RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse;
assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size());
RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0);
assertEquals("Unexpected response context", context, response.getContext());
assertEquals("Unexpected token type", SAMLUtil.SAML11_TOKEN_TYPE, response.getTokenType().toString());
Lifetime lifetime = response.getLifetime();
assertNotNull("Unexpected null token lifetime", lifetime);
// validate the attached token reference.
RequestedReferenceType reference = response.getRequestedAttachedReference();
assertNotNull("Unexpected null attached reference", reference);
SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
assertNotNull("Unexpected null security reference", securityRef);
String tokenTypeAttr = securityRef.getOtherAttributes().get(new QName(WSTrustConstants.WSSE11_NS, "TokenType"));
assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
assertEquals("TokenType attribute has an unexpected value", SAMLUtil.SAML11_TOKEN_TYPE, tokenTypeAttr);
KeyIdentifierType keyId = (KeyIdentifierType) securityRef.getAny().get(0);
assertEquals("Unexpected key value type", SAMLUtil.SAML11_VALUE_TYPE, keyId.getValueType());
assertNotNull("Unexpected null key identifier value", keyId.getValue());
// ====================================== SAMLV1.1 Assertion Validation ======================================//
RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
assertNotNull("Unexpected null requested security token", requestedToken);
// unmarshall the SAMLV1.1 assertion.
Element assertionElement = (Element) requestedToken.getAny().get(0);
SAML11AssertionType assertion = SAMLUtil.saml11FromElement(assertionElement);
// verify the contents of the unmarshalled assertion.
assertNotNull("Invalid null assertion ID", assertion.getID());
assertEquals(keyId.getValue().substring(1), assertion.getID());
assertEquals(lifetime.getCreated(), assertion.getIssueInstant());
assertEquals(1, assertion.getMajorVersion());
assertEquals(1, assertion.getMinorVersion());
// validate the assertion issuer.
assertNotNull("Unexpected null assertion issuer", assertion.getIssuer());
assertEquals("Unexpected assertion issuer name", "Test STS", assertion.getIssuer());
// validate the assertion authentication statement.
List<SAML11StatementAbstractType> statements = assertion.getStatements();
assertTrue("At least one statement is expected in a SAMLV1.1 assertion", statements.size() > 0);
SAML11AuthenticationStatementType authStatement = null;
for (SAML11StatementAbstractType statement : statements) {
if (statement instanceof SAML11AuthenticationStatementType) {
authStatement = (SAML11AuthenticationStatementType) statement;
break;
}
}
assertNotNull("SAMLV1.1 assertion is missing the authentication statement", authStatement);
// validate the assertion subject.
assertNotNull("Unexpected null subject", authStatement.getSubject());
SAML11SubjectType subject = authStatement.getSubject();
SAML11NameIdentifierType nameID = subject.getChoice().getNameID();
assertEquals("Unexpected NameIdentifier format", SAML11Constants.FORMAT_UNSPECIFIED, nameID.getFormat().toString());
assertEquals("Unexpected NameIdentifier value", principal, nameID.getValue());
SAML11SubjectConfirmationType subjType = subject.getSubjectConfirmation();
assertEquals("Unexpected confirmation method", confirmationMethod, subjType.getConfirmationMethod().get(0).toString());
// validate the assertion conditions.
assertNotNull("Unexpected null conditions", assertion.getConditions());
assertEquals(lifetime.getCreated(), assertion.getConditions().getNotBefore());
assertEquals(lifetime.getExpires(), assertion.getConditions().getNotOnOrAfter());
assertNotNull("Assertion should have been signed", assertion.getSignature());
return assertion;
}