This is an automated email from the ASF dual-hosted git repository.
coheigea pushed a commit to branch coheigea/saml-refactor-new
in repository https://gitbox.apache.org/repos/asf/ws-wss4j.git
The following commit(s) were added to refs/heads/coheigea/saml-refactor-new by
this push:
new 5119dedfe Fixing TODO in SignatureSTRParser
5119dedfe is described below
commit 5119dedfe68e4f3c89982ef586c92d320027c459
Author: Colm O hEigeartaigh <[email protected]>
AuthorDate: Fri Jul 4 11:51:21 2025 +0100
Fixing TODO in SignatureSTRParser
---
.../apache/wss4j/dom/str/SignatureSTRParser.java | 37 ++++++----------------
1 file changed, 9 insertions(+), 28 deletions(-)
diff --git
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
index e6defc5c1..1f40a61d5 100644
---
a/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
+++
b/ws-security-dom/src/main/java/org/apache/wss4j/dom/str/SignatureSTRParser.java
@@ -97,26 +97,6 @@ public class SignatureSTRParser implements STRParser {
return processSTR(secRef, uri, parameters);
}
- /**
- * A method to create a Principal from a SAML Assertion
- * @param samlAssertion An SamlAssertionWrapper object
- * @return A principal
- private Principal createPrincipalFromSAML(
- SamlAssertionWrapper samlAssertion, STRParserResult parserResult
- ) throws WSSecurityException {
- SAMLTokenPrincipalImpl samlPrincipal = new
SAMLTokenPrincipalImpl(samlAssertion);
- String confirmMethod = null;
- List<String> methods = samlAssertion.getConfirmationMethods();
- if (methods != null && !methods.isEmpty()) {
- confirmMethod = methods.get(0);
- }
- if (OpenSAMLUtil.isMethodHolderOfKey(confirmMethod) &&
samlAssertion.isSigned()) {
- parserResult.setTrustedCredential(true);
- }
- return samlPrincipal;
- }
- */
-
/**
* Parse the KeyIdentifier for a SAML Assertion
*/
@@ -395,20 +375,21 @@ public class SignatureSTRParser implements STRParser {
} else {
Optional<SAMLKeyInfoProcessor> keyInfoProcessor =
data.getWssConfig().getSAMLKeyInfoProcessor();
if (keyInfoProcessor.isPresent()) {
- /*TODO revisit SamlAssertionWrapper samlAssertion
= new SamlAssertionWrapper(processedToken);
- samlAssertion.parseSubject(
- keyInfoProcessor.get(), data,
data.getSigVerCrypto()
- );
- STRParserUtil.checkSamlTokenBSPCompliance(secRef,
samlAssertion.getSaml2() != null, data.getBSPEnforcer());
+ SAMLKeyInfo keyInfo =
keyInfoProcessor.get().processSAMLKeyInfoFromAssertionElement(processedToken,
data,
+ data.getSigVerCrypto());
+
+ boolean saml2Token =
"urn:oasis:names:tc:SAML:2.0:assertion".equals(processedToken.getNamespaceURI());
+ STRParserUtil.checkSamlTokenBSPCompliance(secRef,
saml2Token, data.getBSPEnforcer());
- SAMLKeyInfo keyInfo =
samlAssertion.getSubjectKeyInfo();
X509Certificate[] foundCerts = keyInfo.getCerts();
if (foundCerts != null && foundCerts.length > 0) {
parserResult.setCerts(new
X509Certificate[]{foundCerts[0]});
}
secretKey = keyInfo.getSecret();
- principal = createPrincipalFromSAML(samlAssertion,
parserResult);
- */
+ if (keyInfo.isHolderOfKey() &&
keyInfo.isAssertionSigned()) {
+ parserResult.setTrustedCredential(true);
+ }
+ principal = keyInfo.getSamlPrincipal();
}
}
} else if (el.equals(WSConstants.ENCRYPTED_KEY)) {
