[cxf-fediz] branch master updated: Adding RSA SHA256 unit test

Thu, 18 Jun 2020 00:06:03 -0700 

This is an automated email from the ASF dual-hosted git repository.

coheigea pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git


The following commit(s) were added to refs/heads/master by this push:
     new bf4c233  Adding RSA SHA256 unit test
bf4c233 is described below

commit bf4c2334b4e87c0e6b3313bacc2216908f58465a
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Thu Jun 18 08:02:14 2020 +0100

    Adding RSA SHA256 unit test
---
 .../cxf/fediz/core/samlsso/SAMLRequestTest.java    | 29 ++++++++++++++++++
 .../src/test/resources/fediz_test_config_saml.xml  | 34 ++++++++++++++++++++--
 2 files changed, 61 insertions(+), 2 deletions(-)

diff --git 
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
 
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
index 34a3ddb..8910070 100644
--- 
a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
+++ 
b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java
@@ -42,6 +42,7 @@ import 
org.apache.cxf.fediz.core.processor.RedirectionResponse;
 import org.apache.cxf.fediz.core.processor.SAMLProcessorImpl;
 import org.apache.cxf.fediz.core.util.DOMUtils;
 import org.apache.wss4j.common.saml.OpenSAMLUtil;
+import org.apache.wss4j.dom.WSConstants;
 import org.opensaml.saml.saml2.core.AuthnRequest;
 import org.opensaml.saml.saml2.core.LogoutRequest;
 
@@ -201,6 +202,34 @@ public class SAMLRequestTest {
         String signature =
             redirectionURL.substring(redirectionURL.indexOf("Signature=") + 
"Signature=".length());
         Assert.assertTrue(signature != null && signature.length() > 0);
+        String signatureAlg =
+                redirectionURL.substring(redirectionURL.indexOf("SigAlg=") + 
"SigAlg=".length(),
+                        redirectionURL.indexOf('&', 
redirectionURL.indexOf("SigAlg=")));
+        Assert.assertEquals(WSConstants.RSA_SHA1, 
URLDecoder.decode(signatureAlg, "UTF-8"));
+    }
+
+    @org.junit.Test
+    public void testSignedSAMLAuthnRequestSHA256() throws Exception {
+        // Mock up a Request
+        FedizContext config = 
getFederationConfigurator().getFedizContext("SIGNED_ROOT_SHA256");
+
+        HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class);
+        EasyMock.expect(req.getRequestURL()).andReturn(new 
StringBuffer(TEST_REQUEST_URL)).times(1, 2);
+        EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI);
+        
EasyMock.expect(req.getRequestURI()).andReturn(TEST_REQUEST_URI).times(1, 2);
+        EasyMock.replay(req);
+
+        FedizProcessor wfProc = new SAMLProcessorImpl();
+        RedirectionResponse response = wfProc.createSignInRequest(req, config);
+
+        String redirectionURL = response.getRedirectionURL();
+        String signature =
+                redirectionURL.substring(redirectionURL.indexOf("Signature=") 
+ "Signature=".length());
+        Assert.assertTrue(signature != null && signature.length() > 0);
+        String signatureAlg =
+                redirectionURL.substring(redirectionURL.indexOf("SigAlg=") + 
"SigAlg=".length(),
+                        redirectionURL.indexOf('&', 
redirectionURL.indexOf("SigAlg=")));
+        Assert.assertEquals(WSConstants.RSA_SHA256, 
URLDecoder.decode(signatureAlg, "UTF-8"));
     }
 
     @org.junit.Test
diff --git a/plugins/core/src/test/resources/fediz_test_config_saml.xml 
b/plugins/core/src/test/resources/fediz_test_config_saml.xml
index 69bbd32..37166c5 100644
--- a/plugins/core/src/test/resources/fediz_test_config_saml.xml
+++ b/plugins/core/src/test/resources/fediz_test_config_saml.xml
@@ -213,8 +213,38 @@
                                <claimType type="a particular claim type" 
optional="true" />
                        </claimTypesRequested>
                </protocol>
-       </contextConfig>        
-       
+       </contextConfig>
+
+       <contextConfig name="SIGNED_ROOT_SHA256">
+               <audienceUris>
+                       <audienceItem>http://host_one:port/url</audienceItem>
+               </audienceUris>
+               <certificateStores>
+                       <trustManager>
+                               <keyStore file="ststrust.jks" 
password="storepass"
+                                                 type="JKS" />
+                       </trustManager>
+               </certificateStores>
+               <signingKey keyPassword="stskpass" keyAlias="mystskey">
+                       <keyStore file="stsstore.jks" password="stsspass" 
type="JKS" />
+               </signingKey>
+               <trustedIssuers>
+                       <issuer certificateValidation="PeerTrust" />
+               </trustedIssuers>
+
+               <maximumClockSkew>1000</maximumClockSkew>
+               <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance";
+                                 xsi:type="samlProtocolType" version="1.2">
+                       <signRequest algorithm="RSA_SHA256">true</signRequest>
+                       <issuer>http://url_to_the_issuer</issuer>
+                       <roleDelimiter>;</roleDelimiter>
+                       
<roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI>
+                       <claimTypesRequested>
+                               <claimType type="a particular claim type" 
optional="true" />
+                       </claimTypesRequested>
+               </protocol>
+       </contextConfig>
+
        <contextConfig name="CLIENT_TRUST">
                <audienceUris>
                        <audienceItem>http://host_one:port/url</audienceItem>

Reply via email to