You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2022/09/12 08:43:43 UTC
[ws-wss4j] branch 2_4_x-fixes updated: Removing some tests that rely on Xalan
This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch 2_4_x-fixes
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/2_4_x-fixes by this push:
new f96ee948f Removing some tests that rely on Xalan
f96ee948f is described below
commit f96ee948f8735afae5b5f6ccd8a89290c0e86533
Author: Colm O hEigeartaigh <co...@apache.org>
AuthorDate: Mon Sep 12 09:39:45 2022 +0100
Removing some tests that rely on Xalan
---
.../dom/saml/SamlTokenCustomSignatureTest.java | 204 ---------------------
1 file changed, 204 deletions(-)
diff --git a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java
index e1b4f4d07..9b2543f1a 100644
--- a/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java
+++ b/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenCustomSignatureTest.java
@@ -19,32 +19,23 @@
package org.apache.wss4j.dom.saml;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
import java.util.ArrayList;
-import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.TreeMap;
-import javax.xml.namespace.QName;
-
import org.apache.wss4j.common.WSEncryptionPart;
import org.apache.wss4j.common.crypto.Crypto;
import org.apache.wss4j.common.crypto.CryptoFactory;
-import org.apache.wss4j.common.crypto.CryptoType;
-import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.common.saml.SAMLCallback;
import org.apache.wss4j.common.saml.SAMLUtil;
import org.apache.wss4j.common.saml.SamlAssertionWrapper;
import org.apache.wss4j.common.saml.builder.SAML1Constants;
-import org.apache.wss4j.common.saml.builder.SAML2Constants;
import org.apache.wss4j.common.util.SOAPUtil;
import org.apache.wss4j.common.util.XMLUtils;
import org.apache.wss4j.dom.WSConstants;
import org.apache.wss4j.dom.common.CustomHandler;
import org.apache.wss4j.dom.common.SAML1CallbackHandler;
-import org.apache.wss4j.dom.common.SAML2CallbackHandler;
import org.apache.wss4j.dom.engine.WSSConfig;
import org.apache.wss4j.dom.engine.WSSecurityEngine;
@@ -54,19 +45,12 @@ import org.apache.wss4j.dom.handler.WSHandlerConstants;
import org.apache.wss4j.dom.handler.WSHandlerResult;
import org.apache.wss4j.dom.message.WSSecHeader;
import org.apache.wss4j.dom.message.WSSecSignature;
-import org.apache.wss4j.dom.validate.SamlAssertionValidator;
-import org.apache.wss4j.dom.validate.Validator;
-import org.apache.xml.security.signature.XMLSignature;
-import org.apache.xml.security.transforms.Transforms;
-import org.apache.xml.security.transforms.params.XPath2FilterContainer;
-import org.apache.xml.security.utils.Constants;
import org.junit.jupiter.api.Test;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import static org.junit.jupiter.api.Assertions.assertTrue;
-import static org.junit.jupiter.api.Assertions.fail;
/**
*/
@@ -81,150 +65,6 @@ public class SamlTokenCustomSignatureTest {
crypto = CryptoFactory.getInstance("crypto.properties");
}
- /**
- * Test that creates, sends and processes a signed SAML 1.1 authentication assertion.
- */
- @Test
- public void testSAML1AuthnAssertion() throws Exception {
- SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
- callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
- callbackHandler.setConfirmationMethod(SAML1Constants.CONF_BEARER);
- callbackHandler.setIssuer("www.example.com");
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
- SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
-
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- Element assertionElement = samlAssertion.toDOM(doc);
-
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
- secHeader.getSecurityHeaderElement().appendChild(assertionElement);
-
- // Sign
- signAssertion(doc, assertionElement);
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("SAML 1.1 Authn Assertion (Bearer):");
- String outputString = XMLUtils.prettyDocumentToString(doc);
- LOG.debug(outputString);
- }
-
- try {
- verify(doc);
- fail("Failure expected on a signature that doesn't conform with the signature profile");
- } catch (WSSecurityException ex) {
- assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
- }
-
- // This should pass as we are disabling signature profile validation in the Validator
- verifyWithoutProfile(doc);
- }
-
- @Test
- public void testSAML1AuthnAssertionValidatorMap() throws Exception {
- SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
- callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
- callbackHandler.setConfirmationMethod(SAML1Constants.CONF_BEARER);
- callbackHandler.setIssuer("www.example.com");
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
- SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
-
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- Element assertionElement = samlAssertion.toDOM(doc);
-
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
- secHeader.getSecurityHeaderElement().appendChild(assertionElement);
-
- // Sign
- signAssertion(doc, assertionElement);
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("SAML 1.1 Authn Assertion (Bearer):");
- String outputString = XMLUtils.prettyDocumentToString(doc);
- LOG.debug(outputString);
- }
-
- try {
- verify(doc);
- fail("Failure expected on a signature that doesn't conform with the signature profile");
- } catch (WSSecurityException ex) {
- assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
- }
-
- // This should pass as we are disabling signature profile validation in the Validator,
- // which is configured via ConfigurationConstants.VALIDATOR_MAP
-
- SamlAssertionValidator validator = new SamlAssertionValidator();
- validator.setValidateSignatureAgainstProfile(false);
- Map<QName, Validator> validatorMap = new HashMap<>();
- validatorMap.put(WSConstants.SAML_TOKEN, validator);
-
- RequestData requestData = new RequestData();
- Map<String, Object> config = new TreeMap<>();
- config.put(WSHandlerConstants.SIG_VER_PROP_FILE, "crypto.properties");
- config.put(WSHandlerConstants.VALIDATOR_MAP, validatorMap);
- requestData.setMsgContext(config);
- requestData.setSigVerCrypto(crypto);
-
- CustomHandler handler = new CustomHandler();
-
- List<Integer> actions = new ArrayList<>();
- actions.add(WSConstants.ST_SIGNED);
- handler.receive(actions, requestData);
-
- WSSecurityEngine secEngine = new WSSecurityEngine();
- secEngine.processSecurityHeader(doc, requestData);
-
- String outputString = XMLUtils.prettyDocumentToString(doc);
- assertTrue(outputString.indexOf("counter_port_type") > 0 ? true : false);
- }
-
- /**
- * Test that creates, sends and processes a signed SAML 2.0 authentication assertion.
- */
- @Test
- public void testSAML2AuthnAssertion() throws Exception {
- SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
- callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
- callbackHandler.setConfirmationMethod(SAML2Constants.CONF_BEARER);
- callbackHandler.setIssuer("www.example.com");
-
- SAMLCallback samlCallback = new SAMLCallback();
- SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
- SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
-
- Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
- Element assertionElement = samlAssertion.toDOM(doc);
-
- WSSecHeader secHeader = new WSSecHeader(doc);
- secHeader.insertSecurityHeader();
- secHeader.getSecurityHeaderElement().appendChild(assertionElement);
-
- // Sign
- signAssertion(doc, assertionElement);
-
- if (LOG.isDebugEnabled()) {
- LOG.debug("SAML 2.0 Authn Assertion (Bearer):");
- String outputString = XMLUtils.prettyDocumentToString(doc);
- LOG.debug(outputString);
- }
-
- try {
- verify(doc);
- fail("Failure expected on a signature that doesn't conform with the signature profile");
- } catch (WSSecurityException ex) {
- assertTrue(ex.getErrorCode() == WSSecurityException.ErrorCode.FAILURE);
- }
-
- // This should pass as we are disabling signature profile validation in the Validator
- verifyWithoutProfile(doc);
- }
-
@Test
public void testAddSAML1AndSign() throws Exception {
SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
@@ -313,31 +153,6 @@ public class SamlTokenCustomSignatureTest {
verify(doc);
}
- private void signAssertion(Document doc, Element assertionElement) throws Exception {
- XMLSignature sig =
- new XMLSignature(doc, null, XMLSignature.ALGO_ID_SIGNATURE_RSA);
- assertionElement.appendChild(sig.getElement());
-
- Transforms transforms = new Transforms(doc);
- String filter = "here()/ancestor::ds.Signature/parent::node()/descendant-or-self::*";
- XPath2FilterContainer xpathC = XPath2FilterContainer.newInstanceIntersect(doc, filter);
- xpathC.setXPathNamespaceContext("dsig-xpath", Transforms.TRANSFORM_XPATH2FILTER);
-
- Element node = xpathC.getElement();
- transforms.addTransform(Transforms.TRANSFORM_XPATH2FILTER, node);
- sig.addDocument("", transforms, Constants.ALGO_ID_DIGEST_SHA1);
-
- PrivateKey privateKey = crypto.getPrivateKey("16c73ab6-b892-458f-abf5-2f875f74882e", "security");
-
- sig.sign(privateKey);
-
- CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
- cryptoType.setAlias("16c73ab6-b892-458f-abf5-2f875f74882e");
- X509Certificate cert = crypto.getX509Certificates(cryptoType)[0];
- sig.addKeyInfo(cert);
- sig.checkSignatureValue(cert);
- }
-
/**
* Verifies the soap envelope
*
@@ -357,23 +172,4 @@ public class SamlTokenCustomSignatureTest {
return results;
}
- private WSHandlerResult verifyWithoutProfile(Document doc) throws Exception {
- SamlAssertionValidator validator = new SamlAssertionValidator();
- validator.setValidateSignatureAgainstProfile(false);
-
- WSSecurityEngine secEngine = new WSSecurityEngine();
- WSSConfig config = secEngine.getWssConfig();
- config.setValidator(WSConstants.SAML_TOKEN, validator);
- config.setValidator(WSConstants.SAML2_TOKEN, validator);
-
- WSHandlerResult results =
- secEngine.processSecurityHeader(
- doc, null, null, crypto
- );
- String outputString = XMLUtils.prettyDocumentToString(doc);
- assertTrue(outputString.indexOf("counter_port_type") > 0 ? true : false);
- return results;
- }
-
-
}
\ No newline at end of file