ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1159288 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java test/java/org/apache/ws/security/saml/ext/ test/java/org/apache/ws/security/saml/ext/AssertionSigningTest.java
Date Thu, 18 Aug 2011 15:54:41 GMT
Author: coheigea
Date: Thu Aug 18 15:54:41 2011
New Revision: 1159288

URL: http://svn.apache.org/viewvc?rev=1159288&view=rev
Log:
[WSS-309] - Improve the configurability of the SAML signature creation in AssertionWrapper
 - Patch applied, thanks!

Added:
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/ext/
    webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/ext/AssertionSigningTest.java
Modified:
    webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java

Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java?rev=1159288&r1=1159287&r2=1159288&view=diff
==============================================================================
--- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java
(original)
+++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/AssertionWrapper.java
Thu Aug 18 15:54:41 2011
@@ -126,6 +126,21 @@ public class AssertionWrapper {
     private SAMLKeyInfo signatureKeyInfo;
 
     /**
+     * Default Canonicalization algorithm used for signing.
+     */
+    private final String defaultCanonicalizationAlgorithm = SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
+
+    /**
+     * Default RSA Signature algorithm used for signing.
+     */
+    private final String defaultRSASignatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
+
+    /**
+     * Default DSA Signature algorithm used for signing.
+     */
+    private final String defaultDSASignatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
+    
+    /**
      * Constructor AssertionWrapper creates a new AssertionWrapper instance.
      *
      * @param element of type Element
@@ -510,39 +525,55 @@ public class AssertionWrapper {
      * @param sendKeyValue whether to send the key value or not
      * @throws WSSecurityException
      */
-    public void signAssertion(
-        String issuerKeyName,
-        String issuerKeyPassword,
-        Crypto issuerCrypto,
-        boolean sendKeyValue
-    ) throws WSSecurityException {
+    public void signAssertion(String issuerKeyName, String issuerKeyPassword,
+            Crypto issuerCrypto, boolean sendKeyValue)
+            throws WSSecurityException {
+
+        signAssertion(issuerKeyName, issuerKeyPassword, issuerCrypto,
+                sendKeyValue, defaultCanonicalizationAlgorithm,
+                defaultRSASignatureAlgorithm);
+    }
+    
+    /**
+     * Create an enveloped signature on the assertion that has been created.
+     * 
+     * @param issuerKeyName the Issuer KeyName to use with the issuerCrypto argument
+     * @param issuerKeyPassword the Issuer Password to use with the issuerCrypto argument
+     * @param issuerCrypto the Issuer Crypto instance
+     * @param sendKeyValue whether to send the key value or not
+     * @param canonicalizationAlgorithm the canonicalization algorithm to be used for signing
+     * @param signatureAlgorithm the signature algorithm to be used for signing
+     * @throws WSSecurityException
+     */
+    public void signAssertion(String issuerKeyName, String issuerKeyPassword,
+            Crypto issuerCrypto, boolean sendKeyValue,
+            String canonicalizationAlgorithm, String signatureAlgorithm)
+            throws WSSecurityException {
         //
         // Create the signature
         //
         Signature signature = OpenSAMLUtil.buildSignature();
-        signature.setCanonicalizationAlgorithm(
-            SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS
-        );
-        
+        signature.setCanonicalizationAlgorithm(canonicalizationAlgorithm);
+        log.debug("Using Canonicalization algorithm " + canonicalizationAlgorithm);
         // prepare to sign the SAML token
         CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
         cryptoType.setAlias(issuerKeyName);
         X509Certificate[] issuerCerts = issuerCrypto.getX509Certificates(cryptoType);
         if (issuerCerts == null) {
             throw new WSSecurityException(
-                "No issuer certs were found to sign the SAML Assertion using issuer name:
"
-                + issuerKeyName
-            );
+                    "No issuer certs were found to sign the SAML Assertion using issuer name:
"
+                            + issuerKeyName);
         }
 
-        String sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
+        String sigAlgo = signatureAlgorithm;
         String pubKeyAlgo = issuerCerts[0].getPublicKey().getAlgorithm();
         if (log.isDebugEnabled()) {
             log.debug("automatic sig algo detection: " + pubKeyAlgo);
         }
         if (pubKeyAlgo.equalsIgnoreCase("DSA")) {
-            sigAlgo = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
+            sigAlgo = defaultDSASignatureAlgorithm;
         }
+        log.debug("Using Signature algorithm " + sigAlgo);
         PrivateKey privateKey = null;
         try {
             privateKey = issuerCrypto.getPrivateKey(issuerKeyName, issuerKeyPassword);
@@ -565,12 +596,12 @@ public class AssertionWrapper {
             kiFactory.setEmitEntityCertificate(true);
         }
         try {
-            KeyInfo keyInfo = kiFactory.newInstance().generate(signingCredential);
+            KeyInfo keyInfo = kiFactory.newInstance().generate(
+                    signingCredential);
             signature.setKeyInfo(keyInfo);
         } catch (org.opensaml.xml.security.SecurityException ex) {
             throw new WSSecurityException(
-                "Error generating KeyInfo from signing credential", ex
-            );
+                    "Error generating KeyInfo from signing credential", ex);
         }
 
         // add the signature to the assertion

Added: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/ext/AssertionSigningTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/ext/AssertionSigningTest.java?rev=1159288&view=auto
==============================================================================
--- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/ext/AssertionSigningTest.java
(added)
+++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/ext/AssertionSigningTest.java
Thu Aug 18 15:54:41 2011
@@ -0,0 +1,115 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.ws.security.saml.ext;
+
+import java.io.InputStream;
+import java.security.KeyStore;
+
+import org.apache.ws.security.WSSConfig;
+import org.apache.ws.security.common.SAML2CallbackHandler;
+import org.apache.ws.security.components.crypto.Crypto;
+import org.apache.ws.security.components.crypto.Merlin;
+import org.apache.ws.security.saml.ext.builder.SAML2Constants;
+import org.apache.ws.security.util.Loader;
+import org.junit.Assert;
+import org.opensaml.xml.signature.Signature;
+import org.opensaml.xml.signature.SignatureConstants;
+
+/**
+ * A list of test-cases to test the functionality of signing with
+ * AssertionWrapper class implementation.
+ */
+
+public class AssertionSigningTest extends org.junit.Assert {
+
+    private Crypto issuerCrypto = null;
+    // Default Canonicalization algorithm used by AssertionWrapper class.
+    private final String defaultCanonicalizationAlgorithm = SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
+    // Default RSA Signature algorithm used by AssertionWrapper class.
+    private final String defaultRSASignatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
+    // Default DSA Signature algorithm used by AssertionWrapper class.
+    private final String defaultDSASignatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
+    // Custom Signature algorithm
+    private final String customSignatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
+    // Custom Canonicalization algorithm
+    private final String customCanonicalizationAlgorithm = SignatureConstants.ALGO_ID_C14N_OMIT_COMMENTS;
+
+    public AssertionSigningTest() throws Exception {
+        WSSConfig.init();
+        // Load the issuer keystore
+        issuerCrypto = new Merlin();
+        KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+        ClassLoader loader = Loader.getClassLoader(AssertionSigningTest.class);
+        InputStream input = Merlin.loadInputStream(loader,
+                "keys/client_keystore.jks");
+        keyStore.load(input, "password".toCharArray());
+        ((Merlin) issuerCrypto).setKeyStore(keyStore);
+    }
+
+    /**
+     * Test that creates an AssertionWrapper object and signs using default
+     * signature and canonicalization algorithms. The defaults should match
+     * otherwise the test-case fails.
+     */
+    @org.junit.Test
+    public void testSigningWithDefaultAlgorithms() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler
+                .setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);
+        callbackHandler.setIssuer("www.example.com");
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(callbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        assertion.signAssertion("client_certchain", "password", issuerCrypto,
+                false);
+        Signature signature = assertion.getSaml2().getSignature();
+        Assert.assertTrue(signature.getSignatureAlgorithm().equalsIgnoreCase(
+                defaultRSASignatureAlgorithm)
+                || signature.getSignatureAlgorithm().equalsIgnoreCase(
+                        defaultDSASignatureAlgorithm));
+        Assert.assertEquals(defaultCanonicalizationAlgorithm,
+                signature.getCanonicalizationAlgorithm());
+    }
+
+    /**
+     * Test that creates an AssertionWrapper object and signs using custom
+     * signature and canonicalization algorithms.
+     */
+    @org.junit.Test
+    public void testSigningWithCustomAlgorithms() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler
+                .setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);
+        callbackHandler.setIssuer("www.example.com");
+        SAMLParms samlParms = new SAMLParms();
+        samlParms.setCallbackHandler(callbackHandler);
+        AssertionWrapper assertion = new AssertionWrapper(samlParms);
+        assertion.signAssertion("client_certchain", "password", issuerCrypto,
+                false, customCanonicalizationAlgorithm,
+                customSignatureAlgorithm);
+        Signature signature = assertion.getSaml2().getSignature();
+        Assert.assertEquals(customSignatureAlgorithm,
+                signature.getSignatureAlgorithm());
+        Assert.assertEquals(customCanonicalizationAlgorithm,
+                signature.getCanonicalizationAlgorithm());
+    }
+}



Mime
View raw message