[jboss-identity-commits] JBoss Identity SVN: r220 - in identity-federation/trunk: identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp and 4 other directories.
jboss-identity-commits at lists.jboss.org
jboss-identity-commits at lists.jboss.org
Thu Jan 15 23:49:18 EST 2009
Author: anil.saldhana at jboss.com
Date: 2009-01-15 23:49:18 -0500 (Thu, 15 Jan 2009)
New Revision: 220
Added:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/SecurityActions.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SecurityActions.java
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java
Modified:
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/HTTPRedirectUtil.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java
identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/KeyStoreUtil.java
identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java
identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java
Log:
support jboss registration
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-01-15 18:28:01 UTC (rev 219)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-01-16 04:49:18 UTC (rev 220)
@@ -124,6 +124,7 @@
catch (Exception e)
{
log.error("Exception:" ,e);
+ e.printStackTrace();
throw new ServletException(e.getLocalizedMessage());
}
}
@@ -151,7 +152,7 @@
ResponseType responseType = null;
String samlMessage = getSAMLMessage(request);
- InputStream is = RedirectBindingUtil.urlBase64DeflateDecode(samlMessage);
+ InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
SAML2Request saml2Request = new SAML2Request();
AuthnRequestType authnRequestType = saml2Request.getAuthnRequestType(is);
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-01-15 18:28:01 UTC (rev 219)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-01-16 04:49:18 UTC (rev 220)
@@ -21,7 +21,12 @@
*/
package org.jboss.identity.federation.bindings.tomcat.idp;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.net.URL;
import java.security.KeyStore;
+import java.security.PrivateKey;
import java.security.PublicKey;
import org.apache.catalina.connector.Request;
@@ -38,6 +43,7 @@
*/
public class IDPRedirectWithSignatureValve extends IDPRedirectValve
{
+ private String keyStorePass;
private String keyStore;
private char[] keypass;
private String alias;
@@ -47,8 +53,13 @@
this.keyStore = keyStore;
}
- public void setKeyStorePassword(String keypass)
+ public void setKeyStorePass(String ksPass)
{
+ this.keyStorePass = ksPass;
+ }
+
+ public void setKeyPass(String keypass)
+ {
this.keypass = keypass.toCharArray();
}
@@ -88,9 +99,44 @@
return isValid;
}
- private PublicKey getValidatingKey() throws Exception
+ private InputStream getKeyStoreInputStream()
{
- KeyStore ks = KeyStoreUtil.getKeyStore(keyStore, keypass);
+ InputStream is = null;
+
+ try
+ {
+ //Try the file method
+ File file = new File(keyStore);
+ is = new FileInputStream(file);
+ }
+ catch(Exception e)
+ {
+ try
+ {
+ URL url = new URL(keyStore);
+ is = url.openStream();
+ }
+ catch(Exception ex)
+ {
+ is = SecurityActions.getContextClassLoader().getResourceAsStream(keyStore);
+ }
+ }
+ if(is == null)
+ throw new RuntimeException("Keystore not located");
+ return is;
+ }
+
+ protected PrivateKey getSigningKey() throws Exception
+ {
+ InputStream is = this.getKeyStoreInputStream();
+ KeyStore ks = KeyStoreUtil.getKeyStore(is, keypass);
+ return (PrivateKey) ks.getKey(alias, keypass);
+ }
+
+ protected PublicKey getValidatingKey() throws Exception
+ {
+ InputStream is = this.getKeyStoreInputStream();
+ KeyStore ks = KeyStoreUtil.getKeyStore(is, keyStorePass.toCharArray());
return KeyStoreUtil.getPublicKey(ks, alias, keypass);
}
}
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/SecurityActions.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/SecurityActions.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/SecurityActions.java 2009-01-16 04:49:18 UTC (rev 220)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.idp;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Dec 9, 2008
+ */
+class SecurityActions
+{
+ /**
+ * Get the Thread Context ClassLoader
+ * @return
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-01-15 18:28:01 UTC (rev 219)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-01-16 04:49:18 UTC (rev 220)
@@ -24,8 +24,15 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.lang.reflect.Method;
import java.security.Principal;
+import java.security.acl.Group;
+import java.util.Collections;
+import java.util.Enumeration;
+import java.util.HashSet;
+import java.util.Set;
+import javax.security.auth.Subject;
import javax.servlet.ServletException;
import org.apache.catalina.Session;
@@ -34,6 +41,7 @@
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.realm.GenericPrincipal;
import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
@@ -89,7 +97,7 @@
Principal p = process(request,response);
if(p == null)
{
- String destination = createSAMLRequestMessage("someuser", relayState, response);
+ String destination = createSAMLRequestMessage( relayState, response);
HTTPRedirectUtil.sendRedirectForRequestor(destination, response);
return false;
@@ -100,6 +108,10 @@
session.setNote(Constants.SESS_PASSWORD_NOTE, password);
request.setUserPrincipal(p);
register(request, response, p, Constants.FORM_METHOD, username, password);
+
+ //Also register in JBoss SecurityAssociation
+ this.registerInJBoss(p);
+
return true;
}
catch(AssertionExpiredException aie)
@@ -107,7 +119,7 @@
log.debug("Assertion has expired. Issuing a new saml2 request to the IDP");
try
{
- String destination = createSAMLRequestMessage("someuser", relayState, response);
+ String destination = createSAMLRequestMessage( relayState, response);
HTTPRedirectUtil.sendRedirectForRequestor(destination, response);
}
catch (Exception e)
@@ -129,7 +141,7 @@
return super.authenticate(request, response, loginConfig);
}
- protected String createSAMLRequestMessage(String username, String relayState, Response response)
+ protected String createSAMLRequestMessage(String relayState, Response response)
throws Exception
{
//create a saml request
@@ -180,4 +192,92 @@
}
return userPrincipal;
}
+
+ /**
+ * JBoss specific code that uses reflection
+ */
+ private void registerInJBoss(Principal gp)
+ {
+ if(gp instanceof GenericPrincipal == false)
+ {
+ log.error("Principal is not of type GenericPrincipal. So cannot get to roles");
+ return;
+ }
+
+ String sa = "org.jboss.security.SecurityAssociation";
+ try
+ {
+ Class<?> securityAssociationClass = SecurityActions.getContextClassLoader().loadClass(sa);
+ Method m = securityAssociationClass.getDeclaredMethod("setSubject", new Class[] {Subject.class});
+ Subject subject = this.getJBossSubjectFromTomcatPrincipal(gp);
+ m.invoke(null, subject);
+ }
+ catch(Exception e)
+ {
+ log.trace("Not a JBoss environment. So not registering in SecurityAssociation");
+ }
+ }
+
+ private Subject getJBossSubjectFromTomcatPrincipal(final Principal principal)
+ {
+ GenericPrincipal gp = (GenericPrincipal) principal;
+ final String[] roles = gp.getRoles();
+ final Set<Principal> rolePrincipals = new HashSet<Principal>();
+
+ for(final String role : roles)
+ {
+ rolePrincipals.add(new Principal()
+ {
+ public String getName()
+ {
+ return role;
+ }
+ });
+ }
+
+ Subject subject = new Subject();
+
+ Principal userPrincipal = new Principal()
+ {
+ public String getName()
+ {
+ return principal.getName();
+ }
+ };
+ subject.getPrincipals().add(userPrincipal);
+
+ //Add the role group
+ Group roleGroup = new Group()
+ {
+ public boolean addMember(Principal user)
+ {
+ return rolePrincipals.add(user);
+ }
+
+ public boolean isMember(Principal member)
+ {
+ return rolePrincipals.contains(member);
+ }
+
+ public Enumeration<? extends Principal> members()
+ {
+ return Collections.enumeration(rolePrincipals);
+ }
+
+ public boolean removeMember(Principal user)
+ {
+ return rolePrincipals.remove(user);
+ }
+
+ public String getName()
+ {
+ return "Roles";
+ }
+ };
+
+ subject.getPrincipals().add(roleGroup);
+
+ return subject;
+ }
+
}
\ No newline at end of file
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-01-15 18:28:01 UTC (rev 219)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-01-16 04:49:18 UTC (rev 220)
@@ -21,8 +21,13 @@
*/
package org.jboss.identity.federation.bindings.tomcat.sp;
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.InputStream;
+import java.net.URL;
import java.security.KeyStore;
import java.security.PrivateKey;
+import java.security.PublicKey;
import org.jboss.identity.federation.bindings.util.RedirectBindingSignatureUtil;
import org.jboss.identity.federation.bindings.util.cert.KeyStoreUtil;
@@ -38,14 +43,20 @@
private String keyStore;
private char[] keypass;
private String alias;
+ private String keyStorePass;
public void setKeyStore(String keyStore)
{
this.keyStore = keyStore;
}
- public void setKeyStorePassword(String keypass)
+ public void setKeyStorePass(String keyStorePass)
{
+ this.keyStorePass = keyStorePass;
+ }
+
+ public void setKeyPass(String keypass)
+ {
this.keypass = keypass.toCharArray();
}
@@ -59,14 +70,57 @@
{
try
{
- //Get the signing key
- KeyStore ks = KeyStoreUtil.getKeyStore(keyStore, keypass);
- PrivateKey signingKey = (PrivateKey) ks.getKey(alias, keypass);
- return RedirectBindingSignatureUtil.getSAMLRequestURLWithSignature(urlEncodedRequest, urlEncodedRelayState, signingKey);
+ //Get the signing key
+ PrivateKey signingKey = getSigningKey();
+ StringBuffer sb = new StringBuffer();
+ String url = RedirectBindingSignatureUtil.getSAMLRequestURLWithSignature(urlEncodedRequest, urlEncodedRelayState, signingKey);
+ sb.append("?").append(url);
+ return sb.toString();
}
catch(Exception e)
{
throw new RuntimeException(e);
}
- }
+ }
+
+ private InputStream getKeyStoreInputStream()
+ {
+ InputStream is = null;
+
+ try
+ {
+ //Try the file method
+ File file = new File(keyStore);
+ is = new FileInputStream(file);
+ }
+ catch(Exception e)
+ {
+ try
+ {
+ URL url = new URL(keyStore);
+ is = url.openStream();
+ }
+ catch(Exception ex)
+ {
+ is = SecurityActions.getContextClassLoader().getResourceAsStream(keyStore);
+ }
+ }
+ if(is == null)
+ throw new RuntimeException("Keystore not located");
+ return is;
+ }
+
+ protected PrivateKey getSigningKey() throws Exception
+ {
+ InputStream is = this.getKeyStoreInputStream();
+ KeyStore ks = KeyStoreUtil.getKeyStore(is, keyStorePass.toCharArray());
+ return (PrivateKey) ks.getKey(alias, keypass);
+ }
+
+ protected PublicKey getValidatingKey() throws Exception
+ {
+ InputStream is = this.getKeyStoreInputStream();
+ KeyStore ks = KeyStoreUtil.getKeyStore(is, keyStorePass.toCharArray());
+ return KeyStoreUtil.getPublicKey(ks, alias, keypass);
+ }
}
\ No newline at end of file
Added: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SecurityActions.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SecurityActions.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SecurityActions.java 2009-01-16 04:49:18 UTC (rev 220)
@@ -0,0 +1,48 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.sp;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+
+/**
+ * Privileged Blocks
+ * @author Anil.Saldhana at redhat.com
+ * @since Dec 9, 2008
+ */
+class SecurityActions
+{
+ /**
+ * Get the Thread Context ClassLoader
+ * @return
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+}
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/HTTPRedirectUtil.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/HTTPRedirectUtil.java 2009-01-15 18:28:01 UTC (rev 219)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/HTTPRedirectUtil.java 2009-01-16 04:49:18 UTC (rev 220)
@@ -44,11 +44,8 @@
public static void sendRedirectForRequestor(String destination, HttpServletResponse response)
throws IOException
{
- response.setCharacterEncoding("UTF-8");
- response.setHeader("Location", destination);
-
- response.setHeader("Cache-Control", "no-cache, no-store");
- response.setHeader("Pragma", "no-cache");
+ common(destination, response);
+ response.setHeader("Cache-Control", "no-cache, no-store");
sendRedirect(response,destination);
}
@@ -58,16 +55,18 @@
public static void sendRedirectForResponder(String destination, HttpServletResponse response)
throws IOException
{
- response.setCharacterEncoding("UTF-8");
- response.setHeader("Location", destination);
-
- //Add couple of headers for responders to get away from caching with http proxies
+ common(destination, response);
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate,private");
- response.setHeader("Pragma", "no-cache");
-
sendRedirect(response,destination);
}
+ private static void common(String destination, HttpServletResponse response)
+ {
+ response.setCharacterEncoding("UTF-8");
+ response.setHeader("Location", destination);
+ response.setHeader("Pragma", "no-cache");
+ }
+
private static void sendRedirect(HttpServletResponse response, String destination) throws IOException
{
response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java 2009-01-15 18:28:01 UTC (rev 219)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java 2009-01-16 04:49:18 UTC (rev 220)
@@ -36,6 +36,28 @@
public class RedirectBindingUtil
{
/**
+ * URL encode the string
+ * @param str
+ * @return
+ * @throws Exception
+ */
+ public static String urlEncode(String str) throws Exception
+ {
+ return URLEncoder.encode(str, "UTF-8");
+ }
+
+ /**
+ * URL decode the string
+ * @param str
+ * @return
+ * @throws Exception
+ */
+ public static String urlDecode(String str) throws Exception
+ {
+ return URLDecoder.decode(str, "UTF-8");
+ }
+
+ /**
* On the byte array, apply base64 encoding following by URL encoding
* @param stringToEncode
* @return
@@ -44,7 +66,7 @@
public static String base64URLEncode(byte[] stringToEncode) throws Exception
{
String base64Request = Base64.encodeBytes(stringToEncode, Base64.DONT_BREAK_LINES);
- return URLEncoder.encode(base64Request, "UTF-8");
+ return urlEncode(base64Request);
}
/**
@@ -55,7 +77,7 @@
*/
public static byte[] urlBase64Decode(String encodedString) throws Exception
{
- String decodedString = URLDecoder.decode(encodedString, "UTF-8");
+ String decodedString = urlDecode(encodedString);
return Base64.decode(decodedString);
}
@@ -93,4 +115,16 @@
byte[] deflatedString = urlBase64Decode(encodedString);
return DeflateUtil.decode(deflatedString);
}
+
+ /**
+ * Base64 decode followed by Deflate decoding
+ * @param encodedString
+ * @return
+ * @throws Exception
+ */
+ public static InputStream base64DeflateDecode(String encodedString) throws Exception
+ {
+ byte[] base64decodedMsg = Base64.decode(encodedString);
+ return DeflateUtil.decode(base64decodedMsg);
+ }
}
\ No newline at end of file
Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/KeyStoreUtil.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/KeyStoreUtil.java 2009-01-15 18:28:01 UTC (rev 219)
+++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/KeyStoreUtil.java 2009-01-16 04:49:18 UTC (rev 220)
@@ -45,53 +45,53 @@
/**
* Get the Keystore given the url to the keystore file as a string
* @param fileURL
- * @param password
+ * @param storePass
* @return
* @throws GeneralSecurityException
* @throws IOException
*/
- public static KeyStore getKeyStore(String fileURL, char[] password) throws GeneralSecurityException, IOException
+ public static KeyStore getKeyStore(String fileURL, char[] storePass) throws GeneralSecurityException, IOException
{
if(fileURL == null)
throw new IllegalArgumentException("fileURL is null");
File file = new File(fileURL);
FileInputStream fis = new FileInputStream(file);
- return getKeyStore(fis,password);
+ return getKeyStore(fis,storePass);
}
/**
* Get the Keystore given the URL to the keystore
* @param url
- * @param password
+ * @param storePass
* @return
* @throws GeneralSecurityException
* @throws IOException
*/
- public static KeyStore getKeyStore(URL url, char[] password) throws GeneralSecurityException, IOException
+ public static KeyStore getKeyStore(URL url, char[] storePass) throws GeneralSecurityException, IOException
{
if(url == null)
throw new IllegalArgumentException("url is null");
- return getKeyStore(url.openStream(), password);
+ return getKeyStore(url.openStream(), storePass);
}
/**
* Get the Key Store
* <b>Note:</b> This method wants the InputStream to be not null.
* @param ksStream
- * @param password
+ * @param storePass
* @return
* @throws GeneralSecurityException
* @throws IOException
* @throws IllegalArgumentException if ksStream is null
*/
- public static KeyStore getKeyStore(InputStream ksStream, char[] password) throws GeneralSecurityException, IOException
+ public static KeyStore getKeyStore(InputStream ksStream, char[] storePass) throws GeneralSecurityException, IOException
{
if(ksStream == null)
throw new IllegalArgumentException("InputStream for the KeyStore is null");
KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
- ks.load(ksStream, password);
+ ks.load(ksStream, storePass);
return ks;
}
Modified: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2009-01-15 18:28:01 UTC (rev 219)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2009-01-16 04:49:18 UTC (rev 220)
@@ -41,7 +41,11 @@
*/
public class RedirectBindingSignatureUtilTestCase extends TestCase
{
- public void testUseCase() throws Exception
+ /**
+ * Test the encoding/decoding of a SAML2 AuthnRequest with signature support
+ * @throws Exception
+ */
+ public void testSigUseCase() throws Exception
{
AuthnRequestType authnRequest = JBossSAMLAuthnRequestFactory.createAuthnRequestType(
IDGenerator.create("ID_"), "http://sp", "http://idp", "http://sp");
Added: identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java
===================================================================
--- identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java (rev 0)
+++ identity-federation/trunk/identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2009-01-16 04:49:18 UTC (rev 220)
@@ -0,0 +1,84 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.bindings.util;
+
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.io.StringWriter;
+
+import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
+import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+
+import junit.framework.TestCase;
+
+/**
+ * Unit Test the RedirectBindingUtil
+ * @author Anil.Saldhana at redhat.com
+ * @since Jan 15, 2009
+ */
+public class RedirectBindingUtilTestCase extends TestCase
+{
+ /**
+ * Test the encoding/decoding of a SAML2 AuthnRequest
+ * @throws Exception
+ */
+ public void testRegularRedirectBindingUseCaseWithStringWriter() throws Exception
+ {
+ AuthnRequestType authnRequest = JBossSAMLAuthnRequestFactory.createAuthnRequestType(
+ IDGenerator.create("ID_"), "http://sp", "http://idp", "http://sp");
+
+ StringWriter sw = new StringWriter();
+ SAML2Request saml2Request = new SAML2Request();
+ saml2Request.marshall(authnRequest, sw);
+
+ String request = RedirectBindingUtil.deflateBase64URLEncode(sw.toString());
+
+ InputStream is = RedirectBindingUtil.urlBase64DeflateDecode(request);
+
+ AuthnRequestType parsed = saml2Request.getAuthnRequestType(is);
+ assertNotNull("Parsed request is not null", parsed);
+ }
+
+ /**
+ * Test the encoding/decoding of a SAML2 AuthnRequest (Use of ByteArrayOutputStream)
+ * @throws Exception
+ */
+ public void testRegularRedirectBindingUseCaseWithByteArray() throws Exception
+ {
+ AuthnRequestType authnRequest = JBossSAMLAuthnRequestFactory.createAuthnRequestType(
+ IDGenerator.create("ID_"), "http://sp", "http://idp", "http://sp");
+
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAML2Request saml2Request = new SAML2Request();
+ saml2Request.marshall(authnRequest, baos);
+
+ String request = RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
+
+ InputStream is = RedirectBindingUtil.urlBase64DeflateDecode(request);
+
+ AuthnRequestType parsed = saml2Request.getAuthnRequestType(is);
+ assertNotNull("Parsed request is not null", parsed);
+ }
+}
\ No newline at end of file
Modified: identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java
===================================================================
--- identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java 2009-01-15 18:28:01 UTC (rev 219)
+++ identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java 2009-01-16 04:49:18 UTC (rev 220)
@@ -23,6 +23,8 @@
import java.io.InputStream;
import java.io.StringWriter;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
import junit.framework.TestCase;
@@ -54,12 +56,14 @@
String base64Request = Base64.encodeBytes(deflatedMsg, Base64.DONT_BREAK_LINES);
+ base64Request = URLEncoder.encode(base64Request, "UTF-8");
+
//Decode
- byte[] decodedMessage = Base64.decode(base64Request);
+ String urlDecodedMsg = URLDecoder.decode(base64Request, "UTF-8");
+ byte[] decodedMessage = Base64.decode(urlDecodedMsg);
InputStream is = DeflateUtil.decode(decodedMessage);
AuthnRequestType decodedRequestType = request.getAuthnRequestType(is);
assertNotNull(decodedRequestType);
- }
-
+ }
}
\ No newline at end of file
More information about the jboss-identity-commits
mailing list