Author: anil.saldhana(a)jboss.com Date: 2011-07-27 15:07:26 -0400 (Wed, 27 Jul 2011) New Revision: 1135 Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java Log: merge in r1132 Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java =================================================================== --- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2011-07-27 03:57:27 UTC (rev 1134) +++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2011-07-27 19:07:26 UTC (rev 1135) @@ -142,7 +142,70 @@ } /** + * Construct a {@link ResponseType} without calling PicketLink STS for the assertion. + * The {@link AssertionType} is generated within this method + * @param ID id of the {@link ResponseType} + * @param sp + * @param idp + * @param issuerInfo + * @return + * @throws ConfigurationException + * @throws ProcessingException + */ + public ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp, IssuerInfoHolder issuerInfo, + AssertionType assertion) throws ConfigurationException, ProcessingException + { + String responseDestinationURI = sp.getResponseDestinationURI(); + + XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant(); + + //Create assertion -> subject + SubjectType subjectType = new SubjectType(); + + //subject -> nameid + NameIDType nameIDType = new NameIDType(); + nameIDType.setFormat(URI.create(idp.getNameIDFormat())); + nameIDType.setValue(idp.getNameIDFormatValue()); + + SubjectType.STSubType subType = new SubjectType.STSubType(); + subType.addBaseID(nameIDType); + subjectType.setSubType(subType); + + SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType(); + subjectConfirmation.setMethod(idp.getSubjectConfirmationMethod()); + + SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType(); + subjectConfirmationData.setInResponseTo(sp.getRequestID()); + subjectConfirmationData.setRecipient(responseDestinationURI); + subjectConfirmationData.setNotBefore(issueInstant); + subjectConfirmationData.setNotOnOrAfter(issueInstant); + + subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData); + + subjectType.addConfirmation(subjectConfirmation); + + //Update the subjectConfirmationData expiry based on the assertion + if (assertion.getConditions() != null) + { + subjectConfirmationData.setNotOnOrAfter(assertion.getConditions().getNotOnOrAfter()); + } + + ResponseType responseType = createResponseType(ID, issuerInfo, assertion); + //InResponseTo ID + responseType.setInResponseTo(sp.getRequestID()); + //Destination + responseType.setDestination(responseDestinationURI); + + return responseType; + } + + /** * Create a ResponseType + * + * <b>NOTE:</b>: The PicketLink STS is used to issue/update the assertion + * + * If you want to control over the assertion being issued, then + * use {@link #createResponseType(String, SPInfoHolder, IDPInfoHolder, IssuerInfoHolder, AssertionType)} * @param ID id of the response * @param sp holder with the information about the Service Provider * @param idp holder with the information on the Identity Provider @@ -158,9 +221,6 @@ XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant(); - //Create an assertion - //String id = IDGenerator.create( "ID_" ); - //Create assertion -> subject SubjectType subjectType = new SubjectType(); @@ -204,7 +264,10 @@ assertionType = samlProtocolContext.getIssuedAssertion(); //Update the subjectConfirmationData expiry based on the assertion - subjectConfirmationData.setNotOnOrAfter(assertionType.getConditions().getNotOnOrAfter()); + if (assertionType.getConditions() != null) + { + subjectConfirmationData.setNotOnOrAfter(assertionType.getConditions().getNotOnOrAfter()); + } ResponseType responseType = createResponseType(ID, issuerInfo, assertionType); //InResponseTo ID Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java ___________________________________________________________________ Added: svn:mergeinfo + /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1098-1132 Modified: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java =================================================================== --- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java 2011-07-27 03:57:27 UTC (rev 1134) +++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java 2011-07-27 19:07:26 UTC (rev 1135) @@ -24,17 +24,51 @@ import static org.junit.Assert.assertNotNull; import java.io.InputStream; +import java.security.Key; +import java.security.KeyPair; +import java.security.KeyStore; +import java.security.PrivateKey; +import java.security.cert.Certificate; +import java.util.HashMap; +import java.util.Map; import org.junit.Test; import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response; +import org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature; +import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator; +import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder; +import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder; +import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder; +import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil; +import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil; import org.picketlink.identity.federation.saml.v2.SAML2Object; +import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; +import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType; +import org.picketlink.identity.federation.saml.v2.protocol.ResponseType; +import org.picketlink.test.identity.federation.api.util.KeyUtilUnitTestCase; +import org.w3c.dom.Document; /** + * Unit test the {@link SAML2Response} API * @author Anil.Saldhana(a)redhat.com * @since Jul 21, 2011 */ public class SAML2ResponseUnitTestCase { + private final String keystoreLocation = "keystore/jbid_test_keystore.jks"; + + private final String keystorePass = "store123"; + + private final String keyPass = "test123"; + + private final String alias = "servercert"; + + /** + * Parse a {@link ResponseType} that contains ADFS Claims + * and then try to sign + * @throws Exception + */ @Test public void parseADFSClaims() throws Exception { @@ -43,6 +77,75 @@ SAML2Response samlResponse = new SAML2Response(); SAML2Object samlObject = samlResponse.getSAML2ObjectFromStream(configStream); assertNotNull(samlObject); + + SAML2Signature sig = new SAML2Signature(); + Document signedDoc = sig.sign((ResponseType) samlObject, getKeyPair()); + assertNotNull(signedDoc); + + System.out.println("Signed Response=" + DocumentUtil.asString(signedDoc)); } + /** + * This test constructs the {@link ResponseType}. An {@link AssertionType} + * is locally constructed and then passed to the construct method + * @throws Exception + */ + @Test + public void constructAndSign() throws Exception + { + SAML2Response samlResponse = new SAML2Response(); + String ID = IDGenerator.create("ID_"); + + IssuerInfoHolder issuerInfo = new IssuerInfoHolder("picketlink"); + + IDPInfoHolder idp = new IDPInfoHolder(); + idp.setNameIDFormatValue("anil"); + + //create the service provider(in this case BAS) holder object + SPInfoHolder sp = new SPInfoHolder(); + sp.setResponseDestinationURI("http://sombody"); + + Map<String, Object> attributes = new HashMap<String, Object>(); + + attributes.put("TOKEN_USER_ID", String.valueOf(2)); + attributes.put("TOKEN_ORGANIZATION_DISPLAY_NAME", "Test Org"); + attributes.put("TOKEN_USER_DISPLAY_NAME", "Test User"); + + AttributeStatementType attributeStatement = StatementUtil.createAttributeStatement(attributes); + + String assertionId = IDGenerator.create("ID_"); + + AssertionType assertion = AssertionUtil.createAssertion(assertionId, issuerInfo.getIssuer()); + assertion.addStatement(attributeStatement); + + ResponseType responseType = samlResponse.createResponseType(ID, sp, idp, issuerInfo, assertion); + SAML2Signature sig = new SAML2Signature(); + Document signedDoc = sig.sign(responseType, getKeyPair()); + assertNotNull(signedDoc); + + System.out.println("Signed Response=" + DocumentUtil.asString(signedDoc)); + } + + /** + * @see {@link KeyUtilUnitTestCase} + * @return + * @throws Exception + */ + private KeyPair getKeyPair() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream ksStream = tcl.getResourceAsStream(keystoreLocation); + assertNotNull("Input keystore stream is not null", ksStream); + + KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType()); + ks.load(ksStream, keystorePass.toCharArray()); + assertNotNull("KeyStore is not null", ks); + + Certificate cert = ks.getCertificate(alias); + assertNotNull("Cert not null", cert); + + // Get private key + Key key = ks.getKey(alias, keyPass.toCharArray()); + return new KeyPair(cert.getPublicKey(), (PrivateKey) key); + } } \ No newline at end of file Property changes on: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java ___________________________________________________________________ Added: svn:mergeinfo + /federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1109-1132