White noise: format
Project: http://git-wip-us.apache.org/repos/asf/syncope/repo Commit: http://git-wip-us.apache.org/repos/asf/syncope/commit/e3467bf4 Tree: http://git-wip-us.apache.org/repos/asf/syncope/tree/e3467bf4 Diff: http://git-wip-us.apache.org/repos/asf/syncope/diff/e3467bf4 Branch: refs/heads/master Commit: e3467bf4bfa58db7788f3993c3b333a41e9d37f1 Parents: acf98a4 Author: Francesco Chicchiriccò <ilgro...@apache.org> Authored: Thu Aug 3 09:08:06 2017 +0200 Committer: Francesco Chicchiriccò <ilgro...@apache.org> Committed: Thu Aug 3 09:10:42 2017 +0200 ---------------------------------------------------------------------- .../syncope/fit/core/SAML2CallbackHandler.java | 49 ++++++------- .../apache/syncope/fit/core/SAML2ITCase.java | 54 ++++++-------- .../core/SAML2PResponseComponentBuilder.java | 77 +++++++------------- 3 files changed, 76 insertions(+), 104 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/syncope/blob/e3467bf4/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2CallbackHandler.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2CallbackHandler.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2CallbackHandler.java index f80d4b9..1ffdfb2 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2CallbackHandler.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2CallbackHandler.java @@ -1,31 +1,28 @@ -/** +/* * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file + * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file + * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ - package org.apache.syncope.fit.core; import java.io.IOException; import java.util.Collections; - import javax.security.auth.callback.Callback; import javax.security.auth.callback.CallbackHandler; import javax.security.auth.callback.UnsupportedCallbackException; - import org.apache.wss4j.common.saml.SAMLCallback; import org.apache.wss4j.common.saml.bean.AuthenticationStatementBean; import org.apache.wss4j.common.saml.bean.ConditionsBean; @@ -38,35 +35,37 @@ import org.apache.wss4j.common.saml.builder.SAML2Constants; * A Callback Handler implementation for a SAML 2 assertion. */ public class SAML2CallbackHandler implements CallbackHandler { + private String subjectName = "uid=joe,ou=people,ou=saml-demo,o=example.com"; + private String subjectQualifier = "www.example.com"; + private String issuer; + private ConditionsBean conditions; + private SubjectConfirmationDataBean subjectConfirmationData; + private String subjectConfirmationMethod = SAML2Constants.CONF_BEARER; - public void handle(Callback[] callbacks) - throws IOException, UnsupportedCallbackException { - for (int i = 0; i < callbacks.length; i++) { - if (callbacks[i] instanceof SAMLCallback) { - SAMLCallback callback = (SAMLCallback) callbacks[i]; - callback.setSamlVersion(Version.SAML_20); - callback.setIssuer(issuer); + @Override + public void handle(Callback[] callbacks) throws IOException, UnsupportedCallbackException { + for (Callback callback : callbacks) { + if (callback instanceof SAMLCallback) { + SAMLCallback samlCallback = (SAMLCallback) callback; + samlCallback.setSamlVersion(Version.SAML_20); + samlCallback.setIssuer(issuer); if (conditions != null) { - callback.setConditions(conditions); + samlCallback.setConditions(conditions); } - - SubjectBean subjectBean = - new SubjectBean( - subjectName, subjectQualifier, subjectConfirmationMethod - ); + SubjectBean subjectBean = new SubjectBean(subjectName, subjectQualifier, subjectConfirmationMethod); subjectBean.setSubjectConfirmationData(subjectConfirmationData); - callback.setSubject(subjectBean); + samlCallback.setSubject(subjectBean); AuthenticationStatementBean authBean = new AuthenticationStatementBean(); authBean.setAuthenticationMethod("Password"); - callback.setAuthenticationStatementData(Collections.singletonList(authBean)); + samlCallback.setAuthenticationStatementData(Collections.singletonList(authBean)); } else { - throw new UnsupportedCallbackException(callbacks[i], "Unrecognized Callback"); + throw new UnsupportedCallbackException(callback, "Unrecognized Callback"); } } } http://git-wip-us.apache.org/repos/asf/syncope/blob/e3467bf4/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java index 55838b8..68626d0 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2ITCase.java @@ -31,10 +31,8 @@ import java.nio.charset.StandardCharsets; import java.security.KeyStore; import java.util.Collections; import java.util.Optional; - import javax.ws.rs.core.MediaType; import javax.ws.rs.core.Response; - import org.apache.commons.codec.binary.Base64; import org.apache.cxf.helpers.DOMUtils; import org.apache.cxf.jaxrs.client.WebClient; @@ -82,13 +80,13 @@ public class SAML2ITCase extends AbstractITCase { private static SyncopeClient anonymous; @BeforeClass - public static void setupAnonymousClient() { + public static void setup() { anonymous = new SyncopeClientFactoryBean(). setAddress(ADDRESS). create(new AnonymousAuthenticationHandler(ANONYMOUS_UNAME, ANONYMOUS_KEY)); WSSConfig.init(); - OpenSAMLUtil.initSamlEngine(); + OpenSAMLUtil.initSamlEngine(false); } @BeforeClass @@ -198,7 +196,7 @@ public class SAML2ITCase extends AbstractITCase { // Get a valid login request for the Fediz realm SAML2SPService saml2Service = anonymous.getService(SAML2SPService.class); SAML2RequestTO loginRequest = - saml2Service.createLoginRequest(ADDRESS, "urn:org:apache:cxf:fediz:idp:realm-A"); + saml2Service.createLoginRequest(ADDRESS, "urn:org:apache:cxf:fediz:idp:realm-A"); assertNotNull(loginRequest); assertEquals("https://localhost:8443/fediz-idp/saml/up", loginRequest.getIdpServiceAddress()); @@ -229,7 +227,7 @@ public class SAML2ITCase extends AbstractITCase { JwsJwtCompactConsumer relayState = new JwsJwtCompactConsumer(response.getRelayState()); String inResponseTo = relayState.getJwtClaims().getSubject(); - org.opensaml.saml.saml2.core.Response samlResponse = createResponse(doc, inResponseTo); + org.opensaml.saml.saml2.core.Response samlResponse = createResponse(inResponseTo); Element responseElement = OpenSAMLUtil.toDom(samlResponse, doc); String responseStr = DOM2Writer.nodeToString(responseElement); @@ -248,7 +246,7 @@ public class SAML2ITCase extends AbstractITCase { // Get a valid login request for the Fediz realm SAML2SPService saml2Service = anonymous.getService(SAML2SPService.class); SAML2RequestTO loginRequest = - saml2Service.createLoginRequest(ADDRESS, "urn:org:apache:cxf:fediz:idp:realm-A"); + saml2Service.createLoginRequest(ADDRESS, "urn:org:apache:cxf:fediz:idp:realm-A"); assertNotNull(loginRequest); SAML2ReceivedResponseTO response = new SAML2ReceivedResponseTO(); @@ -260,7 +258,7 @@ public class SAML2ITCase extends AbstractITCase { String inResponseTo = relayState.getJwtClaims().getSubject(); org.opensaml.saml.saml2.core.Response samlResponse = - createResponse(doc, inResponseTo, false, SAML2Constants.CONF_SENDER_VOUCHES); + createResponse(inResponseTo, false, SAML2Constants.CONF_SENDER_VOUCHES); Element responseElement = OpenSAMLUtil.toDom(samlResponse, doc); String responseStr = DOM2Writer.nodeToString(responseElement); @@ -282,7 +280,7 @@ public class SAML2ITCase extends AbstractITCase { // Get a valid login request for the Fediz realm SAML2SPService saml2Service = anonymous.getService(SAML2SPService.class); SAML2RequestTO loginRequest = - saml2Service.createLoginRequest(ADDRESS, "urn:org:apache:cxf:fediz:idp:realm-A"); + saml2Service.createLoginRequest(ADDRESS, "urn:org:apache:cxf:fediz:idp:realm-A"); assertNotNull(loginRequest); SAML2ReceivedResponseTO response = new SAML2ReceivedResponseTO(); @@ -293,7 +291,7 @@ public class SAML2ITCase extends AbstractITCase { JwsJwtCompactConsumer relayState = new JwsJwtCompactConsumer(response.getRelayState()); String inResponseTo = relayState.getJwtClaims().getSubject(); - org.opensaml.saml.saml2.core.Response samlResponse = createResponse(doc, inResponseTo); + org.opensaml.saml.saml2.core.Response samlResponse = createResponse(inResponseTo); Element responseElement = OpenSAMLUtil.toDom(samlResponse, doc); doc.appendChild(responseElement); @@ -301,24 +299,24 @@ public class SAML2ITCase extends AbstractITCase { // Get Assertion Element Element assertionElement = - (Element)responseElement.getElementsByTagNameNS(SAMLConstants.SAML20_NS, "Assertion").item(0); + (Element) responseElement.getElementsByTagNameNS(SAMLConstants.SAML20_NS, "Assertion").item(0); assertNotNull(assertionElement); // Clone it, strip the Signature, modify the Subject, change Subj Conf - Element clonedAssertion = (Element)assertionElement.cloneNode(true); + Element clonedAssertion = (Element) assertionElement.cloneNode(true); clonedAssertion.setAttributeNS(null, "ID", "_12345623562"); Element sigElement = - (Element)clonedAssertion.getElementsByTagNameNS(WSConstants.SIG_NS, "Signature").item(0); + (Element) clonedAssertion.getElementsByTagNameNS(WSConstants.SIG_NS, "Signature").item(0); clonedAssertion.removeChild(sigElement); Element subjElement = - (Element)clonedAssertion.getElementsByTagNameNS(SAMLConstants.SAML20_NS, "Subject").item(0); + (Element) clonedAssertion.getElementsByTagNameNS(SAMLConstants.SAML20_NS, "Subject").item(0); Element subjNameIdElement = - (Element)subjElement.getElementsByTagNameNS(SAMLConstants.SAML20_NS, "NameID").item(0); + (Element) subjElement.getElementsByTagNameNS(SAMLConstants.SAML20_NS, "NameID").item(0); subjNameIdElement.setTextContent("verdi"); Element subjConfElement = - (Element)subjElement.getElementsByTagNameNS(SAMLConstants.SAML20_NS, "SubjectConfirmation").item(0); + (Element) subjElement.getElementsByTagNameNS(SAMLConstants.SAML20_NS, "SubjectConfirmation").item(0); subjConfElement.setAttributeNS(null, "Method", SAML2Constants.CONF_SENDER_VOUCHES); // Now insert the modified cloned Assertion into the Response after the other assertion @@ -333,20 +331,18 @@ public class SAML2ITCase extends AbstractITCase { assertEquals("puccini", loginResponse.getNameID()); } - private org.opensaml.saml.saml2.core.Response createResponse(Document doc, String inResponseTo) throws Exception { - return createResponse(doc, inResponseTo, true, SAML2Constants.CONF_BEARER); + private org.opensaml.saml.saml2.core.Response createResponse(final String inResponseTo) throws Exception { + return createResponse(inResponseTo, true, SAML2Constants.CONF_BEARER); } - private org.opensaml.saml.saml2.core.Response createResponse(Document doc, String inResponseTo, - boolean signAssertion, String subjectConfMethod) throws Exception { - Status status = - SAML2PResponseComponentBuilder.createStatus( - SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null - ); + private org.opensaml.saml.saml2.core.Response createResponse( + final String inResponseTo, final boolean signAssertion, final String subjectConfMethod) throws Exception { + + Status status = SAML2PResponseComponentBuilder.createStatus( + SAMLProtocolResponseValidator.SAML2_STATUSCODE_SUCCESS, null); org.opensaml.saml.saml2.core.Response response = - SAML2PResponseComponentBuilder.createSAMLResponse( - inResponseTo, "urn:org:apache:cxf:fediz:idp:realm-A", status - ); + SAML2PResponseComponentBuilder.createSAMLResponse( + inResponseTo, "urn:org:apache:cxf:fediz:idp:realm-A", status); response.setDestination("http://recipient.apache.org"); // Create an AuthenticationAssertion @@ -381,7 +377,7 @@ public class SAML2ITCase extends AbstractITCase { ClassLoader loader = Loader.getClassLoader(SAML2ITCase.class); InputStream input = Merlin.loadInputStream(loader, "stsrealm_a.jks"); keyStore.load(input, "storepass".toCharArray()); - ((Merlin)issuerCrypto).setKeyStore(keyStore); + ((Merlin) issuerCrypto).setKeyStore(keyStore); assertion.signAssertion("realma", "realma", issuerCrypto, false); } @@ -390,6 +386,4 @@ public class SAML2ITCase extends AbstractITCase { return response; } - - } http://git-wip-us.apache.org/repos/asf/syncope/blob/e3467bf4/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2PResponseComponentBuilder.java ---------------------------------------------------------------------- diff --git a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2PResponseComponentBuilder.java b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2PResponseComponentBuilder.java index 75ad465..f83d372 100644 --- a/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2PResponseComponentBuilder.java +++ b/fit/core-reference/src/test/java/org/apache/syncope/fit/core/SAML2PResponseComponentBuilder.java @@ -1,29 +1,25 @@ -/** +/* * Licensed to the Apache Software Foundation (ASF) under one - * or more contributor license agreements. See the NOTICE file + * or more contributor license agreements. See the NOTICE file * distributed with this work for additional information - * regarding copyright ownership. The ASF licenses this file + * regarding copyright ownership. The ASF licenses this file * to you under the Apache License, Version 2.0 (the * "License"); you may not use this file except in compliance - * with the License. You may obtain a copy of the License at + * with the License. You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, * software distributed under the License is distributed on an * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY - * KIND, either express or implied. See the License for the + * KIND, either express or implied. See the License for the * specific language governing permissions and limitations * under the License. */ - package org.apache.syncope.fit.core; import java.util.UUID; - import org.joda.time.DateTime; -import org.opensaml.core.xml.XMLObjectBuilderFactory; -import org.opensaml.core.xml.config.XMLObjectProviderRegistrySupport; import org.opensaml.saml.common.SAMLObjectBuilder; import org.opensaml.saml.common.SAMLVersion; import org.opensaml.saml.saml2.core.AuthnContextClassRef; @@ -32,10 +28,16 @@ import org.opensaml.saml.saml2.core.Response; import org.opensaml.saml.saml2.core.Status; import org.opensaml.saml.saml2.core.StatusCode; import org.opensaml.saml.saml2.core.StatusMessage; +import org.opensaml.saml.saml2.core.impl.AuthnContextClassRefBuilder; +import org.opensaml.saml.saml2.core.impl.IssuerBuilder; +import org.opensaml.saml.saml2.core.impl.ResponseBuilder; +import org.opensaml.saml.saml2.core.impl.StatusBuilder; +import org.opensaml.saml.saml2.core.impl.StatusCodeBuilder; +import org.opensaml.saml.saml2.core.impl.StatusMessageBuilder; /** -* A (basic) set of utility methods to construct SAML 2.0 Protocol Response statements -*/ + * A (basic) set of utility methods to construct SAML 2.0 Protocol Response statements. + */ public final class SAML2PResponseComponentBuilder { private static SAMLObjectBuilder<Response> responseBuilder; @@ -50,22 +52,9 @@ public final class SAML2PResponseComponentBuilder { private static SAMLObjectBuilder<AuthnContextClassRef> authnContextClassRefBuilder; - private static XMLObjectBuilderFactory builderFactory = - XMLObjectProviderRegistrySupport.getBuilderFactory(); - - private SAML2PResponseComponentBuilder() { - - } - - @SuppressWarnings("unchecked") - public static Response createSAMLResponse( - String inResponseTo, - String issuer, - Status status - ) { + public static Response createSAMLResponse(final String inResponseTo, final String issuer, final Status status) { if (responseBuilder == null) { - responseBuilder = (SAMLObjectBuilder<Response>) - builderFactory.getBuilder(Response.DEFAULT_ELEMENT_NAME); + responseBuilder = new ResponseBuilder(); } Response response = responseBuilder.buildObject(); @@ -79,13 +68,9 @@ public final class SAML2PResponseComponentBuilder { return response; } - @SuppressWarnings("unchecked") - public static Issuer createIssuer( - String issuerValue - ) { + public static Issuer createIssuer(final String issuerValue) { if (issuerBuilder == null) { - issuerBuilder = (SAMLObjectBuilder<Issuer>) - builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME); + issuerBuilder = new IssuerBuilder(); } Issuer issuer = issuerBuilder.buildObject(); issuer.setValue(issuerValue); @@ -93,22 +78,15 @@ public final class SAML2PResponseComponentBuilder { return issuer; } - @SuppressWarnings("unchecked") - public static Status createStatus( - String statusCodeValue, - String statusMessage - ) { + public static Status createStatus(final String statusCodeValue, final String statusMessage) { if (statusBuilder == null) { - statusBuilder = (SAMLObjectBuilder<Status>) - builderFactory.getBuilder(Status.DEFAULT_ELEMENT_NAME); + statusBuilder = new StatusBuilder(); } if (statusCodeBuilder == null) { - statusCodeBuilder = (SAMLObjectBuilder<StatusCode>) - builderFactory.getBuilder(StatusCode.DEFAULT_ELEMENT_NAME); + statusCodeBuilder = new StatusCodeBuilder(); } if (statusMessageBuilder == null) { - statusMessageBuilder = (SAMLObjectBuilder<StatusMessage>) - builderFactory.getBuilder(StatusMessage.DEFAULT_ELEMENT_NAME); + statusMessageBuilder = new StatusMessageBuilder(); } Status status = statusBuilder.buildObject(); @@ -126,11 +104,9 @@ public final class SAML2PResponseComponentBuilder { return status; } - @SuppressWarnings("unchecked") - public static AuthnContextClassRef createAuthnContextClassRef(String newAuthnContextClassRef) { + public static AuthnContextClassRef createAuthnContextClassRef(final String newAuthnContextClassRef) { if (authnContextClassRefBuilder == null) { - authnContextClassRefBuilder = (SAMLObjectBuilder<AuthnContextClassRef>) - builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME); + authnContextClassRefBuilder = new AuthnContextClassRefBuilder(); } AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject(); @@ -139,4 +115,7 @@ public final class SAML2PResponseComponentBuilder { return authnContextClassRef; } -} \ No newline at end of file + private SAML2PResponseComponentBuilder() { + // private constructor for static utility class + } +}