1   /**
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements. See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership. The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License. You may obtain a copy of the License at
9    *
10   * http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied. See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  
20  package org.apache.ws.security.saml.ext;
21  
22  import java.io.InputStream;
23  import java.security.KeyStore;
24  
25  import org.apache.ws.security.WSSConfig;
26  import org.apache.ws.security.common.SAML2CallbackHandler;
27  import org.apache.ws.security.components.crypto.Crypto;
28  import org.apache.ws.security.components.crypto.Merlin;
29  import org.apache.ws.security.saml.ext.builder.SAML2Constants;
30  import org.apache.ws.security.util.Loader;
31  import org.junit.Assert;
32  import org.opensaml.xml.signature.Signature;
33  import org.opensaml.xml.signature.SignatureConstants;
34  
35  /**
36   * A list of test-cases to test the functionality of signing with
37   * AssertionWrapper class implementation.
38   */
39  
40  public class AssertionSigningTest extends org.junit.Assert {
41  
42      private Crypto issuerCrypto = null;
43      // Default Canonicalization algorithm used by AssertionWrapper class.
44      private final String defaultCanonicalizationAlgorithm = SignatureConstants.ALGO_ID_C14N_EXCL_OMIT_COMMENTS;
45      // Default RSA Signature algorithm used by AssertionWrapper class.
46      private final String defaultRSASignatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_RSA_SHA1;
47      // Default DSA Signature algorithm used by AssertionWrapper class.
48      private final String defaultDSASignatureAlgorithm = SignatureConstants.ALGO_ID_SIGNATURE_DSA;
49      // Custom Signature algorithm
50      private final String customSignatureAlgorithm = "http://www.w3.org/2001/04/xmldsig-more#rsa-sha256";
51      // Custom Canonicalization algorithm
52      private final String customCanonicalizationAlgorithm = SignatureConstants.ALGO_ID_C14N_OMIT_COMMENTS;
53  
54      public AssertionSigningTest() throws Exception {
55          WSSConfig.init();
56          // Load the issuer keystore
57          issuerCrypto = new Merlin();
58          KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
59          ClassLoader loader = Loader.getClassLoader(AssertionSigningTest.class);
60          InputStream input = Merlin.loadInputStream(loader,
61                  "keys/client_keystore.jks");
62          keyStore.load(input, "password".toCharArray());
63          ((Merlin) issuerCrypto).setKeyStore(keyStore);
64      }
65  
66      /**
67       * Test that creates an AssertionWrapper object and signs using default
68       * signature and canonicalization algorithms. The defaults should match
69       * otherwise the test-case fails.
70       */
71      @org.junit.Test
72      public void testSigningWithDefaultAlgorithms() throws Exception {
73          SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
74          callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
75          callbackHandler
76                  .setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);
77          callbackHandler.setIssuer("www.example.com");
78          SAMLParms samlParms = new SAMLParms();
79          samlParms.setCallbackHandler(callbackHandler);
80          AssertionWrapper assertion = new AssertionWrapper(samlParms);
81          assertion.signAssertion("client_certchain", "password", issuerCrypto,
82                  false);
83          Signature signature = assertion.getSaml2().getSignature();
84          Assert.assertTrue(signature.getSignatureAlgorithm().equalsIgnoreCase(
85                  defaultRSASignatureAlgorithm)
86                  || signature.getSignatureAlgorithm().equalsIgnoreCase(
87                          defaultDSASignatureAlgorithm));
88          Assert.assertEquals(defaultCanonicalizationAlgorithm,
89                  signature.getCanonicalizationAlgorithm());
90      }
91  
92      /**
93       * Test that creates an AssertionWrapper object and signs using custom
94       * signature and canonicalization algorithms.
95       */
96      @org.junit.Test
97      public void testSigningWithCustomAlgorithms() throws Exception {
98          SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler();
99          callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN);
100         callbackHandler
101                 .setConfirmationMethod(SAML2Constants.CONF_SENDER_VOUCHES);
102         callbackHandler.setIssuer("www.example.com");
103         SAMLParms samlParms = new SAMLParms();
104         samlParms.setCallbackHandler(callbackHandler);
105         AssertionWrapper assertion = new AssertionWrapper(samlParms);
106         assertion.signAssertion("client_certchain", "password", issuerCrypto,
107                 false, customCanonicalizationAlgorithm,
108                 customSignatureAlgorithm);
109         Signature signature = assertion.getSaml2().getSignature();
110         Assert.assertEquals(customSignatureAlgorithm,
111                 signature.getSignatureAlgorithm());
112         Assert.assertEquals(customCanonicalizationAlgorithm,
113                 signature.getCanonicalizationAlgorithm());
114     }
115 }