[jboss-cvs] Picketlink SVN: r1135 - in product/trunk/picketlink-core/src: test/java/org/picketlink/test/identity/federation/api/saml/v2 and 1 other directory.

jboss-cvs-commits at lists.jboss.org jboss-cvs-commits at lists.jboss.org
Wed Jul 27 15:07:27 EDT 2011 

Author: anil.saldhana at jboss.com
Date: 2011-07-27 15:07:26 -0400 (Wed, 27 Jul 2011)
New Revision: 1135

Modified:
   product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
   product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java
Log:
merge in r1132

Modified: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
--- product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java	2011-07-27 03:57:27 UTC (rev 1134)
+++ product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java	2011-07-27 19:07:26 UTC (rev 1135)
@@ -142,7 +142,70 @@
    }
 
    /**
+    * Construct a {@link ResponseType} without calling PicketLink STS for the assertion.  
+    * The {@link AssertionType} is generated within this method
+    * @param ID id of the {@link ResponseType}
+    * @param sp
+    * @param idp
+    * @param issuerInfo
+    * @return
+    * @throws ConfigurationException
+    * @throws ProcessingException
+    */
+   public ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp, IssuerInfoHolder issuerInfo,
+         AssertionType assertion) throws ConfigurationException, ProcessingException
+   {
+      String responseDestinationURI = sp.getResponseDestinationURI();
+
+      XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
+
+      //Create assertion -> subject
+      SubjectType subjectType = new SubjectType();
+
+      //subject -> nameid
+      NameIDType nameIDType = new NameIDType();
+      nameIDType.setFormat(URI.create(idp.getNameIDFormat()));
+      nameIDType.setValue(idp.getNameIDFormatValue());
+
+      SubjectType.STSubType subType = new SubjectType.STSubType();
+      subType.addBaseID(nameIDType);
+      subjectType.setSubType(subType);
+
+      SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
+      subjectConfirmation.setMethod(idp.getSubjectConfirmationMethod());
+
+      SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType();
+      subjectConfirmationData.setInResponseTo(sp.getRequestID());
+      subjectConfirmationData.setRecipient(responseDestinationURI);
+      subjectConfirmationData.setNotBefore(issueInstant);
+      subjectConfirmationData.setNotOnOrAfter(issueInstant);
+
+      subjectConfirmation.setSubjectConfirmationData(subjectConfirmationData);
+
+      subjectType.addConfirmation(subjectConfirmation);
+
+      //Update the subjectConfirmationData expiry based on the assertion
+      if (assertion.getConditions() != null)
+      {
+         subjectConfirmationData.setNotOnOrAfter(assertion.getConditions().getNotOnOrAfter());
+      }
+
+      ResponseType responseType = createResponseType(ID, issuerInfo, assertion);
+      //InResponseTo ID
+      responseType.setInResponseTo(sp.getRequestID());
+      //Destination
+      responseType.setDestination(responseDestinationURI);
+
+      return responseType;
+   }
+
+   /**
     * Create a ResponseType
+    * 
+    * <b>NOTE:</b>: The PicketLink STS is used to issue/update the assertion
+    * 
+    * If you want to control over the assertion being issued, then 
+    * use {@link #createResponseType(String, SPInfoHolder, IDPInfoHolder, IssuerInfoHolder, AssertionType)}
     * @param ID id of the response
     * @param sp holder with the information about the Service Provider
     * @param idp holder with the information on the Identity Provider
@@ -158,9 +221,6 @@
 
       XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
 
-      //Create an assertion
-      //String id = IDGenerator.create( "ID_" ); 
-
       //Create assertion -> subject
       SubjectType subjectType = new SubjectType();
 
@@ -204,7 +264,10 @@
       assertionType = samlProtocolContext.getIssuedAssertion();
 
       //Update the subjectConfirmationData expiry based on the assertion
-      subjectConfirmationData.setNotOnOrAfter(assertionType.getConditions().getNotOnOrAfter());
+      if (assertionType.getConditions() != null)
+      {
+         subjectConfirmationData.setNotOnOrAfter(assertionType.getConditions().getNotOnOrAfter());
+      }
 
       ResponseType responseType = createResponseType(ID, issuerInfo, assertionType);
       //InResponseTo ID


Property changes on: product/trunk/picketlink-core/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
___________________________________________________________________
Added: svn:mergeinfo
   + /federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java:1098-1132

Modified: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java
===================================================================
--- product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java	2011-07-27 03:57:27 UTC (rev 1134)
+++ product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java	2011-07-27 19:07:26 UTC (rev 1135)
@@ -24,17 +24,51 @@
 import static org.junit.Assert.assertNotNull;
 
 import java.io.InputStream;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.KeyStore;
+import java.security.PrivateKey;
+import java.security.cert.Certificate;
+import java.util.HashMap;
+import java.util.Map;
 
 import org.junit.Test;
 import org.picketlink.identity.federation.api.saml.v2.response.SAML2Response;
+import org.picketlink.identity.federation.api.saml.v2.sig.SAML2Signature;
+import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
+import org.picketlink.identity.federation.core.saml.v2.holders.IDPInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
 import org.picketlink.identity.federation.saml.v2.SAML2Object;
+import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.test.identity.federation.api.util.KeyUtilUnitTestCase;
+import org.w3c.dom.Document;
 
 /**
+ * Unit test the {@link SAML2Response} API
  * @author Anil.Saldhana at redhat.com
  * @since Jul 21, 2011
  */
 public class SAML2ResponseUnitTestCase
 {
+   private final String keystoreLocation = "keystore/jbid_test_keystore.jks";
+
+   private final String keystorePass = "store123";
+
+   private final String keyPass = "test123";
+
+   private final String alias = "servercert";
+
+   /**
+    * Parse a {@link ResponseType} that contains ADFS Claims
+    * and then try to sign
+    * @throws Exception
+    */
    @Test
    public void parseADFSClaims() throws Exception
    {
@@ -43,6 +77,75 @@
       SAML2Response samlResponse = new SAML2Response();
       SAML2Object samlObject = samlResponse.getSAML2ObjectFromStream(configStream);
       assertNotNull(samlObject);
+
+      SAML2Signature sig = new SAML2Signature();
+      Document signedDoc = sig.sign((ResponseType) samlObject, getKeyPair());
+      assertNotNull(signedDoc);
+
+      System.out.println("Signed Response=" + DocumentUtil.asString(signedDoc));
    }
 
+   /**
+    * This test constructs the {@link ResponseType}. An {@link AssertionType}
+    * is locally constructed and then passed to the construct method
+    * @throws Exception
+    */
+   @Test
+   public void constructAndSign() throws Exception
+   {
+      SAML2Response samlResponse = new SAML2Response();
+      String ID = IDGenerator.create("ID_");
+
+      IssuerInfoHolder issuerInfo = new IssuerInfoHolder("picketlink");
+
+      IDPInfoHolder idp = new IDPInfoHolder();
+      idp.setNameIDFormatValue("anil");
+
+      //create the service provider(in this case BAS) holder object
+      SPInfoHolder sp = new SPInfoHolder();
+      sp.setResponseDestinationURI("http://sombody");
+
+      Map<String, Object> attributes = new HashMap<String, Object>();
+
+      attributes.put("TOKEN_USER_ID", String.valueOf(2));
+      attributes.put("TOKEN_ORGANIZATION_DISPLAY_NAME", "Test Org");
+      attributes.put("TOKEN_USER_DISPLAY_NAME", "Test User");
+
+      AttributeStatementType attributeStatement = StatementUtil.createAttributeStatement(attributes);
+
+      String assertionId = IDGenerator.create("ID_");
+
+      AssertionType assertion = AssertionUtil.createAssertion(assertionId, issuerInfo.getIssuer());
+      assertion.addStatement(attributeStatement);
+
+      ResponseType responseType = samlResponse.createResponseType(ID, sp, idp, issuerInfo, assertion);
+      SAML2Signature sig = new SAML2Signature();
+      Document signedDoc = sig.sign(responseType, getKeyPair());
+      assertNotNull(signedDoc);
+
+      System.out.println("Signed Response=" + DocumentUtil.asString(signedDoc));
+   }
+
+   /**
+    * @see {@link KeyUtilUnitTestCase}
+    * @return
+    * @throws Exception
+    */
+   private KeyPair getKeyPair() throws Exception
+   {
+      ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+      InputStream ksStream = tcl.getResourceAsStream(keystoreLocation);
+      assertNotNull("Input keystore stream is not null", ksStream);
+
+      KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+      ks.load(ksStream, keystorePass.toCharArray());
+      assertNotNull("KeyStore is not null", ks);
+
+      Certificate cert = ks.getCertificate(alias);
+      assertNotNull("Cert not null", cert);
+
+      // Get private key 
+      Key key = ks.getKey(alias, keyPass.toCharArray());
+      return new KeyPair(cert.getPublicKey(), (PrivateKey) key);
+   }
 }
\ No newline at end of file


Property changes on: product/trunk/picketlink-core/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java
___________________________________________________________________
Added: svn:mergeinfo
   + /federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SAML2ResponseUnitTestCase.java:1109-1132

More information about the jboss-cvs-commits mailing list