Fixed tests after upgrade open-saml

Author: oharsta

src/main/java/saml/DefaultSAMLService.java

@@ -1,10 +1,10 @@
 package saml;
 
+import jakarta.servlet.http.HttpServletResponse;
 import lombok.SneakyThrows;
-import net.shibboleth.shared.xml.impl.BasicParserPool;
 import net.shibboleth.shared.resolver.CriteriaSet;
-import net.shibboleth.shared.xml.impl.BasicParserPool;
 import net.shibboleth.shared.xml.SerializeSupport;
+import net.shibboleth.shared.xml.impl.BasicParserPool;
 import org.apache.commons.io.IOUtils;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.commons.text.StringEscapeUtils;
@@ -53,7 +53,6 @@
 import saml.parser.EncodingUtils;
 import saml.parser.OpenSamlVelocityEngine;
 
-import jakarta.servlet.http.HttpServletResponse;
 import javax.xml.namespace.QName;
 import java.io.ByteArrayInputStream;
 import java.io.IOException;

src/main/java/saml/crypto/X509Utilities.java

@@ -1,12 +1,12 @@
 package saml.crypto;
 
 
+import jakarta.xml.bind.DatatypeConverter;
 import lombok.SneakyThrows;
 import org.bouncycastle.openssl.PEMKeyPair;
 import org.bouncycastle.openssl.PEMParser;
 import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
 
-import javax.xml.bind.DatatypeConverter;
 import java.io.ByteArrayInputStream;
 import java.io.CharArrayReader;
 import java.security.KeyPair;

src/main/java/saml/parser/OpenSamlVelocityEngine.java

@@ -1,8 +1,8 @@
 package saml.parser;
 
-import org.apache.velocity.app.VelocityEngine;
-//import net.shibboleth.utilities.java.support.velocity.VelocityEngine;
+
 import org.apache.velocity.VelocityContext;
+import org.apache.velocity.app.VelocityEngine;
 import org.slf4j.helpers.NOPLogger;
 
 import java.io.Writer;
@@ -12,16 +12,19 @@
 
 public class OpenSamlVelocityEngine {
 
-    private static final String templateId  = "/templates/saml2-post-binding.vm";
-    private final org.apache.velocity.app.VelocityEngine velocityEngine;
+    private static final String templateId = "/templates/saml2-post-binding.vm";
+    private final VelocityEngine velocityEngine;
 
     public OpenSamlVelocityEngine() {
-        this.velocityEngine = VelocityEngine.newVelocityEngine();
+        this.velocityEngine = new VelocityEngine();
+        velocityEngine.setProperty("resource.loader.string.class", "org.apache.velocity.runtime.resource.loader.StringResourceLoader");
+        velocityEngine.setProperty("resource.loader.classpath.class", "org.apache.velocity.runtime.resource.loader.ClasspathResourceLoader");
+        velocityEngine.setProperty("resource.loaders", "classpath, string");
         velocityEngine.setProperty("runtime.log.instance", NOPLogger.NOP_LOGGER);
         velocityEngine.setProperty("velocimacro.library.autoreload", false);
         velocityEngine.setProperty("resource.loader.file.cache", true);
         velocityEngine.setProperty("resource.loader.file.modificationCheckInterval", -1);
-        velocityEngine.init();
+        this.velocityEngine.init();
     }
 
     public void process(Map<String, Object> model, Writer out) {

src/test/java/saml/DefaultSAMLServiceTest.java

@@ -1,9 +1,9 @@
 package saml;
 
 import lombok.SneakyThrows;
-import net.shibboleth.utilities.java.support.resolver.CriteriaSet;
-import net.shibboleth.utilities.java.support.resolver.ResolverException;
-import net.shibboleth.utilities.java.support.xml.SerializeSupport;
+import net.shibboleth.shared.resolver.CriteriaSet;
+import net.shibboleth.shared.resolver.ResolverException;
+import net.shibboleth.shared.xml.SerializeSupport;
 import org.apache.commons.io.IOUtils;
 import org.jsoup.Jsoup;
 import org.jsoup.nodes.Document;
@@ -33,10 +33,7 @@
 import java.security.KeyStore;
 import java.text.SimpleDateFormat;
 import java.time.Instant;
-import java.util.Date;
-import java.util.List;
-import java.util.Map;
-import java.util.UUID;
+import java.util.*;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
@@ -267,7 +264,7 @@ void sendResponseNoAuthnContext() {
 
         StatusCode statusCode = response.getStatus().getStatusCode();
         StatusCode innerStatusCode = statusCode.getStatusCode();
-        assertEquals("urn:oasis:names:tc:SAML:2.0:status:Responder", statusCode.getValue() );
+        assertEquals("urn:oasis:names:tc:SAML:2.0:status:Responder", statusCode.getValue());
         assertEquals(SAMLStatus.NO_AUTHN_CONTEXT.getStatus(), innerStatusCode.getValue());
 
         assertEquals("Not Ok", response.getStatus().getStatusMessage().getValue());
@@ -334,11 +331,15 @@ void createAuthnRequest() {
      */
     @Test
     void testSignatureWrappingAttacks() {
-        File[] files = new File(DefaultSAMLService.class.getClassLoader().getResource("req-wrapping").getPath()).listFiles();
-        Stream.of(files).forEach(file -> {
-            String authnRequestXML = readFile("req-wrapping/" + file.getName());
-            assertThrows(SignatureException.class, () -> defaultSAMLService.parseAuthnRequest(authnRequestXML, false, false));
-        });
+        Stream.of(Objects.requireNonNull(new File(Objects.requireNonNull(DefaultSAMLService.class.getClassLoader()
+                        .getResource("req-wrapping")).getPath())
+                        .listFiles()))
+                .sorted(Comparator.comparing(File::getName))
+                .forEach(file -> {
+                    String authnRequestXML = readFile("req-wrapping/" + file.getName());
+                    assertThrows(SignatureException.class, () ->
+                            defaultSAMLService.parseAuthnRequest(authnRequestXML, false, false));
+                });
     }
 
     /**