Author: coheigea Date: Thu Feb 8 16:35:15 2018 New Revision: 1823581 URL: http://svn.apache.org/viewvc?rev=1823581&view=rev Log: Adding a test for WSS-622
Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java?rev=1823581&r1=1823580&r2=1823581&view=diff ============================================================================== --- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java (original) +++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/AbstractSAMLCallbackHandler.java Thu Feb 8 16:35:15 2018 @@ -30,6 +30,7 @@ import org.apache.wss4j.common.saml.bean import org.apache.wss4j.common.saml.bean.ConditionsBean; import org.apache.wss4j.common.saml.bean.KeyInfoBean; import org.apache.wss4j.common.saml.bean.KeyInfoBean.CERT_IDENTIFIER; +import org.apache.wss4j.common.saml.bean.NameIDBean; import org.apache.wss4j.common.saml.bean.SubjectBean; import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean; import org.apache.wss4j.common.saml.bean.SubjectLocalityBean; @@ -80,6 +81,15 @@ public abstract class AbstractSAMLCallba private String issuerPassword; private Element assertionAdviceElement; private Element keyInfoElement; + protected NameIDBean subjectConfirmationNameID; + + public NameIDBean getSubjectConfirmationNameID() { + return subjectConfirmationNameID; + } + + public void setSubjectConfirmationNameID(NameIDBean subjectConfirmationNameID) { + this.subjectConfirmationNameID = subjectConfirmationNameID; + } public void setSubjectConfirmationData(SubjectConfirmationDataBean subjectConfirmationData) { this.subjectConfirmationData = subjectConfirmationData; Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java?rev=1823581&r1=1823580&r2=1823581&view=diff ============================================================================== --- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java (original) +++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/common/SAML2CallbackHandler.java Thu Feb 8 16:35:15 2018 @@ -81,6 +81,9 @@ public class SAML2CallbackHandler extend if (subjectNameIDFormat != null) { subjectBean.setSubjectNameIDFormat(subjectNameIDFormat); } + if (subjectConfirmationNameID != null) { + subjectBean.setSubjectConfirmationNameID(subjectConfirmationNameID); + } subjectBean.setSubjectConfirmationData(subjectConfirmationData); if (SAML2Constants.CONF_HOLDER_KEY.equals(confirmationMethod)) { try { Modified: webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java?rev=1823581&r1=1823580&r2=1823581&view=diff ============================================================================== --- webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java (original) +++ webservices/wss4j/trunk/ws-security-dom/src/test/java/org/apache/wss4j/dom/saml/SamlTokenTest.java Thu Feb 8 16:35:15 2018 @@ -40,6 +40,7 @@ import org.apache.wss4j.common.ext.WSSec import org.apache.wss4j.common.saml.SAMLCallback; import org.apache.wss4j.common.saml.SAMLUtil; import org.apache.wss4j.common.saml.SamlAssertionWrapper; +import org.apache.wss4j.common.saml.bean.NameIDBean; import org.apache.wss4j.common.saml.bean.SubjectConfirmationDataBean; import org.apache.wss4j.common.saml.builder.SAML1Constants; import org.apache.wss4j.common.saml.builder.SAML2Constants; @@ -702,6 +703,52 @@ public class SamlTokenTest extends org.j WSHandlerResult results = createAndVerifyMessage(callbackHandler, true); WSSecurityEngineResult actionResult = + results.getActionResults().get(WSConstants.ST_UNSIGNED).get(0); + + SamlAssertionWrapper receivedSamlAssertion = + (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION); + assertTrue(receivedSamlAssertion != null); + assertFalse(receivedSamlAssertion.isSigned()); + } + + /** + * Test that creates, sends and processes an unsigned SAML 2 authentication assertion with + * a NameID in the Subject (see https://issues.apache.org/jira/browse/WSS-622) + */ + @Test + public void testSAML2SubjectConfirmationNameID() throws Exception { + SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); + callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN); + callbackHandler.setIssuer("www.example.com"); + + NameIDBean nameID = new NameIDBean(); + nameID.setNameIDFormat("urn:oasis:names:tc:SAML:2.0:nameid-format:unspecified"); + nameID.setNameQualifier("confirmationNameQualifier"); + nameID.setNameValue("confirmationNameQualifierValue"); + callbackHandler.setSubjectConfirmationNameID(nameID); + + SAMLCallback samlCallback = new SAMLCallback(); + SAMLUtil.doSAMLCallback(callbackHandler, samlCallback); + SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback); + + Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); + WSSecHeader secHeader = new WSSecHeader(doc); + secHeader.insertSecurityHeader(); + + WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader); + + Document unsignedDoc = wsSign.build(samlAssertion); + + String outputString = + XMLUtils.prettyDocumentToString(unsignedDoc); + if (LOG.isDebugEnabled()) { + LOG.debug("SAML 2 Authn Assertion (sender vouches):"); + LOG.debug(outputString); + } + assertTrue(outputString.contains("confirmationNameQualifierValue")); + + WSHandlerResult results = createAndVerifyMessage(callbackHandler, true); + WSSecurityEngineResult actionResult = results.getActionResults().get(WSConstants.ST_UNSIGNED).get(0); SamlAssertionWrapper receivedSamlAssertion =