Merge remote-tracking branch 'onelogin/v2.0.0' into Remove-core-servlet-dependency

Author: Luis Miranda

core/pom.xml

@@ -12,6 +12,16 @@
 
 	<dependencies>
 		<!-- for test -->
+		<dependency>
+			<groupId>org.hamcrest</groupId>
+			<artifactId>hamcrest-core</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.hamcrest</groupId>
+			<artifactId>hamcrest-library</artifactId>
+			<scope>test</scope>
+		</dependency>
 		<dependency>
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>

core/src/main/java/com/onelogin/saml2/authn/SamlResponse.java

@@ -11,6 +11,7 @@
 
 import org.apache.commons.lang3.ObjectUtils;
 import org.joda.time.DateTime;
+import org.joda.time.Instant;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.w3c.dom.Document;
@@ -613,6 +614,29 @@ public String getSessionIndex() throws XPathExpressionException {
         return sessionIndex;
     }
 
+	/**
+	 * @return the ID of the assertion in the Response
+	 */
+	public String getAssertionId() throws XPathExpressionException {
+		validateNumAssertions();
+		final NodeList assertionNode = queryAssertion("");
+		return assertionNode.item(0).getAttributes().getNamedItem("ID").getNodeValue();
+	}
+
+	/**
+	 * @return a list of NotOnOrAfter values from SubjectConfirmationData nodes in this Response
+	 */
+	public List<Instant> getAssertionNotOnOrAfter() throws XPathExpressionException {
+		final NodeList notOnOrAfterNodes = queryAssertion("/saml:Subject/saml:SubjectConfirmation/saml:SubjectConfirmationData");
+		final ArrayList<Instant> notOnOrAfters = new ArrayList<>();
+		for (int i = 0; i < notOnOrAfterNodes.getLength(); i++) {
+			final Node notOnOrAfterAttribute = notOnOrAfterNodes.item(i).getAttributes().getNamedItem("NotOnOrAfter");
+			if (notOnOrAfterAttribute != null) {
+				notOnOrAfters.add(new Instant(notOnOrAfterAttribute.getNodeValue()));
+		}}
+		return notOnOrAfters;
+	}
+
 	/**
 	 * Verifies that the document only contains a single Assertion (encrypted or not).
 	 *

core/src/test/java/com/onelogin/saml2/test/authn/AuthnResponseTest.java

@@ -2,6 +2,7 @@
 
 import static org.hamcrest.CoreMatchers.containsString;
 import static org.hamcrest.CoreMatchers.not;
+import static org.hamcrest.Matchers.contains;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
@@ -12,6 +13,7 @@
 import java.util.HashMap;
 import java.util.List;
 
+import org.joda.time.Instant;
 import org.junit.Test;
 import org.w3c.dom.Document;
 import org.w3c.dom.Node;
@@ -437,6 +439,48 @@ public void testGetSessionIndex() throws Exception {
 		assertEquals("_7164a9a9f97828bfdb8d0ebc004a05d2e7d873f70c", samlResponse.getSessionIndex());
 	}
 
+	@Test
+	public void testGetAssertionDetails() throws Exception {
+		final SamlResponse samlResponse = new SamlResponse(
+				new SettingsBuilder().fromFile("config/config.my.properties").build(),
+				newHttpRequest(Util.getFileAsString("data/responses/response1.xml.base64"))
+		);
+		final List<Instant> notOnOrAfters = samlResponse.getAssertionNotOnOrAfter();
+
+		assertEquals("pfxa46574df-b3b0-a06a-23c8-636413198772", samlResponse.getAssertionId());
+		assertThat(notOnOrAfters, contains(new Instant("2010-11-18T22:02:37Z")));
+
+	}
+
+	@Test
+	public void testGetAssertionDetails_encrypted() throws Exception {
+		final SamlResponse samlResponse = new SamlResponse(
+				new SettingsBuilder().fromFile("config/config.my.properties").build(),
+				newHttpRequest(Util.getFileAsString("data/responses/valid_encrypted_assertion.xml.base64"))
+		);
+		final List<Instant> notOnOrAfters = samlResponse.getAssertionNotOnOrAfter();
+
+		assertEquals("_519c2712648ee09a06d1f9a08e9e835715fea60267", samlResponse.getAssertionId());
+		assertThat(notOnOrAfters, contains(new Instant("2055-06-07T20:17:08Z")));
+
+	}
+
+	@Test
+	public void testGetAssertionDetails_multiple() throws Exception {
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.my.properties").build();
+		settings.setWantAssertionsSigned(false);
+		settings.setWantMessagesSigned(true);
+
+		final SamlResponse samlResponse = new SamlResponse(
+				settings,
+				newHttpRequest(loadSignMessageAndEncode("data/responses/invalids/invalid_subjectconfirmation_multiple_issues.xml"))
+		);
+		final List<Instant> notOnOrAfters = samlResponse.getAssertionNotOnOrAfter();
+
+		assertEquals("pfx7841991c-c73f-4035-e2ee-c170c0e1d3e4", samlResponse.getAssertionId());
+		assertThat(notOnOrAfters, contains(new Instant("2120-06-17T14:53:44Z"), new Instant("2010-06-17T14:53:44Z")));
+	}
+
 	/**
 	 * Tests the getAttributes method of SamlResponse
 	 *

pom.xml

@@ -36,6 +36,16 @@
 				<artifactId>mockito-core</artifactId>
 				<version>1.10.19</version>
 			</dependency>
+			<dependency>
+				<groupId>org.hamcrest</groupId>
+				<artifactId>hamcrest-core</artifactId>
+				<version>1.3</version>
+			</dependency>
+			<dependency>
+				<groupId>org.hamcrest</groupId>
+				<artifactId>hamcrest-library</artifactId>
+				<version>1.3</version>
+			</dependency>
 			<dependency>
 				<groupId>org.slf4j</groupId>
 				<artifactId>slf4j-api</artifactId>

toolkit/pom.xml

@@ -25,6 +25,16 @@
 			<type>test-jar</type>
 			<scope>test</scope>
 		</dependency>
+		<dependency>
+			<groupId>org.hamcrest</groupId>
+			<artifactId>hamcrest-core</artifactId>
+			<scope>test</scope>
+		</dependency>
+		<dependency>
+			<groupId>org.hamcrest</groupId>
+			<artifactId>hamcrest-library</artifactId>
+			<scope>test</scope>
+		</dependency>
 		<dependency>
 			<groupId>junit</groupId>
 			<artifactId>junit</artifactId>

toolkit/src/main/java/com/onelogin/saml2/Auth.java

@@ -17,6 +17,7 @@
 
 import org.apache.commons.lang3.StringUtils;
 import org.joda.time.DateTime;
+import org.joda.time.Instant;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -66,7 +67,7 @@ public class Auth {
 
 	/**
      * NameID.
-     */	
+     */
 	private String nameid;
 
 	/**
@@ -79,6 +80,16 @@ public class Auth {
 	 */
 	private DateTime sessionExpiration;
 
+	/**
+	 * The ID of the last assertion processed
+	 */
+	private String lastAssertionId;
+
+	/**
+	 * The NotOnOrAfter values of the last assertion processed
+	 */
+	private List<Instant> lastAssertionNotOnOrAfter;
+
 	/**
      * User attributes data.
      */
@@ -367,6 +378,8 @@ public void processResponse(String requestId) throws Exception {
 				attributes = samlResponse.getAttributes();
 				sessionIndex = samlResponse.getSessionIndex();
 				sessionExpiration = samlResponse.getSessionNotOnOrAfter();
+				lastAssertionId = samlResponse.getAssertionId();
+				lastAssertionNotOnOrAfter = samlResponse.getAssertionNotOnOrAfter();
 				LOGGER.debug("processResponse success --> " + samlResponseParameter);
 			} else {
 				errors.add("invalid_response");
@@ -537,9 +550,23 @@ public final DateTime getSessionExpiration()
 	    return sessionExpiration;
 	}
 
-	/** 
-     * @return an array with the errors, the array is empty when the validation was successful
-     */
+	/**
+	 * @return The ID of the last assertion processed
+	 */
+	public String getLastAssertionId() {
+		return lastAssertionId;
+	}
+
+	/**
+	 * @return The NotOnOrAfter values of the last assertion processed
+	 */
+	public List<Instant> getLastAssertionNotOnOrAfter() {
+		return lastAssertionNotOnOrAfter;
+	}
+
+	/**
+	 * @return an array with the errors, the array is empty when the validation was successful
+	 */
     public List<String> getErrors()
     {
         return errors;

toolkit/src/test/java/com/onelogin/saml2/test/AuthTest.java

@@ -3,7 +3,9 @@
 
 import static java.util.Collections.singletonMap;
 import static org.hamcrest.CoreMatchers.containsString;
+import static org.hamcrest.CoreMatchers.is;
 import static org.hamcrest.CoreMatchers.startsWith;
+import static org.hamcrest.Matchers.contains;
 import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
@@ -25,6 +27,7 @@
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.joda.time.Instant;
 import org.junit.Test;
 
 import com.onelogin.saml2.Auth;
@@ -226,8 +229,8 @@ public void testSetStrict() throws IOException, SettingsException, URISyntaxExce
 	 */
 	@Test
 	public void testIsDebugActive() throws IOException, SettingsException, URISyntaxException {
-		HttpServletRequest request = mock(HttpServletRequest.class);
 		HttpServletResponse response = mock(HttpServletResponse.class);
+		HttpServletRequest request = mock(HttpServletRequest.class);
 		String samlResponseEncoded = Util.getFileAsString("data/responses/response1.xml.base64");
 		when(request.getParameterMap()).thenReturn(singletonMap("SAMLResponse", new String[]{samlResponseEncoded}));
 
@@ -805,6 +808,22 @@ public void testGetSessionIndex() throws Exception {
 		assertEquals("_6273d77b8cde0c333ec79d22a9fa0003b9fe2d75cb", auth2.getSessionIndex());
 	}
 
+	@Test
+	public void testGetAssertionDetails() throws Exception {
+		HttpServletResponse response = mock(HttpServletResponse.class);
+		HttpServletRequest request = mock(HttpServletRequest.class);
+		String samlResponseEncoded = Util.getFileAsString("data/responses/valid_response.xml.base64");
+		when(request.getParameterMap()).thenReturn(singletonMap("SAMLResponse", new String[]{samlResponseEncoded}));
+		when(request.getRequestURL()).thenReturn(new StringBuffer("http://localhost:8080/java-saml-jspsample/acs.jsp"));
+
+		Saml2Settings settings = new SettingsBuilder().fromFile("config/config.my.properties").build();
+		Auth auth = new Auth(settings, request, response);
+		auth.processResponse();
+
+		assertThat(auth.getLastAssertionId(), is("pfxeac87197-11cb-ec12-c181-ae739b54debe"));
+		assertThat(auth.getLastAssertionNotOnOrAfter(), contains(new Instant("2023-08-23T06:57:01Z")));
+	}
+
 	/**
 	 * Tests the getSessionExpiration method of Auth
 	 *