[cxf-fediz] branch master updated: FEDIZ-247 - Re-enabled test + fixed issue with signed encrypted assertions

[coheigea]

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git


The following commit(s) were added to refs/heads/master by this push:
     new 58da624  FEDIZ-247 - Re-enabled test + fixed issue with signed 
encrypted assertions
58da624 is described below

commit 58da624f2d155a2fa6ac33cf3feee1ac80c1625f
Author: Colm O hEigeartaigh <cohei...@apache.org>
AuthorDate: Tue Jun 16 08:17:32 2020 +0100

    FEDIZ-247 - Re-enabled test + fixed issue with signed encrypted assertions
---
 .../java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java | 6 +++++-
 .../java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java    | 1 -
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git 
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
 
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
index 36b81ea..08af3d7 100644
--- 
a/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
+++ 
b/plugins/core/src/main/java/org/apache/cxf/fediz/core/processor/SAMLProcessorImpl.java
@@ -315,10 +315,14 @@ public class SAMLProcessorImpl extends 
AbstractFedizProcessor {
                 for (EncryptedAssertion encryptedAssertion : 
responseObject.getEncryptedAssertions()) {
                 
                     Assertion decrypted = 
decrypter.decrypt(encryptedAssertion);
+                    Element decryptedToken = decrypted.getDOM();
                     if (LOG.isDebugEnabled()) {
-                        LOG.debug("Decrypted assertion: {}", 
DOM2Writer.nodeToString(decrypted.getDOM()));
+                        LOG.debug("Decrypted assertion: {}", 
DOM2Writer.nodeToString(decryptedToken));
                     }
                     responseObject.getAssertions().add(decrypted);
+                    // Add the decrypted Assertion to the Response DOM, as 
otherwise there's a problem with
+                    // doc.getElementById() when trying to verify the 
signature of the decrypted assertion
+                    
decryptedToken.getOwnerDocument().getDocumentElement().appendChild(decryptedToken);
                 }
             } catch (Exception e) {
                 LOG.debug("Cannot decrypt assertions", e);
diff --git 
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
 
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
index 3e83eb8..76e093f 100644
--- 
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
+++ 
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLResponseTest.java
@@ -1557,7 +1557,6 @@ public class SAMLResponseTest {
     }
 
     @org.junit.Test
-    @org.junit.Ignore // TODO https://issues.apache.org/jira/browse/FEDIZ-247
     public void validateEncryptedSAMLResponse() throws Exception {
         // Mock up a Request
         //FedizContext config = 
getFederationConfigurator().getFedizContext("ROOT");