From a40a9536444ecdc8ce8ff86a1c7e36df99517beb Mon Sep 17 00:00:00 2001 From: Konstantinos Georgilakis Date: Mon, 20 Jun 2022 11:23:33 +0300 Subject: [PATCH] SAML element EncryptionMethod can consist any element closes #12585 Signed-off-by: cgeorgilakis-grnet --- .../w3/xmlenc/EncryptionMethodType.java | 13 ++++++ .../metadata/SAMLEncryptionMethodParser.java | 10 ++++- .../testsuite/admin/IdentityProviderTest.java | 27 ++++++++----- .../saml-idp-metadata-encryption-methods.xml | 40 +++++++++++++++++++ 4 files changed, 80 insertions(+), 10 deletions(-) create mode 100644 testsuite/integration-arquillian/tests/base/src/test/resources/admin-test/saml-idp-metadata-encryption-methods.xml diff --git a/saml-core-api/src/main/java/org/keycloak/dom/xmlsec/w3/xmlenc/EncryptionMethodType.java b/saml-core-api/src/main/java/org/keycloak/dom/xmlsec/w3/xmlenc/EncryptionMethodType.java index 2d3e82b8aa..c6cd49f8a1 100755 --- a/saml-core-api/src/main/java/org/keycloak/dom/xmlsec/w3/xmlenc/EncryptionMethodType.java +++ b/saml-core-api/src/main/java/org/keycloak/dom/xmlsec/w3/xmlenc/EncryptionMethodType.java @@ -17,6 +17,8 @@ package org.keycloak.dom.xmlsec.w3.xmlenc; import java.math.BigInteger; +import java.util.ArrayList; +import java.util.List; /** *

@@ -51,6 +53,8 @@ public class EncryptionMethodType { protected BigInteger keySize; protected byte[] OAEPparams; + protected List any = new ArrayList<>(); + public EncryptionMethod(BigInteger bigInteger, byte[] oAEPparams) { this.keySize = bigInteger; OAEPparams = oAEPparams; @@ -76,6 +80,14 @@ public class EncryptionMethodType { public void setOAEPparams(byte[] OAEPparams) { this.OAEPparams = OAEPparams; } + + public List getAny() { + return any; + } + + public void addAny(Object e) { + this.any.add(e); + } } public EncryptionMethodType(String algo) { @@ -98,4 +110,5 @@ public class EncryptionMethodType { public String getAlgorithm() { return algorithm; } + } \ No newline at end of file diff --git a/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/metadata/SAMLEncryptionMethodParser.java b/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/metadata/SAMLEncryptionMethodParser.java index 70dec2a836..36dd3ed977 100644 --- a/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/metadata/SAMLEncryptionMethodParser.java +++ b/saml-core/src/main/java/org/keycloak/saml/processing/core/parsers/saml/metadata/SAMLEncryptionMethodParser.java @@ -64,7 +64,15 @@ public class SAMLEncryptionMethodParser extends AbstractStaxSamlMetadataParser result = realm.identityProviders().importFrom(form); assertSamlImport(result, SIGNING_CERT_1,true); @@ -745,13 +761,6 @@ public class IdentityProviderTest extends AbstractAdminTest { Assert.assertEquals("identityProviders instance count", 1, providers.size()); assertEqual(rep, providers.get(0)); - // Perform export, and make sure some of the values are like they're supposed to be - Response response = realm.identityProviders().get("saml").export("xml"); - Assert.assertEquals(200, response.getStatus()); - body = response.readEntity(String.class); - response.close(); - - assertSamlExport(body); } @Test diff --git a/testsuite/integration-arquillian/tests/base/src/test/resources/admin-test/saml-idp-metadata-encryption-methods.xml b/testsuite/integration-arquillian/tests/base/src/test/resources/admin-test/saml-idp-metadata-encryption-methods.xml new file mode 100644 index 0000000000..d06d37efb9 --- /dev/null +++ b/testsuite/integration-arquillian/tests/base/src/test/resources/admin-test/saml-idp-metadata-encryption-methods.xml @@ -0,0 +1,40 @@ + + + + + + http://refeds.org/category/hide-from-discovery + + + + + + + + + MIICmzCCAYMCBgFUYnC0OjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMTYwNDI5MTQzMjEzWhcNMjYwNDI5MTQzMzUzWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN25AW1poMEZRbuMAHG58AThZmCwMV6/Gcui4mjGacRFyudgqzLjQ2rxpoW41JAtLjbjeAhuWvirUcFVcOeS3gM/ZC27qCpYighAcylZz6MYocnEe1+e8rPPk4JlID6Wv62dgu+pL/vYsQpRhvD3Y2c/ytgr5D32xF+KnzDehUy5BSyzypvu12Wq9mS5vK5tzkN37EjkhpY2ZxaXPubjDIITCAL4Q8M/m5IlacBaUZbzI4AQrHnMP1O1IH2dHSWuMiBe+xSDTco72PmuYPJKTV4wQdeBUIkYbfLc4RxVmXEvgkQgyW86EoMPxlWJpj7+mTIR+l+2thZPr/VgwTs82rAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAA/Ip/Hi8RoVu5ouaFFlc5whT7ltuK8slfLGW4tM4vJXhInYwsqIRQKBNDYW/64xle3eII4u1yAH1OYRRwEs7Em1pr4QuFuTY1at+aE0sE46XDlyESI0txJjWxYoT133vM0We2pj1b2nxgU30rwjKA3whnKEfTEYT/n3JBSqNggy6l8ZGw/oPSgvPaR4+xeB1tfQFC4VrLoYKoqH6hAL530nKxL+qV8AIfL64NDEE8ankIAEDAAFe8x3CPUfXR/p4KOANKkpz8ieQaHDb1eITkAwUwjESj6UF9D1aePlhWls/HX0gujFXtWfWfrJ8CU/ogwlH8y1jgRuLjFQYZk6llc= + + + + + + + + + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified + urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress + + +