You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2015/01/15 11:18:08 UTC
svn commit: r1652033 - in /webservices/wss4j/trunk:
ws-security-common/src/main/java/org/apache/wss4j/common/saml/
ws-security-common/src/main/java/org/apache/wss4j/common/util/
ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/ ws-security-d...
Author: coheigea
Date: Thu Jan 15 10:18:07 2015
New Revision: 1652033
URL: http://svn.apache.org/r1652033
Log:
[WSS-522] - Enforce security constraints on SAML AuthnStatement attributes
Added:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/InetAddressUtils.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAuthnTest.java
Modified:
webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java
Modified: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java?rev=1652033&r1=1652032&r2=1652033&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java (original)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java Thu Jan 15 10:18:07 2015
@@ -32,6 +32,7 @@ import org.apache.wss4j.common.ext.WSSec
import org.apache.wss4j.common.saml.builder.SAML1ComponentBuilder;
import org.apache.wss4j.common.saml.builder.SAML2ComponentBuilder;
import org.apache.wss4j.common.util.DOM2Writer;
+import org.apache.wss4j.common.util.InetAddressUtils;
import org.apache.xml.security.exceptions.XMLSecurityException;
import org.apache.xml.security.signature.XMLSignature;
import org.apache.xml.security.signature.XMLSignatureException;
@@ -822,6 +823,74 @@ public class SamlAssertionWrapper {
}
}
+ /**
+ * Check the various attributes of the AuthnStatements of the assertion (if any)
+ */
+ public void checkAuthnStatements(int futureTTL) throws WSSecurityException {
+ if (getSamlVersion().equals(SAMLVersion.VERSION_20)
+ && getSaml2().getAuthnStatements() != null) {
+ List<AuthnStatement> authnStatements = getSaml2().getAuthnStatements();
+
+ for (AuthnStatement authnStatement : authnStatements) {
+ DateTime authnInstant = authnStatement.getAuthnInstant();
+ DateTime sessionNotOnOrAfter = authnStatement.getSessionNotOnOrAfter();
+ String subjectLocalityAddress = null;
+
+ if (authnStatement.getSubjectLocality() != null
+ && authnStatement.getSubjectLocality().getAddress() != null) {
+ subjectLocalityAddress = authnStatement.getSubjectLocality().getAddress();
+ }
+
+ validateAuthnStatement(authnInstant, sessionNotOnOrAfter,
+ subjectLocalityAddress, futureTTL);
+ }
+ } else if (getSamlVersion().equals(SAMLVersion.VERSION_11)
+ && getSaml1().getAuthenticationStatements() != null) {
+ List<AuthenticationStatement> authnStatements =
+ getSaml1().getAuthenticationStatements();
+
+ for (AuthenticationStatement authnStatement : authnStatements) {
+ DateTime authnInstant = authnStatement.getAuthenticationInstant();
+ String subjectLocalityAddress = null;
+
+ if (authnStatement.getSubjectLocality() != null
+ && authnStatement.getSubjectLocality().getIPAddress() != null) {
+ subjectLocalityAddress = authnStatement.getSubjectLocality().getIPAddress();
+ }
+
+ validateAuthnStatement(authnInstant, null,
+ subjectLocalityAddress, futureTTL);
+ }
+ }
+ }
+
+ private void validateAuthnStatement(
+ DateTime authnInstant, DateTime sessionNotOnOrAfter, String subjectLocalityAddress,
+ int futureTTL
+ ) throws WSSecurityException {
+ // AuthnInstant in the future
+ DateTime currentTime = new DateTime();
+ currentTime = currentTime.plusSeconds(futureTTL);
+ if (authnInstant.isAfter(currentTime)) {
+ LOG.debug("SAML Token AuthnInstant not met");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+ }
+
+ // Stale SessionNotOnOrAfter
+ if (sessionNotOnOrAfter != null && sessionNotOnOrAfter.isBeforeNow()) {
+ LOG.debug("SAML Token SessionNotOnOrAfter not met");
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+ }
+
+ // Check that the SubjectLocality address is an IP address
+ if (subjectLocalityAddress != null
+ && !(InetAddressUtils.isIPv4Address(subjectLocalityAddress)
+ || InetAddressUtils.isIPv6Address(subjectLocalityAddress))) {
+ LOG.debug("SAML Token SubjectLocality address is not valid: " + subjectLocalityAddress);
+ throw new WSSecurityException(WSSecurityException.ErrorCode.FAILURE, "invalidSAMLsecurity");
+ }
+ }
+
/**
* Validate the samlAssertion against schemas/profiles
*/
Added: webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/InetAddressUtils.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/InetAddressUtils.java?rev=1652033&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/InetAddressUtils.java (added)
+++ webservices/wss4j/trunk/ws-security-common/src/main/java/org/apache/wss4j/common/util/InetAddressUtils.java Thu Jan 15 10:18:07 2015
@@ -0,0 +1,119 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+/*
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation. For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.wss4j.common.util;
+
+import java.util.regex.Pattern;
+
+/**
+ * A collection of utilities relating to InetAddresses.
+ *
+ * Copied from httpclient.
+ */
+public final class InetAddressUtils {
+
+ private static final String IPV4_BASIC_PATTERN_STRING =
+ "(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\\.){3}" // initial 3 fields, 0-255 followed by .
+ + "([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])"; // final field, 0-255
+
+ private static final Pattern IPV4_PATTERN =
+ Pattern.compile("^" + IPV4_BASIC_PATTERN_STRING + "$");
+
+ private static final Pattern IPV4_MAPPED_IPV6_PATTERN = // TODO does not allow for redundant leading zeros
+ Pattern.compile("^::[fF]{4}:" + IPV4_BASIC_PATTERN_STRING + "$");
+
+ private static final Pattern IPV6_STD_PATTERN =
+ Pattern.compile(
+ "^[0-9a-fA-F]{1,4}(:[0-9a-fA-F]{1,4}){7}$");
+
+ private static final Pattern IPV6_HEX_COMPRESSED_PATTERN =
+ Pattern.compile(
+ "^(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,5})?)" // 0-6 hex fields
+ + "::"
+ + "(([0-9A-Fa-f]{1,4}(:[0-9A-Fa-f]{1,4}){0,5})?)$"); // 0-6 hex fields
+
+ /*
+ * The above pattern is not totally rigorous as it allows for more than 7 hex fields in total
+ */
+ private static final char COLON_CHAR = ':';
+
+ // Must not have more than 7 colons (i.e. 8 fields)
+ private static final int MAX_COLON_COUNT = 7;
+
+ private InetAddressUtils() {
+ }
+
+ /**
+ * Checks whether the parameter is a valid IPv4 address
+ *
+ * @param input the address string to check for validity
+ * @return true if the input parameter is a valid IPv4 address
+ */
+ public static boolean isIPv4Address(final String input) {
+ return IPV4_PATTERN.matcher(input).matches();
+ }
+
+ public static boolean isIPv4MappedIPv64Address(final String input) {
+ return IPV4_MAPPED_IPV6_PATTERN.matcher(input).matches();
+ }
+
+ /**
+ * Checks whether the parameter is a valid standard (non-compressed) IPv6 address
+ *
+ * @param input the address string to check for validity
+ * @return true if the input parameter is a valid standard (non-compressed) IPv6 address
+ */
+ public static boolean isIPv6StdAddress(final String input) {
+ return IPV6_STD_PATTERN.matcher(input).matches();
+ }
+
+ /**
+ * Checks whether the parameter is a valid compressed IPv6 address
+ *
+ * @param input the address string to check for validity
+ * @return true if the input parameter is a valid compressed IPv6 address
+ */
+ public static boolean isIPv6HexCompressedAddress(final String input) {
+ int colonCount = 0;
+ for (int i = 0; i < input.length(); i++) {
+ if (input.charAt(i) == COLON_CHAR) {
+ colonCount++;
+ }
+ }
+ return colonCount <= MAX_COLON_COUNT && IPV6_HEX_COMPRESSED_PATTERN.matcher(input).matches();
+ }
+
+ /**
+ * Checks whether the parameter is a valid IPv6 address (including compressed).
+ *
+ * @param input the address string to check for validity
+ * @return true if the input parameter is a valid standard or compressed IPv6 address
+ */
+ public static boolean isIPv6Address(final String input) {
+ return isIPv6StdAddress(input) || isIPv6HexCompressedAddress(input);
+ }
+
+}
Modified: webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java?rev=1652033&r1=1652032&r2=1652033&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/main/java/org/apache/wss4j/dom/validate/SamlAssertionValidator.java Thu Jan 15 10:18:07 2015
@@ -102,6 +102,9 @@ public class SamlAssertionValidator exte
// Check conditions
checkConditions(samlAssertion);
+ // Check conditions
+ checkAuthnStatements(samlAssertion);
+
// Check OneTimeUse Condition
checkOneTimeUse(samlAssertion, data);
@@ -212,6 +215,13 @@ public class SamlAssertionValidator exte
}
/**
+ * Check the AuthnStatements of the Assertion (if any)
+ */
+ protected void checkAuthnStatements(SamlAssertionWrapper samlAssertion) throws WSSecurityException {
+ samlAssertion.checkAuthnStatements(futureTTL);
+ }
+
+ /**
* Check the "OneTimeUse" Condition of the Assertion. If this is set then the Assertion
* is cached (if a cache is defined), and must not have been previously cached
*/
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java?rev=1652033&r1=1652032&r2=1652033&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java Thu Jan 15 10:18:07 2015
@@ -69,6 +69,15 @@ public abstract class AbstractSAMLCallba
protected String subjectLocalityIpAddress = null;
protected String subjectLocalityDnsAddress = null;
protected DateTime sessionNotOnOrAfter = null;
+ protected DateTime authenticationInstant;
+ public DateTime getAuthenticationInstant() {
+ return authenticationInstant;
+ }
+
+ public void setAuthenticationInstant(DateTime authenticationInstant) {
+ this.authenticationInstant = authenticationInstant;
+ }
+
protected String resource = null;
protected List<Object> customAttributeValues = null;
protected ConditionsBean conditions = null;
@@ -147,6 +156,7 @@ public abstract class AbstractSAMLCallba
authBean.setSubjectLocality(subjectLocality);
}
authBean.setAuthenticationMethod("Password");
+ authBean.setAuthenticationInstant(authenticationInstant);
authBean.setSessionNotOnOrAfter(sessionNotOnOrAfter);
callback.setAuthenticationStatementData(Collections.singletonList(authBean));
} else if (statement == Statement.ATTR) {
Added: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAuthnTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAuthnTest.java?rev=1652033&view=auto
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAuthnTest.java (added)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlAuthnTest.java Thu Jan 15 10:18:07 2015
@@ -0,0 +1,208 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements. See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership. The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied. See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+
+package org.apache.wss4j.dom.saml;
+
+import java.util.List;
+
+import javax.security.auth.callback.CallbackHandler;
+
+import org.apache.wss4j.common.ext.WSSecurityException;
+import org.apache.wss4j.common.saml.SAMLCallback;
+import org.apache.wss4j.common.saml.SAMLUtil;
+import org.apache.wss4j.common.saml.SamlAssertionWrapper;
+import org.apache.wss4j.common.util.XMLUtils;
+import org.apache.wss4j.dom.WSSConfig;
+import org.apache.wss4j.dom.WSSecurityEngine;
+import org.apache.wss4j.dom.WSSecurityEngineResult;
+import org.apache.wss4j.dom.common.CustomSamlAssertionValidator;
+import org.apache.wss4j.dom.common.SAML1CallbackHandler;
+import org.apache.wss4j.dom.common.SAML2CallbackHandler;
+import org.apache.wss4j.dom.common.SOAPUtil;
+import org.apache.wss4j.dom.common.SecurityTestUtil;
+import org.apache.wss4j.dom.message.WSSecHeader;
+import org.apache.wss4j.dom.message.WSSecSAMLToken;
+import org.joda.time.DateTime;
+import org.w3c.dom.Document;
+
+/**
+ * Some tests for SAML Authentication Assertions
+ */
+public class SamlAuthnTest extends org.junit.Assert {
+ private static final org.slf4j.Logger LOG =
+ org.slf4j.LoggerFactory.getLogger(SamlAuthnTest.class);
+ private WSSecurityEngine secEngine = new WSSecurityEngine();
+
+ @org.junit.AfterClass
+ public static void cleanup() throws Exception {
+ SecurityTestUtil.cleanup();
+ }
+
+ public SamlAuthnTest() {
+ WSSConfig config = WSSConfig.getNewInstance();
+ config.setValidator(WSSecurityEngine.SAML_TOKEN, new CustomSamlAssertionValidator());
+ config.setValidator(WSSecurityEngine.SAML2_TOKEN, new CustomSamlAssertionValidator());
+ config.setValidateSamlSubjectConfirmation(false);
+ secEngine.setWssConfig(config);
+ }
+
+ @org.junit.Test
+ public void testSAML1AuthnAssertion() throws Exception {
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ createAndVerifyMessage(callbackHandler, true);
+ }
+
+ @org.junit.Test
+ public void testSAML2AuthnAssertion() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ createAndVerifyMessage(callbackHandler, true);
+ }
+
+ @org.junit.Test
+ public void testSAML1FutureAuthnInstant() throws Exception {
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ callbackHandler.setAuthenticationInstant(new DateTime().plusMinutes(70));
+
+ createAndVerifyMessage(callbackHandler, false);
+ }
+
+ @org.junit.Test
+ public void testSAML2FutureAuthnInstant() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ callbackHandler.setAuthenticationInstant(new DateTime().plusMinutes(70));
+
+ createAndVerifyMessage(callbackHandler, false);
+ }
+
+ @org.junit.Test
+ public void testSAML2StaleSessionNotOnOrAfter() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ callbackHandler.setSessionNotOnOrAfter(new DateTime().minusMinutes(70));
+
+ createAndVerifyMessage(callbackHandler, false);
+ }
+
+ @org.junit.Test
+ public void testSAML1ValidSubjectLocality() throws Exception {
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ callbackHandler.setSubjectLocality("127.0.0.1", "xyz.ws.apache.org");
+
+ createAndVerifyMessage(callbackHandler, true);
+ }
+
+ @org.junit.Test
+ public void testSAML2ValidSubjectLocality() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ callbackHandler.setSubjectLocality("127.0.0.1", "xyz.ws.apache.org");
+
+ createAndVerifyMessage(callbackHandler, true);
+ }
+
+ @org.junit.Test
+ public void testSAML1InvalidSubjectLocality() throws Exception {
+ SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ callbackHandler.setSubjectLocality("xyz.ws.apache.org", "xyz.ws.apache.org");
+
+ createAndVerifyMessage(callbackHandler, false);
+ }
+
+ @org.junit.Test
+ public void testSAML2InalidSubjectLocality() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
+ callbackHandler.setSubjectLocality("xyz.ws.apache.org", "xyz.ws.apache.org");
+
+ createAndVerifyMessage(callbackHandler, false);
+ }
+
+ private void createAndVerifyMessage(
+ CallbackHandler samlCallbackHandler, boolean success
+ ) throws Exception {
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(samlCallbackHandler, samlCallback);
+ SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader();
+ secHeader.insertSecurityHeader(doc);
+
+ Document unsignedDoc = wsSign.build(doc, samlAssertion, secHeader);
+
+ if (LOG.isDebugEnabled()) {
+ String outputString =
+ XMLUtils.PrettyDocumentToString(unsignedDoc);
+ LOG.debug(outputString);
+ }
+
+ try {
+ verify(unsignedDoc);
+ if (!success) {
+ fail("Failure expected in processing the SAML assertion");
+ }
+ } catch (WSSecurityException ex) {
+ assertTrue(!success);
+ assertTrue(ex.getMessage().contains("SAML token security failure"));
+ }
+ }
+
+ /**
+ * Verifies the soap envelope
+ * <p/>
+ *
+ * @param envelope
+ * @throws Exception Thrown when there is a problem in verification
+ */
+ private List<WSSecurityEngineResult> verify(Document doc) throws Exception {
+ List<WSSecurityEngineResult> results =
+ secEngine.processSecurityHeader(doc, null, null, null);
+ String outputString =
+ XMLUtils.PrettyDocumentToString(doc);
+ assertTrue(outputString.indexOf("counter_port_type") > 0 ? true : false);
+ return results;
+ }
+
+}
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java?rev=1652033&r1=1652032&r2=1652033&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java Thu Jan 15 10:18:07 2015
@@ -568,7 +568,7 @@ public class SamlTokenTest extends org.j
SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
callbackHandler.setIssuer("www.example.com");
- callbackHandler.setSubjectLocality("12.34.56.780", "test-dns");
+ callbackHandler.setSubjectLocality("12.34.56.78", "test-dns");
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
@@ -588,7 +588,7 @@ public class SamlTokenTest extends org.j
LOG.debug("SAML 1.1 Authn Assertion (sender vouches):");
LOG.debug(outputString);
}
- assertTrue(outputString.contains("12.34.56.780"));
+ assertTrue(outputString.contains("12.34.56.78"));
assertTrue(outputString.contains("test-dns"));
List<WSSecurityEngineResult> results = verify(unsignedDoc);
@@ -649,7 +649,7 @@ public class SamlTokenTest extends org.j
SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
callbackHandler.setIssuer("www.example.com");
- callbackHandler.setSubjectLocality("12.34.56.780", "test-dns");
+ callbackHandler.setSubjectLocality("12.34.56.78", "test-dns");
SAMLCallback samlCallback = new SAMLCallback();
SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
@@ -669,7 +669,7 @@ public class SamlTokenTest extends org.j
LOG.debug("SAML 2 Authn Assertion (sender vouches):");
LOG.debug(outputString);
}
- assertTrue(outputString.contains("12.34.56.780"));
+ assertTrue(outputString.contains("12.34.56.78"));
assertTrue(outputString.contains("test-dns"));
List<WSSecurityEngineResult> results = verify(unsignedDoc);
Modified: webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java?rev=1652033&r1=1652032&r2=1652033&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java (original)
+++ webservices/wss4j/trunk/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java Thu Jan 15 10:18:07 2015
@@ -630,7 +630,7 @@ public class SAMLTokenTest extends Abstr
callbackHandler.setStatement(SAMLCallbackHandlerImpl.Statement.AUTHN);
callbackHandler.setIssuer("www.example.com");
callbackHandler.setSignAssertion(false);
- callbackHandler.setSubjectLocality("12.34.56.780", "test-dns");
+ callbackHandler.setSubjectLocality("12.34.56.78", "test-dns");
securityProperties.setSamlCallbackHandler(callbackHandler);
OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);
@@ -669,7 +669,7 @@ public class SAMLTokenTest extends Abstr
callbackHandler.setIssuer("www.example.com");
callbackHandler.setSignAssertion(false);
callbackHandler.setSamlVersion(SAMLVersion.VERSION_20);
- callbackHandler.setSubjectLocality("12.34.56.780", "test-dns");
+ callbackHandler.setSubjectLocality("12.34.56.78", "test-dns");
securityProperties.setSamlCallbackHandler(callbackHandler);
OutboundWSSec wsSecOut = WSSec.getOutboundWSSec(securityProperties);