You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by gi...@apache.org on 2012/11/06 17:36:24 UTC
svn commit: r1406211 [3/3] - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/ws/security/common/crypto/
ws-security-common/src/main/java/org/apache/ws/security/common/saml/
ws-security-common/src/main/java/org/apache/ws/securit...
Added: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/saml/SamlConditionsTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/saml/SamlConditionsTest.java?rev=1406211&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/saml/SamlConditionsTest.java (added)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/saml/SamlConditionsTest.java Tue Nov 6 16:36:23 2012
@@ -0,0 +1,295 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ws.security.stax.test.saml;
+
+import org.apache.ws.security.common.saml.bean.ConditionsBean;
+import org.apache.ws.security.common.saml.builder.SAML1Constants;
+import org.apache.ws.security.dom.handler.WSHandlerConstants;
+import org.apache.ws.security.stax.WSSec;
+import org.apache.ws.security.stax.ext.InboundWSSec;
+import org.apache.ws.security.stax.ext.OutboundWSSec;
+import org.apache.ws.security.stax.ext.WSSConstants;
+import org.apache.ws.security.stax.ext.WSSSecurityProperties;
+import org.apache.ws.security.stax.test.AbstractTestBase;
+import org.apache.ws.security.stax.test.CallbackHandlerImpl;
+import org.apache.ws.security.stax.test.utils.StAX2DOM;
+import org.apache.ws.security.stax.test.utils.XmlReaderToWriter;
+import org.apache.xml.security.stax.securityEvent.SecurityEvent;
+import org.joda.time.DateTime;
+import org.opensaml.Configuration;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import javax.xml.stream.XMLStreamException;
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.stream.XMLStreamWriter;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.ArrayList;
+import java.util.Properties;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class SamlConditionsTest extends AbstractTestBase {
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 1.1 authentication assertion
+ * with a custom Conditions statement.
+ */
+ @Test
+ public void testSAML1ConditionsOutbound() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ WSSConstants.Action[] actions = new WSSConstants.Action[]{WSSConstants.SAML_TOKEN_SIGNED};
+ securityProperties.setOutAction(actions);
+ CallbackHandlerImpl callbackHandler = new CallbackHandlerImpl();
+ callbackHandler.setStatement(CallbackHandlerImpl.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ ConditionsBean conditions = new ConditionsBean();
+ DateTime notBefore = new DateTime();
+ conditions.setNotBefore(notBefore);
+ DateTime notAfter = notBefore.plusMinutes(20);
+ conditions.setNotAfter(notAfter);
+ callbackHandler.setConditions(conditions);
+
+ securityProperties.setCallbackHandler(callbackHandler);
+ securityProperties.loadSignatureKeyStore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+ securityProperties.setSignatureUser("transmitter");
+
+ OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
+ XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos, "UTF-8", new ArrayList<SecurityEvent>());
+ XMLStreamReader xmlStreamReader = xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ Document document = documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray()));
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 2);
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_saml_Assertion.getLocalPart());
+ Assert.assertEquals(nodeList.item(1).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ nodeList = document.getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:assertion", "Conditions");
+ Assert.assertEquals(nodeList.getLength(), 1);
+ Assert.assertEquals(((Element) nodeList.item(0)).getAttribute("NotBefore"), Configuration.getSAMLDateFormatter().print(notBefore));
+ Assert.assertEquals(((Element) nodeList.item(0)).getAttribute("NotOnOrAfter"), Configuration.getSAMLDateFormatter().print(notAfter));
+ }
+
+ //done signature; now test sig-verification:
+ {
+ String action = WSHandlerConstants.SIGNATURE + " " + WSHandlerConstants.SAML_TOKEN_SIGNED;
+ Properties properties = new Properties();
+ doInboundSecurityWithWSS4J_1(documentBuilderFactory.newDocumentBuilder().parse(new ByteArrayInputStream(baos.toByteArray())), action, properties, false);
+ }
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 1.1 authentication assertion
+ * with a custom Conditions statement.
+ */
+ @Test
+ public void testSAML1ConditionsInbound() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
+ callbackHandler.setIssuer("www.example.com");
+
+ ConditionsBean conditions = new ConditionsBean();
+ DateTime notBefore = new DateTime();
+ conditions.setNotBefore(notBefore);
+ DateTime notAfter = notBefore.plusMinutes(20);
+ conditions.setNotAfter(notAfter);
+ callbackHandler.setConditions(conditions);
+
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action = WSHandlerConstants.SAML_TOKEN_SIGNED;
+ Properties properties = new Properties();
+ properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler);
+ Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+ //some test that we can really sure we get what we want from WSS4J
+ NodeList nodeList = securedDocument.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 2);
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_saml_Assertion.getLocalPart());
+ Assert.assertEquals(nodeList.item(1).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ nodeList = securedDocument.getElementsByTagNameNS("urn:oasis:names:tc:SAML:1.0:assertion", "Conditions");
+ Assert.assertEquals(nodeList.getLength(), 1);
+ Assert.assertEquals(((Element) nodeList.item(0)).getAttribute("NotBefore"), Configuration.getSAMLDateFormatter().print(notBefore));
+ Assert.assertEquals(((Element) nodeList.item(0)).getAttribute("NotOnOrAfter"), Configuration.getSAMLDateFormatter().print(notAfter));
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ //done signature; now test sig-verification:
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+ }
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 2 authentication assertion
+ * with an (invalid) custom Conditions statement.
+ */
+ @Test
+ public void testSAML2InvalidAfterConditionsInbound() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ ConditionsBean conditions = new ConditionsBean();
+ DateTime notBefore = new DateTime();
+ conditions.setNotBefore(notBefore.minusMinutes(5));
+ conditions.setNotAfter(notBefore.minusMinutes(3));
+ callbackHandler.setConditions(conditions);
+
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action = WSHandlerConstants.SAML_TOKEN_SIGNED;
+ Properties properties = new Properties();
+ properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler);
+ Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ //done signature; now test sig-verification:
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+ try {
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+ Assert.fail("XMLStreamException expected");
+ } catch (XMLStreamException e) {
+ Assert.assertNotNull(e.getCause());
+ Assert.assertEquals(e.getCause().getMessage(), "SAML Token condition (Not On Or After) not met");
+ }
+ }
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 2 authentication assertion
+ * with an (invalid) custom Conditions statement.
+ */
+ @Test
+ public void testSAML2InvalidBeforeConditionsInbound() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ ConditionsBean conditions = new ConditionsBean();
+ DateTime notBefore = new DateTime();
+ conditions.setNotBefore(notBefore.plusMinutes(2));
+ conditions.setNotAfter(notBefore.plusMinutes(5));
+ callbackHandler.setConditions(conditions);
+
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action = WSHandlerConstants.SAML_TOKEN_SIGNED;
+ Properties properties = new Properties();
+ properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler);
+ Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ //done signature; now test sig-verification:
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+ try {
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+ Assert.fail("XMLStreamException expected");
+ } catch (XMLStreamException e) {
+ Assert.assertNotNull(e.getCause());
+ Assert.assertEquals(e.getCause().getMessage(), "SAML Token condition (Not Before) not met");
+ }
+ }
+ }
+
+ /**
+ * Test that creates, sends and processes an unsigned SAML 2 authentication assertion
+ * with a Conditions statement that has a NotBefore "in the future".
+ */
+ @Test
+ public void testSAML2FutureTTLConditions() throws Exception {
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ ConditionsBean conditions = new ConditionsBean();
+ DateTime notBefore = new DateTime();
+ conditions.setNotBefore(notBefore.plusSeconds(30));
+ conditions.setNotAfter(notBefore.plusMinutes(5));
+ callbackHandler.setConditions(conditions);
+
+ InputStream sourceDocument = this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml");
+ String action = WSHandlerConstants.SAML_TOKEN_SIGNED;
+ Properties properties = new Properties();
+ properties.put(WSHandlerConstants.SAML_CALLBACK_REF, callbackHandler);
+ Document securedDocument = doOutboundSecurityWithWSS4J(sourceDocument, action, properties);
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ //done signature; now test sig-verification:
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())));
+
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+ }
+ }
+}
Propchange: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/saml/SamlConditionsTest.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision
Added: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/saml/SamlTokenDerivedTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/saml/SamlTokenDerivedTest.java?rev=1406211&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/saml/SamlTokenDerivedTest.java (added)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/saml/SamlTokenDerivedTest.java Tue Nov 6 16:36:23 2012
@@ -0,0 +1,210 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package org.apache.ws.security.stax.test.saml;
+
+import org.apache.ws.security.common.crypto.Crypto;
+import org.apache.ws.security.common.crypto.CryptoFactory;
+import org.apache.ws.security.common.crypto.CryptoType;
+import org.apache.ws.security.common.ext.WSSecurityException;
+import org.apache.ws.security.common.saml.AssertionWrapper;
+import org.apache.ws.security.common.saml.SAMLCallback;
+import org.apache.ws.security.common.saml.SAMLUtil;
+import org.apache.ws.security.common.saml.builder.SAML1Constants;
+import org.apache.ws.security.dom.WSConstants;
+import org.apache.ws.security.dom.WSEncryptionPart;
+import org.apache.ws.security.dom.WSSConfig;
+import org.apache.ws.security.dom.message.WSSecDKSign;
+import org.apache.ws.security.dom.message.WSSecHeader;
+import org.apache.ws.security.dom.message.token.SecurityTokenReference;
+import org.apache.ws.security.dom.util.WSSecurityUtil;
+import org.apache.ws.security.stax.WSSec;
+import org.apache.ws.security.stax.ext.InboundWSSec;
+import org.apache.ws.security.stax.ext.WSSConstants;
+import org.apache.ws.security.stax.ext.WSSSecurityProperties;
+import org.apache.ws.security.stax.securityEvent.WSSecurityEventConstants;
+import org.apache.ws.security.stax.test.AbstractTestBase;
+import org.apache.ws.security.stax.test.CallbackHandlerImpl;
+import org.apache.ws.security.stax.test.utils.SOAPUtil;
+import org.apache.ws.security.stax.test.utils.StAX2DOM;
+import org.testng.Assert;
+import org.testng.annotations.Test;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+import javax.xml.stream.XMLStreamReader;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.security.cert.X509Certificate;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * @author $Author$
+ * @version $Revision$ $Date$
+ */
+public class SamlTokenDerivedTest extends AbstractTestBase {
+
+ /**
+ * Test that creates, sends and processes a signed SAML 1.1 authentication assertion
+ * using a derived key.
+ */
+ @Test
+ public void testSAML1AuthnAssertionDerivedInbound() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ //
+ // Create a SAML Assertion + STR, and add both to the security header
+ //
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setConfirmationMethod(SAML1Constants.CONF_SENDER_VOUCHES);
+ callbackHandler.setIssuer("www.example.com");
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ AssertionWrapper assertion = new AssertionWrapper(samlCallback);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ SecurityTokenReference secRefSaml =
+ createSamlSTR(doc, assertion, WSSConfig.getNewInstance());
+ Element samlTokenElement = assertion.toDOM(doc);
+ Element secRefElement = secRefSaml.getElement();
+ secHeader.getSecurityHeader().appendChild(samlTokenElement);
+ secHeader.getSecurityHeader().appendChild(secRefElement);
+
+ //
+ // Create a Derived Key object for signature
+ //
+ WSSecDKSign sigBuilder = createDKSign(doc, secRefSaml);
+ Document securedDocument = sigBuilder.build(doc, secHeader);
+
+ //todo remove the following lines when the header ordering no longer does matter...
+ /*Node firstChild = secHeader.getSecurityHeader().getFirstChild();
+ secHeader.getSecurityHeader().insertBefore(secRefElement, firstChild);
+ secHeader.getSecurityHeader().insertBefore(samlTokenElement, secRefElement);*/
+
+ javax.xml.transform.Transformer transformer = TRANSFORMER_FACTORY.newTransformer();
+ transformer.transform(new DOMSource(securedDocument), new StreamResult(baos));
+ }
+
+ {
+ WSSSecurityProperties securityProperties = new WSSSecurityProperties();
+ securityProperties.loadSignatureVerificationKeystore(this.getClass().getClassLoader().getResource("receiver.jks"), "default".toCharArray());
+ securityProperties.loadDecryptionKeystore(this.getClass().getClassLoader().getResource("transmitter.jks"), "default".toCharArray());
+ securityProperties.setCallbackHandler(new CallbackHandlerImpl());
+ InboundWSSec wsSecIn = WSSec.getInboundWSSec(securityProperties);
+
+ WSSecurityEventConstants.Event[] securityEvents = new WSSecurityEventConstants.Event[]{
+ WSSecurityEventConstants.X509Token,
+ WSSecurityEventConstants.SignatureValue,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.SamlToken,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.SignedElement,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.AlgorithmSuite,
+ WSSecurityEventConstants.SignedElement,
+ WSSecurityEventConstants.Operation,
+ };
+ TestSecurityEventListener testSecurityEventListener = new TestSecurityEventListener(securityEvents);
+
+ XMLStreamReader xmlStreamReader = wsSecIn.processInMessage(xmlInputFactory.createXMLStreamReader(new ByteArrayInputStream(baos.toByteArray())), null, testSecurityEventListener);
+
+ Document document = StAX2DOM.readDoc(documentBuilderFactory.newDocumentBuilder(), xmlStreamReader);
+
+ //header element must still be there
+ NodeList nodeList = document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(), WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 1);
+ Assert.assertEquals(nodeList.item(0).getParentNode().getLocalName(), WSSConstants.TAG_wsse_Security.getLocalPart());
+
+ testSecurityEventListener.compare();
+ }
+ }
+
+ /**
+ * Create a SecurityTokenReference to a SAML Assertion
+ */
+ private SecurityTokenReference createSamlSTR(
+ Document doc,
+ AssertionWrapper assertion,
+ WSSConfig wssConfig
+ ) {
+ SecurityTokenReference secRefSaml = new SecurityTokenReference(doc);
+ String secRefID = wssConfig.getIdAllocator().createSecureId("STRSAMLId-", secRefSaml);
+ secRefSaml.setID(secRefID);
+
+ org.apache.ws.security.dom.message.token.Reference ref =
+ new org.apache.ws.security.dom.message.token.Reference(doc);
+ ref.setURI("#" + assertion.getId());
+ ref.setValueType(WSConstants.WSS_SAML_KI_VALUE_TYPE);
+ secRefSaml.addTokenType(WSConstants.WSS_SAML_TOKEN_TYPE);
+ secRefSaml.setReference(ref);
+
+ return secRefSaml;
+ }
+
+ /**
+ * Create a WSSecDKSign object, that signs the SOAP Body as well as the SAML Assertion
+ * via a STR Transform.
+ */
+ private WSSecDKSign createDKSign(
+ Document doc,
+ SecurityTokenReference secRefSaml
+ ) throws WSSecurityException {
+ SecurityTokenReference secToken = new SecurityTokenReference(doc);
+ CryptoType cryptoType = new CryptoType(CryptoType.TYPE.ALIAS);
+ cryptoType.setAlias("transmitter");
+ Crypto crypto = CryptoFactory.getInstance("transmitter-crypto.properties");
+ X509Certificate[] certs = crypto.getX509Certificates(cryptoType);
+ secToken.setKeyIdentifierThumb(certs[0]);
+
+ WSSecDKSign sigBuilder = new WSSecDKSign();
+ java.security.Key key =
+ crypto.getPrivateKey("transmitter", "default");
+ sigBuilder.setExternalKey(key.getEncoded(), secToken.getElement());
+ sigBuilder.setSignatureAlgorithm(WSConstants.HMAC_SHA1);
+ List<WSEncryptionPart> parts = new ArrayList<WSEncryptionPart>(2);
+ String soapNamespace = WSSecurityUtil.getSOAPNamespace(doc.getDocumentElement());
+ WSEncryptionPart encP =
+ new WSEncryptionPart(
+ WSConstants.ELEM_BODY,
+ soapNamespace,
+ "Content"
+ );
+ parts.add(encP);
+ encP = new WSEncryptionPart("STRTransform", "", "Element");
+ encP.setId(secRefSaml.getID());
+ encP.setElement(secRefSaml.getElement());
+ parts.add(encP);
+ sigBuilder.setParts(parts);
+
+ return sigBuilder;
+ }
+}
Propchange: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/ws/security/stax/test/saml/SamlTokenDerivedTest.java
------------------------------------------------------------------------------
svn:keywords = Author Date Id Revision