You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2018/02/08 16:35:16 UTC

svn commit: r1823581 - in /webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom: common/AbstractSAMLCallbackHandler.java common/SAML2CallbackHandler.java saml/SamlTokenTest.java

Author: coheigea
Date: Thu Feb  8 16:35:15 2018
New Revision: 1823581

URL: http://svn.apache.org/viewvc?rev=1823581&view=rev
Log:
Adding a test for WSS-622

Modified:
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java
    webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java?rev=1823581&r1=1823580&r2=1823581&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java Thu Feb  8 16:35:15 2018
@@ -30,6 +30,7 @@ import org.apache.wss4j.common.saml.bean
 import org.apache.wss4j.common.saml.bean.ConditionsBean;
 import org.apache.wss4j.common.saml.bean.KeyInfoBean;
 import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER;
+import org.apache.wss4j.common.saml.bean.NameIDBean;
 import org.apache.wss4j.common.saml.bean.SubjectBean;
 import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
 import org.apache.wss4j.common.saml.bean.SubjectLocalityBean;
@@ -80,6 +81,15 @@ public abstract class AbstractSAMLCallba
     private String issuerPassword;
     private Element assertionAdviceElement;
     private Element keyInfoElement;
+    protected NameIDBean subjectConfirmationNameID;
+
+    public NameIDBean getSubjectConfirmationNameID() {
+        return subjectConfirmationNameID;
+    }
+
+    public void setSubjectConfirmationNameID(NameIDBean subjectConfirmationNameID) {
+        this.subjectConfirmationNameID = subjectConfirmationNameID;
+    }
 
     public void setSubjectConfirmationData(SubjectConfirmationDataBean subjectConfirmationData) {
         this.subjectConfirmationData = subjectConfirmationData;

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java?rev=1823581&r1=1823580&r2=1823581&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java Thu Feb  8 16:35:15 2018
@@ -81,6 +81,9 @@ public class SAML2CallbackHandler extend
                 if (subjectNameIDFormat != null) {
                     subjectBean.setSubjectNameIDFormat(subjectNameIDFormat);
                 }
+                if (subjectConfirmationNameID != null) {
+                    subjectBean.setSubjectConfirmationNameID(subjectConfirmationNameID);
+                }
                 subjectBean.setSubjectConfirmationData(subjectConfirmationData);
                 if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) {
                     try {

Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java?rev=1823581&r1=1823580&r2=1823581&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java Thu Feb  8 16:35:15 2018
@@ -40,6 +40,7 @@ import org.apache.wss4j.common.ext.WSSec
 import org.apache.wss4j.common.saml.SAMLCallback;
 import org.apache.wss4j.common.saml.SAMLUtil;
 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.saml.bean.NameIDBean;
 import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean;
 import org.apache.wss4j.common.saml.builder.SAML1Constants;
 import org.apache.wss4j.common.saml.builder.SAML2Constants;
@@ -702,6 +703,52 @@ public class SamlTokenTest extends org.j
 
         WSHandlerResult results = createAndVerifyMessage(callbackHandler, true);
         WSSecurityEngineResult actionResult =
+            results.getActionResults().get(WSConstants.ST_UNSIGNED).get(0);
+
+        SamlAssertionWrapper receivedSamlAssertion =
+            (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+        assertTrue(receivedSamlAssertion != null);
+        assertFalse(receivedSamlAssertion.isSigned());
+    }
+
+    /**
+     * Test that creates, sends and processes an unsigned SAML 2 authentication assertion with
+     * a NameID in the Subject (see https://issues.apache.org/jira/browse/WSS-622)
+     */
+    @Test
+    public void testSAML2SubjectConfirmationNameID() throws Exception {
+        SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+        callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+        callbackHandler.setIssuer("www.example.com");
+
+        NameIDBean nameID = new NameIDBean();
+        nameID.setNameIDFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified");
+        nameID.setNameQualifier("confirmationNameQualifier");
+        nameID.setNameValue("confirmationNameQualifierValue");
+        callbackHandler.setSubjectConfirmationNameID(nameID);
+
+        SAMLCallback samlCallback = new SAMLCallback();
+        SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+        SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+
+        Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+        WSSecHeader secHeader = new WSSecHeader(doc);
+        secHeader.insertSecurityHeader();
+
+        WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
+
+        Document unsignedDoc = wsSign.build(samlAssertion);
+
+        String outputString =
+            XMLUtils.prettyDocumentToString(unsignedDoc);
+        if (LOG.isDebugEnabled()) {
+            LOG.debug("SAML 2 Authn Assertion (sender vouches):");
+            LOG.debug(outputString);
+        }
+        assertTrue(outputString.contains("confirmationNameQualifierValue"));
+
+        WSHandlerResult results = createAndVerifyMessage(callbackHandler, true);
+        WSSecurityEngineResult actionResult =
             results.getActionResults().get(WSConstants.ST_UNSIGNED).get(0);
 
         SamlAssertionWrapper receivedSamlAssertion =