[picketlink-commits] Picketlink SVN: r1048 - in federation/trunk: picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request and 5 other directories.
picketlink-commits at lists.jboss.org
picketlink-commits at lists.jboss.org
Fri Jul 1 11:40:10 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-07-01 11:40:09 -0400 (Fri, 01 Jul 2011)
New Revision: 1048
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
Log:
PLFED-188: jaxp schema validation
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-06-30 23:50:05 UTC (rev 1047)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java 2011-07-01 15:40:09 UTC (rev 1048)
@@ -47,7 +47,6 @@
import org.picketlink.identity.federation.api.saml.v2.metadata.MetaDataExtractor;
import org.picketlink.identity.federation.core.config.SPType;
import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
-import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.exceptions.ProcessingException;
import org.picketlink.identity.federation.core.handler.config.Handlers;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
@@ -57,6 +56,7 @@
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain;
import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
import org.picketlink.identity.federation.core.util.CoreConfigUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
@@ -68,6 +68,7 @@
import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.util.ConfigurationUtil;
+import org.w3c.dom.Document;
/**
* Base Class for Service Provider Form Authenticators
@@ -313,13 +314,14 @@
if (is == null)
return;
- SAMLParser parser = new SAMLParser();
Object metadata = null;
try
{
- metadata = parser.parse(is);
+ Document samlDocument = DocumentUtil.getDocument(is);
+ SAMLParser parser = new SAMLParser();
+ metadata = parser.parse(DocumentUtil.getNodeAsStream(samlDocument));
}
- catch (ParsingException e)
+ catch (Exception e)
{
throw new RuntimeException(e);
}
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2011-06-30 23:50:05 UTC (rev 1047)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java 2011-07-01 15:40:09 UTC (rev 1048)
@@ -44,6 +44,7 @@
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
@@ -149,6 +150,7 @@
Document samlDocument = DocumentUtil.getDocument(is);
SAMLParser samlParser = new SAMLParser();
+ JAXPValidationUtil.checkSchemaValidation(samlDocument);
SAML2Object requestType = (SAML2Object) samlParser.parse(DocumentUtil.getNodeAsStream(samlDocument));
samlDocumentHolder = new SAMLDocumentHolder(requestType, samlDocument);
@@ -173,6 +175,7 @@
Document samlDocument = DocumentUtil.getDocument(is);
SAMLParser samlParser = new SAMLParser();
+ JAXPValidationUtil.checkSchemaValidation(samlDocument);
RequestAbstractType requestType = (RequestAbstractType) samlParser.parse(DocumentUtil
.getNodeAsStream(samlDocument));
@@ -198,6 +201,8 @@
Document samlDocument = DocumentUtil.getDocument(is);
SAMLParser samlParser = new SAMLParser();
+ JAXPValidationUtil.checkSchemaValidation(samlDocument);
+
AuthnRequestType requestType = (AuthnRequestType) samlParser.parse(DocumentUtil.getNodeAsStream(samlDocument));
samlDocumentHolder = new SAMLDocumentHolder(requestType, samlDocument);
return requestType;
Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
--- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2011-06-30 23:50:05 UTC (rev 1047)
+++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2011-07-01 15:40:09 UTC (rev 1048)
@@ -54,6 +54,7 @@
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.saml.v2.SAML2Object;
import org.picketlink.identity.federation.saml.v2.assertion.ActionType;
@@ -276,15 +277,21 @@
* @param is
* @return
* @throws ParsingException
+ * @throws ProcessingException
+ * @throws ConfigurationException
*/
- public EncryptedAssertionType getEncryptedAssertion(InputStream is) throws ParsingException
+ public EncryptedAssertionType getEncryptedAssertion(InputStream is) throws ParsingException, ConfigurationException,
+ ProcessingException
{
if (is == null)
throw new IllegalArgumentException("inputstream is null");
+ Document samlDocument = DocumentUtil.getDocument(is);
SAMLParser samlParser = new SAMLParser();
- return (EncryptedAssertionType) samlParser.parse(is);
+ JAXPValidationUtil.checkSchemaValidation(samlDocument);
+ return (EncryptedAssertionType) samlParser.parse(DocumentUtil.getNodeAsStream(samlDocument));
+
}
/**
@@ -292,14 +299,19 @@
* @param is
* @return
* @throws ParsingException
+ * @throws ProcessingException
+ * @throws ConfigurationException
*/
- public AssertionType getAssertionType(InputStream is) throws ParsingException
+ public AssertionType getAssertionType(InputStream is) throws ParsingException, ConfigurationException,
+ ProcessingException
{
if (is == null)
throw new IllegalArgumentException("inputstream is null");
+ Document samlDocument = DocumentUtil.getDocument(is);
SAMLParser samlParser = new SAMLParser();
- return (AssertionType) samlParser.parse(is);
+ JAXPValidationUtil.checkSchemaValidation(samlDocument);
+ return (AssertionType) samlParser.parse(DocumentUtil.getNodeAsStream(samlDocument));
}
/**
@@ -327,6 +339,8 @@
Document samlResponseDocument = DocumentUtil.getDocument(is);
SAMLParser samlParser = new SAMLParser();
+ JAXPValidationUtil.checkSchemaValidation(samlResponseDocument);
+
ResponseType responseType = (ResponseType) samlParser.parse(DocumentUtil.getNodeAsStream(samlResponseDocument));
samlDocumentHolder = new SAMLDocumentHolder(responseType, samlResponseDocument);
@@ -353,6 +367,8 @@
log.trace("RESPONSE=" + DocumentUtil.asString(samlResponseDocument));
SAMLParser samlParser = new SAMLParser();
+ JAXPValidationUtil.checkSchemaValidation(samlResponseDocument);
+
InputStream responseStream = DocumentUtil.getNodeAsStream(samlResponseDocument);
SAML2Object responseType = (SAML2Object) samlParser.parse(responseStream);
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2011-06-30 23:50:05 UTC (rev 1047)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2011-07-01 15:40:09 UTC (rev 1048)
@@ -46,11 +46,12 @@
import org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
import org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType;
import org.picketlink.identity.federation.saml.v2.protocol.XACMLAuthzDecisionQueryType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType;
import org.w3c.dom.Node;
/**
@@ -94,6 +95,9 @@
{
XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader(DocumentUtil.getNodeAsStream(samlResponse));
SAMLParser samlParser = new SAMLParser();
+
+ JAXPValidationUtil.checkSchemaValidation(samlResponse);
+
org.picketlink.identity.federation.saml.v2.protocol.ResponseType response = (org.picketlink.identity.federation.saml.v2.protocol.ResponseType) samlParser
.parse(xmlEventReader);
List<RTChoiceType> choices = response.getAssertions();
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java 2011-06-30 23:50:05 UTC (rev 1047)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java 2011-07-01 15:40:09 UTC (rev 1048)
@@ -34,6 +34,9 @@
import javax.xml.validation.Validator;
import org.apache.log4j.Logger;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.w3c.dom.Node;
import org.xml.sax.ErrorHandler;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;
@@ -63,6 +66,27 @@
validator().validate(new StreamSource(stream));
}
+ /**
+ * Based on system property "picketlink.schema.validate" set to "true",
+ * do schema validation
+ * @param samlDocument
+ * @throws ProcessingException
+ */
+ public static void checkSchemaValidation(Node samlDocument) throws ProcessingException
+ {
+ if (SecurityActions.getSystemProperty("picketlink.schema.validate", "false").equalsIgnoreCase("true"))
+ {
+ try
+ {
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(samlDocument));
+ }
+ catch (Exception e)
+ {
+ throw new ProcessingException(e);
+ }
+ }
+ }
+
public static Validator validator() throws SAXException, IOException
{
String schemaFactoryProperty = "javax.xml.validation.SchemaFactory:" + XMLConstants.W3C_XML_SCHEMA_NS_URI;
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java 2011-06-30 23:50:05 UTC (rev 1047)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java 2011-07-01 15:40:09 UTC (rev 1048)
@@ -32,6 +32,7 @@
import org.picketlink.identity.federation.core.saml.v1.writers.SAML11AssertionWriter;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
@@ -130,6 +131,8 @@
ConfigurationException, ParsingException
{
SAMLParser samlParser = new SAMLParser();
+
+ JAXPValidationUtil.checkSchemaValidation(assertionElement);
AssertionType assertion = (AssertionType) samlParser.parse(DocumentUtil.getNodeAsStream(assertionElement));
return assertion;
}
@@ -143,6 +146,8 @@
public static SAML11AssertionType saml11FromElement(Element assertionElement) throws GeneralSecurityException
{
SAMLParser samlParser = new SAMLParser();
+
+ JAXPValidationUtil.checkSchemaValidation(assertionElement);
return (SAML11AssertionType) samlParser.parse(DocumentUtil.getNodeAsStream(assertionElement));
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-06-30 23:50:05 UTC (rev 1047)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-07-01 15:40:09 UTC (rev 1048)
@@ -55,22 +55,23 @@
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.saml.v2.assertion.AuthnStatementType;
import org.picketlink.identity.federation.saml.v2.assertion.EncryptedAssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
-import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
import org.picketlink.identity.federation.saml.v2.assertion.SubjectType.STSubType;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType;
import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType;
import org.picketlink.identity.federation.web.constants.GeneralConstants;
import org.picketlink.identity.federation.web.core.HTTPContext;
import org.picketlink.identity.federation.web.core.IdentityServer;
@@ -414,6 +415,8 @@
Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(newDoc, privateKey);
SAMLParser parser = new SAMLParser();
+
+ JAXPValidationUtil.checkSchemaValidation(decryptedDocumentElement);
AssertionType assertion = (AssertionType) parser.parse(StaxParserUtil.getXMLEventReader(DocumentUtil
.getNodeAsStream(decryptedDocumentElement)));
More information about the picketlink-commits
mailing list