[picketlink-commits] Picketlink SVN: r1050 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util and 2 other directories.
picketlink-commits at lists.jboss.org
picketlink-commits at lists.jboss.org
Fri Jul 1 12:57:00 EDT 2011
Author: anil.saldhana at jboss.com
Date: 2011-07-01 12:56:59 -0400 (Fri, 01 Jul 2011)
New Revision: 1050
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML11TokenProvider.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectConfirmationType.java
Log:
PLFED-194: saml 1.1 token provider
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java 2011-07-01 16:24:49 UTC (rev 1049)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java 2011-07-01 16:56:59 UTC (rev 1050)
@@ -215,7 +215,7 @@
{
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
String method = StaxParserUtil.getElementText(xmlEventReader);
- subjectConfirmationType.addConfirmation(URI.create(method));
+ subjectConfirmationType.addConfirmationMethod(URI.create(method));
}
else if (startTag.equals(JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get()))
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-07-01 16:24:49 UTC (rev 1049)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-07-01 16:56:59 UTC (rev 1050)
@@ -37,6 +37,7 @@
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.core.util.XMLSignatureUtil;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
@@ -256,6 +257,37 @@
}
/**
+ * Check whether the assertion has expired
+ * @param assertion
+ * @return
+ * @throws ConfigurationException
+ */
+ public static boolean hasExpired(SAML11AssertionType assertion) throws ConfigurationException
+ {
+ boolean expiry = false;
+
+ //Check for validity of assertion
+ SAML11ConditionsType conditionsType = assertion.getConditions();
+ if (conditionsType != null)
+ {
+ XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant();
+ XMLGregorianCalendar notBefore = conditionsType.getNotBefore();
+ XMLGregorianCalendar notOnOrAfter = conditionsType.getNotOnOrAfter();
+ if (trace)
+ log.trace("Now=" + now.toXMLFormat() + " ::notBefore=" + notBefore.toXMLFormat() + "::notOnOrAfter="
+ + notOnOrAfter);
+ expiry = !XMLTimeUtil.isValid(now, notBefore, notOnOrAfter);
+ if (expiry)
+ {
+ log.info("Assertion has expired with id=" + assertion.getID());
+ }
+ }
+
+ //TODO: if conditions do not exist, assume the assertion to be everlasting?
+ return expiry;
+ }
+
+ /**
* Extract the expiration time from an {@link AssertionType}
* @param assertion
* @return
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML11TokenProvider.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML11TokenProvider.java 2011-07-01 16:24:49 UTC (rev 1049)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML11TokenProvider.java 2011-07-01 16:56:59 UTC (rev 1050)
@@ -35,7 +35,6 @@
import org.picketlink.identity.federation.core.saml.v1.SAML11Constants;
import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil;
import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
import org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider;
@@ -48,13 +47,12 @@
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11AudienceRestrictionCondition;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11NameIdentifierType;
import org.picketlink.identity.federation.saml.v1.assertion.SAML11StatementAbstractType;
-import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
-import org.picketlink.identity.federation.saml.v2.assertion.KeyInfoConfirmationDataType;
-import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectConfirmationType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType;
+import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType.SAML11SubjectTypeChoice;
import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
import org.picketlink.identity.federation.ws.policy.AppliesTo;
import org.picketlink.identity.federation.ws.trust.RequestedReferenceType;
import org.picketlink.identity.federation.ws.trust.StatusType;
@@ -63,7 +61,7 @@
/**
* <p>
- * A {@code SecurityTokenProvider} implementation that handles WS-Trust SAML 2.0 token requests.
+ * A {@code SecurityTokenProvider} implementation that handles WS-Trust SAML 1.1 token requests.
* </p>
*
* @author <a href="mailto:sguilhen at redhat.com">Stefan Guilhen</a>
@@ -131,10 +129,10 @@
throw new ProcessingException("Invalid cancel request: missing required CancelTarget");
Element assertionElement = (Element) token.getFirstChild();
if (!this.isAssertion(assertionElement))
- throw new ProcessingException("CancelTarget doesn't not contain a SAMLV2.0 assertion");
+ throw new ProcessingException("CancelTarget doesn't not contain a SAMLV1.1 assertion");
// get the assertion ID and add it to the canceled assertions set.
- String assertionId = assertionElement.getAttribute("ID");
+ String assertionId = assertionElement.getAttribute(SAML11Constants.ASSERTIONID);
this.revocationRegistry.revokeToken(SAMLUtil.SAML11_TOKEN_TYPE, assertionId);
}
@@ -171,7 +169,10 @@
Principal principal = context.getCallerPrincipal();
String confirmationMethod = null;
- KeyInfoConfirmationDataType keyInfoDataType = null;
+ //KeyInfoConfirmationDataType keyInfoDataType = null;
+
+ Element keyInfo = null;
+
// if there is a on-behalf-of principal, we have the sender vouches confirmation method.
if (context.getOnBehalfOfPrincipal() != null)
{
@@ -182,19 +183,31 @@
else if (context.getProofTokenInfo() != null)
{
confirmationMethod = SAMLUtil.SAML11_HOLDER_OF_KEY_URI;
- keyInfoDataType = SAMLAssertionFactory.createKeyInfoConfirmation(context.getProofTokenInfo());
+ //keyInfoDataType = SAMLAssertionFactory.createKeyInfoConfirmation(context.getProofTokenInfo());
+ keyInfo = (Element) context.getProofTokenInfo().getContent().get(0);
}
else
confirmationMethod = SAMLUtil.SAML11_BEARER_URI;
- SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null,
- confirmationMethod, keyInfoDataType);
+ /* SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null,
+ confirmationMethod, keyInfoDataType);
+ */
+ SAML11SubjectConfirmationType subjectConfirmation = new SAML11SubjectConfirmationType();
+ subjectConfirmation.addConfirmationMethod(URI.create(confirmationMethod));
+ if (keyInfo != null)
+ subjectConfirmation.setKeyInfo(keyInfo);
// create a subject using the caller principal or on-behalf-of principal.
String subjectName = principal == null ? "ANONYMOUS" : principal.getName();
- NameIDType nameID = SAMLAssertionFactory.createNameID(null, "urn:picketlink:identity-federation", subjectName);
- SubjectType subject = SAMLAssertionFactory.createSubject(nameID, subjectConfirmation);
+ SAML11NameIdentifierType nameID = new SAML11NameIdentifierType();
+ nameID.setNameQualifier("urn:picketlink:identity-federation");
+ nameID.setValue(subjectName);
+ SAML11SubjectTypeChoice subjectChoice = new SAML11SubjectTypeChoice(nameID);
+ SAML11SubjectType subject = new SAML11SubjectType();
+ subject.setChoice(subjectChoice);
+ subject.setSubjectConfirmation(subjectConfirmation);
+
// create the attribute statements if necessary.
List<StatementAbstractType> statements = null;
Map<String, Object> claimedAttributes = context.getClaimedAttributes();
@@ -203,6 +216,8 @@
statements = new ArrayList<StatementAbstractType>();
statements.add(StatementUtil.createAttributeStatement(claimedAttributes));
}
+ throw new RuntimeException("Implement");
+
/*
// create the SAML assertion.
NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer());
@@ -341,7 +356,7 @@
String code = WSTrustConstants.STATUS_CODE_VALID;
String reason = "SAMLV2.0 Assertion successfuly validated";
- AssertionType assertion = null;
+ SAML11AssertionType assertion = null;
Element assertionElement = (Element) token.getFirstChild();
if (!this.isAssertion(assertionElement))
{
@@ -352,7 +367,7 @@
{
try
{
- assertion = SAMLUtil.fromElement(assertionElement);
+ assertion = SAMLUtil.saml11FromElement(assertionElement);
}
catch (Exception e)
{
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectConfirmationType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectConfirmationType.java 2011-07-01 16:24:49 UTC (rev 1049)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectConfirmationType.java 2011-07-01 16:56:59 UTC (rev 1050)
@@ -49,17 +49,17 @@
protected Element keyInfo;
- public void addConfirmation(URI confirmation)
+ public void addConfirmationMethod(URI confirmation)
{
this.confirmationMethod.add(confirmation);
}
- public void addAllConfirmation(List<URI> confirmation)
+ public void addAllConfirmationMethod(List<URI> confirmation)
{
this.confirmationMethod.addAll(confirmation);
}
- public boolean removeConfirmation(URI confirmation)
+ public boolean removeConfirmationMethod(URI confirmation)
{
return this.confirmationMethod.remove(confirmation);
}
More information about the picketlink-commits
mailing list