ws-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From cohei...@apache.org
Subject svn commit: r1825557 - in /webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom: common/AbstractSAMLCallbackHandler.java saml/SamlTokenTest.java saml/SignedSamlTokenHOKTest.java
Date Wed, 28 Feb 2018 12:15:59 GMT
Author: coheigea
Date: Wed Feb 28 12:15:59 2018
New Revision: 1825557

URL: http://svn.apache.org/viewvc?rev=1825557&view=rev
Log:
Make sure the SAML Subject includes comments if they are present

Modified:
    webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
    webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
    webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java

Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java?rev=1825557&r1=1825556&r2=1825557&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
(original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
Wed Feb 28 12:15:59 2018
@@ -84,6 +84,10 @@ public abstract class AbstractSAMLCallba
     private Element keyInfoElement;
     protected NameIDBean subjectConfirmationNameID;
 
+    public void setSubjectName(String subjectName) {
+        this.subjectName = subjectName;
+    }
+
     public NameIDBean getSubjectConfirmationNameID() {
         return subjectConfirmationNameID;
     }

Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java?rev=1825557&r1=1825556&r2=1825557&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
(original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
Wed Feb 28 12:15:59 2018
@@ -22,6 +22,7 @@ package org.apache.wss4j.dom.saml;
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.security.Key;
+import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Collections;
@@ -1329,6 +1330,28 @@ public class SamlTokenTest extends org.j
         assertFalse(receivedSamlAssertion.isSigned());
     }
 
+    @Test
+    public void testSAML2SubjectWithComment() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+        String principal = "uid=joe,ou=people<!---->o=example.com";
+        callbackHandler.setSubjectName(principal);
+
+        WSHandlerResult results =
+            createAndVerifyMessage(callbackHandler, true);
+        WSSecurityEngineResult actionResult =
+            results.getActionResults().get(WSConstants.ST_UNSIGNED).get(0);
+
+        SamlAssertionWrapper receivedSamlAssertion =
+            (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedSamlAssertion != null);
+        assertFalse(receivedSamlAssertion.isSigned());
+
+        Principal receivedPrincipal = (Principal)actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+        assertEquals(principal, receivedPrincipal.getName());
+    }
+
     private void encryptElement(
         Document document,
         Element elementToEncrypt,

Modified: webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java?rev=1825557&r1=1825556&r2=1825557&view=diff
==============================================================================
--- webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java
(original)
+++ webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java
Wed Feb 28 12:15:59 2018
@@ -64,6 +64,7 @@ import javax.xml.parsers.DocumentBuilder
 
 import java.io.InputStream;
 import java.security.KeyStore;
+import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -796,6 +797,70 @@ public class SignedSamlTokenHOKTest exte
         assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", xpath);
     }
 
+    @Test
+    @SuppressWarnings("unchecked")
+    public void testSAML2SubjectWithComment() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+        callbackHandler.setIssuer("www.example.com");
+        String principal = "uid=joe,ou=people<!---->o=example.com";
+        callbackHandler.setSubjectName(principal);
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+
+        samlAssertion.signAssertion("wss40_server", "security", issuerCrypto, false);
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader(doc);
+        secHeader.insertSecurityHeader();
+
+        WSSecSignatureSAML wsSign = new WSSecSignatureSAML(secHeader);
+        wsSign.setUserInfo("wss40", "security");
+        wsSign.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
+        wsSign.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
+        wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+
+        Document signedDoc =
+            wsSign.build(userCrypto, samlAssertion, null, null, null);
+
+        String outputString =
+            XMLUtils.prettyDocumentToString(signedDoc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("Signed SAML 2 Authn Assertion (key holder):");
+            LOG.debug(outputString);
+        }
+        assertTrue(outputString.contains("http://www.w3.org/2001/04/xmlenc#sha256"));
+        assertTrue(outputString.contains("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"));
+
+        WSHandlerResult results = verify(signedDoc, trustCrypto);
+
+        // Test we processed a SAML assertion
+        WSSecurityEngineResult actionResult =
+            results.getActionResults().get(WSConstants.ST_SIGNED).get(0);
+        SamlAssertionWrapper receivedSamlAssertion =
+            (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedSamlAssertion != null);
+        assertTrue(receivedSamlAssertion.isSigned());
+
+        // Test we processed a signature (SOAP body)
+        actionResult = results.getActionResults().get(WSConstants.SIGN).get(0);
+        assertTrue(actionResult != null);
+        assertFalse(actionResult.isEmpty());
+        final List<WSDataRef> refs =
+            (List<WSDataRef>) actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+        assertTrue(refs.size() == 1);
+
+        WSDataRef wsDataRef = refs.get(0);
+        String xpath = wsDataRef.getXpath();
+        assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", xpath);
+
+        Principal receivedPrincipal = (Principal)actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+        assertEquals(principal, receivedPrincipal.getName());
+    }
+
     /**
      * Verifies the soap envelope
      *



Mime
View raw message