Search in sources :

Example 6 with ConfigurationException

use of org.keycloak.saml.common.exceptions.ConfigurationException in project keycloak by keycloak.

the class EntityDescriptorDescriptionConverter method loadEntityDescriptors.

private static ClientRepresentation loadEntityDescriptors(InputStream is) {
    Object metadata;
    try {
        metadata = SAMLParser.getInstance().parse(is);
    } catch (ParsingException e) {
        throw new RuntimeException(e);
    }
    EntitiesDescriptorType entities;
    if (EntitiesDescriptorType.class.isInstance(metadata)) {
        entities = (EntitiesDescriptorType) metadata;
    } else {
        entities = new EntitiesDescriptorType();
        entities.addEntityDescriptor(metadata);
    }
    if (entities.getEntityDescriptor().size() != 1) {
        throw new RuntimeException("Expected one entity descriptor");
    }
    EntityDescriptorType entity = (EntityDescriptorType) entities.getEntityDescriptor().get(0);
    String entityId = entity.getEntityID();
    ClientRepresentation app = new ClientRepresentation();
    app.setClientId(entityId);
    Map<String, String> attributes = new HashMap<>();
    app.setAttributes(attributes);
    List<String> redirectUris = new LinkedList<>();
    app.setRedirectUris(redirectUris);
    app.setFullScopeAllowed(true);
    app.setProtocol(SamlProtocol.LOGIN_PROTOCOL);
    // default to true
    attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
    // default to false
    attributes.put(SamlConfigAttributes.SAML_SERVER_SIGNATURE_KEYINFO_EXT, SamlProtocol.ATTRIBUTE_FALSE_VALUE);
    attributes.put(SamlConfigAttributes.SAML_SIGNATURE_ALGORITHM, SignatureAlgorithm.RSA_SHA256.toString());
    attributes.put(SamlConfigAttributes.SAML_AUTHNSTATEMENT, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
    SPSSODescriptorType spDescriptorType = getSPDescriptor(entity);
    if (spDescriptorType.isWantAssertionsSigned()) {
        attributes.put(SamlConfigAttributes.SAML_ASSERTION_SIGNATURE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
    }
    String logoutPost = getLogoutLocation(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
    if (logoutPost != null)
        attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_POST_ATTRIBUTE, logoutPost);
    String logoutRedirect = getLogoutLocation(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get());
    if (logoutRedirect != null)
        attributes.put(SamlProtocol.SAML_SINGLE_LOGOUT_SERVICE_URL_REDIRECT_ATTRIBUTE, logoutRedirect);
    String assertionConsumerServicePostBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.get());
    if (assertionConsumerServicePostBinding != null) {
        attributes.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_POST_ATTRIBUTE, assertionConsumerServicePostBinding);
        redirectUris.add(assertionConsumerServicePostBinding);
    }
    String assertionConsumerServiceRedirectBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.get());
    if (assertionConsumerServiceRedirectBinding != null) {
        attributes.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_REDIRECT_ATTRIBUTE, assertionConsumerServiceRedirectBinding);
        redirectUris.add(assertionConsumerServiceRedirectBinding);
    }
    String assertionConsumerServiceSoapBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_SOAP_BINDING.get());
    if (assertionConsumerServiceSoapBinding != null) {
        redirectUris.add(assertionConsumerServiceSoapBinding);
    }
    String assertionConsumerServicePaosBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_PAOS_BINDING.get());
    if (assertionConsumerServicePaosBinding != null) {
        redirectUris.add(assertionConsumerServicePaosBinding);
    }
    String assertionConsumerServiceArtifactBinding = getServiceURL(spDescriptorType, JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.get());
    if (assertionConsumerServiceArtifactBinding != null) {
        attributes.put(SamlProtocol.SAML_ASSERTION_CONSUMER_URL_ARTIFACT_ATTRIBUTE, assertionConsumerServiceArtifactBinding);
        redirectUris.add(assertionConsumerServiceArtifactBinding);
    }
    String artifactResolutionService = getArtifactResolutionService(spDescriptorType);
    if (artifactResolutionService != null) {
        attributes.put(SamlProtocol.SAML_ARTIFACT_RESOLUTION_SERVICE_URL_ATTRIBUTE, artifactResolutionService);
    }
    if (spDescriptorType.getNameIDFormat() != null) {
        for (String format : spDescriptorType.getNameIDFormat()) {
            String attribute = SamlClient.samlNameIDFormatToClientAttribute(format);
            if (attribute != null) {
                attributes.put(SamlConfigAttributes.SAML_NAME_ID_FORMAT_ATTRIBUTE, attribute);
                break;
            }
        }
    }
    if (spDescriptorType.getExtensions() != null && spDescriptorType.getExtensions().getUIInfo() != null) {
        if (!spDescriptorType.getExtensions().getUIInfo().getLogo().isEmpty()) {
            attributes.put(ClientModel.LOGO_URI, spDescriptorType.getExtensions().getUIInfo().getLogo().get(0).getValue().toString());
        }
        if (!spDescriptorType.getExtensions().getUIInfo().getPrivacyStatementURL().isEmpty()) {
            attributes.put(ClientModel.POLICY_URI, spDescriptorType.getExtensions().getUIInfo().getPrivacyStatementURL().stream().filter(dn -> "en".equals(dn.getLang())).findFirst().orElse(spDescriptorType.getExtensions().getUIInfo().getPrivacyStatementURL().get(0)).getValue().toString());
        }
    }
    app.setProtocolMappers(spDescriptorType.getAttributeConsumingService().stream().flatMap(att -> att.getRequestedAttribute().stream()).map(attr -> {
        ProtocolMapperRepresentation mapper = new ProtocolMapperRepresentation();
        mapper.setName(attr.getName());
        mapper.setProtocol("saml");
        mapper.setProtocolMapper(UserAttributeStatementMapper.PROVIDER_ID);
        Map<String, String> config = new HashMap<>();
        config.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAME, attr.getName());
        if (attr.getFriendlyName() != null)
            config.put(AttributeStatementHelper.FRIENDLY_NAME, attr.getFriendlyName());
        if (attr.getNameFormat() != null)
            config.put(AttributeStatementHelper.SAML_ATTRIBUTE_NAMEFORMAT, getSAMLNameFormat(attr.getNameFormat()));
        mapper.setConfig(config);
        return mapper;
    }).collect(Collectors.toList()));
    for (KeyDescriptorType keyDescriptor : spDescriptorType.getKeyDescriptor()) {
        X509Certificate cert = null;
        try {
            cert = SAMLMetadataUtil.getCertificate(keyDescriptor);
        } catch (ConfigurationException e) {
            throw new RuntimeException(e);
        } catch (ProcessingException e) {
            throw new RuntimeException(e);
        }
        String certPem = KeycloakModelUtils.getPemFromCertificate(cert);
        if (keyDescriptor.getUse() == KeyTypes.SIGNING) {
            attributes.put(SamlConfigAttributes.SAML_CLIENT_SIGNATURE_ATTRIBUTE, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
            attributes.put(SamlConfigAttributes.SAML_SIGNING_CERTIFICATE_ATTRIBUTE, certPem);
        } else if (keyDescriptor.getUse() == KeyTypes.ENCRYPTION) {
            attributes.put(SamlConfigAttributes.SAML_ENCRYPT, SamlProtocol.ATTRIBUTE_TRUE_VALUE);
            attributes.put(SamlConfigAttributes.SAML_ENCRYPTION_CERTIFICATE_ATTRIBUTE, certPem);
        }
    }
    return app;
}
Also used : ClientModel(org.keycloak.models.ClientModel) AttributeStatementHelper(org.keycloak.protocol.saml.mappers.AttributeStatementHelper) UserAttributeStatementMapper(org.keycloak.protocol.saml.mappers.UserAttributeStatementMapper) SAMLParser(org.keycloak.saml.processing.core.parsers.saml.SAMLParser) X509Certificate(java.security.cert.X509Certificate) EndpointType(org.keycloak.dom.saml.v2.metadata.EndpointType) KeycloakModelUtils(org.keycloak.models.utils.KeycloakModelUtils) HashMap(java.util.HashMap) Config(org.keycloak.Config) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) ByteArrayInputStream(java.io.ByteArrayInputStream) IndexedEndpointType(org.keycloak.dom.saml.v2.metadata.IndexedEndpointType) Map(java.util.Map) SignatureAlgorithm(org.keycloak.saml.SignatureAlgorithm) LinkedList(java.util.LinkedList) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) ClientDescriptionConverterFactory(org.keycloak.exportimport.ClientDescriptionConverterFactory) KeyTypes(org.keycloak.dom.saml.v2.metadata.KeyTypes) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) ClientDescriptionConverter(org.keycloak.exportimport.ClientDescriptionConverter) KeycloakSession(org.keycloak.models.KeycloakSession) EDTDescriptorChoiceType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType.EDTDescriptorChoiceType) EntitiesDescriptorType(org.keycloak.dom.saml.v2.metadata.EntitiesDescriptorType) Collectors(java.util.stream.Collectors) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) Objects(java.util.Objects) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) List(java.util.List) KeycloakSessionFactory(org.keycloak.models.KeycloakSessionFactory) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) SAMLMetadataUtil(org.keycloak.saml.processing.core.saml.v2.util.SAMLMetadataUtil) InputStream(java.io.InputStream) EntitiesDescriptorType(org.keycloak.dom.saml.v2.metadata.EntitiesDescriptorType) HashMap(java.util.HashMap) SPSSODescriptorType(org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType) LinkedList(java.util.LinkedList) X509Certificate(java.security.cert.X509Certificate) ClientRepresentation(org.keycloak.representations.idm.ClientRepresentation) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) ProtocolMapperRepresentation(org.keycloak.representations.idm.ProtocolMapperRepresentation) EntityDescriptorType(org.keycloak.dom.saml.v2.metadata.EntityDescriptorType) KeyDescriptorType(org.keycloak.dom.saml.v2.metadata.KeyDescriptorType) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Example 7 with ConfigurationException

use of org.keycloak.saml.common.exceptions.ConfigurationException in project keycloak by keycloak.

the class KcSamlBrokerTest method emptyAttributeToRoleMapperTest.

@Test
public void emptyAttributeToRoleMapperTest() throws ParsingException, ConfigurationException, ProcessingException {
    createRolesForRealm(bc.consumerRealmName());
    createRoleMappersForConsumerRealm();
    AuthnRequestType loginRep = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST + ".dot/ted", getConsumerRoot() + "/sales-post/saml", null);
    Document doc = SAML2Request.convert(loginRep);
    SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(bc.consumerRealmName()), doc, Binding.POST).build().login().idp(bc.getIDPAlias()).build().processSamlResponse(// AuthnRequest to producer IdP
    Binding.POST).targetAttributeSamlRequest().build().login().user(bc.getUserLogin(), bc.getUserPassword()).build().processSamlResponse(// Response from producer IdP
    Binding.POST).transformObject(ob -> {
        assertThat(ob, org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType resp = (ResponseType) ob;
        Set<StatementAbstractType> statements = resp.getAssertions().get(0).getAssertion().getStatements();
        AttributeStatementType attributeType = (AttributeStatementType) statements.stream().filter(statement -> statement instanceof AttributeStatementType).findFirst().orElse(new AttributeStatementType());
        AttributeType attr = new AttributeType(EMPTY_ATTRIBUTE_NAME);
        attr.addAttributeValue(null);
        attributeType.addAttribute(new AttributeStatementType.ASTChoiceType(attr));
        resp.getAssertions().get(0).getAssertion().addStatement(attributeType);
        return ob;
    }).build().updateProfile().firstName("a").lastName("b").email(bc.getUserEmail()).username(bc.getUserLogin()).build().followOneRedirect().getSamlResponse(// Response from consumer IdP
    Binding.POST);
    Assert.assertThat(samlResponse, Matchers.notNullValue());
    Assert.assertThat(samlResponse.getSamlObject(), isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    Stream<AssertionType> assertionTypeStream = assertionsUnencrypted(samlResponse.getSamlObject());
    Stream<AttributeType> attributeStatementTypeStream = attributesUnecrypted(attributeStatements(assertionTypeStream));
    Set<String> attributeValues = attributeStatementTypeStream.filter(a -> a.getName().equals(ROLE_ATTRIBUTE_NAME)).flatMap(a -> a.getAttributeValue().stream()).map(Object::toString).collect(Collectors.toSet());
    assertThat(attributeValues, hasItems(EMPTY_ATTRIBUTE_ROLE));
}
Also used : AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Arrays(java.util.Arrays) Matchers.statusCodeIsHC(org.keycloak.testsuite.util.Matchers.statusCodeIsHC) SamlStreams.attributesUnecrypted(org.keycloak.testsuite.util.SamlStreams.attributesUnecrypted) Matchers.not(org.hamcrest.Matchers.not) ROLE_ATTRIBUTE_NAME(org.keycloak.testsuite.saml.RoleMapperTest.ROLE_ATTRIBUTE_NAME) Matchers.hasItems(org.hamcrest.Matchers.hasItems) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) Assert.assertThat(org.junit.Assert.assertThat) Document(org.w3c.dom.Document) SamlClient(org.keycloak.testsuite.util.SamlClient) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) Matchers.isSamlResponse(org.keycloak.testsuite.util.Matchers.isSamlResponse) ImmutableMap(com.google.common.collect.ImmutableMap) RealmResource(org.keycloak.admin.client.resource.RealmResource) Set(java.util.Set) Collectors(java.util.stream.Collectors) IdentityProviderResource(org.keycloak.admin.client.resource.IdentityProviderResource) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) Stream(java.util.stream.Stream) Response(javax.ws.rs.core.Response) SAMLProtocolQNames(org.keycloak.saml.processing.core.parsers.saml.protocol.SAMLProtocolQNames) SamlStreams.attributeStatements(org.keycloak.testsuite.util.SamlStreams.attributeStatements) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) IdentityProviderMapperModel(org.keycloak.models.IdentityProviderMapperModel) SAML2Request(org.keycloak.saml.processing.api.saml.v2.request.SAML2Request) HashMap(java.util.HashMap) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) BrokerTestTools.getConsumerRoot(org.keycloak.testsuite.broker.BrokerTestTools.getConsumerRoot) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) IdentityProviderMapperRepresentation(org.keycloak.representations.idm.IdentityProviderMapperRepresentation) UserResource(org.keycloak.admin.client.resource.UserResource) SamlStreams.assertionsUnencrypted(org.keycloak.testsuite.util.SamlStreams.assertionsUnencrypted) RoleRepresentation(org.keycloak.representations.idm.RoleRepresentation) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) UserRepresentation(org.keycloak.representations.idm.UserRepresentation) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) JBossSAMLURIConstants(org.keycloak.saml.common.constants.JBossSAMLURIConstants) Matchers(org.hamcrest.Matchers) Test(org.junit.Test) UserAttributeMapper(org.keycloak.broker.saml.mappers.UserAttributeMapper) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Element(org.w3c.dom.Element) StatementAbstractType(org.keycloak.dom.saml.v2.assertion.StatementAbstractType) Binding(org.keycloak.testsuite.util.SamlClient.Binding) IdentityProviderMapperSyncMode(org.keycloak.models.IdentityProviderMapperSyncMode) BrokerTestTools.getProviderRoot(org.keycloak.testsuite.broker.BrokerTestTools.getProviderRoot) Assert(org.junit.Assert) Collections(java.util.Collections) AttributeToRoleMapper(org.keycloak.broker.saml.mappers.AttributeToRoleMapper) Set(java.util.Set) SamlClientBuilder(org.keycloak.testsuite.util.SamlClientBuilder) AttributeStatementType(org.keycloak.dom.saml.v2.assertion.AttributeStatementType) AssertionType(org.keycloak.dom.saml.v2.assertion.AssertionType) Document(org.w3c.dom.Document) ResponseType(org.keycloak.dom.saml.v2.protocol.ResponseType) SAMLDocumentHolder(org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder) AuthnRequestType(org.keycloak.dom.saml.v2.protocol.AuthnRequestType) AttributeType(org.keycloak.dom.saml.v2.assertion.AttributeType) AbstractSamlTest(org.keycloak.testsuite.saml.AbstractSamlTest) Test(org.junit.Test)

Example 8 with ConfigurationException

use of org.keycloak.saml.common.exceptions.ConfigurationException in project keycloak by keycloak.

the class BaseSAML2BindingBuilder method signAssertion.

public void signAssertion(Document samlDocument) throws ProcessingException {
    Element originalAssertionElement = org.keycloak.saml.common.util.DocumentUtil.getChildElement(samlDocument.getDocumentElement(), new QName(JBossSAMLURIConstants.ASSERTION_NSURI.get(), JBossSAMLConstants.ASSERTION.get()));
    if (originalAssertionElement == null)
        return;
    Node clonedAssertionElement = originalAssertionElement.cloneNode(true);
    Document temporaryDocument;
    try {
        temporaryDocument = org.keycloak.saml.common.util.DocumentUtil.createDocument();
    } catch (ConfigurationException e) {
        throw new ProcessingException(e);
    }
    temporaryDocument.adoptNode(clonedAssertionElement);
    temporaryDocument.appendChild(clonedAssertionElement);
    signDocument(temporaryDocument);
    samlDocument.adoptNode(clonedAssertionElement);
    Element parentNode = (Element) originalAssertionElement.getParentNode();
    parentNode.replaceChild(clonedAssertionElement, originalAssertionElement);
}
Also used : ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) QName(javax.xml.namespace.QName) Element(org.w3c.dom.Element) Node(org.w3c.dom.Node) Document(org.w3c.dom.Document) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Example 9 with ConfigurationException

use of org.keycloak.saml.common.exceptions.ConfigurationException in project keycloak by keycloak.

the class SAML2LoginResponseBuilder method buildDocument.

public Document buildDocument(ResponseType responseType) throws ConfigurationException, ProcessingException {
    Document samlResponseDocument = null;
    try {
        SAML2Response docGen = new SAML2Response();
        samlResponseDocument = docGen.convert(responseType);
        if (logger.isTraceEnabled()) {
            logger.trace("SAML Response Document: " + DocumentUtil.asString(samlResponseDocument));
        }
    } catch (Exception e) {
        throw logger.samlAssertionMarshallError(e);
    }
    return samlResponseDocument;
}
Also used : SAML2Response(org.keycloak.saml.processing.api.saml.v2.response.SAML2Response) Document(org.w3c.dom.Document) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException) ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException)

Example 10 with ConfigurationException

use of org.keycloak.saml.common.exceptions.ConfigurationException in project keycloak by keycloak.

the class SAML2LogoutResponseBuilder method buildDocument.

public Document buildDocument() throws ProcessingException {
    Document samlResponse = null;
    try {
        StatusResponseType statusResponse = buildModel();
        SAML2Response saml2Response = new SAML2Response();
        samlResponse = saml2Response.convert(statusResponse);
    } catch (ConfigurationException e) {
        throw new ProcessingException(e);
    } catch (ParsingException e) {
        throw new ProcessingException(e);
    }
    return samlResponse;
}
Also used : ConfigurationException(org.keycloak.saml.common.exceptions.ConfigurationException) ParsingException(org.keycloak.saml.common.exceptions.ParsingException) SAML2Response(org.keycloak.saml.processing.api.saml.v2.response.SAML2Response) Document(org.w3c.dom.Document) StatusResponseType(org.keycloak.dom.saml.v2.protocol.StatusResponseType) ProcessingException(org.keycloak.saml.common.exceptions.ProcessingException)

Aggregations

ConfigurationException (org.keycloak.saml.common.exceptions.ConfigurationException)24 ProcessingException (org.keycloak.saml.common.exceptions.ProcessingException)20 ParsingException (org.keycloak.saml.common.exceptions.ParsingException)14 Document (org.w3c.dom.Document)14 AuthnRequestType (org.keycloak.dom.saml.v2.protocol.AuthnRequestType)8 IOException (java.io.IOException)7 Element (org.w3c.dom.Element)6 ResponseType (org.keycloak.dom.saml.v2.protocol.ResponseType)5 StatusResponseType (org.keycloak.dom.saml.v2.protocol.StatusResponseType)5 SAML2Request (org.keycloak.saml.processing.api.saml.v2.request.SAML2Request)5 SAMLDocumentHolder (org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder)5 ParserConfigurationException (javax.xml.parsers.ParserConfigurationException)4 Response (javax.ws.rs.core.Response)3 Test (org.junit.Test)3 VerificationException (org.keycloak.common.VerificationException)3 ClientModel (org.keycloak.models.ClientModel)3 SignatureAlgorithm (org.keycloak.saml.SignatureAlgorithm)3 JBossSAMLURIConstants (org.keycloak.saml.common.constants.JBossSAMLURIConstants)3 SAML2Response (org.keycloak.saml.processing.api.saml.v2.response.SAML2Response)3 ByteArrayInputStream (java.io.ByteArrayInputStream)2