
+ /**
* Create a ResponseType
+ *
+ * <b>NOTE:</b>: The PicketLink STS is used to issue/update the assertion
+ *
+ * If you want to control over the assertion being issued, then
+ * use {@link #createResponseType(String, SPInfoHolder, IDPInfoHolder,
IssuerInfoHolder, AssertionType)}
* @param ID id of the response
* @param sp holder with the information about the Service Provider
* @param idp holder with the information on the Identity Provider
@@ -158,9 +221,6 @@
XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
- //Create an assertion
- //String id = IDGenerator.create( "ID_" );
-
//Create assertion -> subject
SubjectType subjectType = new SubjectType();
@@ -204,7 +264,10 @@
assertionType = samlProtocolContext.getIssuedAssertion();
//Update the subjectConfirmationData expiry based on the assertion
-
subjectConfirmationData.setNotOnOrAfter(assertionType.getConditions().getNotOnOrAfter());
+ if (assertionType.getConditions() != null)
+ {
+
subjectConfirmationData.setNotOnOrAfter(assertionType.getConditions().getNotOnOrAfter());
+ }
ResponseType responseType = createResponseType(ID, issuerInfo, assertionType);
//InResponseTo ID
Property changes on:
product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
___________________________________________________________________
Added: svn:mergeinfo
+
/federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1098-1132
Modified:
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java
===================================================================
---
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java 2011-07-27
03:57:27 UTC (rev 1134)
+++
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java 2011-07-27
19:07:26 UTC (rev 1135)
@@ -24,17 +24,51 @@
import static org.junit.Assert.assertNotNull;
import java.io.InputStream;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.util.HashMap;
+import java.util.Map;
import org.junit.Test;
import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
+import org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature;
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
+import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
+import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.test.identity.federation.api.util.KeyUtilUnitTestCase;
+import org.w3c.dom.Document;
/**
+ * Unit test the {@link SAML2Response} API
* @author Anil.Saldhana(a)redhat.com
* @since Jul 21, 2011
*/
public class SAML2ResponseUnitTestCase
{
+ private final String keystoreLocation = "keystore/jbid_test_keystore.jks";
+
+ private final String keystorePass = "store123";
+
+ private final String keyPass = "test123";
+
+ private final String alias = "servercert";
+
+ /**
+ * Parse a {@link ResponseType} that contains ADFS Claims
+ * and then try to sign
+ * @throws Exception
+ */
@Test
public void parseADFSClaims() throws Exception
{
@@ -43,6 +77,75 @@
SAML2Response samlResponse = new SAML2Response();
SAML2Object samlObject = samlResponse.getSAML2ObjectFromStream(configStream);
assertNotNull(samlObject);
+
+ SAML2Signature sig = new SAML2Signature();
+ Document signedDoc = sig.sign((ResponseType) samlObject, getKeyPair());
+ assertNotNull(signedDoc);
+
+ System.out.println("Signed Response=" +
DocumentUtil.asString(signedDoc));
}
+ /**
+ * This test constructs the {@link ResponseType}. An {@link AssertionType}
+ * is locally constructed and then passed to the construct method
+ * @throws Exception
+ */
+ @Test
+ public void constructAndSign() throws Exception
+ {
+ SAML2Response samlResponse = new SAML2Response();
+ String ID = IDGenerator.create("ID_");
+
+ IssuerInfoHolder issuerInfo = new IssuerInfoHolder("picketlink");
+
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue("anil");
+
+ //create the service provider(in this case BAS) holder object
+ SPInfoHolder sp = new SPInfoHolder();
+ sp.setResponseDestinationURI("http://sombody");
+
+ Map<String, Object> attributes = new HashMap<String, Object>();
+
+ attributes.put("TOKEN_USER_ID", String.valueOf(2));
+ attributes.put("TOKEN_ORGANIZATION_DISPLAY_NAME", "Test Org");
+ attributes.put("TOKEN_USER_DISPLAY_NAME", "Test User");
+
+ AttributeStatementType attributeStatement =
StatementUtil.createAttributeStatement(attributes);
+
+ String assertionId = IDGenerator.create("ID_");
+
+ AssertionType assertion = AssertionUtil.createAssertion(assertionId,
issuerInfo.getIssuer());
+ assertion.addStatement(attributeStatement);
+
+ ResponseType responseType = samlResponse.createResponseType(ID, sp, idp,
issuerInfo, assertion);
+ SAML2Signature sig = new SAML2Signature();
+ Document signedDoc = sig.sign(responseType, getKeyPair());
+ assertNotNull(signedDoc);
+
+ System.out.println("Signed Response=" +
DocumentUtil.asString(signedDoc));
+ }
+
+ /**
+ * @see {@link KeyUtilUnitTestCase}
+ * @return
+ * @throws Exception
+ */
+ private KeyPair getKeyPair() throws Exception
+ {
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream ksStream = tcl.getResourceAsStream(keystoreLocation);
+ assertNotNull("Input keystore stream is not null", ksStream);
+
+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+ ks.load(ksStream, keystorePass.toCharArray());
+ assertNotNull("KeyStore is not null", ks);
+
+ Certificate cert = ks.getCertificate(alias);
+ assertNotNull("Cert not null", cert);
+
+ // Get private key
+ Key key = ks.getKey(alias, keyPass.toCharArray());
+ return new KeyPair(cert.getPublicKey(), (PrivateKey) key);
+ }
}
\ No newline at end of file
Property changes on:
product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java
___________________________________________________________________
Added: svn:mergeinfo
+
/federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1109-1132
Show replies by date