Author: anil.saldhana(a)jboss.com
Date: 2010-10-14 11:02:21 -0400 (Thu, 14 Oct 2010)
New Revision: 464
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-assertion-audiencerestriction.xml
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java
Log:
PLFED-110: saml parsing
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java 2010-10-12
22:29:13 UTC (rev 463)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAssertionParser.java 2010-10-14
15:02:21 UTC (rev 464)
@@ -23,18 +23,18 @@
import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.DatatypeFactory;
-import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.XMLStreamException;
import javax.xml.stream.events.Attribute;
+import javax.xml.stream.events.EndElement;
import javax.xml.stream.events.StartElement;
+import javax.xml.stream.events.XMLEvent;
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport;
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
@@ -46,118 +46,128 @@
* @since Oct 12, 2010
*/
public class SAMLAssertionParser implements ParserNamespaceSupport
-{
- public static final String LOCALPART = "Assertion";
-
+{
+ /**
+ * @see {@link ParserNamespaceSupport#parse(XMLEventReader)}
+ */
public Object parse(XMLEventReader xmlEventReader) throws ParsingException
{
+ DatatypeFactory dtf;
try
{
- xmlEventReader.nextEvent();
+ dtf = DatatypeFactory.newInstance();
}
- catch (XMLStreamException e)
+ catch (DatatypeConfigurationException e )
{
throw new ParsingException( e );
- }
-
+ }
+
AssertionType assertion = new AssertionType();
-
+
//Peek at the next event
while( xmlEventReader.hasNext() )
- {
- StartElement peekedElement = StaxParserUtil.peekNextStartElement( xmlEventReader
);
- if( peekedElement == null )
- break;
-
+ {
+ XMLEvent xmlEvent = StaxParserUtil.peek( xmlEventReader );
+ if( xmlEvent == null )
+ break;
+ if( xmlEvent instanceof EndElement )
+ {
+ xmlEvent = StaxParserUtil.getNextEvent( xmlEventReader );
+ EndElement endElement = (EndElement) xmlEvent;
+ String endElementTag = StaxParserUtil.getEndElementName( endElement );
+ if( endElementTag.equals( JBossSAMLConstants.ASSERTION.get() ) )
+ break;
+ }
+ StartElement peekedElement = null;
+
+ if( xmlEvent instanceof StartElement )
+ {
+ peekedElement = (StartElement) xmlEvent;
+ }
+ else
+ {
+ peekedElement = StaxParserUtil.peekNextStartElement( xmlEventReader );
+ }
+ if( peekedElement == null )
+ break;
+
String tag = StaxParserUtil.getStartElementName( peekedElement );
-
+
+ if( tag.equals( JBossSAMLConstants.ASSERTION.get() ))
+ {
+ StartElement nextElement =
StaxParserUtil.getNextStartElement(xmlEventReader);
+ Attribute idAttribute = nextElement.getAttributeByName( new QName(
"", "ID" ) );
+ assertion.setID( StaxParserUtil.getAttributeValue( idAttribute ));
+
+ Attribute versionAttribute = nextElement.getAttributeByName( new QName(
"", "Version" ));
+ assertion.setVersion( StaxParserUtil.getAttributeValue(versionAttribute) );
+
+ Attribute issueInstantAttribute = nextElement.getAttributeByName( new QName(
"", "IssueInstant" ));
+ if( issueInstantAttribute != null )
+ {
+ assertion.setIssueInstant( dtf.newXMLGregorianCalendar(
StaxParserUtil.getAttributeValue(issueInstantAttribute )));
+ }
+ continue;
+ }
+
+ if( tag.equals( JBossSAMLConstants.SIGNATURE.get() ) )
+ {
+ bypassXMLSignatureBlock( xmlEventReader );
+ continue;
+ }
+
if( JBossSAMLConstants.ISSUER.get().equalsIgnoreCase( tag ) )
{
try
{
StaxParserUtil.getNextStartElement( xmlEventReader );
String issuerValue = xmlEventReader.getElementText();
-
+
NameIDType issuer = new NameIDType();
issuer.setValue( issuerValue );
-
+
assertion.setIssuer( issuer );
}
catch (XMLStreamException e)
{
- throw new ParsingException( e );
+ throw new ParsingException( e );
}
}
else if( JBossSAMLConstants.SUBJECT.get().equalsIgnoreCase( tag ) )
{
- SAMLSubjectParser subjectParser = new SAMLSubjectParser();
- assertion.setSubject( (SubjectType) subjectParser.parse(xmlEventReader));
+ SAMLSubjectParser subjectParser = new SAMLSubjectParser();
+ assertion.setSubject( (SubjectType) subjectParser.parse(xmlEventReader));
}
else if( JBossSAMLConstants.CONDITIONS.get().equalsIgnoreCase( tag ) )
{
- try
- {
- QName notBeforeQName = new QName( "",
JBossSAMLConstants.NOT_BEFORE.get() );
- QName notBeforeQNameWithNS = new QName(
JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.NOT_BEFORE.get() );
-
- QName notAfterQName = new QName( "",
JBossSAMLConstants.NOT_ON_OR_AFTER.get() );
- QName notAfterQNameWithNS = new QName(
JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.NOT_ON_OR_AFTER.get() );
-
- StartElement conditionsElement = StaxParserUtil.getNextStartElement(
xmlEventReader );
-
- Attribute notBeforeAttribute = conditionsElement.getAttributeByName(
notBeforeQName );
- if( notBeforeAttribute == null )
- notBeforeAttribute = conditionsElement.getAttributeByName(
notBeforeQNameWithNS );
-
- Attribute notAfterAttribute = conditionsElement.getAttributeByName(
notAfterQName );
- if( notAfterAttribute == null )
- notAfterAttribute = conditionsElement.getAttributeByName(
notAfterQNameWithNS );
-
-
- ConditionsType conditions = new ConditionsType();
-
- if( notBeforeAttribute != null )
- {
- String notBeforeValue = StaxParserUtil.getAttributeValue(
notBeforeAttribute );
-
- DatatypeFactory dtf = DatatypeFactory.newInstance();
- XMLGregorianCalendar xmlcal = dtf.newXMLGregorianCalendar(
notBeforeValue );
- conditions.setNotBefore( xmlcal );
- }
-
- if( notAfterAttribute != null )
- {
- String notAfterValue = StaxParserUtil.getAttributeValue(
notAfterAttribute );
-
- DatatypeFactory dtf = DatatypeFactory.newInstance();
- XMLGregorianCalendar xmlcal = dtf.newXMLGregorianCalendar(
notAfterValue );
- conditions.setNotOnOrAfter( xmlcal );
- }
-
- assertion.setConditions( conditions );
- }
- catch (DatatypeConfigurationException e)
- {
- throw new ParsingException( e );
- }
- }
- else
- {
- try
- {
- xmlEventReader.nextEvent();
- }
- catch (XMLStreamException e)
- {
- throw new ParsingException( e );
- }
+ SAMLConditionsParser conditionsParser = new SAMLConditionsParser();
+ ConditionsType conditions = (ConditionsType)
conditionsParser.parse(xmlEventReader);
+
+ assertion.setConditions( conditions );
+
}
}
return assertion;
}
-
+
+ /**
+ * @see {@link ParserNamespaceSupport#supports(QName)}
+ */
public boolean supports(QName qname)
{
return false;
}
+
+ private void bypassXMLSignatureBlock( XMLEventReader xmlEventReader ) throws
ParsingException
+ {
+ while ( xmlEventReader.hasNext() )
+ {
+ EndElement endElement = StaxParserUtil.getNextEndElement( xmlEventReader );
+ if( endElement == null )
+ return;
+
+ if( StaxParserUtil.getEndElementName(endElement).equals( "Signature" )
)
+ return;
+ }
+ }
}
\ No newline at end of file
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLConditionsParser.java 2010-10-14
15:02:21 UTC (rev 464)
@@ -0,0 +1,178 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.parsers.saml;
+
+import javax.xml.datatype.DatatypeConfigurationException;
+import javax.xml.datatype.DatatypeFactory;
+import javax.xml.datatype.XMLGregorianCalendar;
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.events.Attribute;
+import javax.xml.stream.events.EndElement;
+import javax.xml.stream.events.StartElement;
+import javax.xml.stream.events.XMLEvent;
+
+import org.picketlink.identity.federation.core.exceptions.ParsingException;
+import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport;
+import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.saml.v2.assertion.AudienceRestrictionType;
+import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
+
+/**
+ * Parse the <conditions> in the saml assertion
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Oct 14, 2010
+ */
+public class SAMLConditionsParser implements ParserNamespaceSupport
+{
+ /**
+ * @see {@link ParserNamespaceSupport#parse(XMLEventReader)}
+ */
+ public Object parse(XMLEventReader xmlEventReader) throws ParsingException
+ {
+ //We are entering this method with <conditions> as the next start element
+ //and we have to exit after seeing the </conditions> end tag
+
+ StartElement conditionsElement =
StaxParserUtil.getNextStartElement(xmlEventReader);
+ StaxParserUtil.validate(conditionsElement, JBossSAMLConstants.CONDITIONS.get() );
+
+ DatatypeFactory dtf;
+ try
+ {
+ dtf = DatatypeFactory.newInstance();
+ }
+ catch (DatatypeConfigurationException e )
+ {
+ throw new ParsingException( e );
+ }
+
+ ConditionsType conditions = new ConditionsType();
+
+ String assertionNS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
+
+ QName notBeforeQName = new QName( "", JBossSAMLConstants.NOT_BEFORE.get()
);
+ QName notBeforeQNameWithNS = new QName( assertionNS ,
JBossSAMLConstants.NOT_BEFORE.get() );
+
+ QName notAfterQName = new QName( "",
JBossSAMLConstants.NOT_ON_OR_AFTER.get() );
+ QName notAfterQNameWithNS = new QName( assertionNS ,
JBossSAMLConstants.NOT_ON_OR_AFTER.get() );
+
+ Attribute notBeforeAttribute = conditionsElement.getAttributeByName( notBeforeQName
);
+ if( notBeforeAttribute == null )
+ notBeforeAttribute = conditionsElement.getAttributeByName( notBeforeQNameWithNS
);
+
+ Attribute notAfterAttribute = conditionsElement.getAttributeByName( notAfterQName
);
+ if( notAfterAttribute == null )
+ notAfterAttribute = conditionsElement.getAttributeByName( notAfterQNameWithNS );
+
+ if( notBeforeAttribute != null )
+ {
+ String notBeforeValue = StaxParserUtil.getAttributeValue( notBeforeAttribute );
+
+ XMLGregorianCalendar xmlcal = dtf.newXMLGregorianCalendar( notBeforeValue );
+ conditions.setNotBefore( xmlcal );
+ }
+
+ if( notAfterAttribute != null )
+ {
+ String notAfterValue = StaxParserUtil.getAttributeValue( notAfterAttribute );
+ XMLGregorianCalendar xmlcal = dtf.newXMLGregorianCalendar( notAfterValue );
+ conditions.setNotOnOrAfter( xmlcal );
+ }
+
+
+ //Let us find additional elements
+
+ while( xmlEventReader.hasNext() )
+ {
+ XMLEvent xmlEvent = StaxParserUtil.peek( xmlEventReader );
+
+ if( xmlEvent instanceof EndElement )
+ {
+ EndElement nextEndElement = (EndElement) xmlEvent;
+ if( StaxParserUtil.matches(nextEndElement,
JBossSAMLConstants.CONDITIONS.get() ))
+ break;
+ }
+
+ String tag = null;
+
+ if( xmlEvent instanceof StartElement )
+ {
+ StartElement peekedElement = (StartElement) xmlEvent;
+ tag = StaxParserUtil.getStartElementName(peekedElement);
+ }
+
+ if( JBossSAMLConstants.AUDIENCE_RESTRICTION.get().equals( tag ) )
+ {
+ AudienceRestrictionType audienceRestriction =
getAudienceRestriction(xmlEventReader);
+ conditions.getConditionOrAudienceRestrictionOrOneTimeUse().add(
audienceRestriction );
+ }
+ else throw new RuntimeException( "Unknown tag:" + tag );
+ }
+ return conditions;
+ }
+
+ /**
+ * @see {@link ParserNamespaceSupport#supports(QName)}
+ */
+ public boolean supports(QName qname)
+ {
+ return false;
+ }
+
+ /**
+ * Parse the <audiencerestriction/> element
+ * @param xmlEventReader
+ * @return
+ * @throws ParsingException
+ */
+ private AudienceRestrictionType getAudienceRestriction( XMLEventReader xmlEventReader
) throws ParsingException
+ {
+ StartElement audienceRestElement =
StaxParserUtil.getNextStartElement(xmlEventReader);
+ StaxParserUtil.matches(audienceRestElement,
JBossSAMLConstants.AUDIENCE_RESTRICTION.get() );
+
+ AudienceRestrictionType audience = new AudienceRestrictionType();
+
+ while( xmlEventReader.hasNext() )
+ {
+ StartElement audienceElement = StaxParserUtil.getNextStartElement(
xmlEventReader );
+ if( !StaxParserUtil.matches(audienceElement, JBossSAMLConstants.AUDIENCE.get() )
)
+ break;
+
+ String audienceValue = StaxParserUtil.getElementText( xmlEventReader );
+ audience.getAudience().add( audienceValue );
+
+ XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
+ if( xmlEvent instanceof EndElement )
+ {
+ EndElement endElement = (EndElement) xmlEvent;
+ if( StaxParserUtil.matches(endElement,
JBossSAMLConstants.AUDIENCE_RESTRICTION.get() ))
+ {
+ StaxParserUtil.getNextEvent(xmlEventReader); //Just get the end element
+ break;
+ }
+ }
+ }
+ return audience;
+ }
+}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2010-10-12
22:29:13 UTC (rev 463)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2010-10-14
15:02:21 UTC (rev 464)
@@ -29,7 +29,9 @@
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.parsers.AbstractParser;
+import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport;
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
/**
@@ -39,6 +41,9 @@
*/
public class SAMLParser extends AbstractParser
{
+ /**
+ * @see {@link ParserNamespaceSupport#parse(XMLEventReader)}
+ */
public Object parse(XMLEventReader xmlEventReader) throws ParsingException
{
while( xmlEventReader.hasNext() )
@@ -58,7 +63,7 @@
StartElement startElement = (StartElement) xmlEvent;
String elementName = StaxParserUtil.getStartElementName( startElement );
- if( elementName.equalsIgnoreCase( SAMLAssertionParser.LOCALPART ))
+ if( elementName.equalsIgnoreCase( JBossSAMLConstants.ASSERTION.get() ))
{
SAMLAssertionParser assertionParser = new SAMLAssertionParser();
return assertionParser.parse( xmlEventReader );
@@ -76,9 +81,12 @@
}
}
}
- return null;
+ throw new RuntimeException( "SAML Parsing has failed" );
}
+ /**
+ * @see {@link ParserNamespaceSupport#supports(QName)}
+ */
public boolean supports(QName qname)
{
return JBossSAMLURIConstants.ASSERTION_NSURI.get().equals( qname.getNamespaceURI()
);
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java 2010-10-12
22:29:13 UTC (rev 463)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java 2010-10-14
15:02:21 UTC (rev 464)
@@ -49,6 +49,9 @@
{
private ObjectFactory objectFactory = new ObjectFactory();
+ /**
+ * @see {@link ParserNamespaceSupport#parse(XMLEventReader)}
+ */
public Object parse(XMLEventReader xmlEventReader) throws ParsingException
{
StaxParserUtil.getNextEvent(xmlEventReader);
@@ -129,9 +132,11 @@
return subject;
}
+ /**
+ * @see {@link ParserNamespaceSupport#supports(QName)}
+ */
public boolean supports(QName qname)
{
return false;
}
-
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-10-12
22:29:13 UTC (rev 463)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2010-10-14
15:02:21 UTC (rev 464)
@@ -28,6 +28,9 @@
*/
public enum JBossSAMLConstants
{
+ ASSERTION( "Assertion" ),
+ AUDIENCE( "Audience" ),
+ AUDIENCE_RESTRICTION( "AudienceRestriction" ),
CONDITIONS( "Conditions" ),
ISSUER( "Issuer" ),
LANG_EN("en"),
@@ -37,6 +40,7 @@
NAME_QUALIFIER( "NameQualifier" ),
NOT_BEFORE( "NotBefore" ),
NOT_ON_OR_AFTER( "NotOnOrAfter" ),
+ SIGNATURE( "Signature" ),
SIGNATURE_SHA1_WITH_DSA("http://www.w3.org/2000/09/xmldsig#dsa-sha1&...,
SIGNATURE_SHA1_WITH_RSA("http://www.w3.org/2000/09/xmldsig#rsa-sha1&...,
SUBJECT( "Subject" ),
Modified:
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java 2010-10-12
22:29:13 UTC (rev 463)
+++
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java 2010-10-14
15:02:21 UTC (rev 464)
@@ -33,11 +33,13 @@
import org.junit.Test;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.saml.v2.assertion.AudienceRestrictionType;
import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
/**
+ * Test the parsing of saml assertions
* @author Anil.Saldhana(a)redhat.com
* @since Oct 12, 2010
*/
@@ -46,12 +48,17 @@
@Test
public void testSAMLAssertionParsing() throws Exception
{
+ DatatypeFactory dtf = DatatypeFactory.newInstance();
+
ClassLoader tcl = Thread.currentThread().getContextClassLoader();
InputStream configStream = tcl.getResourceAsStream(
"parser/saml2/saml2-assertion.xml" );
SAMLParser parser = new SAMLParser();
AssertionType assertion = (AssertionType) parser.parse(configStream);
assertNotNull( assertion );
+
+ assertEquals( "ID_ab0392ef-b557-4453-95a8-a7e168da8ac5",
assertion.getID() );
+ assertEquals( dtf.newXMLGregorianCalendar( "2010-09-30T19:13:37.869Z" ),
assertion.getIssueInstant() );
//Issuer
assertEquals( "Test STS", assertion.getIssuer().getValue() );
@@ -60,7 +67,6 @@
List<JAXBElement<?>> content = subject.getContent();
- DatatypeFactory dtf = DatatypeFactory.newInstance();
int size = content.size();
@@ -86,4 +92,63 @@
}
}
}
+
+
+ /**
+ * This test validates the parsing of audience restrictions inside the conditions
+ * @throws Exception
+ */
+ @Test
+ public void testSAMLAssertionParsingWithAudienceRestriction() throws Exception
+ {
+ DatatypeFactory dtf = DatatypeFactory.newInstance();
+
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream(
"parser/saml2/saml2-assertion-audiencerestriction.xml" );
+
+ SAMLParser parser = new SAMLParser();
+ AssertionType assertion = (AssertionType) parser.parse(configStream);
+ assertNotNull( assertion );
+
+ assertEquals( "ID_cf9efbf0-9d7f-4b4a-b77f-d83ecaafd374",
assertion.getID() );
+ assertEquals( dtf.newXMLGregorianCalendar( "2010-09-30T19:13:37.911Z" ),
assertion.getIssueInstant() );
+ assertEquals( "2.0", assertion.getVersion() );
+
+ //Issuer
+ assertEquals( "Test STS", assertion.getIssuer().getValue() );
+
+ //Subject
+ SubjectType subject = assertion.getSubject();
+ List<JAXBElement<?>> content = subject.getContent();
+
+
+
+ int size = content.size();
+
+ for( int i = 0 ; i < size; i++ )
+ {
+ JAXBElement<?> node = content.get(i);
+ if( node.getDeclaredType().equals( NameIDType.class ))
+ {
+ NameIDType subjectNameID = (NameIDType) node.getValue();
+
+ assertEquals( "jduke", subjectNameID.getValue() );
+ assertEquals( "urn:picketlink:identity-federation",
subjectNameID.getNameQualifier() );
+ }
+
+ if( node.getDeclaredType().equals( ConditionsType.class ))
+ {
+ //Conditions
+ ConditionsType conditions = (ConditionsType) node.getValue();
+ assertEquals( dtf.newXMLGregorianCalendar(
"2010-09-30T19:13:37.911Z" ) , conditions.getNotBefore() );
+ assertEquals( dtf.newXMLGregorianCalendar(
"2010-09-30T21:13:37.911Z" ) , conditions.getNotOnOrAfter() );
+
+ //Audience Restriction
+ AudienceRestrictionType audienceRestrictionType =
+ (AudienceRestrictionType)
conditions.getConditionOrAudienceRestrictionOrOneTimeUse();
+ assertEquals( 1, audienceRestrictionType.getAudience().size() );
+ assertEquals( "http://services.testcorp.org/provider2",
audienceRestrictionType.getAudience().get( 0 ));
+ }
+ }
+ }
}
\ No newline at end of file
Added:
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-assertion-audiencerestriction.xml
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-assertion-audiencerestriction.xml
(rev 0)
+++
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-assertion-audiencerestriction.xml 2010-10-14
15:02:21 UTC (rev 464)
@@ -0,0 +1,48 @@
+<saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ ID="ID_cf9efbf0-9d7f-4b4a-b77f-d83ecaafd374"
IssueInstant="2010-09-30T19:13:37.911Z"
+ Version="2.0">
+ <saml2:Issuer>Test STS</saml2:Issuer>
+ <saml2:Subject>
+ <saml2:NameID
NameQualifier="urn:picketlink:identity-federation">jduke</saml2:NameID>
+ <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"
/>
+ </saml2:Subject>
+ <saml2:Conditions NotBefore="2010-09-30T19:13:37.911Z"
+ NotOnOrAfter="2010-09-30T21:13:37.911Z">
+ <saml2:AudienceRestriction>
+ <
saml2:Audience>http://services.testcorp.org/provider2
+ </saml2:Audience>
+ </saml2:AudienceRestriction>
+ </saml2:Conditions>
+ <ds:Signature
xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod
+
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
+ <ds:SignatureMethod
Algorithm="http://www.w3.org/2000/09/xmlds#rsa-sha1"
/>
+ <ds:Reference URI="#ID_cf9efbf0-9d7f-4b4a-b77f-d83ecaafd374">
+ <ds:Transforms>
+ <ds:Transform
Algorithm="http://www.w3.org/2000/09/xmlds#enveloped-signature" />
+ <ds:Transform
Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#"
/>
+ </ds:Transforms>
+ <ds:DigestMethod
Algorithm="http://www.w3.org/2000/09/xmlds#sha1" />
+ <ds:DigestValue>TMZdBOA0MvR7aNpCAg2CXggkdZc=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>
+ Q8mEzGWlnWmSmb+KUkP0wju4LOINaUYXBBXNF5vRhYVBixSUe8HSHKzNIdQ+ZGtijaV1vh0LUFbT
+ //faZKyHRgPXtskDn8cJTVT6obp7rUIOCKMoCs5p9/bUAbtaQHYjfWpifdT3PaTdlehpS8INK2P0
+ JUQYU3q8F3u7je9VHbA=
+ </ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:KeyValue>
+ <ds:RSAKeyValue>
+ <ds:Modulus>
+ suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1
+ dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJwspqVnMuRK19ju2dxpKw
+ lYGGtrP5VQv00dfNPbs=
+ </ds:Modulus>
+ <ds:Exponent>AQAB</ds:Exponent>
+ </ds:RSAKeyValue>
+ </ds:KeyValue>
+ </ds:KeyInfo>
+ </ds:Signature>
+</saml2:Assertion>
\ No newline at end of file