1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20 package org.apache.wss4j.dom.saml;
21
22 import org.apache.wss4j.common.saml.SamlAssertionWrapper;
23 import org.apache.wss4j.common.util.SOAPUtil;
24 import org.apache.wss4j.dom.WSConstants;
25 import org.apache.wss4j.dom.common.KeystoreCallbackHandler;
26 import org.apache.wss4j.dom.common.SAML1CallbackHandler;
27 import org.apache.wss4j.dom.common.SAML2CallbackHandler;
28
29 import org.apache.wss4j.dom.engine.WSSConfig;
30 import org.apache.wss4j.dom.engine.WSSecurityEngine;
31 import org.apache.wss4j.dom.engine.WSSecurityEngineResult;
32 import org.apache.wss4j.dom.handler.RequestData;
33 import org.apache.wss4j.dom.handler.WSHandlerResult;
34 import org.apache.wss4j.common.crypto.Crypto;
35 import org.apache.wss4j.common.crypto.CryptoFactory;
36 import org.apache.wss4j.common.saml.SAMLCallback;
37 import org.apache.wss4j.common.saml.SAMLUtil;
38 import org.apache.wss4j.common.saml.builder.SAML1Constants;
39 import org.apache.wss4j.common.saml.builder.SAML2Constants;
40 import org.apache.wss4j.common.util.XMLUtils;
41 import org.apache.wss4j.dom.message.WSSecHeader;
42 import org.apache.wss4j.dom.message.WSSecSAMLToken;
43
44 import org.junit.jupiter.api.Test;
45 import org.w3c.dom.Document;
46
47 import static org.junit.jupiter.api.Assertions.assertNotNull;
48 import static org.junit.jupiter.api.Assertions.assertTrue;
49
50
51
52
53
54
55 public class SamlTokenHOKTest {
56 private static final org.slf4j.Logger LOG =
57 org.slf4j.LoggerFactory.getLogger(SamlTokenHOKTest.class);
58 private WSSecurityEngine secEngine = new WSSecurityEngine();
59 private Crypto crypto;
60
61 public SamlTokenHOKTest() throws Exception {
62 WSSConfig config = WSSConfig.getNewInstance();
63 secEngine.setWssConfig(config);
64
65 crypto = CryptoFactory.getInstance("crypto.properties");
66 }
67
68
69
70
71 @Test
72 public void testSAML1AuthnAssertion() throws Exception {
73 SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
74 callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN);
75 callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
76 callbackHandler.setIssuer("www.example.com");
77
78 SAMLCallback samlCallback = new SAMLCallback();
79 SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
80 SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
81
82 samlAssertion.signAssertion("16c73ab6-b892-458f-abf5-2f875f74882e", "security", crypto, false);
83
84 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
85 WSSecHeader secHeader = new WSSecHeader(doc);
86 secHeader.insertSecurityHeader();
87
88 WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
89
90 Document signedDoc = wsSign.build(samlAssertion);
91
92 if (LOG.isDebugEnabled()) {
93 LOG.debug("SAML 1.1 Authn Assertion (holder-of-key):");
94 String outputString =
95 XMLUtils.prettyDocumentToString(signedDoc);
96 LOG.debug(outputString);
97 }
98
99 WSHandlerResult results = verify(signedDoc);
100 WSSecurityEngineResult actionResult =
101 results.getActionResults().get(WSConstants.ST_SIGNED).get(0);
102 SamlAssertionWrapper receivedSamlAssertion =
103 (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
104 assertNotNull(receivedSamlAssertion);
105 assertTrue(receivedSamlAssertion.isSigned());
106 assertNotNull(receivedSamlAssertion.assertionToString());
107 }
108
109
110
111
112 @Test
113 public void testSAML1AttrAssertion() throws Exception {
114 SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler();
115 callbackHandler.setStatement(SAML1CallbackHandler.Statement.ATTR);
116 callbackHandler.setConfirmationMethod(SAML1Constants.CONF_HOLDER_KEY);
117 callbackHandler.setIssuer("www.example.com");
118
119 SAMLCallback samlCallback = new SAMLCallback();
120 SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
121 SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
122
123 samlAssertion.signAssertion("16c73ab6-b892-458f-abf5-2f875f74882e", "security", crypto, false);
124
125 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
126 WSSecHeader secHeader = new WSSecHeader(doc);
127 secHeader.insertSecurityHeader();
128
129 WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
130
131 Document signedDoc = wsSign.build(samlAssertion);
132
133 if (LOG.isDebugEnabled()) {
134 LOG.debug("SAML 1.1 Attr Assertion (holder-of-key):");
135 String outputString =
136 XMLUtils.prettyDocumentToString(signedDoc);
137 LOG.debug(outputString);
138 }
139
140 RequestData requestData = new RequestData();
141 requestData.setValidateSamlSubjectConfirmation(false);
142 requestData.setCallbackHandler(new KeystoreCallbackHandler());
143 Crypto decCrypto = CryptoFactory.getInstance("wss40.properties");
144 requestData.setDecCrypto(decCrypto);
145 requestData.setSigVerCrypto(crypto);
146
147 WSHandlerResult results = secEngine.processSecurityHeader(doc, requestData);
148 String outputString =
149 XMLUtils.prettyDocumentToString(doc);
150 assertTrue(outputString.indexOf("counter_port_type") > 0 ? true : false);
151
152 WSSecurityEngineResult actionResult =
153 results.getActionResults().get(WSConstants.ST_SIGNED).get(0);
154 SamlAssertionWrapper receivedSamlAssertion =
155 (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
156 assertNotNull(receivedSamlAssertion);
157 assertTrue(receivedSamlAssertion.isSigned());
158 }
159
160
161
162
163 @Test
164 public void testSAML2AuthnAssertion() throws Exception {
165 SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
166 callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
167 callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
168 callbackHandler.setIssuer("www.example.com");
169
170 SAMLCallback samlCallback = new SAMLCallback();
171 SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
172 SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
173
174 samlAssertion.signAssertion("16c73ab6-b892-458f-abf5-2f875f74882e", "security", crypto, false);
175
176 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
177 WSSecHeader secHeader = new WSSecHeader(doc);
178 secHeader.insertSecurityHeader();
179
180 WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
181
182 Document unsignedDoc = wsSign.build(samlAssertion);
183
184 if (LOG.isDebugEnabled()) {
185 LOG.debug("SAML 2 Authn Assertion (holder-of-key):");
186 String outputString =
187 XMLUtils.prettyDocumentToString(unsignedDoc);
188 LOG.debug(outputString);
189 }
190
191 WSHandlerResult results = verify(unsignedDoc);
192 WSSecurityEngineResult actionResult =
193 results.getActionResults().get(WSConstants.ST_SIGNED).get(0);
194 SamlAssertionWrapper receivedSamlAssertion =
195 (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
196 assertNotNull(receivedSamlAssertion);
197 assertTrue(receivedSamlAssertion.isSigned());
198 }
199
200
201
202
203 @Test
204 public void testSAML2AttrAssertion() throws Exception {
205 SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
206 callbackHandler.setStatement(SAML2CallbackHandler.Statement.ATTR);
207 callbackHandler.setConfirmationMethod(SAML2Constants.CONF_HOLDER_KEY);
208 callbackHandler.setIssuer("www.example.com");
209
210 SAMLCallback samlCallback = new SAMLCallback();
211 SAMLUtil.doSAMLCallback(callbackHandler, samlCallback);
212 SamlAssertionWrapper samlAssertion = new SamlAssertionWrapper(samlCallback);
213
214 samlAssertion.signAssertion("16c73ab6-b892-458f-abf5-2f875f74882e", "security", crypto, false);
215
216 Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG);
217 WSSecHeader secHeader = new WSSecHeader(doc);
218 secHeader.insertSecurityHeader();
219
220 WSSecSAMLToken wsSign = new WSSecSAMLToken(secHeader);
221
222 Document unsignedDoc = wsSign.build(samlAssertion);
223
224 if (LOG.isDebugEnabled()) {
225 LOG.debug("SAML 2 Attr Assertion (holder-of-key):");
226 String outputString =
227 XMLUtils.prettyDocumentToString(unsignedDoc);
228 LOG.debug(outputString);
229 }
230
231 RequestData requestData = new RequestData();
232 requestData.setValidateSamlSubjectConfirmation(false);
233 requestData.setCallbackHandler(new KeystoreCallbackHandler());
234 Crypto decCrypto = CryptoFactory.getInstance("wss40.properties");
235 requestData.setDecCrypto(decCrypto);
236 requestData.setSigVerCrypto(crypto);
237 WSHandlerResult results = secEngine.processSecurityHeader(doc, requestData);
238
239 String outputString =
240 XMLUtils.prettyDocumentToString(doc);
241 assertTrue(outputString.indexOf("counter_port_type") > 0 ? true : false);
242
243 WSSecurityEngineResult actionResult =
244 results.getActionResults().get(WSConstants.ST_SIGNED).get(0);
245 SamlAssertionWrapper receivedSamlAssertion =
246 (SamlAssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION);
247 assertNotNull(receivedSamlAssertion);
248 }
249
250
251
252
253
254
255
256
257 private WSHandlerResult verify(Document doc) throws Exception {
258 RequestData requestData = new RequestData();
259 requestData.setDecCrypto(crypto);
260 requestData.setSigVerCrypto(crypto);
261 requestData.setValidateSamlSubjectConfirmation(false);
262
263 WSHandlerResult results = secEngine.processSecurityHeader(doc, requestData);
264
265 String outputString =
266 XMLUtils.prettyDocumentToString(doc);
267 assertTrue(outputString.indexOf("counter_port_type") > 0 ? true : false);
268 return results;
269 }
270
271 }