SAML element EncryptionMethod can consist any element

closes #12585

Signed-off-by: cgeorgilakis-grnet <cgeorgilakis@admin.grnet.gr>
This commit is contained in:
Konstantinos Georgilakis 2022-06-20 11:23:33 +03:00 committed by Marek Posolda
parent e9498079e0
commit a40a953644
4 changed files with 80 additions and 10 deletions

View file

@ -17,6 +17,8 @@
package org.keycloak.dom.xmlsec.w3.xmlenc;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.List;
/**
* <p>
@ -51,6 +53,8 @@ public class EncryptionMethodType {
protected BigInteger keySize;
protected byte[] OAEPparams;
protected List<Object> any = new ArrayList<>();
public EncryptionMethod(BigInteger bigInteger, byte[] oAEPparams) {
this.keySize = bigInteger;
OAEPparams = oAEPparams;
@ -76,6 +80,14 @@ public class EncryptionMethodType {
public void setOAEPparams(byte[] OAEPparams) {
this.OAEPparams = OAEPparams;
}
public List<Object> getAny() {
return any;
}
public void addAny(Object e) {
this.any.add(e);
}
}
public EncryptionMethodType(String algo) {
@ -98,4 +110,5 @@ public class EncryptionMethodType {
public String getAlgorithm() {
return algorithm;
}
}

View file

@ -64,7 +64,15 @@ public class SAMLEncryptionMethodParser extends AbstractStaxSamlMetadataParser<E
break;
default:
throw LOGGER.parserUnknownTag(StaxParserUtil.getElementName(elementDetail), elementDetail.getLocation());
{
EncryptionMethodType.EncryptionMethod encMethod = target.getEncryptionMethod();
if (encMethod == null) {
encMethod = new EncryptionMethodType.EncryptionMethod();
target.setEncryptionMethod(encMethod);
}
encMethod.addAny(StaxParserUtil.getDOMElement(xmlEventReader));
}
}
}
}

View file

@ -718,16 +718,32 @@ public class IdentityProviderTest extends AbstractAdminTest {
@Test
public void testSamlImportAndExport() throws URISyntaxException, IOException, ParsingException {
testSamlImport("saml-idp-metadata.xml");
// Perform export, and make sure some of the values are like they're supposed to be
Response response = realm.identityProviders().get("saml").export("xml");
Assert.assertEquals(200, response.getStatus());
String body = response.readEntity(String.class);
response.close();
assertSamlExport(body);
}
@Test
public void testSamlImportWithAnyEncryptionMethod() throws URISyntaxException, IOException, ParsingException {
testSamlImport("saml-idp-metadata-encryption-methods.xml");
}
private void testSamlImport(String fileName) throws URISyntaxException, IOException, ParsingException {
// Use import-config to convert IDPSSODescriptor file into key value pairs
// to use when creating a SAML Identity Provider
MultipartFormDataOutput form = new MultipartFormDataOutput();
form.addFormData("providerId", "saml", MediaType.TEXT_PLAIN_TYPE);
URL idpMeta = getClass().getClassLoader().getResource("admin-test/saml-idp-metadata.xml");
URL idpMeta = getClass().getClassLoader().getResource("admin-test/"+fileName);
byte [] content = Files.readAllBytes(Paths.get(idpMeta.toURI()));
String body = new String(content, Charset.forName("utf-8"));
form.addFormData("file", body, MediaType.APPLICATION_XML_TYPE, "saml-idp-metadata.xml");
form.addFormData("file", body, MediaType.APPLICATION_XML_TYPE, fileName);
Map<String, String> result = realm.identityProviders().importFrom(form);
assertSamlImport(result, SIGNING_CERT_1,true);
@ -745,13 +761,6 @@ public class IdentityProviderTest extends AbstractAdminTest {
Assert.assertEquals("identityProviders instance count", 1, providers.size());
assertEqual(rep, providers.get(0));
// Perform export, and make sure some of the values are like they're supposed to be
Response response = realm.identityProviders().get("saml").export("xml");
Assert.assertEquals(200, response.getStatus());
body = response.readEntity(String.class);
response.close();
assertSamlExport(body);
}
@Test

View file

@ -0,0 +1,40 @@
<?xml version="1.0" encoding="UTF-8"?>
<EntityDescriptor entityID="http://localhost:8080/auth/realms/master"
xmlns="urn:oasis:names:tc:SAML:2.0:metadata"
xmlns:mdattr="urn:oasis:names:tc:SAML:metadata:attribute"
xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
xmlns:dsig="http://www.w3.org/2000/09/xmldsig#"
xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
>
<Extensions>
<mdattr:EntityAttributes>
<saml:Attribute Name="http://macedir.org/entity-category" NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri">
<saml:AttributeValue>http://refeds.org/category/hide-from-discovery</saml:AttributeValue>
</saml:Attribute>
</mdattr:EntityAttributes>
</Extensions>
<IDPSSODescriptor WantAuthnRequestsSigned="true"
protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol">
<KeyDescriptor use="signing">
<dsig:KeyInfo xmlns:dsig="http://www.w3.org/2000/09/xmldsig#">
<dsig:X509Data>
<dsig:X509Certificate>
MIICmzCCAYMCBgFUYnC0OjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMTYwNDI5MTQzMjEzWhcNMjYwNDI5MTQzMzUzWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN25AW1poMEZRbuMAHG58AThZmCwMV6/Gcui4mjGacRFyudgqzLjQ2rxpoW41JAtLjbjeAhuWvirUcFVcOeS3gM/ZC27qCpYighAcylZz6MYocnEe1+e8rPPk4JlID6Wv62dgu+pL/vYsQpRhvD3Y2c/ytgr5D32xF+KnzDehUy5BSyzypvu12Wq9mS5vK5tzkN37EjkhpY2ZxaXPubjDIITCAL4Q8M/m5IlacBaUZbzI4AQrHnMP1O1IH2dHSWuMiBe+xSDTco72PmuYPJKTV4wQdeBUIkYbfLc4RxVmXEvgkQgyW86EoMPxlWJpj7+mTIR+l+2thZPr/VgwTs82rAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAA/Ip/Hi8RoVu5ouaFFlc5whT7ltuK8slfLGW4tM4vJXhInYwsqIRQKBNDYW/64xle3eII4u1yAH1OYRRwEs7Em1pr4QuFuTY1at+aE0sE46XDlyESI0txJjWxYoT133vM0We2pj1b2nxgU30rwjKA3whnKEfTEYT/n3JBSqNggy6l8ZGw/oPSgvPaR4+xeB1tfQFC4VrLoYKoqH6hAL530nKxL+qV8AIfL64NDEE8ankIAEDAAFe8x3CPUfXR/p4KOANKkpz8ieQaHDb1eITkAwUwjESj6UF9D1aePlhWls/HX0gujFXtWfWfrJ8CU/ogwlH8y1jgRuLjFQYZk6llc=
</dsig:X509Certificate>
</dsig:X509Data>
</dsig:KeyInfo>
<md:EncryptionMethod Algorithm="http://www.w3.org/2009/xmlenc11#rsa-oaep">
<dsig:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
</md:EncryptionMethod>
</KeyDescriptor>
<SingleLogoutService
Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://localhost:8080/auth/realms/master/protocol/saml" />
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:persistent</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:2.0:nameid-format:transient</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified</NameIDFormat>
<NameIDFormat>urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress</NameIDFormat>
<SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
Location="http://localhost:8080/auth/realms/master/protocol/saml" />
</IDPSSODescriptor>
</EntityDescriptor>