[
https://issues.apache.org/jira/browse/WSS-213?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12772002#action_12772002
]
Jay Blanton edited comment on WSS-213 at 10/30/09 5:35 PM:
-----------------------------------------------------------
Colm...thanks again for your help.
Here is a sample class for background.
This is a class we built with BEA support so that we could implement SAML
Sender Vouches (version 1.1) and just a digital signature of the SAML Assertion.
We currently use this class on the Service Client side to attach SAML Tokens
onto the service request and this is then resolved in the Oracle Service Bus
and the WSDL hosted on that Bus.
It uses just OpenSAML.
package foo.opensaml;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Set;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.xml.security.signature.XMLSignature;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLAttributeStatement;
import org.opensaml.SAMLAuthenticationStatement;
import org.opensaml.SAMLException;
import org.opensaml.SAMLNameIdentifier;
import org.opensaml.SAMLResponse;
import org.opensaml.SAMLSignedObject;
import org.opensaml.SAMLSubject;
import org.opensaml.SAMLSubjectStatement;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.DefaultResourceLoader;
import org.springframework.core.io.ResourceLoader;
/**
* The Class SAMLAuthenticationHandler.
*/
public class SAMLAuthenticationHandler {
/** The Constant ASSERTION_ISSUER. */
public static final String ASSERTION_ISSUER = "assertion.issuer";
/** The Constant CERTIFICATE_PASSWORD. */
public static final String CERTIFICATE_PASSWORD =
"certificate.password";
/** The Constant CERTIFICATE_ALIAS. */
public static final String CERTIFICATE_ALIAS = "certificate.alias";
/** The Constant CERTIFICATE_KEYSTORE_PATH. */
public static final String CERTIFICATE_KEYSTORE_PATH =
"certificate.keystore.path";
/** The Constant ASSERTION_SIGN. */
public static final String ASSERTION_SIGN = "assertion.sign";
/** The Constant ASSERTION_USERNAME. */
public static final String ASSERTION_USERNAME = "assertion.username";
/** The Constant SIGNATURE_INCLUDECERT. */
public static final String SIGNATURE_INCLUDECERT =
"signature.includecert";
/** The Constant SAML_ASSERTION. */
public static final String SAML_ASSERTION = "SAML.Assertion";
/** The Constant SAML_ASSERTION_CERTPATH. */
public static final String SAML_ASSERTION_CERTPATH =
"SAML.Assertion.Certpath";
private String credentialType = SAML_ASSERTION;
private String assertionUserName;
private boolean signAssertion = false;
private Set<?> groups = Collections.EMPTY_SET;
private long notBeforeMs;
private long notAfterMs;
private String certKeystorePath;
private String certKeystoreType = "JKS";
private String certAlias;
private String certPassword;
private String assertionIssuer;
private String recipient;
/**
* Instantiates a new SAML authentication handler.
*
* @param config
* the config
*/
public SAMLAuthenticationHandler() {
super();
}
/**
* Handle request.
*
* @return the SOAP header block
*/
public String getSamlAssertion() {
String assertion = getSAMLAssertion(assertionUserName, //
username
groups, // groups
signAssertion, // isSigned
notBeforeMs, // not before condition
notAfterMs, // not after condition
certKeystorePath, // keystore uri
certKeystoreType, // trusted keystore type
certAlias, // trusted cert alias
certPassword, // trusted cert alias password
credentialType, // credentialType
assertionIssuer, // issuerURI
recipient // recipient
);
System.out.println(assertion);
return assertion;
}
public String getCredentialType() {
return credentialType;
}
public void setCredentialType(String credentialType) {
this.credentialType = credentialType;
}
public String getAssertionUserName() {
return assertionUserName;
}
public void setAssertionUserName(String assertionUserName) {
this.assertionUserName = assertionUserName;
}
public boolean isSignAssertion() {
return signAssertion;
}
public void setSignAssertion(boolean signAssertion) {
this.signAssertion = signAssertion;
}
public void setSignAssertion(String signAssertion) {
this.signAssertion = BooleanUtils.toBoolean(signAssertion);
}
public Set<?> getGroups() {
return groups;
}
public void setGroups(Set<?> groups) {
this.groups = groups;
}
public long getNotBeforeMs() {
return notBeforeMs;
}
public void setNotBeforeMs(long notBeforeMs) {
this.notBeforeMs = notBeforeMs;
}
public long getNotAfterMs() {
return notAfterMs;
}
public void setNotAfterMs(long notAfterMs) {
this.notAfterMs = notAfterMs;
}
public String getCertKeystorePath() {
return certKeystorePath;
}
public void setCertKeystorePath(String certKeystorePath) {
this.certKeystorePath = certKeystorePath;
}
public String getCertKeystoreType() {
return certKeystoreType;
}
public void setCertKeystoreType(String certKeystoreType) {
this.certKeystoreType = certKeystoreType;
}
public String getCertAlias() {
return certAlias;
}
public void setCertAlias(String certAlias) {
this.certAlias = certAlias;
}
public String getCertPassword() {
return certPassword;
}
public void setCertPassword(String certPassword) {
this.certPassword = certPassword;
}
public String getAssertionIssuer() {
return assertionIssuer;
}
public void setAssertionIssuer(String assertionIssuer) {
this.assertionIssuer = assertionIssuer;
}
public String getRecipient() {
return recipient;
}
public void setRecipient(String recipient) {
this.recipient = recipient;
}
/** The Constant UNKNOWN_RECIPIENT. */
public static final String UNKNOWN_RECIPIENT = "unknown";
/** The Constant SAML_RESPONSE. */
public static final String SAML_RESPONSE = "SAML.Profile.POST";
/** The Constant SAML_RESPONSE_CERTPATH. */
public static final String SAML_RESPONSE_CERTPATH =
"SAML.Profile.POST.Certpath";
/** The Constant SAML_RESPONSE_NO_CERTPATH. */
public static final String SAML_RESPONSE_NO_CERTPATH =
"SAML.Profile.POST.NoCertpath";
/** The Constant WLES_GROUP_TAG. */
private static final String WLES_GROUP_TAG = "WLESGroup";
/** The Constant WLES_GROUP_NS. */
private static final String WLES_GROUP_NS =
"urn:bea:security:saml:groups";
/**
* Gets the SAML assertion.
*
* @param userName
* the user name
* @param groups
* the groups
* @param isSigned
* the is signed
* @param notBeforeMs
* the not before_ms
* @param notAfterMs
* the not after_ms
* @param trustedKeystore
* the trusted keystore
* @param trustedKeystoreType
* the trusted keystore type
* @param trustedCertAlias
* the trusted cert alias
* @param trustedCertAliasPasswd
* the trusted cert alias passwd
* @param credentialType
* the credential type
* @param issuer
* the issuer
* @param recipient
* the recipient
*
* @return the SAML assertion
*/
public String getSAMLAssertion(String userName, Set<?> groups,
boolean isSigned, long notBeforeMs, long notAfterMs,
String trustedKeystore, String trustedKeystoreType,
String trustedCertAlias, String trustedCertAliasPasswd,
String credentialType, String issuer, String recipient) {
boolean asResponse = isResponseType(credentialType);
boolean withCertPath = requireCertpath(credentialType);
ClassLoader dirCLDR = this.getClass().getClassLoader();
ClassLoader threadCLDR =
Thread.currentThread().getContextClassLoader();
try {
Thread.currentThread().setContextClassLoader(dirCLDR);
SAMLSubject subject = new SAMLSubject(new
SAMLNameIdentifier(
userName, null, null), Collections
.singleton(SAMLSubject.CONF_SENDER_VOUCHES),
null, null);
SAMLAttributeStatement attrStat = null;
if ((groups != null) && (groups.size() != 0)) {
attrStat = createAttributeStatement(subject,
groups);
}
SAMLAssertion assertion = createAssertion(
createAuthenticationStatement(subject),
attrStat,
notBeforeMs, notAfterMs, issuer);
SAMLSignedObject signedObject = null;
if (asResponse) {
List<SAMLAssertion> assertionList = new
ArrayList<SAMLAssertion>();
assertionList.add(assertion);
String responseRecipient = recipient;
if (StringUtils.isEmpty(recipient)) {
responseRecipient = UNKNOWN_RECIPIENT;
}
SAMLResponse response = new SAMLResponse(null,
responseRecipient, assertionList, null);
if (isSigned) {
signedObject =
getSignedAssertion(response,
trustedKeystore,
trustedKeystoreType,
trustedCertAlias,
trustedCertAliasPasswd,
withCertPath, asResponse);
}
}
else {
if (isSigned) {
signedObject =
getSignedAssertion(assertion,
trustedKeystore,
trustedKeystoreType,
trustedCertAlias,
trustedCertAliasPasswd,
withCertPath, asResponse);
}
}
if (signedObject != null) {
return signedObject.toString();
}
else {
return assertion.toString();
}
}
catch (SAMLException e) {
throw new RuntimeException(e);
}
finally {
Thread.currentThread().setContextClassLoader(threadCLDR);
}
}
/**
* Creates a new SAMLToken object.
*
* @param authnStat
* the authn stat
* @param attrStat
* the attr stat
* @param notBeforeMs
* the not before_ms
* @param notAfterMs
* the not after_ms
* @param issuer
* the issuer
*
* @return the SAML assertion
*/
private SAMLAssertion createAssertion(
SAMLAuthenticationStatement authnStat,
SAMLAttributeStatement attrStat, long notBeforeMs, long
notAfterMs,
String issuer) {
SAMLAssertion samlAssertion = null;
long now = System.currentTimeMillis();
Date notBefore = new Date(now - notBeforeMs);
Date notOnOrAfter = new Date(now + notAfterMs);
List<SAMLSubjectStatement> statements = new
ArrayList<SAMLSubjectStatement>();
if (authnStat != null) {
statements.add(authnStat);
}
if (attrStat != null) {
statements.add(attrStat);
}
try {
samlAssertion = new SAMLAssertion(issuer, notBefore,
notOnOrAfter,
null, null, statements);
}
catch (SAMLException e) {
throw new RuntimeException(e);
}
return samlAssertion;
}
/**
* Creates a new SAMLToken object.
*
* @param subject
* the subject
* @param groups
* the groups
*
* @return the SAML attribute statement
*/
private SAMLAttributeStatement createAttributeStatement(
SAMLSubject subject, Collection<?> groups) {
SAMLAttributeStatement attrStmt = null;
try {
SAMLAttribute wlesGroup = new
SAMLAttribute(WLES_GROUP_TAG,
WLES_GROUP_NS, null, 0, groups);
ArrayList<SAMLAttribute> wlesGroups = new
ArrayList<SAMLAttribute>();
wlesGroups.add(wlesGroup);
attrStmt = new SAMLAttributeStatement(
(SAMLSubject) subject.clone(), wlesGroups);
}
catch (SAMLException e) {
throw new RuntimeException(e);
}
catch (CloneNotSupportedException e) {
throw new RuntimeException(e);
}
return attrStmt;
}
/**
* Creates a new SAMLToken object.
*
* @param subject
* the subject
*
* @return the SAML authentication statement
*/
private SAMLAuthenticationStatement createAuthenticationStatement(
SAMLSubject subject) {
String authnMtd =
SAMLAuthenticationStatement.AuthenticationMethod_Password;
SAMLAuthenticationStatement authnStat = null;
try {
authnStat = new
SAMLAuthenticationStatement((SAMLSubject) subject
.clone(), authnMtd, new Date(), null, null,
null);
}
catch (SAMLException e) {
throw new RuntimeException(e);
}
catch (CloneNotSupportedException e) {
throw new RuntimeException(e);
}
return authnStat;
}
/**
* Gets the signed assertion.
*
* @param assertion
* the assertion
* @param keyStoreFilename
* the key store filename
* @param keyStoreType
* the key store type
* @param certAlias
* the cert alias
* @param certPswd
* the cert pswd
* @param includeCertpath
* the include certpath
* @param isResponse
* the is response
*
* @return the signed assertion
*/
private SAMLSignedObject getSignedAssertion(SAMLSignedObject assertion,
String keyStoreFilename, String keyStoreType, String certAlias,
String certPswd, boolean includeCertpath, boolean isResponse) {
if (StringUtils.isEmpty(keyStoreFilename)) {
throw new SecurityException(
"keyStoreFilename is either null or empty
string");
}
if (StringUtils.isEmpty(keyStoreType)) {
throw new SecurityException("keyStoreType is either
null or empty");
}
if (StringUtils.isEmpty(certAlias)) {
throw new SecurityException("certAlias is either null
or empty");
}
if (StringUtils.isEmpty(certPswd)) {
throw new SecurityException("certPswd is either null or
empty");
}
FileInputStream fin = null;
try {
KeyStore store = KeyStore.getInstance(keyStoreType);
ResourceLoader rs = new DefaultResourceLoader();
ClassPathResource resource = (ClassPathResource) rs
.getResource(keyStoreFilename);
fin = new FileInputStream(resource.getFile());
store.load(fin, null);
Key privateKey = store.getKey(certAlias,
certPswd.toCharArray());
if (privateKey != null) {
List<Certificate> certs = new
ArrayList<Certificate>();
if (includeCertpath) {
if (isResponse) {
Certificate cert =
store.getCertificate(certAlias);
if (cert == null) {
throw new
SecurityException(
"unable to get
certificate using certAlias");
}
certs.add(cert);
}
else {
Certificate certArray[] = store
.getCertificateChain(certAlias);
if (certArray == null) {
throw new
SecurityException(
"unable to get
certificate chain using certAlias");
}
certs.addAll(Arrays.asList(certArray));
}
assertion.sign(XMLSignature.ALGO_ID_SIGNATURE_RSA,
privateKey, certs);
}
else {
assertion.sign(XMLSignature.ALGO_ID_SIGNATURE_RSA,
privateKey, null);
}
}
else {
throw new SecurityException(
"private key was null and hence cannot
sign assertion");
}
}
catch (KeyStoreException e) {
throw new RuntimeException(e);
}
catch (FileNotFoundException e) {
throw new RuntimeException(e);
}
catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
catch (CertificateException e) {
throw new RuntimeException(e);
}
catch (UnrecoverableKeyException e) {
throw new RuntimeException(e);
}
catch (IOException e) {
throw new RuntimeException(e);
}
catch (SAMLException e) {
throw new RuntimeException(e);
}
finally {
IOUtils.closeQuietly(fin);
}
return assertion;
}
/**
* Checks if is response type.
*
* @param credentialTypes
* the credential types
*
* @return true, if is response type
*/
private boolean isResponseType(String credentialTypes) {
boolean responseType = false;
if (SAML_RESPONSE.equals(credentialTypes)
|| SAML_RESPONSE_CERTPATH.equals(credentialTypes)
|| SAML_RESPONSE_NO_CERTPATH.equals(credentialTypes)) {
responseType = true;
}
return responseType;
}
/**
* Require certpath.
*
* @param credentialTypes
* the credential types
*
* @return true, if successful
*/
private boolean requireCertpath(String credentialTypes) {
boolean requireCertpath = false;
if (SAML_ASSERTION_CERTPATH.equals(credentialTypes)
|| SAML_RESPONSE.equals(credentialTypes)
|| SAML_RESPONSE_CERTPATH.equals(credentialTypes)) {
requireCertpath = true;
}
return requireCertpath;
}
}
was (Author: jaybytez):
Colm...thanks again for your help.
Here is a sample class for background.
This is a class we built with BEA support so that we could implement SAML
Sender Vouches (version 1.1) and just a digital signature of the SAML Assertion.
It uses just OpenSAML.
package foo.opensaml;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.security.Key;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.UnrecoverableKeyException;
import java.security.cert.Certificate;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.Set;
import org.apache.commons.io.IOUtils;
import org.apache.commons.lang.BooleanUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.xml.security.signature.XMLSignature;
import org.opensaml.SAMLAssertion;
import org.opensaml.SAMLAttribute;
import org.opensaml.SAMLAttributeStatement;
import org.opensaml.SAMLAuthenticationStatement;
import org.opensaml.SAMLException;
import org.opensaml.SAMLNameIdentifier;
import org.opensaml.SAMLResponse;
import org.opensaml.SAMLSignedObject;
import org.opensaml.SAMLSubject;
import org.opensaml.SAMLSubjectStatement;
import org.springframework.core.io.ClassPathResource;
import org.springframework.core.io.DefaultResourceLoader;
import org.springframework.core.io.ResourceLoader;
/**
* The Class SAMLAuthenticationHandler.
*/
public class SAMLAuthenticationHandler {
/** The Constant ASSERTION_ISSUER. */
public static final String ASSERTION_ISSUER = "assertion.issuer";
/** The Constant CERTIFICATE_PASSWORD. */
public static final String CERTIFICATE_PASSWORD =
"certificate.password";
/** The Constant CERTIFICATE_ALIAS. */
public static final String CERTIFICATE_ALIAS = "certificate.alias";
/** The Constant CERTIFICATE_KEYSTORE_PATH. */
public static final String CERTIFICATE_KEYSTORE_PATH =
"certificate.keystore.path";
/** The Constant ASSERTION_SIGN. */
public static final String ASSERTION_SIGN = "assertion.sign";
/** The Constant ASSERTION_USERNAME. */
public static final String ASSERTION_USERNAME = "assertion.username";
/** The Constant SIGNATURE_INCLUDECERT. */
public static final String SIGNATURE_INCLUDECERT =
"signature.includecert";
/** The Constant SAML_ASSERTION. */
public static final String SAML_ASSERTION = "SAML.Assertion";
/** The Constant SAML_ASSERTION_CERTPATH. */
public static final String SAML_ASSERTION_CERTPATH =
"SAML.Assertion.Certpath";
private String credentialType = SAML_ASSERTION;
private String assertionUserName;
private boolean signAssertion = false;
private Set<?> groups = Collections.EMPTY_SET;
private long notBeforeMs;
private long notAfterMs;
private String certKeystorePath;
private String certKeystoreType = "JKS";
private String certAlias;
private String certPassword;
private String assertionIssuer;
private String recipient;
/**
* Instantiates a new SAML authentication handler.
*
* @param config
* the config
*/
public SAMLAuthenticationHandler() {
super();
}
/**
* Handle request.
*
* @return the SOAP header block
*/
public String getSamlAssertion() {
String assertion = getSAMLAssertion(assertionUserName, //
username
groups, // groups
signAssertion, // isSigned
notBeforeMs, // not before condition
notAfterMs, // not after condition
certKeystorePath, // keystore uri
certKeystoreType, // trusted keystore type
certAlias, // trusted cert alias
certPassword, // trusted cert alias password
credentialType, // credentialType
assertionIssuer, // issuerURI
recipient // recipient
);
System.out.println(assertion);
return assertion;
}
public String getCredentialType() {
return credentialType;
}
public void setCredentialType(String credentialType) {
this.credentialType = credentialType;
}
public String getAssertionUserName() {
return assertionUserName;
}
public void setAssertionUserName(String assertionUserName) {
this.assertionUserName = assertionUserName;
}
public boolean isSignAssertion() {
return signAssertion;
}
public void setSignAssertion(boolean signAssertion) {
this.signAssertion = signAssertion;
}
public void setSignAssertion(String signAssertion) {
this.signAssertion = BooleanUtils.toBoolean(signAssertion);
}
public Set<?> getGroups() {
return groups;
}
public void setGroups(Set<?> groups) {
this.groups = groups;
}
public long getNotBeforeMs() {
return notBeforeMs;
}
public void setNotBeforeMs(long notBeforeMs) {
this.notBeforeMs = notBeforeMs;
}
public long getNotAfterMs() {
return notAfterMs;
}
public void setNotAfterMs(long notAfterMs) {
this.notAfterMs = notAfterMs;
}
public String getCertKeystorePath() {
return certKeystorePath;
}
public void setCertKeystorePath(String certKeystorePath) {
this.certKeystorePath = certKeystorePath;
}
public String getCertKeystoreType() {
return certKeystoreType;
}
public void setCertKeystoreType(String certKeystoreType) {
this.certKeystoreType = certKeystoreType;
}
public String getCertAlias() {
return certAlias;
}
public void setCertAlias(String certAlias) {
this.certAlias = certAlias;
}
public String getCertPassword() {
return certPassword;
}
public void setCertPassword(String certPassword) {
this.certPassword = certPassword;
}
public String getAssertionIssuer() {
return assertionIssuer;
}
public void setAssertionIssuer(String assertionIssuer) {
this.assertionIssuer = assertionIssuer;
}
public String getRecipient() {
return recipient;
}
public void setRecipient(String recipient) {
this.recipient = recipient;
}
/** The Constant UNKNOWN_RECIPIENT. */
public static final String UNKNOWN_RECIPIENT = "unknown";
/** The Constant SAML_RESPONSE. */
public static final String SAML_RESPONSE = "SAML.Profile.POST";
/** The Constant SAML_RESPONSE_CERTPATH. */
public static final String SAML_RESPONSE_CERTPATH =
"SAML.Profile.POST.Certpath";
/** The Constant SAML_RESPONSE_NO_CERTPATH. */
public static final String SAML_RESPONSE_NO_CERTPATH =
"SAML.Profile.POST.NoCertpath";
/** The Constant WLES_GROUP_TAG. */
private static final String WLES_GROUP_TAG = "WLESGroup";
/** The Constant WLES_GROUP_NS. */
private static final String WLES_GROUP_NS =
"urn:bea:security:saml:groups";
/**
* Gets the SAML assertion.
*
* @param userName
* the user name
* @param groups
* the groups
* @param isSigned
* the is signed
* @param notBeforeMs
* the not before_ms
* @param notAfterMs
* the not after_ms
* @param trustedKeystore
* the trusted keystore
* @param trustedKeystoreType
* the trusted keystore type
* @param trustedCertAlias
* the trusted cert alias
* @param trustedCertAliasPasswd
* the trusted cert alias passwd
* @param credentialType
* the credential type
* @param issuer
* the issuer
* @param recipient
* the recipient
*
* @return the SAML assertion
*/
public String getSAMLAssertion(String userName, Set<?> groups,
boolean isSigned, long notBeforeMs, long notAfterMs,
String trustedKeystore, String trustedKeystoreType,
String trustedCertAlias, String trustedCertAliasPasswd,
String credentialType, String issuer, String recipient) {
boolean asResponse = isResponseType(credentialType);
boolean withCertPath = requireCertpath(credentialType);
ClassLoader dirCLDR = this.getClass().getClassLoader();
ClassLoader threadCLDR =
Thread.currentThread().getContextClassLoader();
try {
Thread.currentThread().setContextClassLoader(dirCLDR);
SAMLSubject subject = new SAMLSubject(new
SAMLNameIdentifier(
userName, null, null), Collections
.singleton(SAMLSubject.CONF_SENDER_VOUCHES),
null, null);
SAMLAttributeStatement attrStat = null;
if ((groups != null) && (groups.size() != 0)) {
attrStat = createAttributeStatement(subject,
groups);
}
SAMLAssertion assertion = createAssertion(
createAuthenticationStatement(subject),
attrStat,
notBeforeMs, notAfterMs, issuer);
SAMLSignedObject signedObject = null;
if (asResponse) {
List<SAMLAssertion> assertionList = new
ArrayList<SAMLAssertion>();
assertionList.add(assertion);
String responseRecipient = recipient;
if (StringUtils.isEmpty(recipient)) {
responseRecipient = UNKNOWN_RECIPIENT;
}
SAMLResponse response = new SAMLResponse(null,
responseRecipient, assertionList, null);
if (isSigned) {
signedObject =
getSignedAssertion(response,
trustedKeystore,
trustedKeystoreType,
trustedCertAlias,
trustedCertAliasPasswd,
withCertPath, asResponse);
}
}
else {
if (isSigned) {
signedObject =
getSignedAssertion(assertion,
trustedKeystore,
trustedKeystoreType,
trustedCertAlias,
trustedCertAliasPasswd,
withCertPath, asResponse);
}
}
if (signedObject != null) {
return signedObject.toString();
}
else {
return assertion.toString();
}
}
catch (SAMLException e) {
throw new RuntimeException(e);
}
finally {
Thread.currentThread().setContextClassLoader(threadCLDR);
}
}
/**
* Creates a new SAMLToken object.
*
* @param authnStat
* the authn stat
* @param attrStat
* the attr stat
* @param notBeforeMs
* the not before_ms
* @param notAfterMs
* the not after_ms
* @param issuer
* the issuer
*
* @return the SAML assertion
*/
private SAMLAssertion createAssertion(
SAMLAuthenticationStatement authnStat,
SAMLAttributeStatement attrStat, long notBeforeMs, long
notAfterMs,
String issuer) {
SAMLAssertion samlAssertion = null;
long now = System.currentTimeMillis();
Date notBefore = new Date(now - notBeforeMs);
Date notOnOrAfter = new Date(now + notAfterMs);
List<SAMLSubjectStatement> statements = new
ArrayList<SAMLSubjectStatement>();
if (authnStat != null) {
statements.add(authnStat);
}
if (attrStat != null) {
statements.add(attrStat);
}
try {
samlAssertion = new SAMLAssertion(issuer, notBefore,
notOnOrAfter,
null, null, statements);
}
catch (SAMLException e) {
throw new RuntimeException(e);
}
return samlAssertion;
}
/**
* Creates a new SAMLToken object.
*
* @param subject
* the subject
* @param groups
* the groups
*
* @return the SAML attribute statement
*/
private SAMLAttributeStatement createAttributeStatement(
SAMLSubject subject, Collection<?> groups) {
SAMLAttributeStatement attrStmt = null;
try {
SAMLAttribute wlesGroup = new
SAMLAttribute(WLES_GROUP_TAG,
WLES_GROUP_NS, null, 0, groups);
ArrayList<SAMLAttribute> wlesGroups = new
ArrayList<SAMLAttribute>();
wlesGroups.add(wlesGroup);
attrStmt = new SAMLAttributeStatement(
(SAMLSubject) subject.clone(), wlesGroups);
}
catch (SAMLException e) {
throw new RuntimeException(e);
}
catch (CloneNotSupportedException e) {
throw new RuntimeException(e);
}
return attrStmt;
}
/**
* Creates a new SAMLToken object.
*
* @param subject
* the subject
*
* @return the SAML authentication statement
*/
private SAMLAuthenticationStatement createAuthenticationStatement(
SAMLSubject subject) {
String authnMtd =
SAMLAuthenticationStatement.AuthenticationMethod_Password;
SAMLAuthenticationStatement authnStat = null;
try {
authnStat = new
SAMLAuthenticationStatement((SAMLSubject) subject
.clone(), authnMtd, new Date(), null, null,
null);
}
catch (SAMLException e) {
throw new RuntimeException(e);
}
catch (CloneNotSupportedException e) {
throw new RuntimeException(e);
}
return authnStat;
}
/**
* Gets the signed assertion.
*
* @param assertion
* the assertion
* @param keyStoreFilename
* the key store filename
* @param keyStoreType
* the key store type
* @param certAlias
* the cert alias
* @param certPswd
* the cert pswd
* @param includeCertpath
* the include certpath
* @param isResponse
* the is response
*
* @return the signed assertion
*/
private SAMLSignedObject getSignedAssertion(SAMLSignedObject assertion,
String keyStoreFilename, String keyStoreType, String certAlias,
String certPswd, boolean includeCertpath, boolean isResponse) {
if (StringUtils.isEmpty(keyStoreFilename)) {
throw new SecurityException(
"keyStoreFilename is either null or empty
string");
}
if (StringUtils.isEmpty(keyStoreType)) {
throw new SecurityException("keyStoreType is either
null or empty");
}
if (StringUtils.isEmpty(certAlias)) {
throw new SecurityException("certAlias is either null
or empty");
}
if (StringUtils.isEmpty(certPswd)) {
throw new SecurityException("certPswd is either null or
empty");
}
FileInputStream fin = null;
try {
KeyStore store = KeyStore.getInstance(keyStoreType);
ResourceLoader rs = new DefaultResourceLoader();
ClassPathResource resource = (ClassPathResource) rs
.getResource(keyStoreFilename);
fin = new FileInputStream(resource.getFile());
store.load(fin, null);
Key privateKey = store.getKey(certAlias,
certPswd.toCharArray());
if (privateKey != null) {
List<Certificate> certs = new
ArrayList<Certificate>();
if (includeCertpath) {
if (isResponse) {
Certificate cert =
store.getCertificate(certAlias);
if (cert == null) {
throw new
SecurityException(
"unable to get
certificate using certAlias");
}
certs.add(cert);
}
else {
Certificate certArray[] = store
.getCertificateChain(certAlias);
if (certArray == null) {
throw new
SecurityException(
"unable to get
certificate chain using certAlias");
}
certs.addAll(Arrays.asList(certArray));
}
assertion.sign(XMLSignature.ALGO_ID_SIGNATURE_RSA,
privateKey, certs);
}
else {
assertion.sign(XMLSignature.ALGO_ID_SIGNATURE_RSA,
privateKey, null);
}
}
else {
throw new SecurityException(
"private key was null and hence cannot
sign assertion");
}
}
catch (KeyStoreException e) {
throw new RuntimeException(e);
}
catch (FileNotFoundException e) {
throw new RuntimeException(e);
}
catch (NoSuchAlgorithmException e) {
throw new RuntimeException(e);
}
catch (CertificateException e) {
throw new RuntimeException(e);
}
catch (UnrecoverableKeyException e) {
throw new RuntimeException(e);
}
catch (IOException e) {
throw new RuntimeException(e);
}
catch (SAMLException e) {
throw new RuntimeException(e);
}
finally {
IOUtils.closeQuietly(fin);
}
return assertion;
}
/**
* Checks if is response type.
*
* @param credentialTypes
* the credential types
*
* @return true, if is response type
*/
private boolean isResponseType(String credentialTypes) {
boolean responseType = false;
if (SAML_RESPONSE.equals(credentialTypes)
|| SAML_RESPONSE_CERTPATH.equals(credentialTypes)
|| SAML_RESPONSE_NO_CERTPATH.equals(credentialTypes)) {
responseType = true;
}
return responseType;
}
/**
* Require certpath.
*
* @param credentialTypes
* the credential types
*
* @return true, if successful
*/
private boolean requireCertpath(String credentialTypes) {
boolean requireCertpath = false;
if (SAML_ASSERTION_CERTPATH.equals(credentialTypes)
|| SAML_RESPONSE.equals(credentialTypes)
|| SAML_RESPONSE_CERTPATH.equals(credentialTypes)) {
requireCertpath = true;
}
return requireCertpath;
}
}
> Running TestWSSecurityNewST2 Fails - General security error (No certificates
> were found for SAML signature)
> -----------------------------------------------------------------------------------------------------------
>
> Key: WSS-213
> URL: https://issues.apache.org/jira/browse/WSS-213
> Project: WSS4J
> Issue Type: Bug
> Affects Versions: 1.5.8
> Environment: OS = Ubuntu 9.04
> Eclipse = JEE Eclipse, Galileo, STS, m2eclipse
> JDK = java-6-sun-1.6.0.16, java-1.5.0-sun-1.5.0.19 (attempted as well)
> Reporter: Jay Blanton
> Assignee: Ruchith Udayanga Fernando
> Priority: Critical
> Attachments: wss4j.saml-jks.tar.gz, wss4j.saml.tar.gz
>
>
> I pulled down the 1.5.8, 1.5.8-SNAPSHOT, and pulled down the trunk for 1.6.
> I tried to build the trunk by doing a mvn package -Dmaven.test.skip=true
> (because quite a few unit tests fail).
> Then I try to run TestWSSecurityNewST2 and it fails.
> This is the exact issue I am having when trying to get my Spring Web Service
> Implementation to work with WSS4J's SAML Support (which it appears that
> Spring does not expose so I have to create a custom Interceptor).
> I have working examples of a digital signature, encryption, and UsernameToken
> with Spring Web Services support for SAML, but the SAML is not working. So I
> specifically went to the WSS4J examples to see if I could get those working
> first, and then working with my keystores, but the default test does not work
> for me that shipped with WSS4J.
> [INFO] Scanning for projects...
> [INFO]
> ------------------------------------------------------------------------
> [INFO] Building Ping Web Service Client
> [INFO]
> [INFO] Id: com.foo:ping.ws-saml:jar:0.0.1-SNAPSHOT
> [INFO] task-segment: [package]
> [INFO]
> ------------------------------------------------------------------------
> [INFO] [resources:resources]
> [INFO] Using default encoding to copy filtered resources.
> url = http://repo1.maven.org/maven2
> Downloading:
> http://repo1.maven.org/maven2/com/sun/xml/wss/xws-security/2.0-FCS/xws-security-2.0-FCS.pom
> url = http://static.appfuse.org/repository
> Downloading:
> http://static.appfuse.org/repository/com/sun/xml/wss/xws-security/2.0-FCS/xws-security-2.0-FCS.pom
> url = http://repository.jboss.com/maven2
> Downloading:
> http://repository.jboss.com/maven2/com/sun/xml/wss/xws-security/2.0-FCS/xws-security-2.0-FCS.pom
> [INFO] [compiler:compile]
> [INFO] Compiling 10 source files to
> /home/a068071/Public/Development/eclipse3.5-workspace/ping.ws-saml/target/classes
> url = http://repo1.maven.org/maven2
> Downloading:
> http://repo1.maven.org/maven2/com/sun/xml/wss/xws-security/2.0-FCS/xws-security-2.0-FCS.pom
> url = http://static.appfuse.org/repository
> Downloading:
> http://static.appfuse.org/repository/com/sun/xml/wss/xws-security/2.0-FCS/xws-security-2.0-FCS.pom
> url = http://repository.jboss.com/maven2
> Downloading:
> http://repository.jboss.com/maven2/com/sun/xml/wss/xws-security/2.0-FCS/xws-security-2.0-FCS.pom
> [INFO] [jibx:bind]
> [INFO] Not running JiBX binding compiler (single-module mode) - no binding
> files
> [INFO] [resources:testResources]
> [INFO] Using default encoding to copy filtered resources.
> url = http://repo1.maven.org/maven2
> Downloading:
> http://repo1.maven.org/maven2/com/sun/xml/wss/xws-security/2.0-FCS/xws-security-2.0-FCS.pom
> url = http://static.appfuse.org/repository
> Downloading:
> http://static.appfuse.org/repository/com/sun/xml/wss/xws-security/2.0-FCS/xws-security-2.0-FCS.pom
> url = http://repository.jboss.com/maven2
> Downloading:
> http://repository.jboss.com/maven2/com/sun/xml/wss/xws-security/2.0-FCS/xws-security-2.0-FCS.pom
> [INFO] [compiler:testCompile]
> [INFO] Compiling 4 source files to
> /home/a068071/Public/Development/eclipse3.5-workspace/ping.ws-saml/target/test-classes
> url = http://repo1.maven.org/maven2
> Downloading:
> http://repo1.maven.org/maven2/com/sun/xml/wss/xws-security/2.0-FCS/xws-security-2.0-FCS.pom
> url = http://static.appfuse.org/repository
> Downloading:
> http://static.appfuse.org/repository/com/sun/xml/wss/xws-security/2.0-FCS/xws-security-2.0-FCS.pom
> url = http://repository.jboss.com/maven2
> Downloading:
> http://repository.jboss.com/maven2/com/sun/xml/wss/xws-security/2.0-FCS/xws-security-2.0-FCS.pom
> [INFO] [surefire:test]
> [INFO] Surefire report directory:
> /home/a068071/Public/Development/eclipse3.5-workspace/ping.ws-saml/target/surefire-reports
> DEBUG [security.util.Loader] Trying to find [crypto.properties] using
> sun.misc.launcher$appclassloa...@133056f class loader.
> DEBUG [components.crypto.CryptoFactory] Using Crypto Engine
> [org.apache.ws.security.components.crypto.Merlin]
> DEBUG [components.crypto.AbstractCrypto] CA certs have been loaded
> DEBUG [security.util.Loader] Trying to find [crypto.properties] using
> sun.misc.launcher$appclassloa...@133056f class loader.
> DEBUG [components.crypto.CryptoFactory] Using Crypto Engine
> [org.apache.ws.security.components.crypto.Merlin]
> DEBUG [components.crypto.AbstractCrypto] CA certs have been loaded
> DEBUG [security.util.Loader] Trying to find [crypto.properties] using
> sun.misc.launcher$appclassloa...@133056f class loader.
> DEBUG [components.crypto.CryptoFactory] Using Crypto Engine
> [org.apache.ws.security.components.crypto.Merlin]
> DEBUG [components.crypto.AbstractCrypto] CA certs have been loaded
> DEBUG [security.util.Loader] Trying to find [crypto.properties] using
> sun.misc.launcher$appclassloa...@133056f class loader.
> DEBUG [components.crypto.CryptoFactory] Using Crypto Engine
> [org.apache.ws.security.components.crypto.Merlin]
> DEBUG [components.crypto.AbstractCrypto] CA certs have been loaded
> -------------------------------------------------------
> T E S T S
> -------------------------------------------------------
> Running wssec.TestWSSecurityNewST2
> DEBUG [security.util.Loader] Trying to find [saml.properties] using
> sun.misc.launcher$appclassloa...@133056f class loader.
> INFO [security.saml.SAMLIssuerFactory] Using Crypto Engine
> [org.apache.ws.security.saml.SAMLIssuerImpl]
> DEBUG [security.util.Loader] Trying to find [crypto.properties] using
> sun.misc.launcher$appclassloa...@133056f class loader.
> DEBUG [components.crypto.CryptoFactory] Using Crypto Engine
> [org.apache.ws.security.components.crypto.Merlin]
> DEBUG [components.crypto.AbstractCrypto] CA certs have been loaded
> DEBUG [security.saml.SAMLIssuerImpl] Begin add SAMLAssertion token...
> INFO [wssec.TestWSSecurityNewST2] Before SAMLSignedSenderVouches....
> DEBUG [security.saml.WSSecSignatureSAML] Beginning ST signing...
> DEBUG [security.util.Loader] Trying to find [saml.properties] using
> sun.misc.launcher$appclassloa...@133056f class loader.
> INFO [security.saml.SAMLIssuerFactory] Using Crypto Engine
> [org.apache.ws.security.saml.SAMLIssuerImpl]
> DEBUG [security.util.Loader] Trying to find [crypto.properties] using
> sun.misc.launcher$appclassloa...@133056f class loader.
> DEBUG [components.crypto.CryptoFactory] Using Crypto Engine
> [org.apache.ws.security.components.crypto.Merlin]
> DEBUG [components.crypto.AbstractCrypto] CA certs have been loaded
> DEBUG [security.saml.SAMLIssuerImpl] Begin add SAMLAssertion token...
> INFO [wssec.TestWSSecurityNewST2] Before SAMLSignedSenderVouches....
> DEBUG [security.saml.WSSecSignatureSAML] Beginning ST signing...
> DEBUG [security.util.Loader] Trying to find [saml3.properties] using
> sun.misc.launcher$appclassloa...@133056f class loader.
> INFO [security.saml.SAMLIssuerFactory] Using Crypto Engine
> [org.apache.ws.security.saml.SAMLIssuerImpl]
> DEBUG [security.util.Loader] Trying to find [crypto.properties] using
> sun.misc.launcher$appclassloa...@133056f class loader.
> DEBUG [components.crypto.CryptoFactory] Using Crypto Engine
> [org.apache.ws.security.components.crypto.Merlin]
> DEBUG [components.crypto.AbstractCrypto] CA certs have been loaded
> DEBUG [security.saml.SAMLIssuerImpl] Begin add SAMLAssertion token...
> INFO [wssec.TestWSSecurityNewST2] Before SAMLSignedSenderVouches....
> DEBUG [security.saml.WSSecSignatureSAML] Beginning ST signing...
> DEBUG [security.util.Loader] Trying to find [saml.properties] using
> sun.misc.launcher$appclassloa...@133056f class loader.
> INFO [security.saml.SAMLIssuerFactory] Using Crypto Engine
> [org.apache.ws.security.saml.SAMLIssuerImpl]
> DEBUG [security.util.Loader] Trying to find [crypto.properties] using
> sun.misc.launcher$appclassloa...@133056f class loader.
> DEBUG [components.crypto.CryptoFactory] Using Crypto Engine
> [org.apache.ws.security.components.crypto.Merlin]
> DEBUG [components.crypto.AbstractCrypto] CA certs have been loaded
> DEBUG [security.saml.SAMLIssuerImpl] Begin add SAMLAssertion token...
> DEBUG [security.saml.WSSecSignatureSAML] Beginning ST signing...
> Tests run: 4, Failures: 0, Errors: 4, Skipped: 0, Time elapsed: 0.222 sec <<<
> FAILURE!
> Results :
> Tests in error:
> testSAMLSignedSenderVouches(wssec.TestWSSecurityNewST2)
> testSAMLSignedSenderVouchesKeyIdentifier(wssec.TestWSSecurityNewST2)
> testDefaultIssuerClass(wssec.TestWSSecurityNewST2)
> testWSS62(wssec.TestWSSecurityNewST2)
> Tests run: 5, Failures: 0, Errors: 5, Skipped: 0
> [ERROR]
> Mojo:
> org.apache.maven.plugins:maven-surefire-plugin:2.4.2:test
> FAILED for project:
> com.foo:ping.ws-saml:jar:0.0.1-SNAPSHOT
> Reason:
> There are test failures.
> Please refer to
> /home/jay/Public/Development/eclipse3.5-workspace/ping.ws-saml/target/surefire-reports
> for the individual test results.
> [INFO]
> ------------------------------------------------------------------------
> [INFO] For more information, run with the -e flag
> [INFO]
> ------------------------------------------------------------------------
> [INFO] BUILD FAILED
> [INFO]
> ------------------------------------------------------------------------
> [INFO] Total time: 16 seconds
> [INFO] Finished at: Wed Oct 07 13:29:03 PDT 2009
> [INFO] Final Memory: 4M/25M
> [INFO]
> ------------------------------------------------------------------------
> Here is the errors from the test report:
> -------------------------------------------------------------------------------
> Test set: wssec.TestWSSecurityNewST2
> -------------------------------------------------------------------------------
> Tests run: 4, Failures: 0, Errors: 4, Skipped: 0, Time elapsed: 0.731 sec <<<
> FAILURE!
> testSAMLSignedSenderVouches(wssec.TestWSSecurityNewST2) Time elapsed: 0.486
> sec <<< ERROR!
> org.apache.ws.security.WSSecurityException: General security error (No
> certificates were found for SAML signature)
> at
> org.apache.ws.security.saml.WSSecSignatureSAML.prepare(WSSecSignatureSAML.java:276)
> at
> org.apache.ws.security.saml.WSSecSignatureSAML.build(WSSecSignatureSAML.java:110)
> at
> wssec.TestWSSecurityNewST2.testSAMLSignedSenderVouches(TestWSSecurityNewST2.java:114)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at junit.framework.TestCase.runTest(TestCase.java:168)
> at junit.framework.TestCase.runBare(TestCase.java:134)
> at junit.framework.TestResult$1.protect(TestResult.java:110)
> at junit.framework.TestResult.runProtected(TestResult.java:128)
> at junit.framework.TestResult.run(TestResult.java:113)
> at junit.framework.TestCase.run(TestCase.java:124)
> at junit.framework.TestSuite.runTest(TestSuite.java:232)
> at junit.framework.TestSuite.run(TestSuite.java:227)
> at
> org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:81)
> at
> org.apache.maven.surefire.junit4.JUnit4TestSet.execute(JUnit4TestSet.java:62)
> at
> org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.executeTestSet(AbstractDirectoryTestSuite.java:140)
> at
> org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.execute(AbstractDirectoryTestSuite.java:127)
> at org.apache.maven.surefire.Surefire.run(Surefire.java:177)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at
> org.apache.maven.surefire.booter.SurefireBooter.runSuitesInProcess(SurefireBooter.java:338)
> at
> org.apache.maven.surefire.booter.SurefireBooter.main(SurefireBooter.java:997)
> testSAMLSignedSenderVouchesKeyIdentifier(wssec.TestWSSecurityNewST2) Time
> elapsed: 0.064 sec <<< ERROR!
> org.apache.ws.security.WSSecurityException: General security error (No
> certificates were found for SAML signature)
> at
> org.apache.ws.security.saml.WSSecSignatureSAML.prepare(WSSecSignatureSAML.java:276)
> at
> org.apache.ws.security.saml.WSSecSignatureSAML.build(WSSecSignatureSAML.java:110)
> at
> wssec.TestWSSecurityNewST2.testSAMLSignedSenderVouchesKeyIdentifier(TestWSSecurityNewST2.java:156)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at junit.framework.TestCase.runTest(TestCase.java:168)
> at junit.framework.TestCase.runBare(TestCase.java:134)
> at junit.framework.TestResult$1.protect(TestResult.java:110)
> at junit.framework.TestResult.runProtected(TestResult.java:128)
> at junit.framework.TestResult.run(TestResult.java:113)
> at junit.framework.TestCase.run(TestCase.java:124)
> at junit.framework.TestSuite.runTest(TestSuite.java:232)
> at junit.framework.TestSuite.run(TestSuite.java:227)
> at
> org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:81)
> at
> org.apache.maven.surefire.junit4.JUnit4TestSet.execute(JUnit4TestSet.java:62)
> at
> org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.executeTestSet(AbstractDirectoryTestSuite.java:140)
> at
> org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.execute(AbstractDirectoryTestSuite.java:127)
> at org.apache.maven.surefire.Surefire.run(Surefire.java:177)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at
> org.apache.maven.surefire.booter.SurefireBooter.runSuitesInProcess(SurefireBooter.java:338)
> at
> org.apache.maven.surefire.booter.SurefireBooter.main(SurefireBooter.java:997)
> testDefaultIssuerClass(wssec.TestWSSecurityNewST2) Time elapsed: 0.156 sec
> <<< ERROR!
> org.apache.ws.security.WSSecurityException: General security error (No
> certificates were found for SAML signature)
> at
> org.apache.ws.security.saml.WSSecSignatureSAML.prepare(WSSecSignatureSAML.java:276)
> at
> org.apache.ws.security.saml.WSSecSignatureSAML.build(WSSecSignatureSAML.java:110)
> at
> wssec.TestWSSecurityNewST2.testDefaultIssuerClass(TestWSSecurityNewST2.java:200)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at junit.framework.TestCase.runTest(TestCase.java:168)
> at junit.framework.TestCase.runBare(TestCase.java:134)
> at junit.framework.TestResult$1.protect(TestResult.java:110)
> at junit.framework.TestResult.runProtected(TestResult.java:128)
> at junit.framework.TestResult.run(TestResult.java:113)
> at junit.framework.TestCase.run(TestCase.java:124)
> at junit.framework.TestSuite.runTest(TestSuite.java:232)
> at junit.framework.TestSuite.run(TestSuite.java:227)
> at
> org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:81)
> at
> org.apache.maven.surefire.junit4.JUnit4TestSet.execute(JUnit4TestSet.java:62)
> at
> org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.executeTestSet(AbstractDirectoryTestSuite.java:140)
> at
> org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.execute(AbstractDirectoryTestSuite.java:127)
> at org.apache.maven.surefire.Surefire.run(Surefire.java:177)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at
> org.apache.maven.surefire.booter.SurefireBooter.runSuitesInProcess(SurefireBooter.java:338)
> at
> org.apache.maven.surefire.booter.SurefireBooter.main(SurefireBooter.java:997)
> testWSS62(wssec.TestWSSecurityNewST2) Time elapsed: 0.011 sec <<< ERROR!
> org.apache.ws.security.WSSecurityException: General security error (No
> certificates were found for SAML signature)
> at
> org.apache.ws.security.saml.WSSecSignatureSAML.prepare(WSSecSignatureSAML.java:276)
> at
> org.apache.ws.security.saml.WSSecSignatureSAML.build(WSSecSignatureSAML.java:110)
> at wssec.TestWSSecurityNewST2.testWSS62(TestWSSecurityNewST2.java:241)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at junit.framework.TestCase.runTest(TestCase.java:168)
> at junit.framework.TestCase.runBare(TestCase.java:134)
> at junit.framework.TestResult$1.protect(TestResult.java:110)
> at junit.framework.TestResult.runProtected(TestResult.java:128)
> at junit.framework.TestResult.run(TestResult.java:113)
> at junit.framework.TestCase.run(TestCase.java:124)
> at junit.framework.TestSuite.runTest(TestSuite.java:232)
> at junit.framework.TestSuite.run(TestSuite.java:227)
> at
> org.junit.internal.runners.JUnit38ClassRunner.run(JUnit38ClassRunner.java:81)
> at
> org.apache.maven.surefire.junit4.JUnit4TestSet.execute(JUnit4TestSet.java:62)
> at
> org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.executeTestSet(AbstractDirectoryTestSuite.java:140)
> at
> org.apache.maven.surefire.suite.AbstractDirectoryTestSuite.execute(AbstractDirectoryTestSuite.java:127)
> at org.apache.maven.surefire.Surefire.run(Surefire.java:177)
> at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> at
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)
> at
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)
> at java.lang.reflect.Method.invoke(Method.java:585)
> at
> org.apache.maven.surefire.booter.SurefireBooter.runSuitesInProcess(SurefireBooter.java:338)
> at
> org.apache.maven.surefire.booter.SurefireBooter.main(SurefireBooter.java:997)
>
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscr...@ws.apache.org
For additional commands, e-mail: wss4j-dev-h...@ws.apache.org
