SubjectConfirmationType confirmation = subject.getConfirmation().get(0);
assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_HOLDER_OF_KEY_URI, confirmation.getMethod());
SubjectConfirmationDataType confirmData = confirmation.getSubjectConfirmationData();
KeyInfoType keyInfo = (KeyInfoType) confirmData.getAnyType();
assertEquals("Unexpected key info content size", 1, keyInfo.getContent().size());
Element encKeyElement = (Element) keyInfo.getContent().get(0);
assertEquals("Unexpected key info content type", WSTrustConstants.XMLEnc.ENCRYPTED_KEY, encKeyElement.getLocalName());
// Now let's set an asymmetric proof of possession token in the context.
Certificate certificate = this.getCertificate("keystore/sts_keystore.jks", "testpass", "service1");
context.setProofTokenInfo(WSTrustUtil.createKeyInfo(certificate));
// call the SAML token provider and check the generated token.
this.provider.issueToken(context);
assertNotNull("Unexpected null security token", context.getSecurityToken());
// check if the assertion has a subject confirmation that contains the encoded certificate.
assertion = SAMLUtil.fromElement((Element) context.getSecurityToken().getTokenValue());
subject = assertion.getSubject();
nameID = (NameIDType) subject.getSubType().getBaseID();
assertEquals("Unexpected name id qualifier", "urn:picketlink:identity-federation", nameID.getNameQualifier());
assertEquals("Unexpected name id", "sguilhen", nameID.getValue());
confirmation = subject.getConfirmation().get(0);
assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_HOLDER_OF_KEY_URI, confirmation.getMethod());
/*
* confirmationContent = confirmation.getSubjectConfirmationData().getContent();
* assertEquals("Unexpected subject confirmation content size", 1, confirmationContent.size()); keyInfoElement =
* (JAXBElement<?>) confirmationContent.get(0); assertEquals("Unexpected subject confirmation context type",
* KeyInfoType.class, keyInfoElement.getDeclaredType());
*/
keyInfo = (KeyInfoType) confirmation.getSubjectConfirmationData().getAnyType();
assertEquals("Unexpected key info content size", 1, keyInfo.getContent().size());
// key info should contain a X509Data section with the encoded certificate.
X509DataType x509Data = (X509DataType) keyInfo.getContent().get(0);
assertEquals("Unexpected X509 data content size", 1, x509Data.getDataObjects().size());
X509CertificateType cert = (X509CertificateType) x509Data.getDataObjects().get(0);
// certificate should have been encoded to Base64, so we need to decode it first.
byte[] encodedCert = Base64.decode(new String(cert.getEncodedCertificate()));