ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1652069 - in /webservices/wss4j/trunk: ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/ ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/ ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/
Date Thu, 15 Jan 2015 11:30:44 GMT
Author: coheigea
Date: Thu Jan 15 11:30:44 2015
New Revision: 1652069

URL: http://svn.apache.org/r1652069
Log:
[WSS-522] - Adding StAX tests

Added:
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlAuthnTest.java
Modified:
    webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
    webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
    webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlConditionsTest.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java?rev=1652069&r1=1652068&r2=1652069&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
(original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
Thu Jan 15 11:30:44 2015
@@ -102,7 +102,7 @@ public class SamlAssertionValidator exte
         // Check conditions
         checkConditions(samlAssertion);
         
-        // Check conditions
+        // Check the AuthnStatements of the assertion (if any)
         checkAuthnStatements(samlAssertion);
         
         // Check OneTimeUse Condition

Modified: webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java?rev=1652069&r1=1652068&r2=1652069&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/main/java/org/apache/wss4j/stax/validate/SamlTokenValidatorImpl.java
Thu Jan 15 11:30:44 2015
@@ -108,6 +108,9 @@ public class SamlTokenValidatorImpl exte
         // Check conditions
         checkConditions(samlAssertionWrapper);
         
+        // Check the AuthnStatements of the assertion (if any)
+        checkAuthnStatements(samlAssertionWrapper);
+        
         // Check the Subject Confirmation requirements
         verifySubjectConfirmationMethod(samlAssertionWrapper);
         
@@ -210,6 +213,13 @@ public class SamlTokenValidatorImpl exte
     }
     
     /**
+     * Check the AuthnStatements of the Assertion (if any)
+     */
+    protected void checkAuthnStatements(SamlAssertionWrapper samlAssertion) throws WSSecurityException
{
+        samlAssertion.checkAuthnStatements(futureTTL);
+    }
+    
+    /**
      * Check the "OneTimeUse" Condition of the Assertion. If this is set then the Assertion
      * is cached (if a cache is defined), and must not have been previously cached
      */

Added: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlAuthnTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlAuthnTest.java?rev=1652069&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlAuthnTest.java
(added)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlAuthnTest.java
Thu Jan 15 11:30:44 2015
@@ -0,0 +1,207 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.wss4j.stax.test.saml;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.Properties;
+
+import javax.security.auth.callback.CallbackHandler;
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+
+import org.apache.wss4j.common.saml.builder.SAML1Constants;
+import org.apache.wss4j.common.saml.builder.SAML2Constants;
+import org.apache.wss4j.dom.handler.WSHandlerConstants;
+import org.apache.wss4j.stax.WSSec;
+import org.apache.wss4j.stax.ext.InboundWSSec;
+import org.apache.wss4j.stax.ext.WSSConstants;
+import org.apache.wss4j.stax.ext.WSSSecurityProperties;
+import org.apache.wss4j.stax.test.AbstractTestBase;
+import org.apache.wss4j.stax.test.utils.StAX2DOM;
+import org.joda.time.DateTime;
+import org.junit.Assert;
+import org.junit.Test;
+import org.w3c.dom.Document;
+import org.w3c.dom.NodeList;
+
+/**
+ * Some tests for SAML Authentication Assertions
+ */
+public class SamlAuthnTest extends AbstractTestBase {
+
+    @Test
+    public void testSAML1AuthnAssertion() throws Exception {
+
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
+        callbackHandler.setIssuer("www.example.com");
+
+        createDOMMessageAndVerifyStAX(callbackHandler, true);
+    }
+    
+    @Test
+    public void testSAML2AuthnAssertion() throws Exception {
+
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        callbackHandler.setIssuer("www.example.com");
+
+        createDOMMessageAndVerifyStAX(callbackHandler, true);
+    }
+    
+    @Test
+    public void testSAML1FutureAuthnInstant() throws Exception {
+
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
+        callbackHandler.setIssuer("www.example.com");
+        
+        callbackHandler.setAuthenticationInstant(new DateTime().plusMinutes(70));
+
+        createDOMMessageAndVerifyStAX(callbackHandler, false);
+    }
+    
+    @Test
+    public void testSAML2FutureAuthnInstant() throws Exception {
+
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        callbackHandler.setIssuer("www.example.com");
+        
+        callbackHandler.setAuthenticationInstant(new DateTime().plusMinutes(70));
+
+        createDOMMessageAndVerifyStAX(callbackHandler, false);
+    }
+    
+    @Test
+    public void testSAML2StaleSessionNotOnOrAfter() throws Exception {
+
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        callbackHandler.setIssuer("www.example.com");
+        
+        callbackHandler.setSessionNotOnOrAfter(new DateTime().minusMinutes(70));
+        
+        createDOMMessageAndVerifyStAX(callbackHandler, false);
+    }
+    
+    @Test
+    public void testSAML1ValidSubjectLocality() throws Exception {
+
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
+        callbackHandler.setIssuer("www.example.com");
+        
+        callbackHandler.setSubjectLocality("127.0.0.1", "xyz.ws.apache.org");
+
+        createDOMMessageAndVerifyStAX(callbackHandler, true);
+    }
+    
+    @Test
+    public void testSAML2ValidSubjectLocality() throws Exception {
+
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        callbackHandler.setIssuer("www.example.com");
+        
+        callbackHandler.setSubjectLocality("127.0.0.1", "xyz.ws.apache.org");
+
+        createDOMMessageAndVerifyStAX(callbackHandler, true);
+    }
+    
+    @Test
+    public void testSAML1InvalidSubjectLocality() throws Exception {
+
+        SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+        callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+        callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
+        callbackHandler.setIssuer("www.example.com");
+        
+        callbackHandler.setSubjectLocality("xyz.ws.apache.org", "xyz.ws.apache.org");
+
+        createDOMMessageAndVerifyStAX(callbackHandler, false);
+    }
+    
+    @Test
+    public void testSAML2InvalidSubjectLocality() throws Exception {
+
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        callbackHandler.setIssuer("www.example.com");
+        
+        callbackHandler.setSubjectLocality("xyz.ws.apache.org", "xyz.ws.apache.org");
+
+        createDOMMessageAndVerifyStAX(callbackHandler, false);
+    }
+    
+    private void createDOMMessageAndVerifyStAX(
+        CallbackHandler samlCallbackHandler, boolean success
+    ) throws Exception {
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        {
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            String action = WSHandlerConstants.SAML_TOKEN_SIGNED;
+            Properties properties = new Properties();
+            properties.put(WSHandlerConstants.SAML_CALLBACK_REF, samlCallbackHandler);
+            Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action,
properties);
+    
+            //some test that we can really sure we get what we want from WSS4J
+            NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(),
WSSConstants.TAG_dsig_Signature.getLocalPart());
+            Assert.assertEquals(nodeList.getLength(), 2);
+            Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_saml_Assertion.getLocalPart());
+            Assert.assertEquals(nodeList.item(1).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+    
+            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+        }
+    
+        //done signature; now test sig-verification:
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
+            InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+            XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
+    
+            try {
+                Document document = 
+                    StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+                if (!success) {
+                    Assert.fail("XMLStreamException expected");
+                }
+                Assert.assertNotNull(document);
+            } catch (XMLStreamException e) {
+                Assert.assertTrue(!success);
+                Assert.assertNotNull(e.getCause());
+            }
+        }
+    }
+
+}

Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlConditionsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlConditionsTest.java?rev=1652069&r1=1652068&r2=1652069&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlConditionsTest.java
(original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SamlConditionsTest.java
Thu Jan 15 11:30:44 2015
@@ -211,6 +211,88 @@ public class SamlConditionsTest extends
         }
     }
 
+    @Test
+    public void testSAML2StaleNotOnOrAfter() throws Exception {
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        {
+            SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+            callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+            callbackHandler.setIssuer("www.example.com");
+
+            ConditionsBean conditions = new ConditionsBean();
+            DateTime notBefore = new DateTime();
+            conditions.setNotAfter(notBefore.minusMinutes(60));
+            conditions.setNotBefore(notBefore.minusMinutes(70));
+            callbackHandler.setConditions(conditions);
+
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            String action = WSHandlerConstants.SAML_TOKEN_SIGNED;
+            Properties properties = new Properties();
+            properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler);
+            Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action,
properties);
+
+            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+        }
+
+        //done signature; now test sig-verification:
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
+            InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+            XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
+
+            try {
+                StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+                Assert.fail("XMLStreamException expected");
+            } catch (XMLStreamException e) {
+                Assert.assertNotNull(e.getCause());
+            }
+        }
+    }
+    
+    @Test
+    public void testSAML2FutureNotBefore() throws Exception {
+
+        ByteArrayOutputStream baos = new ByteArrayOutputStream();
+        {
+            SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+            callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+            callbackHandler.setIssuer("www.example.com");
+
+            ConditionsBean conditions = new ConditionsBean();
+            DateTime notBefore = new DateTime();
+            conditions.setNotAfter(new DateTime().plusMinutes(70));
+            conditions.setNotBefore(notBefore.plusMinutes(60));
+            callbackHandler.setConditions(conditions);
+
+            InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+            String action = WSHandlerConstants.SAML_TOKEN_SIGNED;
+            Properties properties = new Properties();
+            properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler);
+            Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action,
properties);
+
+            javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+            transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+        }
+
+        //done signature; now test sig-verification:
+        {
+            WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+            securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"),
"default".toCharArray());
+            InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+            XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new
ByteArrayInputStream(baos.toByteArray())));
+
+            try {
+                StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+                Assert.fail("XMLStreamException expected");
+            } catch (XMLStreamException e) {
+                Assert.assertNotNull(e.getCause());
+            }
+        }
+    }
+    
     /**
      * Test that creates, sends and processes an unsigned SAML 2 authentication assertion
      * with an (invalid) custom Conditions statement.



Mime
View raw message