ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1629601 - in /webservices/wss4j/trunk: ws-security-common/src/main/java/org/apache/wss4j/common/saml/ ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/ ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder...
Date Mon, 06 Oct 2014 09:34:30 GMT
Author: coheigea
Date: Mon Oct  6 09:34:30 2014
New Revision: 1629601

URL: http://svn.apache.org/r1629601
Log:
[WSS-515] - Add support for creating SAML Assertions with "Advice" Elements

Added:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/AdviceBean.java
Modified:
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLCallback.java
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML1ComponentBuilder.java
    webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML1CallbackHandler.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLCallback.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLCallback.java?rev=1629601&r1=1629600&r2=1629601&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLCallback.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLCallback.java
Mon Oct  6 09:34:30 2014
@@ -20,6 +20,7 @@
 package org.apache.wss4j.common.saml;
 
 import org.apache.wss4j.common.crypto.Crypto;
+import org.apache.wss4j.common.saml.bean.AdviceBean;
 import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
 import org.apache.wss4j.common.saml.bean.AuthDecisionStatementBean;
 import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean;
@@ -29,6 +30,7 @@ import org.opensaml.common.SAMLVersion;
 import org.w3c.dom.Element;
 
 import javax.security.auth.callback.Callback;
+
 import java.util.ArrayList;
 import java.util.List;
 
@@ -60,6 +62,11 @@ public class SAMLCallback implements Cal
      * SAML Conditions representation
      */
     private ConditionsBean conditions;
+    
+    /**
+     * SAML Advice representation
+     */
+    private AdviceBean advice;
 
     /**
      * A list of <code>AuthenticationStatementBean</code> values
@@ -352,4 +359,12 @@ public class SAMLCallback implements Cal
     public void setSignatureDigestAlgorithm(String signatureDigestAlgorithm) {
         this.signatureDigestAlgorithm = signatureDigestAlgorithm;
     }
+
+    public AdviceBean getAdvice() {
+        return advice;
+    }
+
+    public void setAdvice(AdviceBean advice) {
+        this.advice = advice;
+    }
 }

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java?rev=1629601&r1=1629600&r2=1629601&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
Mon Oct  6 09:34:30 2014
@@ -910,6 +910,12 @@ public class SamlAssertionWrapper {
                 org.opensaml.saml1.core.Conditions conditions = 
                     SAML1ComponentBuilder.createSamlv1Conditions(samlCallback.getConditions());
                 saml1.setConditions(conditions);
+                
+                if (samlCallback.getAdvice() != null) {
+                    org.opensaml.saml1.core.Advice advice = 
+                        SAML1ComponentBuilder.createAdvice(samlCallback.getAdvice());
+                    saml1.setAdvice(advice);
+                }
             } catch (org.opensaml.xml.security.SecurityException ex) {
                 throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "empty",
ex,
                         "Error generating KeyInfo from signing credential"
@@ -961,6 +967,12 @@ public class SamlAssertionWrapper {
             org.opensaml.saml2.core.Conditions conditions = 
                 SAML2ComponentBuilder.createConditions(samlCallback.getConditions());
             saml2.setConditions(conditions);
+            
+            if (samlCallback.getAdvice() != null) {
+                org.opensaml.saml2.core.Advice advice = 
+                    SAML2ComponentBuilder.createAdvice(samlCallback.getAdvice());
+                saml2.setAdvice(advice);
+            }
 
             // Set the OpenSaml2 XMLObject instance
             xmlObject = saml2;

Added: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/AdviceBean.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/AdviceBean.java?rev=1629601&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/AdviceBean.java
(added)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/bean/AdviceBean.java
Mon Oct  6 09:34:30 2014
@@ -0,0 +1,92 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.common.saml.bean;
+
+import java.util.ArrayList;
+import java.util.List;
+
+import org.w3c.dom.Element;
+
+
+/**
+ * Represents a SAML Advice Element.
+ */
+public class AdviceBean {
+    
+    private List<String> idReferences = new ArrayList<String>();
+    private List<String> uriReferences = new ArrayList<String>();
+    private List<Element> assertions = new ArrayList<Element>();
+    
+    public List<String> getIdReferences() {
+        return idReferences;
+    }
+    
+    public List<String> getUriReferences() {
+        return uriReferences;
+    }
+    
+    public List<Element> getAssertions() {
+        return assertions;
+    }
+    
+    @Override
+    public boolean equals(Object o) {
+        if (this == o) return true;
+        if (!(o instanceof AdviceBean)) return false;
+
+        AdviceBean that = (AdviceBean) o;
+
+        if (idReferences == null && that.idReferences != null) {
+            return false;
+        } else if (idReferences != null && !idReferences.equals(that.idReferences))
{
+            return false;
+        }
+        
+        if (uriReferences == null && that.uriReferences != null) {
+            return false;
+        } else if (uriReferences != null && !uriReferences.equals(that.uriReferences))
{
+            return false;
+        }
+        
+        if (assertions == null && that.assertions != null) {
+            return false;
+        } else if (assertions != null && !assertions.equals(that.assertions)) {
+            return false;
+        }
+        
+        return true;
+    }
+
+    @Override
+    public int hashCode() {
+        int result = 0;
+        if (idReferences != null) {
+            result = 31 * result + idReferences.hashCode();
+        }
+        if (uriReferences != null) {
+            result = 31 * result + uriReferences.hashCode();
+        }
+        if (assertions != null) {
+            result = 31 * result + assertions.hashCode();
+        }
+        return result;
+    }
+
+}

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML1ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML1ComponentBuilder.java?rev=1629601&r1=1629600&r2=1629601&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML1ComponentBuilder.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML1ComponentBuilder.java
Mon Oct  6 09:34:30 2014
@@ -22,6 +22,7 @@ package org.apache.wss4j.common.saml.bui
 import org.apache.wss4j.common.ext.WSSecurityException;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.saml.bean.ActionBean;
+import org.apache.wss4j.common.saml.bean.AdviceBean;
 import org.apache.wss4j.common.saml.bean.AttributeBean;
 import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
 import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
@@ -37,7 +38,9 @@ import org.opensaml.Configuration;
 import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.common.SAMLVersion;
 import org.opensaml.saml1.core.Action;
+import org.opensaml.saml1.core.Advice;
 import org.opensaml.saml1.core.Assertion;
+import org.opensaml.saml1.core.AssertionIDReference;
 import org.opensaml.saml1.core.Attribute;
 import org.opensaml.saml1.core.AttributeStatement;
 import org.opensaml.saml1.core.AttributeValue;
@@ -60,6 +63,7 @@ import org.opensaml.xml.schema.impl.XSSt
 import org.opensaml.xml.security.x509.BasicX509Credential;
 import org.opensaml.xml.security.x509.X509KeyInfoGeneratorFactory;
 import org.opensaml.xml.signature.KeyInfo;
+import org.w3c.dom.Element;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -74,6 +78,10 @@ public final class SAML1ComponentBuilder
     
     private static volatile SAMLObjectBuilder<Conditions> conditionsV1Builder;
     
+    private static volatile SAMLObjectBuilder<Advice> adviceV1Builder;
+    
+    private static volatile SAMLObjectBuilder<AssertionIDReference> assertionIDReferenceBuilder;
+    
     private static volatile SAMLObjectBuilder<AudienceRestrictionCondition> audienceRestrictionV1Builder;
     
     private static volatile SAMLObjectBuilder<Audience> audienceV1Builder;
@@ -290,6 +298,49 @@ public final class SAML1ComponentBuilder
         
         return conditions;
     }
+
+    /**
+     * Create a Advice object
+     *
+     * @param adviceBean A AdviceBean object
+     * @return a Advice object
+     * @throws WSSecurityException 
+     */
+    @SuppressWarnings("unchecked")
+    public static Advice createAdvice(AdviceBean adviceBean) throws WSSecurityException {
+        if (adviceV1Builder == null) {
+            adviceV1Builder = (SAMLObjectBuilder<Advice>) 
+                builderFactory.getBuilder(Advice.DEFAULT_ELEMENT_NAME);
+        }
+        
+        Advice advice = adviceV1Builder.buildObject();
+        
+        if (!adviceBean.getIdReferences().isEmpty()) {
+            if (assertionIDReferenceBuilder == null) {
+                assertionIDReferenceBuilder = (SAMLObjectBuilder<AssertionIDReference>)

+                    builderFactory.getBuilder(AssertionIDReference.DEFAULT_ELEMENT_NAME);
+            }
+            
+            for (String ref : adviceBean.getIdReferences()) {
+                AssertionIDReference assertionIdReference = 
+                    assertionIDReferenceBuilder.buildObject();
+                assertionIdReference.setReference(ref);
+                advice.getAssertionIDReferences().add(assertionIdReference);
+            }
+        }
+        
+        if (!adviceBean.getAssertions().isEmpty()) {
+            for (Element assertionElement : adviceBean.getAssertions()) {
+                XMLObject xmlObject = OpenSAMLUtil.fromDom(assertionElement);
+                if (xmlObject instanceof Assertion) {
+                    Assertion assertion = (Assertion)xmlObject;
+                    advice.getAssertions().add(assertion);
+                }
+            }
+        }
+        
+        return advice;
+    }
     
     /**
      * Create an AudienceRestrictionCondition object

Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java?rev=1629601&r1=1629600&r2=1629601&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
(original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
Mon Oct  6 09:34:30 2014
@@ -19,8 +19,13 @@
 
 package org.apache.wss4j.common.saml.builder;
 
+import java.util.ArrayList;
+import java.util.List;
+
 import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.OpenSAMLUtil;
 import org.apache.wss4j.common.saml.bean.ActionBean;
+import org.apache.wss4j.common.saml.bean.AdviceBean;
 import org.apache.wss4j.common.saml.bean.AttributeBean;
 import org.apache.wss4j.common.saml.bean.AttributeStatementBean;
 import org.apache.wss4j.common.saml.bean.AudienceRestrictionBean;
@@ -38,7 +43,10 @@ import org.opensaml.Configuration;
 import org.opensaml.common.SAMLObjectBuilder;
 import org.opensaml.common.SAMLVersion;
 import org.opensaml.saml2.core.Action;
+import org.opensaml.saml2.core.Advice;
 import org.opensaml.saml2.core.Assertion;
+import org.opensaml.saml2.core.AssertionIDRef;
+import org.opensaml.saml2.core.AssertionURIRef;
 import org.opensaml.saml2.core.Attribute;
 import org.opensaml.saml2.core.AttributeStatement;
 import org.opensaml.saml2.core.AttributeValue;
@@ -65,9 +73,7 @@ import org.opensaml.xml.XMLObjectBuilder
 import org.opensaml.xml.schema.XSString;
 import org.opensaml.xml.schema.impl.XSStringBuilder;
 import org.opensaml.xml.signature.KeyInfo;
-
-import java.util.ArrayList;
-import java.util.List;
+import org.w3c.dom.Element;
 
 /**
  * Class SAML2ComponentBuilder provides builder methods that can be used
@@ -90,6 +96,12 @@ public final class SAML2ComponentBuilder
     
     private static volatile SAMLObjectBuilder<Conditions> conditionsBuilder;
     
+    private static volatile SAMLObjectBuilder<Advice> adviceBuilder;
+    
+    private static volatile SAMLObjectBuilder<AssertionIDRef> assertionIDRefBuilder;
+    
+    private static volatile SAMLObjectBuilder<AssertionURIRef> assertionURIRefBuilder;
+    
     private static volatile SAMLObjectBuilder<SubjectConfirmationData> subjectConfirmationDataBuilder;
     
     private static volatile SAMLObjectBuilder<KeyInfoConfirmationDataType> keyInfoConfirmationDataBuilder;
@@ -233,6 +245,61 @@ public final class SAML2ComponentBuilder
         }
         return conditions;
     }
+    
+    /**
+     * Create a Advice object
+     *
+     * @param adviceBean A AdviceBean object
+     * @return a Advice object
+     * @throws WSSecurityException 
+     */
+    @SuppressWarnings("unchecked")
+    public static Advice createAdvice(AdviceBean adviceBean) throws WSSecurityException {
+        if (adviceBuilder == null) {
+            adviceBuilder = (SAMLObjectBuilder<Advice>) 
+                builderFactory.getBuilder(Advice.DEFAULT_ELEMENT_NAME);
+        }
+        
+        Advice advice = adviceBuilder.buildObject();
+        
+        if (!adviceBean.getIdReferences().isEmpty()) {
+            if (assertionIDRefBuilder == null) {
+                assertionIDRefBuilder = (SAMLObjectBuilder<AssertionIDRef>) 
+                    builderFactory.getBuilder(AssertionIDRef.DEFAULT_ELEMENT_NAME);
+            }
+            
+            for (String ref : adviceBean.getIdReferences()) {
+                AssertionIDRef assertionIdRef = assertionIDRefBuilder.buildObject();
+                assertionIdRef.setAssertionID(ref);
+                advice.getAssertionIDReferences().add(assertionIdRef);
+            }
+        }
+        
+        if (!adviceBean.getUriReferences().isEmpty()) {
+            if (assertionURIRefBuilder == null) {
+                assertionURIRefBuilder = (SAMLObjectBuilder<AssertionURIRef>) 
+                    builderFactory.getBuilder(AssertionURIRef.DEFAULT_ELEMENT_NAME);
+            }
+            
+            for (String ref : adviceBean.getUriReferences()) {
+                AssertionURIRef assertionURIRef = assertionURIRefBuilder.buildObject();
+                assertionURIRef.setAssertionURI(ref);
+                advice.getAssertionURIReferences().add(assertionURIRef);
+            }
+        }
+        
+        if (!adviceBean.getAssertions().isEmpty()) {
+            for (Element assertionElement : adviceBean.getAssertions()) {
+                XMLObject xmlObject = OpenSAMLUtil.fromDom(assertionElement);
+                if (xmlObject instanceof Assertion) {
+                    Assertion assertion = (Assertion)xmlObject;
+                    advice.getAssertions().add(assertion);
+                }
+            }
+        }
+        
+        return advice;
+    }
 
     /**
      * Create an AudienceRestriction object

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java?rev=1629601&r1=1629600&r2=1629601&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
Mon Oct  6 09:34:30 2014
@@ -76,6 +76,7 @@ public abstract class AbstractSAMLCallba
     private Crypto issuerCrypto;
     private String issuerName;
     private String issuerPassword;
+    private Element assertionAdviceElement;
     
     public void setSubjectConfirmationData(SubjectConfirmationDataBean subjectConfirmationData)
{
         this.subjectConfirmationData = subjectConfirmationData;
@@ -241,4 +242,12 @@ public abstract class AbstractSAMLCallba
     public void setIssuerPassword(String issuerPassword) {
         this.issuerPassword = issuerPassword;
     }
+
+    public Element getAssertionAdviceElement() {
+        return assertionAdviceElement;
+    }
+
+    public void setAssertionAdviceElement(Element assertionAdviceElement) {
+        this.assertionAdviceElement = assertionAdviceElement;
+    }
 }

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML1CallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML1CallbackHandler.java?rev=1629601&r1=1629600&r2=1629601&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML1CallbackHandler.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML1CallbackHandler.java
Mon Oct  6 09:34:30 2014
@@ -23,6 +23,7 @@ import org.apache.wss4j.common.crypto.Cr
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.crypto.CryptoType;
 import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.bean.AdviceBean;
 import org.apache.wss4j.common.saml.bean.KeyInfoBean;
 import org.apache.wss4j.common.saml.bean.SubjectBean;
 import org.apache.wss4j.common.saml.builder.SAML1Constants;
@@ -67,6 +68,12 @@ public class SAML1CallbackHandler extend
                 callback.setIssuerKeyName(getIssuerName());
                 callback.setIssuerKeyPassword(getIssuerPassword());
                 
+                if (getAssertionAdviceElement() != null) {
+                    AdviceBean advice = new AdviceBean();
+                    advice.getAssertions().add(getAssertionAdviceElement());
+                    callback.setAdvice(advice);
+                }
+                
                 SubjectBean subjectBean = 
                     new SubjectBean(
                         subjectName, subjectQualifier, confirmationMethod

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java?rev=1629601&r1=1629600&r2=1629601&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java
Mon Oct  6 09:34:30 2014
@@ -23,6 +23,7 @@ import org.apache.wss4j.common.crypto.Cr
 import org.apache.wss4j.common.crypto.CryptoFactory;
 import org.apache.wss4j.common.crypto.CryptoType;
 import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.bean.AdviceBean;
 import org.apache.wss4j.common.saml.bean.KeyInfoBean;
 import org.apache.wss4j.common.saml.bean.SubjectBean;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
@@ -65,6 +66,12 @@ public class SAML2CallbackHandler extend
                 callback.setIssuerKeyName(getIssuerName());
                 callback.setIssuerKeyPassword(getIssuerPassword());
                 
+                if (getAssertionAdviceElement() != null) {
+                    AdviceBean advice = new AdviceBean();
+                    advice.getAssertions().add(getAssertionAdviceElement());
+                    callback.setAdvice(advice);
+                }
+                
                 SubjectBean subjectBean = 
                     new SubjectBean(
                         subjectName, subjectQualifier, confirmationMethod

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java?rev=1629601&r1=1629600&r2=1629601&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
Mon Oct  6 09:34:30 2014
@@ -1088,6 +1088,53 @@ public class SamlTokenTest extends org.j
         newEngine.processSecurityHeader(unsignedDoc, null, null, null);
     }
     
+    @org.junit.Test
+    public void testSAML2Advice() throws Exception {
+        // Create a "Advice" Element first
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+        
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        Element adviceElement = samlAssertion.toDOM(doc);
+        
+        // Now create a SAML Assertion that uses the advice Element
+        callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        callbackHandler.setAssertionAdviceElement(adviceElement);
+        
+        samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        samlAssertion = new SamlAssertionWrapper(samlCallback);
+
+        WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+        
+        Document unsignedDoc = wsSign.build(doc, samlAssertion, secHeader);
+
+        String outputString = 
+            XMLUtils.PrettyDocumentToString(unsignedDoc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug(outputString);
+        }
+        assertTrue(outputString.contains("Advice"));
+        
+        List<WSSecurityEngineResult> results = verify(unsignedDoc);
+        WSSecurityEngineResult actionResult =
+            WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED);
+        SamlAssertionWrapper receivedSamlAssertion =
+            (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedSamlAssertion != null);
+        assertFalse(receivedSamlAssertion.isSigned());
+    }
+    
     private void encryptElement(
         Document document,
         Element elementToEncrypt,

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java?rev=1629601&r1=1629600&r2=1629601&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java
Mon Oct  6 09:34:30 2014
@@ -44,6 +44,7 @@ import org.apache.wss4j.common.util.XMLU
 import org.apache.wss4j.dom.message.WSSecHeader;
 import org.apache.wss4j.dom.util.WSSecurityUtil;
 import org.w3c.dom.Document;
+import org.w3c.dom.Element;
 
 import javax.security.auth.callback.CallbackHandler;
 
@@ -597,6 +598,85 @@ public class SignedSamlTokenHOKTest exte
         assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", xpath);
     }
     
+    @org.junit.Test
+    @org.junit.Ignore
+    public void testSAML2Advice() throws Exception {
+        // Create a signed "Advice" Element first
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
+        callbackHandler.setIssuer("www.example.com");
+        
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+        
+        samlAssertion.signAssertion("wss40_server", "security", issuerCrypto, false);
+        
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        Element adviceElement = samlAssertion.toDOM(doc);
+
+        // Now create a SAML Assertion that uses the signed advice Element
+        callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        callbackHandler.setIssuer("www.example.com");
+        callbackHandler.setAssertionAdviceElement(adviceElement);
+        
+        samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        samlAssertion = new SamlAssertionWrapper(samlCallback);
+        
+        samlAssertion.signAssertion("wss40_server", "security", issuerCrypto, false);
+        
+        byte[] ephemeralKey = callbackHandler.getEphemeralKey();
+
+        WSSecSignatureSAML wsSign = new WSSecSignatureSAML();
+        wsSign.setUserInfo("wss40", "security");
+        wsSign.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
+        wsSign.setSignatureAlgorithm(WSConstants.HMAC_SHA256);
+        wsSign.setKeyIdentifierType(WSConstants.X509_KEY_IDENTIFIER);
+        wsSign.setSecretKey(ephemeralKey);
+
+        WSSecHeader secHeader = new WSSecHeader();
+        secHeader.insertSecurityHeader(doc);
+
+        Document signedDoc = 
+            wsSign.build(doc, userCrypto, samlAssertion, null, null, null, secHeader);
+
+        String outputString = 
+            XMLUtils.PrettyDocumentToString(signedDoc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Signed SAML 2 Attr Assertion (key holder):");
+            LOG.debug(outputString);
+        }
+        System.out.println(outputString);
+        
+        /* https://issues.apache.org/jira/browse/WSS-265 */
+        List<WSSecurityEngineResult> results = verify(signedDoc, trustCrypto);
+        
+        // Test we processed a SAML assertion
+        WSSecurityEngineResult actionResult =
+            WSSecurityUtil.fetchActionResult(results, WSConstants.ST_SIGNED);
+        SamlAssertionWrapper receivedAssertion =
+            (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedAssertion != null);
+        assertTrue(receivedAssertion.isSigned());
+        
+        // Test we processed a signature (SOAP body)
+        actionResult = WSSecurityUtil.fetchActionResult(results, WSConstants.SIGN);
+        assertTrue(actionResult != null);
+        assertFalse(actionResult.isEmpty());
+        @SuppressWarnings("unchecked")
+        final List<WSDataRef> refs =
+            (List<WSDataRef>) actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+        assertTrue(refs.size() == 1);
+        
+        WSDataRef wsDataRef = refs.get(0);
+        String xpath = wsDataRef.getXpath();
+        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", xpath);
+    }
+    
     /**
      * Verifies the soap envelope
      * 



Mime
View raw message