projects / java-idp.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: e2dd614)
Added unit tests for new ARP Constraint functionality.
authorwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 6 Jul 2006 22:07:40 +0000 (22:07 +0000)
committerwassa <wassa@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 6 Jul 2006 22:07:40 +0000 (22:07 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@1957 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

data/idp/blackbox/aa/response09.txt [new file with mode: 0644] patch | blob
data/idp/blackbox/conf/constraints/idp.xml [new file with mode: 0644] patch | blob
data/idp/blackbox/conf/constraints/metadata.xml [new file with mode: 0644] patch | blob
data/idp/blackbox/conf/constraints/resolver.xml [new file with mode: 0644] patch | blob
data/idp/blackbox/conf/constraints/schemas.properties [new file with mode: 0644] patch | blob
data/idp/blackbox/conf/constraints/server.crt [new file with mode: 0644] patch | blob
data/idp/blackbox/conf/constraints/server.key [new file with mode: 0644] patch | blob

diff --git a/data/idp/blackbox/aa/response09.txt b/data/idp/blackbox/aa/response09.txt
new file mode 100644 (file)
index 0000000..57a9dd0
--- /dev/null
+++ b/data/idp/blackbox/aa/response09.txt
@@ -0,0 +1,29 @@
+<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"><soap:Body>
+    <Response xmlns="urn:oasis:names:tc:SAML:1.0:protocol" xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" InResponseTo="d206a5ba1d50c3afd855dea0b0106cb6" IssueInstant="[^"]+" MajorVersion="1" MinorVersion="1" ResponseID="[^"]+">
+        <Status>
+            <StatusCode Value="samlp:Success"></StatusCode>
+        </Status>
+        <Assertion xmlns="urn:oasis:names:tc:SAML:1.0:assertion" AssertionID="[^"]+" IssueInstant="[^"]+" Issuer="urn:x-shibtest:IdP" MajorVersion="1" MinorVersion="1">
+            <Conditions NotBefore="[^"]+" NotOnOrAfter="[^"]+">
+                <AudienceRestrictionCondition>
+                    <Audience>urn:x-shibtest:SP</Audience>
+                    <Audience>urn:x-shibtest:IdP:defaultRelyingParty</Audience>
+                </AudienceRestrictionCondition>
+            </Conditions>
+            <AttributeStatement>
+                <Subject>
+                    <NameIdentifier Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified" NameQualifier="urn:x-shibtest:IdP">test-handle</NameIdentifier>
+                </Subject>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonEntitlement" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>urn:mace:example.edu:exampleEntitlement</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue Scope="example.org">member</AttributeValue>
+                </Attribute>
+                <Attribute AttributeName="urn:mace:dir:attribute-def:eduPersonAffiliation" AttributeNamespace="urn:mace:shibboleth:1.0:attributeNamespace:uri">
+                    <AttributeValue>member</AttributeValue>
+                </Attribute>
+            </AttributeStatement>
+        </Assertion>
+    </Response>
+</soap:Body></soap:Envelope>
diff --git a/data/idp/blackbox/conf/constraints/idp.xml b/data/idp/blackbox/conf/constraints/idp.xml
new file mode 100644 (file)
index 0000000..ced07f6
--- /dev/null
+++ b/data/idp/blackbox/conf/constraints/idp.xml
@@ -0,0 +1,64 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<IdPConfig
+    xmlns="urn:mace:shibboleth:idp:config:1.0"
+    xmlns:cred="urn:mace:shibboleth:credentials:1.0"
+    xmlns:name="urn:mace:shibboleth:namemapper:1.0"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:schemaLocation="urn:mace:shibboleth:idp:config:1.0 shibboleth-idpconfig-1.0.xsd"
+    AAUrl="https://idp.example.org/shibboleth-idp/AA"
+    resolverConfig="$IDP_HOME$/etc/resolver.xml"
+    defaultRelyingParty="urn:x-shibtest:IdP:defaultRelyingParty"
+    providerId="urn:x-shibtest:IdP">
+
+    <RelyingParty name="urn:x-shibtest:IdP:defaultRelyingParty" signingCredential="test_cred">
+        <NameID nameMapping="shm"/>
+    </RelyingParty>
+    
+    <ReleasePolicyEngine>
+        <ArpRepository implementation="edu.internet2.middleware.shibboleth.aa.arp.provider.FileSystemArpRepository">
+            <Path>$IDP_HOME$/etc/arps/</Path>
+        </ArpRepository>
+    </ReleasePolicyEngine>
+
+    <Logging>
+        <ErrorLog level="DEBUG" location="$IDP_HOME$/logs/shib-error.log" />
+        <TransactionLog location="$IDP_HOME$/logs/shib-access.log" />
+    </Logging>
+
+    <NameMapping
+        xmlns="urn:mace:shibboleth:namemapper:1.0"
+        id="shm"
+        format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified"
+        type="Principal"
+        handleTTL="1800"/>
+    
+    <ArtifactMapper implementation="edu.internet2.middleware.shibboleth.artifact.provider.MemoryArtifactMapper" />
+
+    <Credentials xmlns="urn:mace:shibboleth:credentials:1.0">
+        <FileResolver Id="test_cred">
+            <Key format="PEM">
+                <Path>$IDP_HOME$/etc/server.key</Path>
+            </Key>
+            <Certificate format="PEM">
+                <Path>$IDP_HOME$/etc/server.crt</Path>
+            </Certificate>
+        </FileResolver>
+    </Credentials>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.ShibbolethV1SSOHandler">
+        <Location>https://idp.example.org/shibboleth-idp/SSO</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_AttributeQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/AA</Location>
+    </ProtocolHandler>
+    
+    <ProtocolHandler implementation="edu.internet2.middleware.shibboleth.idp.provider.SAMLv1_1ArtifactQueryHandler">
+        <Location>https://idp.example.org/shibboleth-idp/Artifact</Location>
+    </ProtocolHandler>
+    
+    <MetadataProvider type="edu.internet2.middleware.shibboleth.metadata.provider.XMLMetadata"
+        uri="$IDP_HOME$/etc/metadata.xml"/>
+
+</IdPConfig>
diff --git a/data/idp/blackbox/conf/constraints/metadata.xml b/data/idp/blackbox/conf/constraints/metadata.xml
new file mode 100644 (file)
index 0000000..1ed7d58
--- /dev/null
+++ b/data/idp/blackbox/conf/constraints/metadata.xml
@@ -0,0 +1,88 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<EntitiesDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" 
+       xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" 
+       xsi:schemaLocation="urn:oasis:names:tc:SAML:2.0:metadata ../schemas/sstc-saml-schema-metadata-2.0.xsd urn:mace:shibboleth:metadata:1.0 ../schemas/shibboleth-metadata-1.0.xsd" 
+       Name="urn-x:testFed1" validUntil="3010-01-01T00:00:00Z">
+    <EntitiesDescriptor Name="urn:x-shibtest:federation" validUntil="3010-01-01T00:00:00Z">
+           <Extensions>
+                       <KeyAuthority xmlns="urn:mace:shibboleth:metadata:1.0">
+                       <!-- HEPKI Master Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                    <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlQwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMTYzOVoXDTI5MTExNjIyMTYzOVowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBNYXN0ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQDJ3FDZym9Ja94DP7TUZXf3Vu3CZwqZzYThgjUT2eBJBYVALISSJ+RjJ2j2
+CYpq3wesSgWHqfrpPnTgTBvn5ZZF9diX6ipAmC0H75nySDY8B5AN1RbmPsAZ51F9
+7Eo+6JZ59BFYgowGXyQpMfhBykBSySnvnOX5ygTCz20LwKkErQIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQB1
+8ZXB+KeXbDVkz+b2xVXYmJiWrp73IOvi3DuIuX1n88tbIH0ts7dJLEqr+c0owgtu
+QBqLb9DfPG2GkJ1uOK75wPY6XWusCKDJKMVY/N4ec9ew55MnDlFFvl4C+LkiS2YS
+Ysrh7fFJKKp7Pkc1fxsusK+MBXjVZtq0baXsU637qw==
+                                               </ds:X509Certificate>
+                    </ds:X509Data>
+                           </ds:KeyInfo>
+
+                               <!-- HEPKI Server Test CA -->
+                               <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                                       <ds:X509Data>
+                                               <ds:X509Certificate>
+MIIC6zCCAlSgAwIBAgICAlYwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBNYXN0ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTAyMDYzMDIyMzIxNFoXDTI3MDIyMDIyMzIxNFowgakx
+CzAJBgNVBAYTAlVTMRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlz
+b24xIDAeBgNVBAoTF1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJE
+aXZpc2lvbiBvZiBJbmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBL
+SSBTZXJ2ZXIgQ0EgLS0gMjAwMjA3MDFBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
+iQKBgQCvImusW7uaRS7xLsi2ZzZuUz6gbfATwxwvtQ+8cuyDpRlhvr1qnghC9Enj
+RH9qpq/Z5FVZ5bqyGziCy0kEPt+2WiZMGRiQEzloi5HNEtz1Nlc7FCJ0HATxtkEU
+hQ96v2DmoIEogPINqLICIqfiraPWFHOp6qDritrdj/fwLptQawIDAQABoyAwHjAP
+BgNVHRMBAf8EBTADAQH/MAsGA1UdDwQEAwIBpjANBgkqhkiG9w0BAQQFAAOBgQAt
+txlP3fTyIVMAIm8ddE8Bvk0/5Bhn5KvMAOMtnlCEArcFd4/m+pU4vEDwK6JSIoKf
+N/ySLXlu5ItApeJMWhcqvrczq5BF4/WQZukC1ha6FS2cAmjy35jYWMfVWcdBi9Yi
+M4SJ6gjGf83y9axPpuHcjwxQ5fLqZfnvrWH+1owJhQ==
+                                               </ds:X509Certificate>
+                                       </ds:X509Data>
+                               </ds:KeyInfo>
+                   </KeyAuthority>
+           </Extensions>
+               <EntityDescriptor entityID="urn:x-shibtest:SP">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="1" 
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+               <EntityDescriptor entityID="urn:x-shibtest:SP2">
+            <SPSSODescriptor 
+                protocolSupportEnumeration="urn:oasis:names:tc:SAML:1.1:protocol">
+                <KeyDescriptor>
+                    <ds:KeyInfo xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+                        <ds:KeyName>sp.example.org</ds:KeyName>
+                    </ds:KeyInfo>
+                </KeyDescriptor>
+                <NameIDFormat>urn:mace:shibboleth:1.0:nameIdentifier</NameIDFormat>
+                <AssertionConsumerService index="1" 
+                    Binding="urn:oasis:names:tc:SAML:1.0:profiles:artifact-01" 
+                                       Location="https://sp.example.org/Shibboleth.sso/SAML/Artifact"/>
+            </SPSSODescriptor>
+        </EntityDescriptor>
+       </EntitiesDescriptor>
+
+</EntitiesDescriptor>
diff --git a/data/idp/blackbox/conf/constraints/resolver.xml b/data/idp/blackbox/conf/constraints/resolver.xml
new file mode 100644 (file)
index 0000000..f0fbd84
--- /dev/null
+++ b/data/idp/blackbox/conf/constraints/resolver.xml
@@ -0,0 +1,21 @@
+<AttributeResolver xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns="urn:mace:shibboleth:resolver:1.0" xsi:schemaLocation="urn:mace:shibboleth:resolver:1.0 shibboleth-resolver-1.0.xsd">
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonPrincipalName">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonEntitlement">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+       <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonAffiliation">
+               <DataConnectorDependency requires="echo"/>
+       </SimpleAttributeDefinition>
+       
+    <SimpleAttributeDefinition id="urn:mace:dir:attribute-def:eduPersonScopedAffiliation" smartScope="example.org">
+        <AttributeDependency requires="urn:mace:dir:attribute-def:eduPersonAffiliation"/>
+       </SimpleAttributeDefinition>
+       
+       <CustomDataConnector id="echo" class="edu.internet2.middleware.shibboleth.aa.attrresolv.provider.SampleConnector"/>
+
+</AttributeResolver>
diff --git a/data/idp/blackbox/conf/constraints/schemas.properties b/data/idp/blackbox/conf/constraints/schemas.properties
new file mode 100644 (file)
index 0000000..b214a90
--- /dev/null
+++ b/data/idp/blackbox/conf/constraints/schemas.properties
@@ -0,0 +1,4 @@
+urn\:mace\:shibboleth\:1\.0=shibboleth.xsd
+http\://www.w3.org/XML/1998/namespace=xml.xsd
+http\://www.w3.org/2000/09/xmldsig#=xmldsig-core-schema.xsd
+http\://shibboleth.internet2.edu/wayf/alpha-2/wayfconfig.xsd=wayfconfig.xsd
diff --git a/data/idp/blackbox/conf/constraints/server.crt b/data/idp/blackbox/conf/constraints/server.crt
new file mode 100644 (file)
index 0000000..ffb750d
--- /dev/null
+++ b/data/idp/blackbox/conf/constraints/server.crt
@@ -0,0 +1,16 @@
+-----BEGIN CERTIFICATE-----
+MIICkTCCAfqgAwIBAgICBiEwDQYJKoZIhvcNAQEEBQAwgakxCzAJBgNVBAYTAlVT
+MRIwEAYDVQQIEwlXaXNjb25zaW4xEDAOBgNVBAcTB01hZGlzb24xIDAeBgNVBAoT
+F1VuaXZlcnNpdHkgb2YgV2lzY29uc2luMSswKQYDVQQLEyJEaXZpc2lvbiBvZiBJ
+bmZvcm1hdGlvbiBUZWNobm9sb2d5MSUwIwYDVQQDExxIRVBLSSBTZXJ2ZXIgQ0Eg
+LS0gMjAwMjA3MDFBMB4XDTA1MTAxMjE1MjgzNVoXDTA5MTEyMTE1MjgzNVowUzEL
+MAkGA1UEBhMCVVMxHTAbBgNVBAoTFEV4YW1wbGUgT3JnYW5pemF0aW9uMQswCQYD
+VQQLEwJJVDEYMBYGA1UEAxMPaWRwLmV4YW1wbGUub3JnMIGfMA0GCSqGSIb3DQEB
+AQUAA4GNADCBiQKBgQDjrZ1TBL90vTS9DM0kV8ZBxyXSK0chXE1b0TC+Y3Cid6qK
+boRFjlTineBSOQuMj1RbJEP0+Jb/sPJdM3pMVIyGbllohbAWcXu5JxXAWQeP2+vv
+vzSsihiioVVa6751PiMCsJG/ATVmgkfigJ4DeaNs7vBvWLqypNU8lhc9q4XTfwID
+AQABox0wGzAMBgNVHRMBAf8EAjAAMAsGA1UdDwQEAwIFoDANBgkqhkiG9w0BAQQF
+AAOBgQBqVpKi7Lb/jMJj3m17779sXg3F6tp21A1gyjEpCb/tL3fDMZ/ReG5EBYO4
+/kHRtMxLriPFDBlwZ5mQgectt2r74Hidu1dh0mA8T10RxyK4tJG/gWCZVH/ymQAq
+vNQdVlEPKxZjz0Li0ZW5AuiXEpEdQml0AhPjs9md/ISM8B6iYQ==
+-----END CERTIFICATE-----
diff --git a/data/idp/blackbox/conf/constraints/server.key b/data/idp/blackbox/conf/constraints/server.key
new file mode 100644 (file)
index 0000000..1b2b1bb
--- /dev/null
+++ b/data/idp/blackbox/conf/constraints/server.key
@@ -0,0 +1,15 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIICXgIBAAKBgQDjrZ1TBL90vTS9DM0kV8ZBxyXSK0chXE1b0TC+Y3Cid6qKboRF
+jlTineBSOQuMj1RbJEP0+Jb/sPJdM3pMVIyGbllohbAWcXu5JxXAWQeP2+vvvzSs
+ihiioVVa6751PiMCsJG/ATVmgkfigJ4DeaNs7vBvWLqypNU8lhc9q4XTfwIDAQAB
+AoGANcnfgCx/+tl0azFqCar++K1O3x9AV75RvF5okKI3ivqQfNHtR+1/WmaIB4TY
+mKWH/VxM/cP5EIFCUQiHXR8gb3PhHA3LxtqZvlqqnrdWXZtjKGNusu6yfHcXUkkT
+XQsvouAK9siUzEvq8A+SYfqP+qR9T3QoZW5i9GDVFST7K6kCQQD5rtgjmvD9VQZg
+VZUQQsjGwawq5/9yPPUDyoExpZpwS4jn5L3n247IWRUpcRoLaiik3IhGitxP7qPG
+1hT+TuOtAkEA6XA/rlMsD6meDVo2ZV8gPVBtw9WGMrPtWG7E4x/YwuKAyH8f5LI8
+o71uYDZcPtIW7Zo2HRXeYy4UE3efhhsZWwJBAOlFNkAFqTM1tbBZJNw9WPGAzkaD
+27+yPcNd9dgZfTF/EJh+uAIfucVqnP/L4GZbtz9XnqYxY+X18eN57cEumT0CQQDR
+4T0wE9F6p4rWAHUFwXgwCF8YAqNsdL8Bkl3swtZVqeYV3c4kBWhl40wYrudTB/rb
+V5otnlrbGzOrqRLBNR4fAkEA5Z26if1bsAVB1R4xxqzpBnXTr+41fOFoQbKwESM3
+3QUHqNwuH+5f/vM7LVgVuug3lQDgLeewOIPNX3wmo759oQ==
+-----END RSA PRIVATE KEY-----
Shibboleth 2 Java IdP