Author: coheigea
Date: Mon Nov 23 11:29:14 2015
New Revision: 1715770
URL: http://svn.apache.org/viewvc?rev=1715770&view=rev
Log:
[WSS-561] - No way to set SAML Issuer Format Value
Modified:
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLCallback.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLCallbackHandlerImpl.java
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java
Modified:
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLCallback.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLCallback.java?rev=1715770&r1=1715769&r2=1715770&view=diff
==============================================================================
---
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLCallback.java
(original)
+++
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SAMLCallback.java
Mon Nov 23 11:29:14 2015
@@ -60,6 +60,16 @@ public class SAMLCallback implements Cal
private String issuer;
/**
+ * The issuer format of the Assertion
+ */
+ private String issuerFormat;
+
+ /**
+ * The issuer qualifier of the Assertion
+ */
+ private String issuerQualifier;
+
+ /**
* SAML Conditions representation
*/
private ConditionsBean conditions;
@@ -383,4 +393,20 @@ public class SAMLCallback implements Cal
public void setAdvice(AdviceBean advice) {
this.advice = advice;
}
+
+ public String getIssuerFormat() {
+ return issuerFormat;
+ }
+
+ public void setIssuerFormat(String issuerFormat) {
+ this.issuerFormat = issuerFormat;
+ }
+
+ public String getIssuerQualifier() {
+ return issuerQualifier;
+ }
+
+ public void setIssuerQualifier(String issuerQualifier) {
+ this.issuerQualifier = issuerQualifier;
+ }
}
Modified:
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java?rev=1715770&r1=1715769&r2=1715770&view=diff
==============================================================================
---
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
(original)
+++
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/SamlAssertionWrapper.java
Mon Nov 23 11:29:14 2015
@@ -1008,6 +1008,8 @@ public class SamlAssertionWrapper {
samlVersion = SAMLVersion.VERSION_20;
}
String issuer = samlCallback.getIssuer();
+ String issuerFormat = samlCallback.getIssuerFormat();
+ String issuerQualifier = samlCallback.getIssuerQualifier();
if (samlVersion.equals(SAMLVersion.VERSION_11)) {
// Build a SAML v1.1 assertion
@@ -1058,7 +1060,7 @@ public class SamlAssertionWrapper {
} else if (samlVersion.equals(SAMLVersion.VERSION_20)) {
// Build a SAML v2.0 assertion
org.opensaml.saml.saml2.core.Assertion saml2 =
SAML2ComponentBuilder.createAssertion();
- Issuer samlIssuer = SAML2ComponentBuilder.createIssuer(issuer);
+ Issuer samlIssuer = SAML2ComponentBuilder.createIssuer(issuer,
issuerFormat, issuerQualifier);
// Authn Statement(s)
List<AuthnStatement> authnStatements =
Modified:
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java?rev=1715770&r1=1715769&r2=1715770&view=diff
==============================================================================
---
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
(original)
+++
webservices/wss4j/branches/2_1_x-fixes/ws-security-common/src/main/java/org/apache/wss4j/common/saml/builder/SAML2ComponentBuilder.java
Mon Nov 23 11:29:14 2015
@@ -172,10 +172,12 @@ public final class SAML2ComponentBuilder
* Create an Issuer object
*
* @param issuerValue of type String
+ * @param issuerFormat of type String
+ * @param issuerQualifier of type String
* @return an Issuer object
*/
@SuppressWarnings("unchecked")
- public static Issuer createIssuer(String issuerValue) {
+ public static Issuer createIssuer(String issuerValue, String issuerFormat,
String issuerQualifier) {
if (issuerBuilder == null) {
issuerBuilder = (SAMLObjectBuilder<Issuer>)
builderFactory.getBuilder(Issuer.DEFAULT_ELEMENT_NAME);
@@ -186,6 +188,8 @@ public final class SAML2ComponentBuilder
// The SAML authority that is making the claim(s) in the assertion.
The issuer SHOULD
// be unambiguous to the intended relying parties.
issuer.setValue(issuerValue);
+ issuer.setFormat(issuerFormat);
+ issuer.setNameQualifier(issuerQualifier);
return issuer;
}
Modified:
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java?rev=1715770&r1=1715769&r2=1715770&view=diff
==============================================================================
---
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
(original)
+++
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java
Mon Nov 23 11:29:14 2015
@@ -65,6 +65,7 @@ public abstract class AbstractSAMLCallba
protected CERT_IDENTIFIER certIdentifier = CERT_IDENTIFIER.X509_CERT;
protected byte[] ephemeralKey = null;
protected String issuer = null;
+ protected String issuerFormat;
protected String subjectNameIDFormat = null;
protected String subjectLocalityIpAddress = null;
protected String subjectLocalityDnsAddress = null;
@@ -123,6 +124,10 @@ public abstract class AbstractSAMLCallba
this.issuer = issuer;
}
+ public void setIssuerFormat(String issuerFormat) {
+ this.issuerFormat = issuerFormat;
+ }
+
public void setSubjectNameIDFormat(String subjectNameIDFormat) {
this.subjectNameIDFormat = subjectNameIDFormat;
}
Modified:
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java?rev=1715770&r1=1715769&r2=1715770&view=diff
==============================================================================
---
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java
(original)
+++
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java
Mon Nov 23 11:29:14 2015
@@ -60,6 +60,7 @@ public class SAML2CallbackHandler extend
SAMLCallback callback = (SAMLCallback) callbacks[i];
callback.setSamlVersion(Version.SAML_20);
callback.setIssuer(issuer);
+ callback.setIssuerFormat(issuerFormat);
if (conditions != null) {
callback.setConditions(conditions);
}
Modified:
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java?rev=1715770&r1=1715769&r2=1715770&view=diff
==============================================================================
---
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
(original)
+++
webservices/wss4j/branches/2_1_x-fixes/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java
Mon Nov 23 11:29:14 2015
@@ -1126,6 +1126,42 @@ public class SamlTokenTest extends org.j
assertFalse(receivedSamlAssertion.isSigned());
}
+ @org.junit.Test
+ public void testSAML2IssuerFormat() throws Exception {
+ SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
+ callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+
callbackHandler.setIssuerFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
+
+ SAMLCallback samlCallback = new SAMLCallback();
+ SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
+ SamlAssertionWrapper samlAssertion = new
SamlAssertionWrapper(samlCallback);
+
+ WSSecSAMLToken wsSign = new WSSecSAMLToken();
+
+ Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
+ WSSecHeader secHeader = new WSSecHeader(doc);
+ secHeader.insertSecurityHeader();
+
+ Document unsignedDoc = wsSign.build(doc, samlAssertion, secHeader);
+
+ String outputString =
+ XMLUtils.PrettyDocumentToString(unsignedDoc);
+ if (LOG.isDebugEnabled()) {
+ LOG.debug(outputString);
+ }
+
assertTrue(outputString.contains("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"));
+
+ WSHandlerResult results = createAndVerifyMessage(callbackHandler,
true);
+ WSSecurityEngineResult actionResult =
+ results.getActionResults().get(WSConstants.ST_UNSIGNED).get(0);
+
+ SamlAssertionWrapper receivedSamlAssertion =
+ (SamlAssertionWrapper)
actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
+ assertTrue(receivedSamlAssertion != null);
+ assertFalse(receivedSamlAssertion.isSigned());
+ }
+
private void encryptElement(
Document document,
Element elementToEncrypt,
Modified:
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLCallbackHandlerImpl.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLCallbackHandlerImpl.java?rev=1715770&r1=1715769&r2=1715770&view=diff
==============================================================================
---
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLCallbackHandlerImpl.java
(original)
+++
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLCallbackHandlerImpl.java
Mon Nov 23 11:29:14 2015
@@ -64,6 +64,7 @@ public class SAMLCallbackHandlerImpl imp
private KeyInfoBean.CERT_IDENTIFIER certIdentifier =
KeyInfoBean.CERT_IDENTIFIER.X509_CERT;
private byte[] ephemeralKey = null;
private String issuer = null;
+ private String issuerFormat;
private Version samlVersion = Version.SAML_11;
private String subjectNameIDFormat = null;
@@ -92,6 +93,7 @@ public class SAMLCallbackHandlerImpl imp
samlCallback.setIssuerKeyPassword("default");
samlCallback.setSignAssertion(this.signAssertion);
samlCallback.setIssuer(issuer);
+ samlCallback.setIssuerFormat(issuerFormat);
if (conditions != null) {
samlCallback.setConditions(conditions);
@@ -278,6 +280,10 @@ public class SAMLCallbackHandlerImpl imp
public void setIssuer(String issuer) {
this.issuer = issuer;
}
+
+ public void setIssuerFormat(String issuerFormat) {
+ this.issuerFormat = issuerFormat;
+ }
public boolean isSignAssertion() {
return signAssertion;
Modified:
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java
URL:
http://svn.apache.org/viewvc/webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java?rev=1715770&r1=1715769&r2=1715770&view=diff
==============================================================================
---
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java
(original)
+++
webservices/wss4j/branches/2_1_x-fixes/ws-security-stax/src/test/java/org/apache/wss4j/stax/test/saml/SAMLTokenTest.java
Mon Nov 23 11:29:14 2015
@@ -1147,6 +1147,40 @@ public class SAMLTokenTest extends Abstr
}
}
+ @Test
+ public void testSAML2IssuerFormatOutbound() throws Exception {
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ {
+ WSSSecurityProperties securityProperties = new
WSSSecurityProperties();
+ List<WSSConstants.Action> actions = new
ArrayList<WSSConstants.Action>();
+ actions.add(WSSConstants.SAML_TOKEN_UNSIGNED);
+ securityProperties.setActions(actions);
+ SAMLCallbackHandlerImpl callbackHandler = new
SAMLCallbackHandlerImpl();
+
callbackHandler.setStatement(SAMLCallbackHandlerImpl.Statement.AUTHN);
+ callbackHandler.setIssuer("www.example.com");
+ callbackHandler.setSignAssertion(false);
+
callbackHandler.setIssuerFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:persistent");
+ securityProperties.setSamlCallbackHandler(callbackHandler);
+
+ OutboundWSSec wsSecOut =
WSSec.getOutboundWSSec(securityProperties);
+ XMLStreamWriter xmlStreamWriter = wsSecOut.processOutMessage(baos,
StandardCharsets.UTF_8.name(), new ArrayList<SecurityEvent>());
+ XMLStreamReader xmlStreamReader =
xmlInputFactory.createXMLStreamReader(this.getClass().getClassLoader().getResourceAsStream("testdata/plain-soap-1.1.xml"));
+ XmlReaderToWriter.writeAll(xmlStreamReader, xmlStreamWriter);
+ xmlStreamWriter.close();
+
+ Document document =
documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray()));
+ NodeList nodeList =
document.getElementsByTagNameNS(WSSConstants.TAG_dsig_Signature.getNamespaceURI(),
WSSConstants.TAG_dsig_Signature.getLocalPart());
+ Assert.assertEquals(nodeList.getLength(), 0);
+ }
+
+ //done signature; now test sig-verification:
+ {
+ String action = WSHandlerConstants.SAML_TOKEN_UNSIGNED;
+
doInboundSecurityWithWSS4J(documentBuilderFactory.newDocumentBuilder().parse(new
ByteArrayInputStream(baos.toByteArray())), action);
+ }
+ }
+
private void encryptElement(
Document document,
Element elementToEncrypt,
