You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ws.apache.org by co...@apache.org on 2018/02/28 12:08:44 UTC
svn commit: r1825555 - in
/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom:
common/AbstractSAMLCallbackHandler.java saml/SamlTokenTest.java
saml/SignedSamlTokenHOKTest.java
Author: coheigea
Date: Wed Feb 28 12:08:44 2018
New Revision: 1825555
URL: http://svn.apache.org/viewvc?rev=1825555&view=rev
Log:
Make sure the SAML Subject includes comments if they are present
Modified:
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java?rev=1825555&r1=1825554&r2=1825555&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java Wed Feb 28 12:08:44 2018
@@ -83,6 +83,10 @@ public abstract class AbstractSAMLCallba
private Element keyInfoElement;
protected NameIDBean subjectConfirmationNameID;
+ public void setSubjectName(String subjectName) {
+ this.subjectName = subjectName;
+ }
+
public NameIDBean getSubjectConfirmationNameID() {
return subjectConfirmationNameID;
}
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java?rev=1825555&r1=1825554&r2=1825555&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java Wed Feb 28 12:08:44 2018
@@ -22,6 +22,7 @@ package org.apache.wss4j.dom.saml;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.Key;
+import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Collections;
@@ -1329,6 +1330,28 @@ public class SamlTokenTest extends org.j
assertFalse(receivedSamlAssertion.isSigned());
}
+ @Test
+ public void testSAML2SubjectWithComment() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+ String principal = "uid=joe,ou=people<!---->o=example.com";
+ callbackHandler.setSubjectName(principal);
+
+ WSHandlerResult results =
+ createAndVerifyMessage(callbackHandler, true);
+ WSSecurityEngineResult actionResult =
+ results.getActionResults().get(WSConstants.ST_UNSIGNED).get(0);
+
+ SamlAssertionWrapper receivedSamlAssertion =
+ (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(receivedSamlAssertion != null);
+ assertFalse(receivedSamlAssertion.isSigned());
+
+ Principal receivedPrincipal = (Principal)actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+ assertEquals(principal, receivedPrincipal.getName());
+ }
+
private void encryptElement(
Document document,
Element elementToEncrypt,
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java
URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java?rev=1825555&r1=1825554&r2=1825555&view=diff
==============================================================================
--- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java (original)
+++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SignedSamlTokenHOKTest.java Wed Feb 28 12:08:44 2018
@@ -63,6 +63,7 @@ import javax.xml.parsers.DocumentBuilder
import java.io.InputStream;
import java.security.KeyStore;
+import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.Arrays;
@@ -796,6 +797,70 @@ public class SignedSamlTokenHOKTest exte
assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", xpath);
}
+ @Test
+ @SuppressWarnings("unchecked")
+ public void testSAML2SubjectWithComment() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
+ callbackHandler.setIssuer("www.example.com");
+ String principal = "uid=joe,ou=people<!---->o=example.com";
+ callbackHandler.setSubjectName(principal);
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
+
+ samlAssertion.signAssertion("wss40_server", "security", issuerCrypto, false);
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader(doc);
+ secHeader.insertSecurityHeader();
+
+ WSSecSignatureSAML wsSign = new WSSecSignatureSAML(secHeader);
+ wsSign.setUserInfo("wss40", "security");
+ wsSign.setDigestAlgo("http://www.w3.org/2001/04/xmlenc#sha256");
+ wsSign.setSignatureAlgorithm("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256");
+ wsSign.setKeyIdentifierType(WSConstants.BST_DIRECT_REFERENCE);
+
+ Document signedDoc =
+ wsSign.build(userCrypto, samlAssertion, null, null, null);
+
+ String outputString =
+ XMLUtils.prettyDocumentToString(signedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug("Signed SAML 2 Authn Assertion (key holder):");
+ LOG.debug(outputString);
+ }
+ assertTrue(outputString.contains("http://www.w3.org/2001/04/xmlenc#sha256"));
+ assertTrue(outputString.contains("http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"));
+
+ WSHandlerResult results = verify(signedDoc, trustCrypto);
+
+ // Test we processed a SAML assertion
+ WSSecurityEngineResult actionResult =
+ results.getActionResults().get(WSConstants.ST_SIGNED).get(0);
+ SamlAssertionWrapper receivedSamlAssertion =
+ (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(receivedSamlAssertion != null);
+ assertTrue(receivedSamlAssertion.isSigned());
+
+ // Test we processed a signature (SOAP body)
+ actionResult = results.getActionResults().get(WSConstants.SIGN).get(0);
+ assertTrue(actionResult != null);
+ assertFalse(actionResult.isEmpty());
+ final List<WSDataRef> refs =
+ (List<WSDataRef>) actionResult.get(WSSecurityEngineResult.TAG_DATA_REF_URIS);
+ assertTrue(refs.size() == 1);
+
+ WSDataRef wsDataRef = refs.get(0);
+ String xpath = wsDataRef.getXpath();
+ assertEquals("/SOAP-ENV:Envelope/SOAP-ENV:Body", xpath);
+
+ Principal receivedPrincipal = (Principal)actionResult.get(WSSecurityEngineResult.TAG_PRINCIPAL);
+ assertEquals(principal, receivedPrincipal.getName());
+ }
+
/**
* Verifies the soap envelope
*