[picketlink-commits] Picketlink SVN: r343 - in federation/trunk: picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp and 5 other directories.
picketlink-commits at lists.jboss.org
picketlink-commits at lists.jboss.org
Wed Aug 4 17:12:07 EDT 2010
Author: anil.saldhana at jboss.com
Date: 2010-08-04 17:12:05 -0400 (Wed, 04 Aug 2010)
New Revision: 343
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureGenerationHandler.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java
Log:
Set the Canonicalization Method right at the configuration
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2010-08-04 20:54:04 UTC (rev 342)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2010-08-04 21:12:05 UTC (rev 343)
@@ -55,6 +55,7 @@
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
+import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.saml.v2.assertion.EncryptedElementType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.web.util.RedirectBindingSignatureUtil;
@@ -108,6 +109,10 @@
keyManager.setAuthProperties( authProperties );
keyManager.setValidatingAlias(keyProvider.getValidatingAlias());
+ String canonicalizationMethod = idpConfiguration.getCanonicalizationMethod();
+
+ log.info( "IDPRedirectWithSignatureValve:: Setting the CanonicalizationMethod on XMLSignatureUtil::" + canonicalizationMethod );
+ XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod);
}
catch(Exception e)
{
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2010-08-04 20:54:04 UTC (rev 342)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2010-08-04 21:12:05 UTC (rev 343)
@@ -86,6 +86,7 @@
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
+import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
@@ -547,8 +548,7 @@
if(isPost)
{
//Validate
- SAML2Signature samlSignature = new SAML2Signature();
- samlSignature.setCanonicalizationMethod(canonicalizationMethod);
+ SAML2Signature samlSignature = new SAML2Signature();
if( ignoreIncomingSignatures == false && signOutgoingMessages == true )
{
@@ -892,6 +892,8 @@
if(trace) log.trace("Identity Provider URL=" + this.identityURL);
this.assertionValidity = idpConfiguration.getAssertionValidity();
this.canonicalizationMethod = idpConfiguration.getCanonicalizationMethod();
+ log.info( "IDPWebBrowserSSOValve:: Setting the CanonicalizationMethod on XMLSignatureUtil::" + canonicalizationMethod );
+ XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod);
//Get the attribute manager
String attributeManager = idpConfiguration.getAttributeManager();
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2010-08-04 20:54:04 UTC (rev 342)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2010-08-04 21:12:05 UTC (rev 343)
@@ -48,6 +48,7 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
+import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
@@ -157,6 +158,9 @@
this.identityURL = spConfiguration.getIdentityURL();
this.serviceURL = spConfiguration.getServiceURL();
this.canonicalizationMethod = spConfiguration.getCanonicalizationMethod();
+
+ log.info( "BaseFormAuthenticator:: Setting the CanonicalizationMethod on XMLSignatureUtil::" + canonicalizationMethod );
+ XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod);
if(trace) log.trace("Identity Provider URL=" + this.identityURL);
}
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2010-08-04 20:54:04 UTC (rev 342)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2010-08-04 21:12:05 UTC (rev 343)
@@ -120,8 +120,6 @@
//Sign the document
SAML2Signature samlSignature = new SAML2Signature();
KeyPair keypair = keyManager.getSigningKeyPair();
-
- samlSignature.setCanonicalizationMethod( this.canonicalizationMethod );
samlSignature.signSAMLDocument(samlDocument, keypair);
if(trace)
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java 2010-08-04 20:54:04 UTC (rev 342)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/sig/SAML2Signature.java 2010-08-04 21:12:05 UTC (rev 343)
@@ -57,8 +57,7 @@
public class SAML2Signature
{
private String signatureMethod = SignatureMethod.RSA_SHA1;
- private String digestMethod = DigestMethod.SHA1;
- private String canonicalizationMethod = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
+ private String digestMethod = DigestMethod.SHA1;
public String getSignatureMethod()
@@ -80,26 +79,8 @@
{
this.digestMethod = digestMethod;
}
-
+
/**
- * Get the configured XML DSIG CanonicalizationMethod
- * @return
- */
- public String getCanonicalizationMethod()
- {
- return canonicalizationMethod;
- }
-
- /**
- * Set the XML DSIG Canonicalization Method
- * @param canonicalizationMethod
- */
- public void setCanonicalizationMethod(String canonicalizationMethod)
- {
- this.canonicalizationMethod = canonicalizationMethod;
- }
-
- /**
* Sign an RequestType at the root
* @param request
* @param keypair Key Pair
@@ -231,9 +212,6 @@
"ID",
idValueOfAssertion);
- //Set the configured canonicalization method
- XMLSignatureUtil.setCanonicalizationMethodType( canonicalizationMethod );
-
return XMLSignatureUtil.sign(doc, assertionNode,
keypair,
digestMethod, signatureMethod,
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2010-08-04 20:54:04 UTC (rev 342)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/filters/SPFilter.java 2010-08-04 21:12:05 UTC (rev 343)
@@ -455,6 +455,9 @@
this.identityURL = spConfiguration.getIdentityURL();
this.serviceURL = spConfiguration.getServiceURL();
this.canonicalizationMethod = spConfiguration.getCanonicalizationMethod();
+
+ log.info( "SPFilter:: Setting the CanonicalizationMethod on XMLSignatureUtil::" + canonicalizationMethod );
+ XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod);
log.trace("Identity Provider URL=" + this.identityURL);
}
@@ -608,8 +611,7 @@
{
if(!ignoreSignatures)
{
- SAML2Signature samlSignature = new SAML2Signature();
- samlSignature.setCanonicalizationMethod( canonicalizationMethod );
+ SAML2Signature samlSignature = new SAML2Signature();
KeyPair keypair = keyManager.getSigningKeyPair();
samlSignature.signSAMLDocument(samlDocument, keypair);
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureGenerationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureGenerationHandler.java 2010-08-04 20:54:04 UTC (rev 342)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2SignatureGenerationHandler.java 2010-08-04 21:12:05 UTC (rev 343)
@@ -55,8 +55,7 @@
}
//Get the Key Pair
- KeyPair keypair = (KeyPair) this.handlerChainConfig.getParameter(GeneralConstants.KEYPAIR);
- String canonicalizationMethod = (String) this.handlerChainConfig.getParameter( GeneralConstants.CANONICALIZATION_METHOD );
+ KeyPair keypair = (KeyPair) this.handlerChainConfig.getParameter(GeneralConstants.KEYPAIR);
if(keypair == null)
{
@@ -64,7 +63,7 @@
throw new ProcessingException("KeyPair not found");
}
- sign(samlDocument, keypair, canonicalizationMethod );
+ sign(samlDocument, keypair );
}
public void handleRequestType(SAML2HandlerRequest request, SAML2HandlerResponse response) throws ProcessingException
@@ -81,9 +80,8 @@
//Get the Key Pair
KeyPair keypair = (KeyPair) this.handlerChainConfig.getParameter(GeneralConstants.KEYPAIR);
- String canonicalizationMethod = (String) this.handlerChainConfig.getParameter( GeneralConstants.CANONICALIZATION_METHOD );
-
- this.sign(responseDocument, keypair, canonicalizationMethod );
+
+ this.sign(responseDocument, keypair );
}
@Override
@@ -101,17 +99,14 @@
}
//Get the Key Pair
- KeyPair keypair = (KeyPair) this.handlerChainConfig.getParameter(GeneralConstants.KEYPAIR);
- String canonicalizationMethod = (String) this.handlerChainConfig.getParameter( GeneralConstants.CANONICALIZATION_METHOD );
-
- this.sign(responseDocument, keypair, canonicalizationMethod );
+ KeyPair keypair = (KeyPair) this.handlerChainConfig.getParameter(GeneralConstants.KEYPAIR);
+ this.sign(responseDocument, keypair );
}
- private void sign(Document samlDocument, KeyPair keypair, String canonicalizationMethod ) throws ProcessingException
+ private void sign(Document samlDocument, KeyPair keypair ) throws ProcessingException
{
- SAML2Signature samlSignature = new SAML2Signature();
- samlSignature.setCanonicalizationMethod(canonicalizationMethod);
+ SAML2Signature samlSignature = new SAML2Signature();
samlSignature.signSAMLDocument(samlDocument, keypair);
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2010-08-04 20:54:04 UTC (rev 342)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/servlets/IDPServlet.java 2010-08-04 21:12:05 UTC (rev 343)
@@ -73,6 +73,7 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler.HANDLER_TYPE;
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
+import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
@@ -153,6 +154,9 @@
this.assertionValidity = idpConfiguration.getAssertionValidity();
this.canonicalizationMethod = idpConfiguration.getCanonicalizationMethod();
+
+ log.info( "IDPServlet:: Setting the CanonicalizationMethod on XMLSignatureUtil::" + canonicalizationMethod );
+ XMLSignatureUtil.setCanonicalizationMethodType(canonicalizationMethod);
//Get the attribute manager
String attributeManager = idpConfiguration.getAttributeManager();
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java 2010-08-04 20:54:04 UTC (rev 342)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/util/IDPWebRequestUtil.java 2010-08-04 21:12:05 UTC (rev 343)
@@ -269,8 +269,7 @@
{
try
{
- SAML2Signature saml2Signature = new SAML2Signature();
- saml2Signature.setCanonicalizationMethod(canonicalizationMethod);
+ SAML2Signature saml2Signature = new SAML2Signature();
samlResponseDocument = saml2Signature.sign(responseType, keyManager.getSigningKeyPair());
}
catch (Exception e)
@@ -439,8 +438,7 @@
if(supportSignature)
{
//Sign the document
- SAML2Signature samlSignature = new SAML2Signature();
- samlSignature.setCanonicalizationMethod(canonicalizationMethod);
+ SAML2Signature samlSignature = new SAML2Signature();
KeyPair keypair = keyManager.getSigningKeyPair();
samlSignature.signSAMLDocument(responseDoc, keypair);
@@ -563,8 +561,7 @@
{
try
{
- SAML2Signature ss = new SAML2Signature();
- ss.setCanonicalizationMethod(canonicalizationMethod);
+ SAML2Signature ss = new SAML2Signature();
samlResponse = ss.sign(responseType, keyManager.getSigningKeyPair());
}
catch (Exception e)
More information about the picketlink-commits
mailing list