This is an automated email from the ASF dual-hosted git repository. coheigea pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/cxf-fediz.git
The following commit(s) were added to refs/heads/master by this push: new bf4c233 Adding RSA SHA256 unit test bf4c233 is described below commit bf4c2334b4e87c0e6b3313bacc2216908f58465a Author: Colm O hEigeartaigh <cohei...@apache.org> AuthorDate: Thu Jun 18 08:02:14 2020 +0100 Adding RSA SHA256 unit test --- .../cxf/fediz/core/samlsso/SAMLRequestTest.java | 29 ++++++++++++++++++ .../src/test/resources/fediz_test_config_saml.xml | 34 ++++++++++++++++++++-- 2 files changed, 61 insertions(+), 2 deletions(-) diff --git a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java index 34a3ddb..8910070 100644 --- a/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java +++ b/plugins/core/src/test/java/org/apache/cxf/fediz/core/samlsso/SAMLRequestTest.java @@ -42,6 +42,7 @@ import org.apache.cxf.fediz.core.processor.RedirectionResponse; import org.apache.cxf.fediz.core.processor.SAMLProcessorImpl; import org.apache.cxf.fediz.core.util.DOMUtils; import org.apache.wss4j.common.saml.OpenSAMLUtil; +import org.apache.wss4j.dom.WSConstants; import org.opensaml.saml.saml2.core.AuthnRequest; import org.opensaml.saml.saml2.core.LogoutRequest; @@ -201,6 +202,34 @@ public class SAMLRequestTest { String signature = redirectionURL.substring(redirectionURL.indexOf("Signature=") + "Signature=".length()); Assert.assertTrue(signature != null && signature.length() > 0); + String signatureAlg = + redirectionURL.substring(redirectionURL.indexOf("SigAlg=") + "SigAlg=".length(), + redirectionURL.indexOf('&', redirectionURL.indexOf("SigAlg="))); + Assert.assertEquals(WSConstants.RSA_SHA1, URLDecoder.decode(signatureAlg, "UTF-8")); + } + + @org.junit.Test + public void testSignedSAMLAuthnRequestSHA256() throws Exception { + // Mock up a Request + FedizContext config = getFederationConfigurator().getFedizContext("SIGNED_ROOT_SHA256"); + + HttpServletRequest req = EasyMock.createMock(HttpServletRequest.class); + EasyMock.expect(req.getRequestURL()).andReturn(new StringBuffer(TEST_REQUEST_URL)).times(1, 2); + EasyMock.expect(req.getContextPath()).andReturn(TEST_REQUEST_URI); + EasyMock.expect(req.getRequestURI()).andReturn(TEST_REQUEST_URI).times(1, 2); + EasyMock.replay(req); + + FedizProcessor wfProc = new SAMLProcessorImpl(); + RedirectionResponse response = wfProc.createSignInRequest(req, config); + + String redirectionURL = response.getRedirectionURL(); + String signature = + redirectionURL.substring(redirectionURL.indexOf("Signature=") + "Signature=".length()); + Assert.assertTrue(signature != null && signature.length() > 0); + String signatureAlg = + redirectionURL.substring(redirectionURL.indexOf("SigAlg=") + "SigAlg=".length(), + redirectionURL.indexOf('&', redirectionURL.indexOf("SigAlg="))); + Assert.assertEquals(WSConstants.RSA_SHA256, URLDecoder.decode(signatureAlg, "UTF-8")); } @org.junit.Test diff --git a/plugins/core/src/test/resources/fediz_test_config_saml.xml b/plugins/core/src/test/resources/fediz_test_config_saml.xml index 69bbd32..37166c5 100644 --- a/plugins/core/src/test/resources/fediz_test_config_saml.xml +++ b/plugins/core/src/test/resources/fediz_test_config_saml.xml @@ -213,8 +213,38 @@ <claimType type="a particular claim type" optional="true" /> </claimTypesRequested> </protocol> - </contextConfig> - + </contextConfig> + + <contextConfig name="SIGNED_ROOT_SHA256"> + <audienceUris> + <audienceItem>http://host_one:port/url</audienceItem> + </audienceUris> + <certificateStores> + <trustManager> + <keyStore file="ststrust.jks" password="storepass" + type="JKS" /> + </trustManager> + </certificateStores> + <signingKey keyPassword="stskpass" keyAlias="mystskey"> + <keyStore file="stsstore.jks" password="stsspass" type="JKS" /> + </signingKey> + <trustedIssuers> + <issuer certificateValidation="PeerTrust" /> + </trustedIssuers> + + <maximumClockSkew>1000</maximumClockSkew> + <protocol xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:type="samlProtocolType" version="1.2"> + <signRequest algorithm="RSA_SHA256">true</signRequest> + <issuer>http://url_to_the_issuer</issuer> + <roleDelimiter>;</roleDelimiter> + <roleURI>http://schemas.xmlsoap.org/ws/2005/05/identity/claims/role</roleURI> + <claimTypesRequested> + <claimType type="a particular claim type" optional="true" /> + </claimTypesRequested> + </protocol> + </contextConfig> + <contextConfig name="CLIENT_TRUST"> <audienceUris> <audienceItem>http://host_one:port/url</audienceItem>