May 2009 - jboss-identity-commits

JBoss Identity SVN: r547 - in identity-federation/trunk: jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss and 13 other directories.

by jboss-identity-commits＠lists.jboss.org

Author: sguilhen(a)redhat.com Date: 2009-05-31 19:25:59 -0400 (Sun, 31 May 2009) New Revision: 547 Added: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java Removed: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/trust/ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/trust/ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/DefaultSecurityToken.java identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/StandardTokenProvider.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/protocol/ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/StandardTokenProvider.java Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/SecurityActions.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java Log: JBID-84: Added signing capabilities to SAML20TokenProvider; Revised the package structure of the project; Added missing javadocs; Extended the test cases to include tests for the SAML20TokenProvider. Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java 2009-05-31 23:25:59 UTC (rev 547) @@ -21,6 +21,7 @@ */ package org.jboss.identity.federation.bindings.interfaces; +import java.security.KeyPair; import java.security.PrivateKey; import java.security.PublicKey; import java.security.cert.Certificate; @@ -67,6 +68,17 @@ throws TrustKeyConfigurationException, TrustKeyProcessingException; /** + * + * Constructs a {@code KeyPair} instance containing the signing key ({@code PrivateKey}) and associated + * {@code PublicKey}. + * + * + * @return the constructed {@code KeyPair} object. + */ + KeyPair getSigningKeyPair() + throws TrustKeyConfigurationException, TrustKeyProcessingException; + + /** * Get the certificate given an alias * @param alias * @return Copied: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust (from rev 546, identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/trust) Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/trust/JBossSTS.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java 2009-05-31 23:25:59 UTC (rev 547) @@ -19,7 +19,7 @@ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */ -package org.jboss.identity.federation.bindings.jboss.trust; +package org.jboss.identity.federation.bindings.jboss.wstrust; import java.io.InputStream; import java.net.URL; @@ -40,12 +40,12 @@ import org.jboss.identity.federation.api.wstrust.WSTrustException; import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory; import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler; -import org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecurityToken; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenCollection; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponse; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponseCollection; import org.jboss.identity.federation.bindings.config.STSType; +import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenCollection; +import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection; /** * Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/trust/JBossSTSConfiguration.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-05-31 23:25:59 UTC (rev 547) @@ -19,9 +19,9 @@ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */ -package org.jboss.identity.federation.bindings.jboss.trust; +package org.jboss.identity.federation.bindings.jboss.wstrust; -import java.security.PrivateKey; +import java.security.KeyPair; import java.security.PublicKey; import java.util.HashMap; import java.util.Map; @@ -60,7 +60,7 @@ private TrustKeyManager trustManager; private WSTrustRequestHandler handler; - + /** * * Creates an instance of {@code JBossSTSConfiguration} with default configuration values. @@ -220,10 +220,9 @@ /* * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getPublicKeyForService(java.lang.String) + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getServiceProviderPublicKey(java.lang.String) */ - public PublicKey getPublicKeyForService(String serviceName) + public PublicKey getServiceProviderPublicKey(String serviceName) { PublicKey key = null; if (this.trustManager != null) @@ -242,24 +241,23 @@ /* * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSigningKey() + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSKeyPair() */ - public PrivateKey getSigningKey() + public KeyPair getSTSKeyPair() { - PrivateKey key = null; + KeyPair keyPair = null; if (this.trustManager != null) { try { - key = this.trustManager.getSigningKey(); + keyPair = this.trustManager.getSigningKeyPair(); } catch (Exception e) { - throw new RuntimeException("Error obtaining signing key", e); + throw new RuntimeException("Error obtaining signing key pair", e); } } - return key; + return keyPair; } } Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/SecurityActions.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/trust/SecurityActions.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/SecurityActions.java 2009-05-31 23:25:59 UTC (rev 547) @@ -19,7 +19,7 @@ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */ -package org.jboss.identity.federation.bindings.jboss.trust; +package org.jboss.identity.federation.bindings.jboss.wstrust; import java.security.AccessController; import java.security.PrivilegedAction; Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-05-31 23:25:59 UTC (rev 547) @@ -24,6 +24,7 @@ import java.io.IOException; import java.io.InputStream; import java.security.GeneralSecurityException; +import java.security.KeyPair; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; @@ -61,10 +62,10 @@ * a TPM module or a HSM module. * Also see JBoss XMLKey. */ - private Map<String,SecretKey> keys = new HashMap<String,SecretKey>(); + private final Map<String,SecretKey> keys = new HashMap<String,SecretKey>(); - private HashMap<String,String> domainAliasMap = new HashMap<String,String>(); - private HashMap<String,String> authPropsMap = new HashMap<String,String>(); + private final HashMap<String,String> domainAliasMap = new HashMap<String,String>(); + private final HashMap<String,String> authPropsMap = new HashMap<String,String>(); private KeyStore ks = null; @@ -114,6 +115,36 @@ throw new TrustKeyProcessingException(e); } } + + /* + * (non-Javadoc) + * @see org.jboss.identity.federation.bindings.interfaces.TrustKeyManager#getSigningKeyPair() + */ + public KeyPair getSigningKeyPair() + throws TrustKeyConfigurationException, TrustKeyProcessingException + { + try + { + if(this.ks == null) + this.setUpKeyStore(); + + PrivateKey privateKey = this.getSigningKey(); + PublicKey publicKey = KeyStoreUtil.getPublicKey(this.ks, this.signingAlias, this.signingKeyPass); + return new KeyPair(publicKey, privateKey); + } + catch (KeyStoreException e) + { + throw new TrustKeyConfigurationException(e); + } + catch (GeneralSecurityException e) + { + throw new TrustKeyProcessingException(e); + } + catch (IOException e) + { + throw new TrustKeyProcessingException(e); + } + } /** * @see TrustKeyManager#getCertificate(String) Copied: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust (from rev 546, identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/trust) Deleted: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/DefaultSecurityToken.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/trust/DefaultSecurityToken.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/DefaultSecurityToken.java 2009-05-31 23:25:59 UTC (rev 547) @@ -1,82 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.test.identity.federation.bindings.trust; - -import java.util.UUID; - -import org.jboss.identity.federation.api.wstrust.SecurityToken; -import org.w3c.dom.Element; - -/** - * - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class DefaultSecurityToken implements SecurityToken -{ - - private final String tokenType; - - private final String tokenId; - - private final Element token; - - /** - * - * @param tokenType - * @param token - */ - public DefaultSecurityToken(String tokenType, Element token) - { - this.tokenType = tokenType; - this.tokenId = UUID.randomUUID().toString(); - this.token = token; - } - - /* - * (non-Javadoc) - * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenType() - */ - public String getTokenType() - { - return this.tokenType; - } - - /* - * (non-Javadoc) - * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenValue() - */ - public Object getTokenValue() - { - return this.token; - } - - /** - * - * @return - */ - public String getTokenId() - { - return this.tokenId; - } -} Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/trust/JBossSTSUnitTestCase.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-05-31 23:25:59 UTC (rev 547) @@ -19,11 +19,16 @@ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */ -package org.jboss.test.identity.federation.bindings.trust; +package org.jboss.test.identity.federation.bindings.wstrust; import java.net.URI; import java.security.Principal; +import java.util.List; +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.Unmarshaller; +import javax.xml.namespace.QName; import javax.xml.transform.Source; import javax.xml.ws.EndpointReference; import javax.xml.ws.WebServiceContext; @@ -38,18 +43,28 @@ import org.jboss.identity.federation.api.wstrust.WSTrustException; import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory; import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler; -import org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecurityTokenResponse; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponse; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponseCollection; +import org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider; import org.jboss.identity.federation.bindings.jboss.subject.JBossIdentityPrincipal; -import org.jboss.identity.federation.bindings.jboss.trust.JBossSTS; +import org.jboss.identity.federation.bindings.jboss.wstrust.JBossSTS; +import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.Lifetime; +import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection; +import org.jboss.identity.federation.saml.v2.assertion.AssertionType; +import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType; +import org.jboss.identity.federation.saml.v2.assertion.ConditionAbstractType; +import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; +import org.jboss.identity.federation.saml.v2.assertion.NameIDType; +import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType; import org.jboss.identity.federation.ws.addressing.AttributedURIType; import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; import org.jboss.identity.federation.ws.addressing.ObjectFactory; import org.jboss.identity.federation.ws.policy.AppliesTo; -import org.jboss.identity.federation.ws.trust.LifetimeType; +import org.jboss.identity.federation.ws.trust.RequestedReferenceType; import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType; +import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType; +import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType; import org.w3c.dom.Element; /** @@ -62,30 +77,55 @@ public class JBossSTSUnitTestCase extends TestCase { + private TestSTS tokenService; + + /* + * (non-Javadoc) + * + * @see junit.framework.TestCase#setUp() + */ + @Override + protected void setUp() throws Exception + { + // for testing purposes we can instantiate the TestSTS as a regular POJO. + this.tokenService = new TestSTS(); + TestContext context = new TestContext(); + context.setUserPrincipal(new JBossIdentityPrincipal("sguilhen")); + this.tokenService.setContext(context); + + super.setUp(); + } + /** * * This test verifies that the STS service can read and load all configuration parameters correctly. The * configuration file (jboss-sts.xml) looks like the following: * * <pre> - * <JBossSTS xmlns="urn:jboss:identity-federation:config:1.0" + * <JBossSTS xmlns="urn:jboss:identity-federation:config:1.0" * STSName="Test STS" TokenTimeout="7200" EncryptToken="true"> * <KeyProvider ClassName="org.jboss.identity.federation.bindings.tomcat.KeyStoreKeyManager"> * <Auth Key="KeyStoreURL" Value="keystore/sts_keystore.jks"/> - * <Auth Key="KeyStorePass" Value="testpass"/> - * <Auth Key="SigningKeyAlias" Value="sts"/> - * <Auth Key="SigningKeyPass" Value="keypass"/> - * <ValidatingAlias Key="http://services.testcorp.org/provider1" Value="service1"/> + * <Auth Key="KeyStorePass" Value="testpass"/> + * <Auth Key="SigningKeyAlias" Value="sts"/> + * <Auth Key="SigningKeyPass" Value="keypass"/> + * <ValidatingAlias Key="http://services.testcorp.org/provider1" Value="service1"/> * <ValidatingAlias Key="http://services.testcorp.org/provider2" Value="service2"/> * </KeyProvider> - * <RequestHandler>org.jboss.identity.federation.wstrust.Handler</RequestHandler> + * <RequestHandler>org.jboss.identity.federation.api.wstrust.StandardRequestHandler</RequestHandler> + * <TokenProviders> + * <TokenProvider ProviderClass="org.jboss.test.identity.federation.bindings.trust.SpecialTokenProvider" + * TokenType="http://www.tokens.org/SpecialToken"/> + * <TokenProvider ProviderClass="org.jboss.identity.federation.api.wstrust.SAML20TokenProvider" + * TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profi... + * </TokenProviders> * <ServiceProviders> - * <ServiceProvider endpoint="http://services.testcorp.org/provider1" TokenType="specialToken" + * <ServiceProvider Endpoint="http://services.testcorp.org/provider1" TokenType="http://www.tokens.org/SpecialToken" * TruststoreAlias="service1"/> - * <ServiceProvider endpoint="http://services.testcorp.org/provider2" TokenType="specialToken" + * <ServiceProvider Endpoint="http://services.testcorp.org/provider2" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profi... * TruststoreAlias="service2"/> * </ServiceProviders> - * </JBossSTS> + * </JBossSTS> * * </pre> * * @@ -94,11 +134,8 @@ */ public void testSTSConfiguration() throws Exception { - // for testing purposes we can instantiate the TestSTS as a regular POJO. - TestSTS sts = new TestSTS(); - // make the STS read the configuration file. - STSConfiguration config = sts.getConfiguration(); + STSConfiguration config = this.tokenService.getConfiguration(); // check the values that have been configured. assertEquals("Unexpected service name", "Test STS", config.getSTSName()); @@ -112,16 +149,18 @@ SecurityTokenProvider provider = config.getProviderForTokenType("http://www.tokens.org/SpecialToken"); assertNotNull("Unexpected null token provider", provider); assertTrue("Unexpected token provider type", provider instanceof SpecialTokenProvider); - provider = config.getProviderForTokenType("http://www.tokens.org/StandardToken"); + provider = config + .getProviderForTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"); assertNotNull("Unexpected null token provider", provider); - assertTrue("Unexpected token provider type", provider instanceof StandardTokenProvider); + assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider); assertNull(config.getProviderForTokenType("unexistentType")); // check the service provider -> token type mapping. assertEquals("Invalid token type for service provider 1", "http://www.tokens.org/SpecialToken", config .getTokenTypeForService("http://services.testcorp.org/provider1")); - assertEquals("Invalid token type for service provider 2", "http://www.tokens.org/StandardToken", config - .getTokenTypeForService("http://services.testcorp.org/provider2")); + assertEquals("Invalid token type for service provider 2", + "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0", config + .getTokenTypeForService("http://services.testcorp.org/provider2")); assertNull(config.getTokenTypeForService("http://invalid.service/service")); // check the service provider -> token provider mapping. @@ -130,22 +169,24 @@ assertTrue("Unexpected token provider type", provider instanceof SpecialTokenProvider); provider = config.getProviderForService("http://services.testcorp.org/provider2"); assertNotNull("Unexpected null token provider", provider); - assertTrue("Unexpected token provider type", provider instanceof StandardTokenProvider); + assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider); assertNull(config.getProviderForService("http://invalid.service/service")); // check the keystore configuration. - assertNotNull("Invalid null private key", config.getSigningKey()); + assertNotNull("Invalid null STS key pair", config.getSTSKeyPair()); + assertNotNull("Invalid null STS public key", config.getSTSKeyPair().getPublic()); + assertNotNull("Invalid null STS private key", config.getSTSKeyPair().getPrivate()); assertNotNull("Invalid null validating key for service provider 1", config - .getPublicKeyForService("http://services.testcorp.org/provider1")); + .getServiceProviderPublicKey("http://services.testcorp.org/provider1")); assertNotNull("Invalid null validating key for service provider 2", config - .getPublicKeyForService("http://services.testcorp.org/provider2")); + .getServiceProviderPublicKey("http://services.testcorp.org/provider2")); } /** * - * This tests sets up some simple token providers and then sends security token requests to JBossSTS. The returned - * response is verified to make sure the expected tokens have been returned by the service. The token that is - * generated in this test looks as follows: + * This tests sends a security token request to JBossSTS custom {@code SpecialTokenProvider}. The returned response + * is verified to make sure the expected tokens have been returned by the service. The token that is generated in + * this test looks as follows: * * <pre> * <token:SpecialToken xmlns:token="http://www.tokens.org" TokenType="http://www.tokens.org/SpecialToken"> @@ -157,115 +198,141 @@ * * @throws Exception if an error occurs while running the test. */ - public void testInvoke() throws Exception + public void testInvokeCustom() throws Exception { // create a simple token request, asking for a "special" test token. - RequestSecurityToken request = new RequestSecurityToken(); - request.setContext("testcontext"); - request.setTokenType(new URI("http://www.tokens.org/SpecialToken")); - request.setRequestType(new URI("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue")); + RequestSecurityToken request = this.createRequest("testcontext", "http://www.tokens.org/SpecialToken", null); // use the factory to marshall the request. WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance(); Source requestMessage = factory.marshallRequestSecurityToken(request); - // set up the security token service, injecting the context. - TestSTS tokenService = new TestSTS(); - TestContext context = new TestContext(); - context.setUserPrincipal(new JBossIdentityPrincipal("sguilhen")); - tokenService.setContext(context); + // invoke the token service. + Source responseMessage = this.tokenService.invoke(requestMessage); + BaseRequestSecurityTokenResponse baseResponse = WSTrustJAXBFactory.getInstance() + .parseRequestSecurityTokenResponse(responseMessage); + // validate the security token response. + this.validateCustomTokenResponse(baseResponse); + } + + /** + * + * This tests sends a SAMLV2.0 security token request to JBossSTS. This request should be handled by the standard + * {@code SAML20TokenProvider} and should result in a SAMLV2.0 assertion that looks like the following: + * + * <pre> + * <saml2:Assertion xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion" + * xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + * xmlns:xenc="http://www.w3.org/2001/04/xmlenc#" + * ID="ID-cc541137-74dc-4fc0-8bcc-7e9e3a4c899d" + * IssueInstant="2009-05-29T18:02:13.458-03:00"> + * <saml2:Issuer> + * JBossSTS + * </saml2:Issuer> + * <saml2:Subject> + * <saml2:NameID NameQualifier="http://www.jboss.org"> + * sguilhen + * </saml2:NameID> + * <saml2:SubjectConfirmation Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/> + * </saml2:Subject> + * <saml2:Conditions NotBefore="2009-05-29T18:02:13.458-03:00" NotOnOrAfter="2009-05-29T19:02:13.458-03:00"> + * <saml2:AudienceRestriction> + * <saml2:Audience> + * http://services.testcorp.org/provider2 + * </saml2:Audience> + * </saml2:AudienceRestriction> + * </saml2:Conditions> + * </saml2:Assertion> + * </pre> + * + * + * + * @throws Exception if an error occurs while running the test. + */ + public void testInvokeSAML20() throws Exception + { + // create a simple token request, asking for a SAMLv2.0 token. + RequestSecurityToken request = this.createRequest("testcontext", + "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0", null); + + // use the factory to marshall the request. + WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance(); + Source requestMessage = factory.marshallRequestSecurityToken(request); + // invoke the token service. - Source responseMessage = tokenService.invoke(requestMessage); + Source responseMessage = this.tokenService.invoke(requestMessage); BaseRequestSecurityTokenResponse baseResponse = WSTrustJAXBFactory.getInstance() .parseRequestSecurityTokenResponse(responseMessage); - // validate the received response. - assertNotNull("Unexpected null response", baseResponse); - assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection); - RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse; - assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size()); - RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0); - assertEquals("Unexpected response context", "testcontext", response.getContext()); - assertEquals("Unexpected token type", "http://www.tokens.org/SpecialToken", response.getTokenType().toString()); - LifetimeType lifetime = response.getLifetime(); - assertNotNull("Unexpected null token lifetime", lifetime); - - // validate the received token. - RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken(); - assertNotNull("Unexpected null requested security token", requestedToken); - Object token = requestedToken.getAny(); - assertNotNull("Unexpected null token", token); - assertTrue("Unexpected token class", token instanceof Element); - Element element = (Element) requestedToken.getAny(); - assertEquals("Unexpected namespace value", "http://www.tokens.org", element.getNamespaceURI()); - assertEquals("Unexpected attribute value", "http://www.tokens.org/SpecialToken", element - .getAttribute("TokenType")); - assertEquals("Unexpected token value", "Principal:sguilhen", element.getFirstChild().getNodeValue()); + // validate the security token response. + this.validateSAMLAssertionResponse(baseResponse); } /** * * This test requests a token to the STS using the {@code AppliesTo} to identify the service provider. The STS must - * be able to find out the type of the token that must be issued using the service provider URI. + * be able to find out the type of the token that must be issued using the service provider URI. In this specific + * case, the request should be handled by the custom {@code SpecialTokenProvider}. * * * @throws Exception if an error occurs while running the test. */ - public void testInvokeAppliesTo() throws Exception + public void testInvokeCustomAppliesTo() throws Exception { // create a simple token request, this time using the applies to get to the token type. - AttributedURIType attributedURI = new AttributedURIType(); - attributedURI.setValue("http://services.testcorp.org/provider1"); - EndpointReferenceType reference = new EndpointReferenceType(); - reference.setAddress(attributedURI); - AppliesTo appliesTo = new AppliesTo(); - appliesTo.getAny().add(new ObjectFactory().createEndpointReference(reference)); + RequestSecurityToken request = this.createRequest("testcontext", null, "http://services.testcorp.org/provider1"); - RequestSecurityToken request = new RequestSecurityToken(); - request.setContext("testcontext"); - request.setRequestType(new URI("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue")); - request.setAppliesTo(appliesTo); - // use the factory to marshall the request. WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance(); Source requestMessage = factory.marshallRequestSecurityToken(request); - // set up the security token service, injecting the context. - TestSTS tokenService = new TestSTS(); - TestContext context = new TestContext(); - context.setUserPrincipal(new JBossIdentityPrincipal("sguilhen")); - tokenService.setContext(context); + // invoke the token service. + Source responseMessage = this.tokenService.invoke(requestMessage); + BaseRequestSecurityTokenResponse baseResponse = WSTrustJAXBFactory.getInstance() + .parseRequestSecurityTokenResponse(responseMessage); + // validate the security token response. + this.validateCustomTokenResponse(baseResponse); + } + + /** + * + * This test requests a token to the STS using the {@code AppliesTo} to identify the service provider. The STS must + * be able to find out the type of the token that must be issued using the service provider URI. In this specific + * case, the request should be handled by the standard {@code SAML20TokenProvider}. + * + * + * @throws Exception if an error occurs while running the test. + */ + public void testInvokeSAML20AppliesTo() throws Exception + { + RequestSecurityToken request = this.createRequest("testcontext", null, "http://services.testcorp.org/provider2"); + + // use the factory to marshall the request. + WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance(); + Source requestMessage = factory.marshallRequestSecurityToken(request); + // invoke the token service. - Source responseMessage = tokenService.invoke(requestMessage); + Source responseMessage = this.tokenService.invoke(requestMessage); BaseRequestSecurityTokenResponse baseResponse = WSTrustJAXBFactory.getInstance() .parseRequestSecurityTokenResponse(responseMessage); - // validate the received response. - assertNotNull("Unexpected null response", baseResponse); - assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection); - RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse; - assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size()); - RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0); - assertEquals("Unexpected response context", "testcontext", response.getContext()); - assertEquals("Unexpected token type", "http://www.tokens.org/SpecialToken", response.getTokenType().toString()); - LifetimeType lifetime = response.getLifetime(); - assertNotNull("Unexpected null token lifetime", lifetime); + // validate the security token response. + AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse); - // validate the received token. - RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken(); - assertNotNull("Unexpected null requested security token", requestedToken); - Object token = requestedToken.getAny(); - assertNotNull("Unexpected null token", token); - assertTrue("Unexpected token class", token instanceof Element); - Element element = (Element) requestedToken.getAny(); - assertEquals("Unexpected namespace value", "http://www.tokens.org", element.getNamespaceURI()); - assertEquals("Unexpected attribute value", "http://www.tokens.org/SpecialToken", element - .getAttribute("TokenType")); - assertEquals("Unexpected token value", "Principal:sguilhen", element.getFirstChild().getNodeValue()); + // in this scenario, the conditions section should have an audience restriction. + ConditionsType conditions = assertion.getConditions(); + assertEquals("Unexpected restriction list size", 1, conditions.getConditionOrAudienceRestrictionOrOneTimeUse() + .size()); + ConditionAbstractType abstractType = conditions.getConditionOrAudienceRestrictionOrOneTimeUse().get(0); + assertTrue("Unexpected restriction type", abstractType instanceof AudienceRestrictionType); + AudienceRestrictionType audienceRestriction = (AudienceRestrictionType) abstractType; + assertEquals("Unexpected audience restriction list size", 1, audienceRestriction.getAudience().size()); + assertEquals("Unexpected audience restriction item", "http://services.testcorp.org/provider2", + audienceRestriction.getAudience().get(0)); } - + /** * * This test tries to request a token of an unknown type, checking if an exception is correctly thrown by the @@ -286,16 +353,10 @@ WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance(); Source requestMessage = factory.marshallRequestSecurityToken(request); - // set up the security token service, injecting the context. - TestSTS tokenService = new TestSTS(); - TestContext context = new TestContext(); - context.setUserPrincipal(new JBossIdentityPrincipal("sguilhen")); - tokenService.setContext(context); - // invoke the security token service. try { - tokenService.invoke(requestMessage); + this.tokenService.invoke(requestMessage); fail("An exception should have been raised by the security token service"); } catch (WebServiceException we) @@ -309,6 +370,159 @@ /** * + * Validates the contents of a WS-Trust response message that contains a custom token issued by the test + * {@code SpecialTokenProvider}. + * + * + * @param baseResponse a reference to the WS-Trust response that was sent by the STS. + * @throws Exception if one of the validation performed fail. + */ + private void validateCustomTokenResponse(BaseRequestSecurityTokenResponse baseResponse) throws Exception + { + + // =============================== WS-Trust Security Token Response Validation ===============================// + + assertNotNull("Unexpected null response", baseResponse); + assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection); + RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse; + assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size()); + RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0); + assertEquals("Unexpected response context", "testcontext", response.getContext()); + assertEquals("Unexpected token type", "http://www.tokens.org/SpecialToken", response.getTokenType().toString()); + Lifetime lifetime = response.getLifetime(); + assertNotNull("Unexpected null token lifetime", lifetime); + + // ========================================= Custom Token Validation =========================================// + + RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken(); + assertNotNull("Unexpected null requested security token", requestedToken); + Object token = requestedToken.getAny(); + assertNotNull("Unexpected null token", token); + assertTrue("Unexpected token class", token instanceof Element); + Element element = (Element) requestedToken.getAny(); + assertEquals("Unexpected namespace value", "http://www.tokens.org", element.getNamespaceURI()); + assertEquals("Unexpected attribute value", "http://www.tokens.org/SpecialToken", element + .getAttribute("TokenType")); + assertEquals("Unexpected token value", "Principal:sguilhen", element.getFirstChild().getNodeValue()); + } + + /** + * + * Validates the contents of a WS-Trust response message that contains a SAMLV2.0 assertion issued by the + * {@code SAML20TokenProvider}. + * + * + * @param baseResponse a reference to the WS-Trust response that was sent by the STS. + * @return the SAMLV2.0 assertion that has been extracted from the response. This object can be used by the test + * methods to perform extra validations depending on the scenario being tested. + * @throws Exception if one of the validation performed fail. + */ + private AssertionType validateSAMLAssertionResponse(BaseRequestSecurityTokenResponse baseResponse) throws Exception + { + + // =============================== WS-Trust Security Token Response Validation ===============================// + + assertNotNull("Unexpected null response", baseResponse); + assertTrue("Unexpected response type", baseResponse instanceof RequestSecurityTokenResponseCollection); + RequestSecurityTokenResponseCollection collection = (RequestSecurityTokenResponseCollection) baseResponse; + assertEquals("Unexpected number of responses", 1, collection.getRequestSecurityTokenResponses().size()); + RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0); + assertEquals("Unexpected response context", "testcontext", response.getContext()); + assertEquals("Unexpected token type", "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0", + response.getTokenType().toString()); + Lifetime lifetime = response.getLifetime(); + assertNotNull("Unexpected null token lifetime", lifetime); + + // validate the attached token reference. + RequestedReferenceType reference = response.getRequestedAttachedReference(); + assertNotNull("Unexpected null attached reference", reference); + SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference(); + assertNotNull("Unexpected null security reference", securityRef); + String tokenTypeAttr = securityRef.getOtherAttributes().get( + new QName("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "TokenType")); + assertNotNull("Required attribute TokenType is missing", tokenTypeAttr); + assertEquals("TokenType attribute has an unexpected value", + "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0", tokenTypeAttr); + JAXBElement<?> keyIdElement = (JAXBElement<?>) securityRef.getAny().get(0); + KeyIdentifierType keyId = (KeyIdentifierType) keyIdElement.getValue(); + assertEquals("Unexpected key value type", + "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID", keyId.getValueType()); + assertNotNull("Unexpected null key identifier value", keyId.getValue()); + + // ====================================== SAMLV2.0 Assertion Validation ======================================// + + RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken(); + assertNotNull("Unexpected null requested security token", requestedToken); + + // unmarshall the SAMLV2.0 assertion. + JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion"); + Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); + JAXBElement<?> assertionElement = (JAXBElement<?>) unmarshaller.unmarshal((Element) requestedToken.getAny()); + assertEquals("Unexpected assertion type", AssertionType.class, assertionElement.getDeclaredType()); + AssertionType assertion = (AssertionType) assertionElement.getValue(); + + // verify the contents of the unmarshalled assertion. + assertNotNull("Invalid null assertion ID", assertion.getID()); + assertEquals(keyId.getValue().substring(1), assertion.getID()); + assertEquals(lifetime.getCreated(), assertion.getIssueInstant()); + + // validate the assertion issuer. + assertNotNull("Unexpected null assertion issuer", assertion.getIssuer()); + assertEquals("Unexpected assertion issuer name", "Test STS", assertion.getIssuer().getValue()); + + // validate the assertion subject. + assertNotNull("Unexpected null subject", assertion.getSubject()); + List<JAXBElement<?>> content = assertion.getSubject().getContent(); + assertNotNull("Unexpected null subject content"); + assertEquals(2, content.size()); + assertEquals("Unexpected type found", NameIDType.class, content.get(0).getDeclaredType()); + NameIDType nameID = (NameIDType) content.get(0).getValue(); + assertEquals("Unexpected name id qualifier", "urn:jboss:identity-federation", nameID.getNameQualifier()); + assertEquals("Unexpected name id value", "sguilhen", nameID.getValue()); + assertEquals("Unexpected type found", SubjectConfirmationType.class, content.get(1).getDeclaredType()); + SubjectConfirmationType subjType = (SubjectConfirmationType) content.get(1).getValue(); + assertEquals("Unexpected confirmation method", "urn:oasis:names:tc:SAML:2.0:cm:bearer", subjType.getMethod()); + + // validate the assertion conditions. + assertNotNull("Unexpected null conditions", assertion.getConditions()); + assertEquals(lifetime.getCreated(), assertion.getConditions().getNotBefore()); + assertEquals(lifetime.getExpires(), assertion.getConditions().getNotOnOrAfter()); + + return assertion; + } + + /** + * + * Utility method that creates a simple WS-Trust request using the specified information. + * + * + * @param context a {@code String} representing the request context. + * @param tokenType a {@code String} representing the type of the requested token. + * @param appliesToString a {@code String} representing the URL of a service provider. + * @return the constructed {@code RequestSecurityToken} object. + */ + private RequestSecurityToken createRequest(String context, String tokenType, String appliesToString) + { + RequestSecurityToken request = new RequestSecurityToken(); + request.setContext(context); + if (tokenType != null) + request.setTokenType(URI.create(tokenType)); + request.setRequestType(URI.create("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue")); + if (appliesToString != null) + { + AttributedURIType attributedURI = new AttributedURIType(); + attributedURI.setValue(appliesToString); + EndpointReferenceType reference = new EndpointReferenceType(); + reference.setAddress(attributedURI); + AppliesTo appliesTo = new AppliesTo(); + appliesTo.getAny().add(new ObjectFactory().createEndpointReference(reference)); + request.setAppliesTo(appliesTo); + } + return request; + } + + /** + * * Helper class that exposes the JBossSTS methods as public for the tests to work. * * Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/trust/SpecialTokenProvider.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java 2009-05-31 23:25:59 UTC (rev 547) @@ -19,7 +19,7 @@ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA * 02110-1301 USA, or see the FSF site: http://www.fsf.org. */ -package org.jboss.test.identity.federation.bindings.trust; +package org.jboss.test.identity.federation.bindings.wstrust; import java.net.URI; import java.net.URISyntaxException; @@ -30,6 +30,7 @@ import org.jboss.identity.federation.api.wstrust.SecurityToken; import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider; +import org.jboss.identity.federation.api.wstrust.StandardSecurityToken; import org.jboss.identity.federation.api.wstrust.WSTrustException; import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext; import org.w3c.dom.Document; @@ -88,7 +89,7 @@ root.setAttribute("TokenType", tokenType.toString()); doc.appendChild(root); - SecurityToken token = new DefaultSecurityToken(tokenType.toString(), root); + SecurityToken token = new StandardSecurityToken(tokenType.toString(), root); context.setSecurityToken(token); } catch(ParserConfigurationException pce) Deleted: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/StandardTokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/trust/StandardTokenProvider.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/StandardTokenProvider.java 2009-05-31 23:25:59 UTC (rev 547) @@ -1,74 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.test.identity.federation.bindings.trust; - -import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider; -import org.jboss.identity.federation.api.wstrust.WSTrustException; -import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext; - -/** - * - * Mock {@code SecurityTokenProvider} used in the test scenarios. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class StandardTokenProvider implements SecurityTokenProvider -{ - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void cancelToken(WSTrustRequestContext context) throws WSTrustException - { - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void issueToken(WSTrustRequestContext context) throws WSTrustException - { - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void renewToken(WSTrustRequestContext context) throws WSTrustException - { - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void validateToken(WSTrustRequestContext context) throws WSTrustException - { - } - -} Modified: identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml 2009-05-31 23:25:59 UTC (rev 547) @@ -10,15 +10,15 @@ </KeyProvider> <RequestHandler>org.jboss.identity.federation.api.wstrust.StandardRequestHandler</RequestHandler> <TokenProviders> - <TokenProvider ProviderClass="org.jboss.test.identity.federation.bindings.trust.SpecialTokenProvider" + <TokenProvider ProviderClass="org.jboss.test.identity.federation.bindings.wstrust.SpecialTokenProvider" TokenType="http://www.tokens.org/SpecialToken"/> - <TokenProvider ProviderClass="org.jboss.test.identity.federation.bindings.trust.StandardTokenProvider" - TokenType="http://www.tokens.org/StandardToken"/> + <TokenProvider ProviderClass="org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider" + TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/> </TokenProviders> <ServiceProviders> <ServiceProvider Endpoint="http://services.testcorp.org/provider1" TokenType="http://www.tokens.org/SpecialToken" TruststoreAlias="service1"/> - <ServiceProvider Endpoint="http://services.testcorp.org/provider2" TokenType="http://www.tokens.org/StandardToken" + <ServiceProvider Endpoint="http://services.testcorp.org/provider2" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" TruststoreAlias="service2"/> </ServiceProviders> </JBossSTS> \ No newline at end of file Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-05-31 23:25:59 UTC (rev 547) @@ -191,7 +191,8 @@ PublicKey publicKey = keyPair.getPublic(); DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement()); - + dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds"); + DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null); Transform transform = fac.newTransform(Transform.ENVELOPED, (TransformParameterSpec) null); Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java 2009-05-31 23:25:59 UTC (rev 547) @@ -1,212 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -import java.util.ArrayList; -import java.util.GregorianCalendar; -import java.util.List; -import java.util.UUID; - -import javax.xml.bind.JAXBContext; -import javax.xml.bind.Marshaller; -import javax.xml.datatype.DatatypeConfigurationException; -import javax.xml.datatype.DatatypeFactory; -import javax.xml.datatype.XMLGregorianCalendar; -import javax.xml.transform.dom.DOMResult; - -import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; -import org.jboss.identity.federation.saml.v2.assertion.AssertionType; -import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType; -import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; -import org.jboss.identity.federation.saml.v2.assertion.NameIDType; -import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory; -import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType; -import org.jboss.identity.federation.saml.v2.assertion.SubjectType; -import org.jboss.identity.federation.ws.policy.AppliesTo; -import org.w3c.dom.Document; -import org.w3c.dom.Element; - -import com.sun.xml.bind.marshaller.NamespacePrefixMapper; - -/** - * - * A {@code SecurityTokenProvider} implementation that handles WS-Trust SAML 2.0 token requests. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class SAML20TokenProvider implements SecurityTokenProvider -{ - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void cancelToken(WSTrustRequestContext context) throws WSTrustException - { - // TODO: implement cancel logic. - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void issueToken(WSTrustRequestContext context) throws WSTrustException - { - // generate an id for the new assertion. - String assertionID = "ID-" + UUID.randomUUID().toString(); - - // lifetime and audience restrictions. - GregorianCalendar[] lifetime = WSTrustUtil.parseLifetime(context.getRequestSecurityToken().getLifetime()); - List<AudienceRestrictionType> audienceRestrictions = null; - AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo(); - if (appliesTo != null) - { - AudienceRestrictionType restriction = new AudienceRestrictionType(); - restriction.getAudience().add(WSTrustUtil.parseAppliesTo(appliesTo)); - audienceRestrictions = new ArrayList<AudienceRestrictionType>(); - audienceRestrictions.add(restriction); - } - ConditionsType conditions = this.createConditions(lifetime[0], lifetime[1], audienceRestrictions); - - // TODO: implement support for the other confirmation methods. - String confirmationMethod = "urn:oasis:names:tc:SAML:2.0:cm:bearer"; - SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType(); - subjectConfirmation.setMethod(confirmationMethod); - - // create a subject using the caller principal. - NameIDType nameID = new NameIDType(); - nameID.setValue(context.getCallerPrincipal().getName()); - nameID.setNameQualifier("http://www.jboss.org"); - SubjectType subject = new SubjectType(); - ObjectFactory factory = new ObjectFactory(); - subject.getContent().add(factory.createNameID(nameID)); - subject.getContent().add(factory.createSubjectConfirmation(subjectConfirmation)); - - // TODO: add SAML statements that corresponds to the claims provided by the requester. - - // generate the SAML assertion. - AssertionType assertion = new AssertionType(); - NameIDType issuerID = new NameIDType(); - issuerID.setValue(context.getTokenIssuer()); - assertion.setID(assertionID); - assertion.setIssuer(issuerID); - assertion.setIssueInstant(this.getXMLCalendar(lifetime[0])); - assertion.setConditions(conditions); - assertion.setSubject(subject); - - // convert the constructed assertion to element. - Document document = null; - try - { - document = DocumentUtil.createDocument(); - DOMResult result = new DOMResult(document); - JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion"); - Marshaller marshaller = jaxbContext.createMarshaller(); - marshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper", new NamespacePrefixMapper() - { - @Override - public String getPreferredPrefix(String namespaceURI, String suggestion, boolean requirePrefix) - { - if("urn:oasis:names:tc:SAML:2.0:assertion".equals(namespaceURI)) - return "saml2"; - else if("http://www.w3.org/2001/04/xmlenc#".equals(namespaceURI)) - return "xenc"; - else if("http://www.w3.org/2000/09/xmldsig#".equals(namespaceURI)) - return "ds"; - else - return null; - } - }); - marshaller.marshal(factory.createAssertion(assertion), result); - - Element element = (Element) document.getChildNodes().item(0); - // TODO: sign the generated SAML assertion. - - SecurityToken token = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(), - assertionID, element); - context.setSecurityToken(token); - } - catch (Exception e) - { - throw new RuntimeException(e); - } - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void renewToken(WSTrustRequestContext context) throws WSTrustException - { - // TODO: implement renew logic. - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void validateToken(WSTrustRequestContext context) throws WSTrustException - { - // TODO: implemnent validate logic. - } - - /** - * - * @param created - * @param expires - * @param restrictions - * @return - */ - private ConditionsType createConditions(GregorianCalendar created, GregorianCalendar expires, - List<AudienceRestrictionType> restrictions) - { - ConditionsType conditions = new ConditionsType(); - conditions.setNotBefore(this.getXMLCalendar(created)); - conditions.setNotOnOrAfter(this.getXMLCalendar(expires)); - conditions.getConditionOrAudienceRestrictionOrOneTimeUse().addAll(restrictions); - return conditions; - } - - /** - * - * @param calendar - * @return - */ - private XMLGregorianCalendar getXMLCalendar(GregorianCalendar calendar) - { - DatatypeFactory factory = null; - try - { - factory = DatatypeFactory.newInstance(); - return factory.newXMLGregorianCalendar(calendar); - } - catch (DatatypeConfigurationException dce) - { - throw new RuntimeException("Unable to get DatatypeFactory instance", dce); - } - } -} Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java 2009-05-31 23:25:59 UTC (rev 547) @@ -21,7 +21,7 @@ */ package org.jboss.identity.federation.api.wstrust; -import java.security.PrivateKey; +import java.security.KeyPair; import java.security.PublicKey; import java.util.Map; @@ -70,7 +70,7 @@ * @return a reference to the configured {@code WSTrustRequestHandler}. */ public WSTrustRequestHandler getRequestHandler(); - + /** * * Given the name of a service provider, obtains the type of the token that should be used when issuing tokens to @@ -81,7 +81,7 @@ * @return a {@code String} representing the type of the token that suits the specified service. */ public String getTokenTypeForService(String serviceName); - + /** * * Given the name of a service provider, obtains the provider that must be used when issuing tokens to clients of @@ -118,16 +118,16 @@ * @return a {@code Map<String, Object>} containing the additional configuration options. */ public Map<String, Object> getOptions(); - + /** * - * Obtains the STS {@code PrivateKey} that must be used when signing assertions. + * Obtains a reference to the {@code KeyPair} object that contains the STS {@code PrivateKey} and {@code PublicKey}. * * - * @return a reference to the STS {@code PrivateKey}. + * @return a reference to the STS {@code KeyPair}. */ - public PrivateKey getSigningKey(); - + public KeyPair getSTSKeyPair(); + /** * * Obtains the public key of the specified service provider. The returned key is used to encrypt issued tokens. @@ -136,5 +136,5 @@ * @param serviceName the name of the service provider (normally the provider URL). * @return a reference to the provider's {@code PublicKey} */ - public PublicKey getPublicKeyForService(String serviceName); + public PublicKey getServiceProviderPublicKey(String serviceName); } Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-05-31 23:25:59 UTC (rev 547) @@ -21,12 +21,13 @@ */ package org.jboss.identity.federation.api.wstrust; +import java.net.URI; import java.security.Principal; +import java.security.PublicKey; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse; import org.jboss.identity.federation.ws.policy.AppliesTo; -import org.jboss.identity.federation.ws.trust.LifetimeType; import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType; /** @@ -66,13 +67,15 @@ // first try to obtain the security token provider using the applies-to contents. AppliesTo appliesTo = request.getAppliesTo(); + PublicKey providerPublicKey = null; if (appliesTo != null) { String serviceName = WSTrustUtil.parseAppliesTo(appliesTo); if (serviceName != null) { provider = this.configuration.getProviderForService(serviceName); - request.setTokenType(WSTrustUtil.getURI(this.configuration.getTokenTypeForService(serviceName))); + request.setTokenType(URI.create(this.configuration.getTokenTypeForService(serviceName))); + providerPublicKey = this.configuration.getServiceProviderPublicKey(serviceName); } } // if applies-to is not available or if no provider was found for the service, use the token type. @@ -91,14 +94,15 @@ if (request.getLifetime() == null && this.configuration.getIssuedTokenTimeout() != 0) { // if no lifetime has been specified, use the configured timeout value. - LifetimeType lifetime = WSTrustUtil.createDefaultLifetime(this.configuration.getIssuedTokenTimeout()); - request.setLifetime(lifetime); + request.setLifetime(WSTrustUtil.createDefaultLifetime(this.configuration.getIssuedTokenTimeout())); } + requestContext.setSTSKeyPair(this.configuration.getSTSKeyPair()); + requestContext.setServiceProviderPublicKey(providerPublicKey); provider.issueToken(requestContext); - - if(requestContext.getSecurityToken() == null) + + if (requestContext.getSecurityToken() == null) throw new WSTrustException("Token issued by provider " + provider.getClass().getName() + " is null"); - + // construct the ws-trust security token response. RequestedSecurityTokenType requestedSecurityToken = new RequestedSecurityTokenType(); requestedSecurityToken.setAny(requestContext.getSecurityToken().getTokenValue()); @@ -113,6 +117,13 @@ response.setLifetime(request.getLifetime()); response.setAppliesTo(appliesTo); response.setRequestedSecurityToken(requestedSecurityToken); + + // set the attached and unattached references. + if (requestContext.getAttachedReference() != null) + response.setRequestedAttachedReference(requestContext.getAttachedReference()); + if (requestContext.getUnattachedReference() != null) + response.setRequestedUnattachedReference(requestContext.getUnattachedReference()); + return response; } else Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java 2009-05-31 23:25:59 UTC (rev 547) @@ -27,6 +27,10 @@ /** * + * Standard implementation of the {@code SecurityToken} interface. This implementation stores the issued token as an + * {@code Element}. The token providers are responsible for marshaling the security token into an {@code Element} + * instance because the security token marshaling process falls out of the scope of the STS (the STS only deals with + * WS-Trust classes and doesn't know how to marshal each specific token type). * * * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> @@ -36,53 +40,66 @@ private final String tokenType; private final String tokenId; - + private final Element token; /** + * + * Creates an instance of {@code StandardSecurityToken} with the specified parameters. + * * - * @param tokenType - * @param token + * @param tokenType a {@code String} representing the type of the security token. This is usually the same type as + * specified in the WS-Trust request message. + * @param token the security token in its {@code Element} form (i.e. the marshaled security token). */ public StandardSecurityToken(String tokenType, Element token) { - this(tokenType, UUID.randomUUID().toString(), token); + this(tokenType, token, UUID.randomUUID().toString()); } - + /** + * + * Creates an instance of {@code StandardSecurityToken} with the specified parameters. + * * - * @param tokenType - * @param tokenID - * @param token + * @param tokenType a {@code String} representing the type of the security token. This is usually the same type as + * specified in the WS-Trust request message. + * @param token the security token in its {@code Element} form (i.e. the marshaled security token). + * @param tokenID a {@code String} representing the id of the security token. */ - public StandardSecurityToken(String tokenType, String tokenID, Element token) + public StandardSecurityToken(String tokenType, Element token, String tokenID) { this.tokenType = tokenType; this.tokenId = tokenID; this.token = token; } - + /* * (non-Javadoc) + * * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenType() */ public String getTokenType() { return this.tokenType; } - + /* * (non-Javadoc) + * * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenValue() */ public Object getTokenValue() { return this.token; } - + /** + * + * Obtains the id of the security token. + * * - * @return + * @return a {@code String} representing the security token id. */ public String getTokenId() { Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java 2009-05-31 23:25:59 UTC (rev 547) @@ -31,12 +31,19 @@ public class WSTrustConstants { public final static String BASE_NAMESPACE = "http://docs.oasis-open.org/ws-sx/ws-trust/200512"; - + + // WS-Trust request types. public final static String ISSUE_REQUEST = BASE_NAMESPACE + "/Issue"; - public final static String RENEW_REQUEST = BASE_NAMESPACE + "/Renew"; - public final static String CANCEL_REQUEST = BASE_NAMESPACE + "/Cancel"; + public final static String VALIDATE_REQUEST = BASE_NAMESPACE + "/Validate"; - public final static String VALIDATE_REQUEST = BASE_NAMESPACE + "/Validate"; + // WSS namespaces values. + public final static String WSA_NS = "http://www.w3.org/2005/08/addressing"; + public final static String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."; + public final static String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext..."; + public final static String WSSE11_NS = "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; + public final static String XENC_NS = "http://www.w3.org/2001/04/xmlenc#"; + public final static String DSIG_NS = "http://www.w3.org/2000/09/xmldsig#"; + public final static String SAML2_ASSERTION_NS = "urn:oasis:names:tc:SAML:2.0:assertion"; } Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-05-31 23:25:59 UTC (rev 547) @@ -29,12 +29,12 @@ import javax.xml.bind.util.JAXBSource; import javax.xml.transform.Source; -import org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecurityToken; -import org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecurityTokenResponse; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenCollection; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponse; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponseCollection; +import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenCollection; +import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection; import org.jboss.identity.federation.ws.trust.ObjectFactory; import org.jboss.identity.federation.ws.trust.RequestSecurityTokenCollectionType; import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseCollectionType; Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java 2009-05-31 23:25:59 UTC (rev 547) @@ -21,14 +21,19 @@ */ package org.jboss.identity.federation.api.wstrust; +import java.security.KeyPair; import java.security.Principal; +import java.security.PublicKey; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; +import org.jboss.identity.federation.ws.trust.RequestedReferenceType; +import org.jboss.identity.federation.ws.trust.StatusType; /** * * The {@code WSTrustRequestContext} contains all the information that is relevant for the security token request - * processing. + * processing. Its attributes are divided into two groups: attributes set by the request handler before calling a token + * provider, and attributes set by the token provider after processing the token request. * * * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> @@ -36,14 +41,26 @@ public class WSTrustRequestContext { + // information supplied by the request handler. + private String tokenIssuer; + + private KeyPair stsKeyPair; + + private PublicKey providerPublicKey; + + private final Principal callerPrincipal; + private final RequestSecurityToken request; - private final Principal callerPrincipal; - + // information supplied by the token provider. private SecurityToken securityToken; - - private String tokenIssuer; - + + private StatusType status; + + private RequestedReferenceType attachedReference; + + private RequestedReferenceType unattachedReference; + /** * * Creates an instance of {@code WSTrustRequestContext} using the specified request. @@ -51,6 +68,7 @@ * * @param request a {@code RequestSecurityToken} object that contains the information about the security token * request. + * @param callerPrincipal the {@code Principal} of the security token requester. */ public WSTrustRequestContext(RequestSecurityToken request, Principal callerPrincipal) { @@ -60,30 +78,102 @@ /** * - * Obtains the object the contains the information about the security token request. + * Obtains the name of the token issuer (security token service name). * * - * @return a reference to the {@code RequestSecurityToken} instance. + * @return a {@code String} representing the token issuer name. */ - public RequestSecurityToken getRequestSecurityToken() + public String getTokenIssuer() { - return this.request; + return tokenIssuer; } - + /** * - * Obtains the principal of the ws-trust token requester. + * Sets the name of the token issuer. * * + * @param tokenIssuer a {@code String} representing the token issuer name. + */ + public void setTokenIssuer(String tokenIssuer) + { + this.tokenIssuer = tokenIssuer; + } + + /** + * + * Returns a reference to the {@code KeyPair} instance that holds the STS {@code PrivateKey} and {@code PublicKey}. + * + * + * @return a reference to the STS {@code KeyPair}. + */ + public KeyPair getSTSKeyPair() + { + return this.stsKeyPair; + } + + /** + * + * Sets the {@code KeyPair} instance that holds the STS {@code PrivateKey} and {@code PublicKey}. + * + * + * @param stsKeyPair a reference to the {@code KeyPair} instance to be set. + */ + public void setSTSKeyPair(KeyPair stsKeyPair) + { + this.stsKeyPair = stsKeyPair; + } + + /** + * + * Obtains the {@code PublicKey} of the service provider that requires a security token. + * + * + * @return the service provider's {@code PublicKey}. + */ + public PublicKey getServiceProviderPublicKey() + { + return this.providerPublicKey; + } + + /** + * + * Sets the {@code PublicKey} of the service provider that requires a security token. + * + * + * @param providerPublicKey the service provider's {@code PublicKey}. + */ + public void setServiceProviderPublicKey(PublicKey providerPublicKey) + { + this.providerPublicKey = providerPublicKey; + } + + /** + * + * Obtains the principal of the WS-Trust token requester. + * + * * @return a reference to the caller {@code Principal} object. */ public Principal getCallerPrincipal() { return this.callerPrincipal; } - + /** * + * Obtains the object the contains the information about the security token request. + * + * + * @return a reference to the {@code RequestSecurityToken} instance. + */ + public RequestSecurityToken getRequestSecurityToken() + { + return this.request; + } + + /** + * * Obtains the security token contained in this context. * * @@ -93,7 +183,7 @@ { return this.securityToken; } - + /** * * Sets the security token in the context. @@ -105,28 +195,80 @@ { this.securityToken = token; } - + /** * - * Obtains the name of the token issuer (security token service name). + * Obtains the status of the security token validation. * * - * @return a {@code String} representing the token issuer name. + * @return a reference to the resulting {@code StatusType}. */ - public String getTokenIssuer() + public StatusType getStatus() { - return tokenIssuer; + return this.status; } - + /** * - * Sets the name of the token issuer. + * Sets the status of the security token validation. * * - * @param tokenIssuer a {@code String} representing the token issuer name. + * @param status a reference to the {@code StatusType} that represents the validation status. */ - public void setTokenIssuer(String tokenIssuer) + public void setStatus(StatusType status) { - this.tokenIssuer = tokenIssuer; + this.status = status; } + + /** + * + * Obtains the security token attached reference. This reference is used to locate the token inside the WS-Trust + * response message when that token doesn't support references using URI fragments. + * + * + * @return a {@code RequestedReferenceType} representing the attached reference. + */ + public RequestedReferenceType getAttachedReference() + { + return this.attachedReference; + } + + /** + * + * Sets the security token attached reference. This reference is used to locate the token inside the WS-Trust + * response message when that token doesn't support references using URI fragments. + * + * + * @param attachedReference a {@code RequestedReferenceType} representing the attached reference. + */ + public void setAttachedReference(RequestedReferenceType attachedReference) + { + this.attachedReference = attachedReference; + } + + /** + * + * Obtains the security token unattached reference. This reference is used to locate the token when it is not placed + * inside the WS-Trust response message. + * + * + * @return a {@code RequestedReferenceType} representing the unattached reference. + */ + public RequestedReferenceType getUnattachedReference() + { + return this.unattachedReference; + } + + /** + * + * Sets the security token unattached reference. This reference is used to locate the token when it is not placed + * inside the WS-Trust response message. + * + * + * @param unattachedReference a {@code RequestedReferenceType} representing the unattached reference. + */ + public void setUnattachedReference(RequestedReferenceType unattachedReference) + { + this.unattachedReference = unattachedReference; + } } Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java 2009-05-31 23:25:59 UTC (rev 547) @@ -23,8 +23,8 @@ import java.security.Principal; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse; /** * Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java 2009-05-31 23:25:59 UTC (rev 547) @@ -21,22 +21,20 @@ */ package org.jboss.identity.federation.api.wstrust; -import java.net.URI; -import java.net.URISyntaxException; -import java.text.ParseException; -import java.text.SimpleDateFormat; -import java.util.Calendar; import java.util.GregorianCalendar; -import java.util.Locale; +import java.util.Map; import javax.xml.bind.JAXBElement; +import javax.xml.namespace.QName; +import org.jboss.identity.federation.core.wstrust.Lifetime; import org.jboss.identity.federation.ws.addressing.AttributedURIType; import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; import org.jboss.identity.federation.ws.addressing.ObjectFactory; import org.jboss.identity.federation.ws.policy.AppliesTo; -import org.jboss.identity.federation.ws.trust.LifetimeType; -import org.jboss.identity.federation.ws.wss.utility.AttributedDateTime; +import org.jboss.identity.federation.ws.trust.RequestedReferenceType; +import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType; +import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType; /** * @@ -48,13 +46,54 @@ public class WSTrustUtil { - private static final SimpleDateFormat calendarFormatter = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'", - Locale.getDefault()); + /** + * + * Creates an instance of {@code KeyIdentifierType} with the specified values. + * + * + * @param valueType a {@code String} representing the identifier value type. + * @param value a {@code String} representing the identifier value. + * @return the constructed {@code KeyIdentifierType} instance. + */ + public static KeyIdentifierType createKeyIdentifier(String valueType, String value) + { + KeyIdentifierType keyIdentifier = new KeyIdentifierType(); + keyIdentifier.setValueType(valueType); + keyIdentifier.setValue(value); + return keyIdentifier; + } + + /** + * + * Creates an instance of {@code RequestedReferenceType} with the specified values. This method first creates a + * {@code SecurityTokenReferenceType} with the specified key identifier and attributes and then use this reference + * to construct the {@code RequestedReferenceType} that is returned. + * + * + * @param keyIdentifier the key identifier of the security token reference. + * @param attributes the attributes to be set on the security token reference. + * @return the constructed {@code RequestedReferenceType} instance. + */ + public static RequestedReferenceType createRequestedReference(KeyIdentifierType keyIdentifier, + Map<QName, String> attributes) + { + SecurityTokenReferenceType securityTokenReference = new SecurityTokenReferenceType(); + securityTokenReference.getAny().add( + new org.jboss.identity.federation.ws.wss.secext.ObjectFactory().createKeyIdentifier(keyIdentifier)); + securityTokenReference.getOtherAttributes().putAll(attributes); + RequestedReferenceType reference = new RequestedReferenceType(); + reference.setSecurityTokenReference(securityTokenReference); + return reference; + } + /** + * + * Creates an instance of {@code AppliesTo} using the specified endpoint address. + * * - * @param endpointURI - * @return + * @param endpointURI a {@code String} representing the endpoint URI. + * @return the constructed {@code AppliesTo} instance. */ public static AppliesTo createAppliesTo(String endpointURI) { @@ -67,7 +106,7 @@ return appliesTo; } - + /** * * Parses the contents of the {@code AppliesTo} element and returns the address the uniquely identify the service @@ -99,80 +138,20 @@ /** * - * Creates a {@code LifetimeType} instance that specifies a range of time that starts at the current GMT time and has + * Creates a {@code Lifetime} instance that specifies a range of time that starts at the current GMT time and has * the specified duration in milliseconds. * * * @param tokenTimeout the token timeout value (in milliseconds). - * @return the constructed {@code LifetimeType} instance. + * @return the constructed {@code Lifetime} instance. */ - public static LifetimeType createDefaultLifetime(long tokenTimeout) + public static Lifetime createDefaultLifetime(long tokenTimeout) { - long createdTime = System.currentTimeMillis(); - Calendar calendar = new GregorianCalendar(); - calendarFormatter.setTimeZone(calendar.getTimeZone()); + GregorianCalendar created = new GregorianCalendar(); + GregorianCalendar expires = new GregorianCalendar(); + expires.setTimeInMillis(created.getTimeInMillis() + tokenTimeout); - // instantiate the "created" time. - calendar.setTimeInMillis(createdTime); - AttributedDateTime created = new AttributedDateTime(); - created.setValue(calendarFormatter.format(calendar.getTime())); - - // instantiate the "expires" time. - calendar.setTimeInMillis(createdTime + tokenTimeout); - AttributedDateTime expires = new AttributedDateTime(); - expires.setValue(calendarFormatter.format(calendar.getTime())); - - LifetimeType type = new LifetimeType(); - type.setCreated(created); - type.setExpires(expires); - return type; + return new Lifetime(created, expires); } - /** - * - * Parses the specified {@code LifetimeType} instance, returning the 'created' and 'expires' times as - * {@code GregorianCalendar} objects. - * - * - * @param lifetime the {@code LifetimeType} instance to be parsed. - * @return a {@code GregorianCalendar[]} containing the parsed 'created' and 'expires' times. - */ - public static GregorianCalendar[] parseLifetime(LifetimeType lifetime) - { - String createdTime = lifetime.getCreated().getValue(); - String expiresTime = lifetime.getExpires().getValue(); - - try - { - GregorianCalendar createdCalendar = new GregorianCalendar(); - createdCalendar.setTime(calendarFormatter.parse(createdTime)); - GregorianCalendar expiresCalendar = new GregorianCalendar(); - expiresCalendar.setTime(calendarFormatter.parse(expiresTime)); - return new GregorianCalendar[] {createdCalendar, expiresCalendar}; - } - catch (ParseException pe) - { - throw new IllegalArgumentException("Error parsing lifetime object", pe); - } - } - - /** - * - * Utility method for creating URIs without having to deal with the {@code URISyntaxException}. - * - * - * @param text the URI in its {@code String} form. - * @return the constructed {@code URI}. - */ - public static URI getURI(String text) - { - try - { - return new URI(text); - } - catch (URISyntaxException use) - { - throw new RuntimeException(use); - } - } } Added: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java 2009-05-31 23:25:59 UTC (rev 547) @@ -0,0 +1,171 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust.plugins.saml; + +import java.net.URI; +import java.security.KeyPair; +import java.security.Principal; +import java.util.HashMap; +import java.util.Map; +import java.util.UUID; + +import javax.xml.crypto.dsig.DigestMethod; +import javax.xml.crypto.dsig.SignatureMethod; +import javax.xml.namespace.QName; + +import org.jboss.identity.federation.api.util.XMLSignatureUtil; +import org.jboss.identity.federation.api.wstrust.SecurityToken; +import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider; +import org.jboss.identity.federation.api.wstrust.StandardSecurityToken; +import org.jboss.identity.federation.api.wstrust.WSTrustConstants; +import org.jboss.identity.federation.api.wstrust.WSTrustException; +import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext; +import org.jboss.identity.federation.api.wstrust.WSTrustUtil; +import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory; +import org.jboss.identity.federation.core.wstrust.Lifetime; +import org.jboss.identity.federation.saml.v2.assertion.AssertionType; +import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType; +import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; +import org.jboss.identity.federation.saml.v2.assertion.NameIDType; +import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType; +import org.jboss.identity.federation.saml.v2.assertion.SubjectType; +import org.jboss.identity.federation.ws.policy.AppliesTo; +import org.jboss.identity.federation.ws.trust.RequestedReferenceType; +import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType; +import org.w3c.dom.Document; + +/** + * + * A {@code SecurityTokenProvider} implementation that handles WS-Trust SAML 2.0 token requests. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class SAML20TokenProvider implements SecurityTokenProvider +{ + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void cancelToken(WSTrustRequestContext context) throws WSTrustException + { + // TODO: implement cancel logic. + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void issueToken(WSTrustRequestContext context) throws WSTrustException + { + // generate an id for the new assertion. + String assertionID = "ID-" + UUID.randomUUID().toString(); + + // lifetime and audience restrictions. + Lifetime lifetime = context.getRequestSecurityToken().getLifetime(); + AudienceRestrictionType restriction = null; + AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo(); + if (appliesTo != null) + restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo)); + ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(), + restriction); + + // TODO: implement support for the other confirmation methods. + String confirmationMethod = SAMLUtil.SAML2_BEARER_URI; + SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null, + confirmationMethod, null); + + // create a subject using the caller principal. + Principal principal = context.getCallerPrincipal(); + String subjectName = principal == null ? "ANONYMOUS" : principal.getName(); + NameIDType nameID = SAMLAssertionFactory.createNameID(null, "urn:jboss:identity-federation", subjectName); + SubjectType subject = SAMLAssertionFactory.createSubject(nameID, subjectConfirmation); + + // TODO: add SAML statements that corresponds to the claims provided by the requester. + + // create the SAML assertion. + NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer()); + AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(), + conditions, subject, null); + + // convert the constructed assertion to element. + Document document = null; + try + { + document = SAMLUtil.toDocument(assertion); + } + catch (Exception e) + { + throw new WSTrustException("Failed to marshall SAMLV2 assertion", e); + } + + // sign the generated SAML assertion. + KeyPair keyPair = context.getSTSKeyPair(); + if (keyPair != null) + { + URI signatureURI = context.getRequestSecurityToken().getSignatureAlgorithm(); + String signatureMethod = signatureURI != null ? signatureURI.toString() : SignatureMethod.RSA_SHA1; + try + { + XMLSignatureUtil.sign(document, keyPair, DigestMethod.SHA1, signatureMethod, "#" + assertionID); + } + catch (Exception e) + { + throw new WSTrustException("Failed to sign SAMLV2 assertion", e); + } + } + + SecurityToken token = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(), + document.getDocumentElement(), assertionID); + context.setSecurityToken(token); + + // set the SAML assertion attached reference. + KeyIdentifierType keyIdentifier = WSTrustUtil.createKeyIdentifier(SAMLUtil.SAML2_VALUE_TYPE, "#" + assertionID); + Map<QName, String> attributes = new HashMap<QName, String>(); + attributes.put(new QName(WSTrustConstants.WSSE11_NS, "TokenType"), SAMLUtil.SAML2_TOKEN_TYPE); + RequestedReferenceType attachedReference = WSTrustUtil.createRequestedReference(keyIdentifier, attributes); + context.setAttachedReference(attachedReference); + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void renewToken(WSTrustRequestContext context) throws WSTrustException + { + // TODO: implement renew logic. + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void validateToken(WSTrustRequestContext context) throws WSTrustException + { + // TODO: implement validate logic. + } +} Added: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java 2009-05-31 23:25:59 UTC (rev 547) @@ -0,0 +1,103 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust.plugins.saml; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.Marshaller; +import javax.xml.parsers.DocumentBuilderFactory; +import javax.xml.transform.dom.DOMResult; + +import org.jboss.identity.federation.api.wstrust.WSTrustConstants; +import org.jboss.identity.federation.saml.v2.assertion.AssertionType; +import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory; +import org.w3c.dom.Document; + +import com.sun.xml.bind.marshaller.NamespacePrefixMapper; + +/** + * + * This class contains utility methods and constants that are used by the SAML token providers. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class SAMLUtil +{ + + public static final String SAML2_BEARER_URI = "urn:oasis:names:tc:SAML:2.0:cm:bearer"; + + public static final String SAML2_TOKEN_TYPE = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; + + public static final String SAML2_VALUE_TYPE = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID"; + + /** + * + * Utility method that marshals the specified {@code AssertionType} object into a {@code Document} instance. + * + * + * @param assertion an {@code AssertionType} object representing the SAML assertion to be marshaled. + * @return a reference to the {@code Document} that contains the marshaled SAML assertion. + */ + public static Document toDocument(AssertionType assertion) throws Exception + { + Document document = null; + document = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + DOMResult result = new DOMResult(document); + JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion"); + Marshaller marshaller = jaxbContext.createMarshaller(); + marshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper", new DefaultPrefixMapper()); + marshaller.marshal(new ObjectFactory().createAssertion(assertion), result); + + return document; + } + + /** + * + * A {@code NamespacePrefixMapper} implementation that maps the most used namespaces to commonly used prefixes. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ + static class DefaultPrefixMapper extends NamespacePrefixMapper + { + @Override + public String getPreferredPrefix(String namespaceURI, String suggestion, boolean requirePrefix) + { + if (WSTrustConstants.WSA_NS.equals(namespaceURI)) + return "wsa"; + else if (WSTrustConstants.WSU_NS.equals(namespaceURI)) + return "wsu"; + else if (WSTrustConstants.WSSE_NS.equals(namespaceURI)) + return "wsse"; + else if (WSTrustConstants.WSSE11_NS.equals(namespaceURI)) + return "wsse11"; + else if (WSTrustConstants.XENC_NS.equals(namespaceURI)) + return "xenc"; + else if (WSTrustConstants.DSIG_NS.equals(namespaceURI)) + return "ds"; + else if (WSTrustConstants.SAML2_ASSERTION_NS.equals(namespaceURI)) + return "saml2"; + else + return null; + } + } +} Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java 2009-05-31 23:25:59 UTC (rev 547) @@ -21,7 +21,7 @@ */ package org.jboss.test.identity.federation.api.wstrust; -import java.security.PrivateKey; +import java.security.KeyPair; import java.security.PublicKey; import java.util.Map; @@ -93,9 +93,9 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getPublicKeyForService(java.lang.String) + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getTokenTypeForService(java.lang.String) */ - public PublicKey getPublicKeyForService(String serviceName) + public String getTokenTypeForService(String serviceName) { return null; } @@ -123,9 +123,9 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSigningKey() + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getServiceProviderPublicKey(java.lang.String) */ - public PrivateKey getSigningKey() + public PublicKey getServiceProviderPublicKey(String serviceName) { return null; } @@ -133,9 +133,9 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getTokenTypeForService(java.lang.String) + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSKeyPair() */ - public String getTokenTypeForService(String serviceName) + public KeyPair getSTSKeyPair() { return null; } Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java 2009-05-31 23:25:59 UTC (rev 547) @@ -27,24 +27,29 @@ import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBElement; import javax.xml.bind.Unmarshaller; +import javax.xml.namespace.QName; import junit.framework.TestCase; -import org.jboss.identity.federation.api.wstrust.SAML20TokenProvider; import org.jboss.identity.federation.api.wstrust.StandardSecurityToken; import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext; import org.jboss.identity.federation.api.wstrust.WSTrustUtil; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken; +import org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider; +import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; import org.jboss.identity.federation.saml.v2.assertion.AssertionType; import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType; import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; import org.jboss.identity.federation.saml.v2.assertion.NameIDType; import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType; import org.jboss.identity.federation.saml.v2.assertion.SubjectType; +import org.jboss.identity.federation.ws.trust.RequestedReferenceType; +import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType; +import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType; import org.w3c.dom.Element; /** * + * This {@code TestCase} tests the functionalities of the {@code SAML20TokenProvider} class. * * * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> @@ -53,15 +58,18 @@ { /** + * + * Tests the issuance of a SAMLV2.0 Assertion. + * * - * @throws Exception + * @throws Exception if an error occurs while running the test. */ public void testIssueSAMLToken() throws Exception { // create a WSTrustRequestContext with a simple WS-Trust request. RequestSecurityToken request = new RequestSecurityToken(); request.setLifetime(WSTrustUtil.createDefaultLifetime(3600000)); - request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.testcorp.org/provider1")); + request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.testcorp.org/provider2")); request.setTokenType(new URI("urn:oasis:names:tc:SAML:2.0:assertion")); WSTrustRequestContext context = new WSTrustRequestContext(request, new TestPrincipal("sguilhen")); @@ -96,7 +104,7 @@ .getConditionOrAudienceRestrictionOrOneTimeUse().get(0); assertNotNull("Unexpected null audience list", restrictionType.getAudience()); assertEquals("Unexpected number of audience elements", 1, restrictionType.getAudience().size()); - assertEquals("Unexpected audience value", "http://services.testcorp.org/provider1", + assertEquals("Unexpected audience value", "http://services.testcorp.org/provider2", restrictionType.getAudience().get(0)); // check the contents of the assertion subject. @@ -111,10 +119,29 @@ assertEquals("Unexpected content type", SubjectConfirmationType.class, content.getDeclaredType()); SubjectConfirmationType confirmation = (SubjectConfirmationType) content.getValue(); assertEquals("Unexpected confirmation method", "urn:oasis:names:tc:SAML:2.0:cm:bearer", confirmation.getMethod()); + + // validate the attached token reference created by the SAML provider. + RequestedReferenceType reference = context.getAttachedReference(); + assertNotNull("Unexpected null attached reference", reference); + SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference(); + assertNotNull("Unexpected null security reference", securityRef); + String tokenTypeAttr = securityRef.getOtherAttributes().get( + new QName("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd", "TokenType")); + assertNotNull("Required attribute TokenType is missing", tokenTypeAttr); + assertEquals("TokenType attribute has an unexpected value", + "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0", tokenTypeAttr); + JAXBElement<?> keyIdElement = (JAXBElement<?>) securityRef.getAny().get(0); + KeyIdentifierType keyId = (KeyIdentifierType) keyIdElement.getValue(); + assertEquals("Unexpected key value type", + "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID", keyId.getValueType()); + assertNotNull("Unexpected null key identifier value", keyId.getValue()); + assertEquals(assertion.getID(), keyId.getValue().substring(1)); + } /** * + * Simple {@code Principal} implementation used in the test scenarios. * * * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> @@ -124,8 +151,11 @@ private final String name; /** + * + * Creates an instance of {@code TestPrincipal} with the specified name. + * * - * @param name + * @param name a {@code String} representing the principal name. */ public TestPrincipal(String name) { Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/StandardTokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/StandardTokenProvider.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/StandardTokenProvider.java 2009-05-31 23:25:59 UTC (rev 547) @@ -1,74 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.test.identity.federation.api.wstrust; - -import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider; -import org.jboss.identity.federation.api.wstrust.WSTrustException; -import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext; - -/** - * - * Mock {@code SecurityTokenProvider} used in the test scenarios. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class StandardTokenProvider implements SecurityTokenProvider -{ - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void cancelToken(WSTrustRequestContext context) throws WSTrustException - { - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void issueToken(WSTrustRequestContext context) throws WSTrustException - { - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void renewToken(WSTrustRequestContext context) throws WSTrustException - { - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void validateToken(WSTrustRequestContext context) throws WSTrustException - { - } - -} Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java 2009-05-31 23:25:59 UTC (rev 547) @@ -31,12 +31,12 @@ import junit.framework.TestCase; import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory; -import org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecurityToken; -import org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecurityTokenResponse; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenCollection; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponse; -import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponseCollection; +import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenCollection; +import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection; import org.jboss.identity.federation.ws.trust.ObjectFactory; /** Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java 2009-05-31 23:25:59 UTC (rev 547) @@ -30,6 +30,7 @@ import org.jboss.identity.federation.api.wstrust.StandardRequestHandler; import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler; import org.jboss.identity.federation.api.wstrust.WSTrustServiceFactory; +import org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider; /** * @@ -82,21 +83,21 @@ { WSTrustServiceFactory factory = WSTrustServiceFactory.getInstance(); SecurityTokenProvider provider = factory - .createTokenProvider("org.jboss.test.identity.federation.api.wstrust.StandardTokenProvider"); + .createTokenProvider("org.jboss.test.identity.federation.api.wstrust.SpecialTokenProvider"); assertNotNull("Unexpected null token provider", provider); - assertTrue("Unexpected token provider type", provider instanceof StandardTokenProvider); + assertTrue("Unexpected token provider type", provider instanceof SpecialTokenProvider); provider = factory - .createTokenProvider("org.jboss.test.identity.federation.api.wstrust.SpecialTokenProvider"); + .createTokenProvider("org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider"); assertNotNull("Unexpected null token provider", provider); - assertTrue("Unexpected token provider type", provider instanceof SpecialTokenProvider); - + assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider); + // try to create an invalid token provider. try { factory.createTokenProvider("InvalidTokenProvider"); fail("An exception should have been raised"); } - catch(RuntimeException re) + catch (RuntimeException re) { assertTrue(re.getCause() instanceof PrivilegedActionException); } Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java 2009-05-29 20:58:38 UTC (rev 546) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java 2009-05-31 23:25:59 UTC (rev 547) @@ -21,19 +21,160 @@ */ package org.jboss.identity.federation.core.saml.v2.factories; +import java.util.Arrays; +import java.util.List; + +import javax.xml.datatype.XMLGregorianCalendar; + +import org.jboss.identity.federation.saml.v2.assertion.AssertionType; +import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType; +import org.jboss.identity.federation.saml.v2.assertion.ConditionAbstractType; +import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; +import org.jboss.identity.federation.saml.v2.assertion.KeyInfoConfirmationDataType; +import org.jboss.identity.federation.saml.v2.assertion.NameIDType; import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory; +import org.jboss.identity.federation.saml.v2.assertion.StatementAbstractType; +import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType; +import org.jboss.identity.federation.saml.v2.assertion.SubjectType; /** * Get the SAML Assertion Object Factory + * * @author Anil.Saldhana(a)redhat.com * @since Jan 28, 2009 */ public class SAMLAssertionFactory { private static ObjectFactory factory = new ObjectFactory(); - + public static ObjectFactory getObjectFactory() { return factory; } + + /** + * + * Creates an {@code AudienceRestrictionType} with the specified values. + * + * + * @param values a {@code String[]} containing the restriction values. + * @return the constructed {@code AudienceRestrictionType} instance. + */ + public static AudienceRestrictionType createAudienceRestriction(String... values) + { + AudienceRestrictionType audienceRestriction = new AudienceRestrictionType(); + if (values != null) + audienceRestriction.getAudience().addAll(Arrays.asList(values)); + return audienceRestriction; + } + + /** + * + * Creates a {@code NameIDType} instance with the specified values. + * + * + * @param format a {@code String} representing the name format. + * @param qualifier a {@code String} representing the name qualifier. + * @param value a {@code String} representing the name value. + * @return the constructed {@code NameIDType} instance. + */ + public static NameIDType createNameID(String format, String qualifier, String value) + { + NameIDType nameID = new NameIDType(); + nameID.setFormat(format); + nameID.setNameQualifier(qualifier); + nameID.setValue(value); + return nameID; + } + + /** + * + * Creates a {@code Conditions} instance with the specified values. + * + * + * @param notBefore a {@code XMLGregorianCalendar} representing the start of the token lifetime period. + * @param notOnOrAfter a {@code XMLGregorianCalendar} representing the end of the token lifetime period. + * @param restrictions an array containing the applicable restrictions. + * @return the constructed {@code Conditions} instance. + */ + public static ConditionsType createConditions(XMLGregorianCalendar notBefore, XMLGregorianCalendar notOnOrAfter, + ConditionAbstractType... restrictions) + { + ConditionsType conditions = new ConditionsType(); + conditions.setNotBefore(notBefore); + conditions.setNotOnOrAfter(notOnOrAfter); + if (restrictions != null) + conditions.getConditionOrAudienceRestrictionOrOneTimeUse().addAll(Arrays.asList(restrictions)); + return conditions; + } + + /** + * + * Creates a {@code SubjectConfirmationType} object with the specified values. + * + * + * @param nameID the identifier of the confirmation. + * @param confirmationMethod a {@code String} representing the confirmation method. + * @param keyInfoData the {@code KeyInfoConfirmationDataType} instance that contains the proof of possession key. + * @return the constructed {@code SubjectConfirmationType} instance. + */ + public static SubjectConfirmationType createSubjectConfirmation(NameIDType nameID, String confirmationMethod, + KeyInfoConfirmationDataType keyInfoData) + { + SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType(); + subjectConfirmation.setNameID(nameID); + subjectConfirmation.setMethod(confirmationMethod); + subjectConfirmation.setSubjectConfirmationData(keyInfoData); + return subjectConfirmation; + } + + /** + * + * Creates a {@code SubjectType} object with the specified values. + * + * + * @param nameID the identifier of the subject. + * @param confirmation the {@code SubjectConfirmationType} that is used to establish the correspondence between the + * subject and claims of SAML statements. + * @return the constructed {@code SubjectType} instance. + */ + public static SubjectType createSubject(NameIDType nameID, SubjectConfirmationType confirmation) + { + SubjectType subject = new SubjectType(); + ObjectFactory factory = getObjectFactory(); + if (nameID != null) + subject.getContent().add(factory.createNameID(nameID)); + if (confirmation != null) + subject.getContent().add(factory.createSubjectConfirmation(confirmation)); + return subject; + } + + /** + * + * Creates a SAMLV2 {@code AssertionType} with the specified values. + * + * + * @param id a {@code String} representing the assertion ID. + * @param issuerID a {@code NameIDType} that identifies the assertion issuer. + * @param issueInstant the assertion time of creation. + * @param conditions the {@code ConditionsType} that specify the conditions under which the assertion is to be + * considered valid + * @param subject the {@code SubjectType} that identifies the authenticated principal. + * @param statements a list of statements associated with the authenticated principal. + * @return + */ + public static AssertionType createAssertion(String id, NameIDType issuerID, XMLGregorianCalendar issueInstant, + ConditionsType conditions, SubjectType subject, List<StatementAbstractType> statements) + { + AssertionType assertion = new AssertionType(); + assertion.setID(id); + assertion.setIssuer(issuerID); + assertion.setIssueInstant(issueInstant); + assertion.setConditions(conditions); + assertion.setSubject(subject); + if (statements != null) + assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().addAll(statements); + return assertion; + } + } \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java 2009-05-31 23:25:59 UTC (rev 547) @@ -0,0 +1,33 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +/** + * + * Marker interface for the request security token types. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public interface BaseRequestSecurityToken +{ +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java 2009-05-31 23:25:59 UTC (rev 547) @@ -0,0 +1,33 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +/** + * + * Marker interface for the security token response types. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public interface BaseRequestSecurityTokenResponse +{ +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java 2009-05-31 23:25:59 UTC (rev 547) @@ -0,0 +1,236 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import java.util.GregorianCalendar; + +import javax.xml.datatype.DatatypeConfigurationException; +import javax.xml.datatype.DatatypeFactory; +import javax.xml.datatype.XMLGregorianCalendar; + +import org.jboss.identity.federation.ws.trust.LifetimeType; +import org.jboss.identity.federation.ws.wss.utility.AttributedDateTime; + +/** + * + * This class represents a WS-Trust {@code Lifetime}. It wraps the JAXB {@code LifetimeType} and offer methods that + * allows for easy retrieval of the creation and expiration times as {@code XMLGregorianCalendar} and + * {@code GregorianCalendar} objects. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class Lifetime +{ + + private final LifetimeType delegate; + + private XMLGregorianCalendar created; + + private XMLGregorianCalendar expires; + + private DatatypeFactory factory; + + /** + * + * Creates an instance of {@code Lifetime} with the specified parameters. + * + * + * @param created a {@code GregorianCalendar} representing the token creation time. + * @param expires a {@code GregorianCalendar} representing the token expiration time. + */ + public Lifetime(GregorianCalendar created, GregorianCalendar expires) + { + try + { + this.factory = DatatypeFactory.newInstance(); + } + catch (DatatypeConfigurationException dce) + { + throw new RuntimeException("Unable to get DatatypeFactory instance", dce); + } + + // normalize the parameters (convert to UTC). + this.created = factory.newXMLGregorianCalendar(created).normalize(); + this.expires = factory.newXMLGregorianCalendar(expires).normalize(); + + // set the delegate fields. + this.delegate = new LifetimeType(); + AttributedDateTime dateTime = new AttributedDateTime(); + dateTime.setValue(this.created.toXMLFormat()); + this.delegate.setCreated(dateTime); + dateTime = new AttributedDateTime(); + dateTime.setValue(this.expires.toXMLFormat()); + this.delegate.setExpires(dateTime); + + } + + /** + * + * Creates a {@code Lifetime} instance using the specified {@code LifetimeType}. + * + * + * @param lifetime a reference to the {@code LifetimeType} instance that contains the information used in the + * {@code Lifetime} construction. + */ + public Lifetime(LifetimeType lifetime) + { + if (lifetime == null) + throw new IllegalArgumentException("Unable to create a Lifetime object from a null LifetimeType"); + + try + { + this.factory = DatatypeFactory.newInstance(); + } + catch (DatatypeConfigurationException dce) + { + throw new RuntimeException("Unable to get DatatypeFactory instance", dce); + } + this.delegate = lifetime; + + // construct the created and expires instances from the lifetime object. + this.created = factory.newXMLGregorianCalendar(lifetime.getCreated().getValue()); + this.expires = factory.newXMLGregorianCalendar(lifetime.getExpires().getValue()); + + // check if the supplied lifetime needs to be normalized. + if (this.created.getTimezone() != 0) + { + this.created = this.created.normalize(); + this.delegate.getCreated().setValue(this.created.toXMLFormat()); + } + if (this.expires.getTimezone() != 0) + { + this.expires = this.expires.normalize(); + this.delegate.getExpires().setValue(this.expires.toXMLFormat()); + } + } + + /** + * + * Obtains the creation time as a {@code XMLGregorianCalendar}. + * + * + * @return a reference to the {@code XMLGregorianCalendar} that represents the creation time. + */ + public XMLGregorianCalendar getCreated() + { + return this.created; + } + + /** + * + * Sets the creation time. + * + * + * @param created a reference to the {@code XMLGregorianCalendar} that represents the creation time to be set. + */ + public void setCreated(XMLGregorianCalendar created) + { + this.created = created.normalize(); + this.delegate.getCreated().setValue(this.created.toXMLFormat()); + } + + /** + * + * Obtains the creation time as a {@code GregorianCalendar}. + * + * + * @return a reference to the {@code GregorianCalendar} that represents the creation time. + */ + public GregorianCalendar getCreatedCalendar() + { + return this.created.toGregorianCalendar(); + } + + /** + * + * Sets the creation time. + * + * + * @param created a reference to the {@code GregorianCalendar} that represents the creation time to be set. + */ + public void setCreatedCalendar(GregorianCalendar created) + { + this.setCreated(this.factory.newXMLGregorianCalendar(created)); + } + + /** + * + * Obtains the expiration time as a {@code XMLGregorianCalendar}. + * + * + * @return a reference to the {@code XMLGregorianCalendar} that represents the expiration time. + */ + public XMLGregorianCalendar getExpires() + { + return this.expires; + } + + /** + * + * Sets the expiration time. + * + * + * @param expires a reference to the {@code XMLGregorianCalendar} that represents the expiration time. + */ + public void setExpires(XMLGregorianCalendar expires) + { + this.expires = expires.normalize(); + this.delegate.getExpires().setValue(this.expires.toXMLFormat()); + } + + /** + * + * Obtains the expiration time as a {@code GregorianCalendar}. + * + * + * @return a reference to the {@code GregorianCalendar} that represents the expiration time. + */ + public GregorianCalendar getExpiresCalendar() + { + return this.expires.toGregorianCalendar(); + } + + /** + * + * Sets the expiration time. + * + * + * @param expires a reference to the {@code GregorianCalendar} that represents the expiration time. + */ + public void setExpiresCalendar(GregorianCalendar expires) + { + this.setExpires(this.factory.newXMLGregorianCalendar(expires)); + } + + /** + * + * Obtains a reference to the {@code LifetimeType} delegate. + * + * + * @return a reference to the delegate instance. + */ + public LifetimeType getDelegate() + { + return this.delegate; + } +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java 2009-05-31 23:25:59 UTC (rev 547) @@ -0,0 +1,1001 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import java.net.URI; +import java.net.URISyntaxException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import javax.xml.bind.JAXBElement; +import javax.xml.namespace.QName; + +import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; +import org.jboss.identity.federation.ws.policy.AppliesTo; +import org.jboss.identity.federation.ws.policy.Policy; +import org.jboss.identity.federation.ws.policy.PolicyReference; +import org.jboss.identity.federation.ws.trust.AllowPostdatingType; +import org.jboss.identity.federation.ws.trust.ClaimsType; +import org.jboss.identity.federation.ws.trust.DelegateToType; +import org.jboss.identity.federation.ws.trust.EncryptionType; +import org.jboss.identity.federation.ws.trust.EntropyType; +import org.jboss.identity.federation.ws.trust.LifetimeType; +import org.jboss.identity.federation.ws.trust.ObjectFactory; +import org.jboss.identity.federation.ws.trust.OnBehalfOfType; +import org.jboss.identity.federation.ws.trust.ProofEncryptionType; +import org.jboss.identity.federation.ws.trust.RenewingType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType; +import org.jboss.identity.federation.ws.trust.UseKeyType; + +/** + * + * This class represents a WS-Trust {@code RequestSecurityToken}. It wraps the JAXB representation of the security + * token request and offers a series of getter/setter methods that make it easy to work with elements that are + * represented by the {@code Any} XML type. + * + * + * The following shows the intended content model of a {@code RequestSecurityToken}: + * + * <pre> + * <xs:element ref='wst:TokenType' minOccurs='0' /> + * <xs:element ref='wst:RequestType' /> + * <xs:element ref='wsp:AppliesTo' minOccurs='0' /> + * <xs:element ref='wst:Claims' minOccurs='0' /> + * <xs:element ref='wst:Entropy' minOccurs='0' /> + * <xs:element ref='wst:Lifetime' minOccurs='0' /> + * <xs:element ref='wst:AllowPostdating' minOccurs='0' /> + * <xs:element ref='wst:Renewing' minOccurs='0' /> + * <xs:element ref='wst:OnBehalfOf' minOccurs='0' /> + * <xs:element ref='wst:Issuer' minOccurs='0' /> + * <xs:element ref='wst:AuthenticationType' minOccurs='0' /> + * <xs:element ref='wst:KeyType' minOccurs='0' /> + * <xs:element ref='wst:KeySize' minOccurs='0' /> + * <xs:element ref='wst:SignatureAlgorithm' minOccurs='0' /> + * <xs:element ref='wst:Encryption' minOccurs='0' /> + * <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' /> + * <xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' /> + * <xs:element ref='wst:ProofEncryption' minOccurs='0' /> + * <xs:element ref='wst:UseKey' minOccurs='0' /> + * <xs:element ref='wst:SignWith' minOccurs='0' /> + * <xs:element ref='wst:EncryptWith' minOccurs='0' /> + * <xs:element ref='wst:DelegateTo' minOccurs='0' /> + * <xs:element ref='wst:Forwardable' minOccurs='0' /> + * <xs:element ref='wst:Delegatable' minOccurs='0' /> + * <xs:element ref='wsp:Policy' minOccurs='0' /> + * <xs:element ref='wsp:PolicyReference' minOccurs='0' /> + * <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' /> + * </pre> + * + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class RequestSecurityToken implements BaseRequestSecurityToken +{ + + private final RequestSecurityTokenType delegate; + + private URI tokenType; + + private URI requestType; + + private AppliesTo appliesTo; + + private ClaimsType claims; + + private EntropyType entropy; + + private Lifetime lifetime; + + private AllowPostdatingType allowPostDating; + + private RenewingType renewing; + + private OnBehalfOfType onBehalfOf; + + private EndpointReferenceType issuer; + + private URI authenticationType; + + private URI keyType; + + private long keySize; + + private URI signatureAlgorithm; + + private EncryptionType encryption; + + private URI encryptionAlgorithm; + + private URI canonicalizationAlgorithm; + + private ProofEncryptionType proofEncryption; + + private UseKeyType useKey; + + private URI signWith; + + private URI encryptWith; + + private DelegateToType delegateTo; + + private boolean forwardable; + + private boolean delegatable; + + private Policy policy; + + private PolicyReference policyReference; + + private final List<Object> extensionElements = new ArrayList<Object>(); + + private final ObjectFactory factory = new ObjectFactory(); + + /** + * + * Creates an instance of {@code RequestSecurityToken}. + * + */ + public RequestSecurityToken() + { + this.delegate = new RequestSecurityTokenType(); + } + + /** + * + * Creates an instance of {@code RequestSecurityToken} using the specified delegate. + * + * + * @param delegate the JAXB {@code RequestSecurityTokenType} that represents a WS-Trust token request. + */ + public RequestSecurityToken(RequestSecurityTokenType delegate) + { + this.delegate = delegate; + // parse the delegate's Any contents. + try + { + for (Object obj : this.delegate.getAny()) + { + if (obj instanceof AppliesTo) + { + this.appliesTo = (AppliesTo) obj; + } + else if (obj instanceof Policy) + { + this.policy = (Policy) obj; + } + else if (obj instanceof PolicyReference) + { + this.policyReference = (PolicyReference) obj; + } + else if (obj instanceof JAXBElement) + { + JAXBElement<?> element = (JAXBElement<?>) obj; + String localName = element.getName().getLocalPart(); + if (localName.equalsIgnoreCase("TokenType")) + this.tokenType = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("RequestType")) + this.requestType = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("Claims")) + this.claims = (ClaimsType) element.getValue(); + else if (localName.equalsIgnoreCase("Entropy")) + this.entropy = (EntropyType) element.getValue(); + else if (localName.equalsIgnoreCase("Lifetime")) + this.lifetime = new Lifetime((LifetimeType) element.getValue()); + else if (localName.equalsIgnoreCase("AllowPostdating")) + this.allowPostDating = (AllowPostdatingType) element.getValue(); + else if (localName.equalsIgnoreCase("Renewing")) + this.renewing = (RenewingType) element.getValue(); + else if (localName.equalsIgnoreCase("OnBehalfOf")) + this.onBehalfOf = (OnBehalfOfType) element.getValue(); + else if (localName.equalsIgnoreCase("Issuer")) + this.issuer = (EndpointReferenceType) element.getValue(); + else if (localName.equalsIgnoreCase("AuthenticationType")) + this.authenticationType = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("KeyType")) + this.keyType = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("KeySize")) + this.keySize = (Long) element.getValue(); + else if (localName.equalsIgnoreCase("SignatureAlgorithm")) + this.signatureAlgorithm = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("Encryption")) + this.encryption = (EncryptionType) element.getValue(); + else if (localName.equalsIgnoreCase("EntropyAlgorithm")) + this.encryptionAlgorithm = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("CanonicalizationAlgorithm")) + this.canonicalizationAlgorithm = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("ProofEncryption")) + this.proofEncryption = (ProofEncryptionType) element.getValue(); + else if (localName.equalsIgnoreCase("UseKey")) + this.useKey = (UseKeyType) element.getValue(); + else if (localName.equalsIgnoreCase("SignWith")) + this.signWith = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("EncryptWith")) + this.encryptWith = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("DelegateTo")) + this.delegateTo = (DelegateToType) element.getValue(); + else if (localName.equalsIgnoreCase("Forwardable")) + this.forwardable = (Boolean) element.getValue(); + else if (localName.equalsIgnoreCase("Delegatable")) + this.delegatable = (Boolean) element.getValue(); + else + this.extensionElements.add(element.getValue()); + } + else + { + this.extensionElements.add(obj); + } + } + } + catch (URISyntaxException e) + { + throw new RuntimeException(e.getMessage(), e); + } + } + + /** + * + * Obtains the {@code URI} that identifies the token type. + * + * + * @return a {@code URI} that represents the token type. + */ + public URI getTokenType() + { + return tokenType; + } + + /** + * + * Sets the token type. + * + * + * @param tokenType a {@code URI} that identifies the token type. + */ + public void setTokenType(URI tokenType) + { + this.tokenType = tokenType; + this.delegate.getAny().add(this.factory.createTokenType(tokenType.toString())); + + } + + /** + * + * Obtains the request type. + * + * + * @return a {@code URI} that identifies the request type. + */ + public URI getRequestType() + { + return requestType; + } + + /** + * + * Sets the request type. The type must be one of the request types described in the WS-Trust specification. + * + * + * @param requestType a {@code URI} that identifies the request type. + */ + public void setRequestType(URI requestType) + { + this.requestType = requestType; + this.delegate.getAny().add(this.factory.createRequestType(requestType.toString())); + } + + /** + * + * Obtains the {@code AppliesTo} value of this request. The {@code AppliesTo} object identifies the service provider + * (web service) that requires a token to be presented by clients. A STS uses this object to find the type of the + * token that is accepted by the service provider so that it can issue appropriate tokens to clients. + * + * + * @return the reference to the {@code AppliesTo} object. + */ + public AppliesTo getAppliesTo() + { + return appliesTo; + } + + /** + * + * Sets the {@code AppliesTo} value of this request. The {@code AppliesTo} object identifies the service provider + * (web service) that requires a token to be presented by clients. A STS uses this object to find the type of the + * token that is accepted by the service provider so that it can issue appropriate tokens to clients. + * + * + * @param appliesTo a reference to the {@code AppliesTo} object that identifies the service provider. + */ + public void setAppliesTo(AppliesTo appliesTo) + { + this.appliesTo = appliesTo; + this.delegate.getAny().add(appliesTo); + } + + /** + * + * Obtains the set of claims of this request. + * + * + * @return a reference to the {@code ClaimsType} object that represents the request's claims. + */ + public ClaimsType getClaims() + { + return claims; + } + + /** + * + * Sets the claims of this request. + * + * + * @param claims the {@code ClaimsType} object that represents the claims to be set. + */ + public void setClaims(ClaimsType claims) + { + this.claims = claims; + this.delegate.getAny().add(this.factory.createClaims(claims)); + } + + /** + * + * Obtains the entropy that will be used in creating the key. + * + * + * @return a reference to the {@code EntropyType} that represents the entropy. + */ + public EntropyType getEntropy() + { + return entropy; + } + + /** + * + * Sets the entropy that must be used when creating the key. + * + * + * @param entropy the {@code EntropyType} representing the entropy to be set. + */ + public void setEntropy(EntropyType entropy) + { + this.entropy = entropy; + this.delegate.getAny().add(this.factory.createEntropy(entropy)); + } + + /** + * + * Obtains the desired lifetime of the requested token. + * + * + * @return a reference to the {@code Lifetime} that represents the lifetime. + */ + public Lifetime getLifetime() + { + return lifetime; + } + + /** + * + * Sets the desired lifetime of the requested token. + * + * + * @param lifetime the {@code Lifetime} object representing the lifetime to be set. + */ + public void setLifetime(Lifetime lifetime) + { + this.lifetime = lifetime; + this.delegate.getAny().add(this.factory.createLifetime(lifetime.getDelegate())); + } + + /** + * + * Checks whether a request for a postdated token should be allowed or not. + * + * + * @return {@code null} if the token can't have a future lifetime (e.g. a token to be used the next day); a + * {@code AllowPostdatingType} otherwise. + */ + public AllowPostdatingType getAllowPostDating() + { + return allowPostDating; + } + + /** + * + * Specifies whether a request for a postdated token should be allowed or not. + * + * + * @param allowPostDating {@code null} if the token can't have a future lifetime (e.g. a token to be used the next + * day); a {@code AllowPostdatingType} otherwise. + */ + public void setAllowPostDating(AllowPostdatingType allowPostDating) + { + this.allowPostDating = allowPostDating; + this.delegate.getAny().add(this.factory.createAllowPostdating(allowPostDating)); + } + + /** + * + * Obtains the renew semantics for this request. + * + * + * @return a reference to the {@code RenewingType} that represents the renew semantics for this request. + */ + public RenewingType getRenewing() + { + return renewing; + } + + /** + * + * Sets the renew semantics for this request. + * + * + * @param renewing the {@code RenewingType} object representing the semantics to be set. + */ + public void setRenewing(RenewingType renewing) + { + this.renewing = renewing; + this.delegate.getAny().add(this.factory.createRenewing(renewing)); + } + + /** + * + * Obtains the identity on whose behalf this request was made. + * + * + * @return a reference to the {@code OnBehalfOfType} that represents the identity on whose behalf this request was + * made. + */ + public OnBehalfOfType getOnBehalfOf() + { + return onBehalfOf; + } + + /** + * + * Specifies the identity on whose behalf this request is being made. + * + * + * @param onBehalfOf the {@code OnBehalfOfType} object representing the identity to be set. + */ + public void setOnBehalfOf(OnBehalfOfType onBehalfOf) + { + this.onBehalfOf = onBehalfOf; + this.delegate.getAny().add(this.factory.createOnBehalfOf(onBehalfOf)); + } + + /** + * + * Obtains the issuer of the token included in the request in the scenarios where the requestor is obtaining a token + * on behalf of another party. + * + * + * @return a reference to the {@code EndpointReferenceType} that represents the issuer. + */ + public EndpointReferenceType getIssuer() + { + return this.issuer; + } + + /** + * + * Sets the issuer of the token included in the request in scenarios where the requestor is obtaining a token on + * behalf of another party. + * + * + * @param issuer the {@code EndpointReferenceType} object representing the issuer to be set. + */ + public void setIssuer(EndpointReferenceType issuer) + { + this.issuer = issuer; + this.delegate.getAny().add(this.factory.createIssuer(issuer)); + } + + /** + * + * Obtains the type of authentication that has been set as part of the request. + * + * + * @return a {@code URI} that identifies the desired authentication type. + */ + public URI getAuthenticationType() + { + return authenticationType; + } + + /** + * + * Sets the authentication type in the request. + * + * + * @param authenticationType a {@code URI} that identifies the authentication type to be set. + */ + public void setAuthenticationType(URI authenticationType) + { + this.authenticationType = authenticationType; + this.delegate.getAny().add(this.factory.createAuthenticationType(authenticationType.toString())); + } + + /** + * + * Obtains the type of the key that has been set in the request. + * + * + * @return a {@code URI} that identifies the key type. + */ + public URI getKeyType() + { + return keyType; + } + + /** + * + * Sets the key type in the request. + * + * + * @param keyType a {@code URI} that specifies the key type. + */ + public void setKeyType(URI keyType) + { + this.keyType = keyType; + this.delegate.getAny().add(this.factory.createKeyType(keyType.toString())); + } + + /** + * + * Obtains the size of they key that has been set in the request. + * + * + * @return a {@code long} representing the key size in bytes. + */ + public long getKeySize() + { + return keySize; + } + + /** + * + * Sets the size of the key in the request. + * + * + * @param keySize a {@code long} representing the key size in bytes. + */ + public void setKeySize(long keySize) + { + this.keySize = keySize; + this.delegate.getAny().add(this.factory.createKeySize(keySize)); + } + + /** + * + * Obtains the signature algorithm that has been set in the request. + * + * + * @return a {@code URI} that represents the signature algorithm. + */ + public URI getSignatureAlgorithm() + { + return signatureAlgorithm; + } + + /** + * + * Sets the signature algorithm in the request. + * + * + * @param signatureAlgorithm a {@code URI} that represents the algorithm to be set. + */ + public void setSignatureAlgorithm(URI signatureAlgorithm) + { + this.signatureAlgorithm = signatureAlgorithm; + this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signatureAlgorithm.toString())); + } + + /** + * + * Obtains the {@code Encryption} section of the request. The {@code Encryption} element indicates that the requestor + * desires any returned secrets in issued security tokens to be encrypted. + * + * + * @return a reference to the {@code EncryptionType} object. + */ + public EncryptionType getEncryption() + { + return encryption; + } + + /** + * + * Sets the {@code Encryption} section of the request. The {@code Encryption} element indicates that the requestor + * desires any returned secrets in issued security tokens to be encrypted. + * + * + * @param encryption the {@code EncryptionType} to be set. + */ + public void setEncryption(EncryptionType encryption) + { + this.encryption = encryption; + this.delegate.getAny().add(this.factory.createEncryption(encryption)); + } + + /** + * + * Obtains the encryption algorithm that has been set in the request. + * + * + * @return a {@code URI} that represents the encryption algorithm. + */ + public URI getEncryptionAlgorithm() + { + return encryptionAlgorithm; + } + + /** + * + * Sets the encryption algorithm in the request. + * + * + * @param encryptionAlgorithm a {@code URI} that represents the encryption algorithm to be set. + */ + public void setEncryptionAlgorithm(URI encryptionAlgorithm) + { + this.encryptionAlgorithm = encryptionAlgorithm; + this.delegate.getAny().add(this.factory.createEncryptionAlgorithm(encryptionAlgorithm.toString())); + } + + /** + * + * Obtains the canonicalization algorithm that has been set in the request. + * + * + * @return a {@code URI} that represents the canonicalization algorithm. + */ + public URI getCanonicalizationAlgorithm() + { + return canonicalizationAlgorithm; + } + + /** + * + * Sets the canonicalization algorithm in the request. + * + * + * @param canonicalizationAlgorithm a {@code URI} that represents the algorithm to be set. + */ + public void setCanonicalizationAlgorithm(URI canonicalizationAlgorithm) + { + this.canonicalizationAlgorithm = canonicalizationAlgorithm; + this.delegate.getAny().add(this.factory.createCanonicalizationAlgorithm(canonicalizationAlgorithm.toString())); + } + + /** + * + * Obtains the {@code ProofEncryption} section of the request. The {@code ProofEncryption} indicates that the + * requestor desires any returned secrets in issued security tokens to be encrypted. + * + * + * @return a reference to the {@code ProofEncryptionType} object. + */ + public ProofEncryptionType getProofEncryption() + { + return proofEncryption; + } + + /** + * + * Sets the {@code ProofEncryption} section of the request. The {@code ProofEncryption} indicates that the requestor + * desires any returned secrets in issued security tokens to be encrypted. + * + * + * @param proofEncryption the {@code ProofEncryptionType} to be set. + */ + public void setProofEncryption(ProofEncryptionType proofEncryption) + { + this.proofEncryption = proofEncryption; + this.delegate.getAny().add(this.factory.createProofEncryption(proofEncryption)); + } + + /** + * + * Obtains the key that should be used in the returned token. + * + * + * @return a reference to the {@code UseKeyType} instance that represents the key to be used. + */ + public UseKeyType getUseKey() + { + return useKey; + } + + /** + * + * Sets the key that should be used in the returned token. + * + * + * @param useKey the {@code UseKeyType} instance to be set. + */ + public void setUseKey(UseKeyType useKey) + { + this.useKey = useKey; + this.delegate.getAny().add(this.factory.createUseKey(useKey)); + } + + /** + * + * Obtains the signature algorithm that should be used with the issued security token. + * + * + * @return a {@code URI} representing the algorithm that should be used. + */ + public URI getSignWith() + { + return signWith; + } + + /** + * + * Sets the signature algorithm that should be used with the issued security token. + * + * + * @param signWith a {@code URI} representing the algorithm to be used. + */ + public void setSignWith(URI signWith) + { + this.signWith = signWith; + this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signWith.toString())); + } + + /** + * + * Obtains the encryption algorithm that should be used with the issued security token. + * + * + * @return a {@code URI} representing the encryption algorithm that should be used. + */ + public URI getEncryptWith() + { + return encryptWith; + } + + /** + * + * Sets the encryption algorithm that should be used with the issued security token. + * + * + * @param encryptWith a {@code URI} representing the algorithm to be used. + */ + public void setEncryptWith(URI encryptWith) + { + this.encryptWith = encryptWith; + this.delegate.getAny().add(this.factory.createEncryptWith(encryptWith.toString())); + } + + /** + * + * Obtains the identity to which the requested token should be delegated. + * + * + * @return a reference to the {@code DelegateToType} instance that represents the identity. + */ + public DelegateToType getDelegateTo() + { + return delegateTo; + } + + /** + * + * Sets the identity to which the requested token should be delegated. + * + * + * @param delegateTo the {@code DelegateToType} object representing the identity to be set. + */ + public void setDelegateTo(DelegateToType delegateTo) + { + this.delegateTo = delegateTo; + this.delegate.getAny().add(this.factory.createDelegateTo(delegateTo)); + } + + /** + * + * Indicates whether the requested token should be marked as "forwardable" or not. In general, this flag is used when + * a token is normally bound to the requestor's machine or service. Using this flag, the returned token MAY be used + * from any source machine so long as the key is correctly proven. + * + * + * @return {@code true} if the requested token should be marked as "forwardable"; {@code false} otherwise. + */ + public boolean isForwardable() + { + return forwardable; + } + + /** + * + * Specifies whether the requested token should be marked as "forwardable" or not. In general, this flag is used when + * a token is normally bound to the requestor's machine or service. Using this flag, the returned token MAY be used + * from any source machine so long as the key is correctly proven. + * + * + * @param forwardable {@code true} if the requested token should be marked as "forwardable"; {@code false} otherwise. + */ + public void setForwardable(boolean forwardable) + { + this.forwardable = forwardable; + this.delegate.getAny().add(this.factory.createForwardable(forwardable)); + } + + /** + * + * Indicates whether the requested token should be marked as "delegatable" or not. Using this flag, the returned + * token MAY be delegated to another party. + * + * + * @return {@code true} if the requested token should be marked as "delegatable"; {@code false} otherwise. + */ + public boolean isDelegatable() + { + return delegatable; + } + + /** + * + * Specifies whether the requested token should be marked as "delegatable" or not. Using this flag, the returned + * token MAY be delegated to another party. + * + * + * @param delegatable {@code true} if the requested token should be marked as "delegatable"; {@code false} otherwise. + */ + public void setDelegatable(boolean delegatable) + { + this.delegatable = delegatable; + this.delegate.getAny().add(this.factory.createDelegatable(delegatable)); + } + + /** + * + * Obtains the {@code Policy} associated with the request. The policy specifies defaults that can be overridden by + * the previous properties. + * + * + * @return a reference to the {@code Policy} that has been set in the request. + */ + public Policy getPolicy() + { + return policy; + } + + /** + * + * Sets the {@code Policy} in the request. The policy specifies defaults that can be overridden by + * the previous properties. + * + * + * @param policy the {@code Policy} instance to be set. + */ + public void setPolicy(Policy policy) + { + this.policy = policy; + this.delegate.getAny().add(policy); + } + + /** + * + * Obtains the reference to the {@code Policy} that should be used. + * + * + * @return a {@code PolicyReference} that specifies where the {@code Policy} can be found. + */ + public PolicyReference getPolicyReference() + { + return policyReference; + } + + /** + * + * Sets the reference to the {@code Policy} that should be used. + * + * + * @param policyReference the {@code PolicyReference} object to be set. + */ + public void setPolicyReference(PolicyReference policyReference) + { + this.policyReference = policyReference; + this.delegate.getAny().add(policyReference); + } + + /** + * + * Obtains the list of request elements that are not part of the standard content model. + * + * + * @return a {@code List<Object>} containing the extension elements. + */ + public List<Object> getExtensionElements() + { + return Collections.unmodifiableList(this.extensionElements); + } + + /** + * + * Obtains the request context. + * + * + * @return a {@code String} that identifies the request. + */ + public String getContext() + { + return this.delegate.getContext(); + } + + /** + * + * Sets the request context. + * + * + * @param context a {@code String} that identifies the request. + */ + public void setContext(String context) + { + this.delegate.setContext(context); + } + + /** + * + * Obtains a map that contains attributes that aren't bound to any typed property on the request. This is a live + * reference, so attributes can be added/changed/removed directly. For this reason, there is no setter method. + * + * + * @return a {@code Map<QName, String>} that contains the attributes. + */ + public Map<QName, String> getOtherAttributes() + { + return this.delegate.getOtherAttributes(); + } + + /** + * + * Gets a reference to the list that holds all request element values. + * + * + * @return a {@code List<Object>} containing all values specified in the request. + */ + public List<Object> getAny() + { + return this.delegate.getAny(); + } + + /** + * + * Obtains a reference to the {@code RequestSecurityTokenType} delegate. + * + * + * @return a reference to the delegate instance. + */ + public RequestSecurityTokenType getDelegate() + { + return this.delegate; + } +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java 2009-05-31 23:25:59 UTC (rev 547) @@ -0,0 +1,122 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenCollectionType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType; + +/** + * + * This class represents a WS-Trust {@code RequestSecurityTokenCollection}. It wraps the JAXB representation of the + * security token collection request. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class RequestSecurityTokenCollection implements BaseRequestSecurityToken +{ + + private final RequestSecurityTokenCollectionType delegate; + + private final List<RequestSecurityToken> requestSecurityTokens; + + /** + * + * Creates an instance of {@code RequestSecurityTokenCollection}. + * + */ + public RequestSecurityTokenCollection() + { + this.requestSecurityTokens = new ArrayList<RequestSecurityToken>(); + this.delegate = new RequestSecurityTokenCollectionType(); + } + + /** + * + * Creates an instance of {@code RequestSecurityTokenCollection} using the specified delegate. + * + * + * @param delegate the JAXB {@code RequestSecurityTokenCollectionType} that represents a WS-Trust request collection. + */ + public RequestSecurityTokenCollection(RequestSecurityTokenCollectionType delegate) + { + this.delegate = delegate; + this.requestSecurityTokens = new ArrayList<RequestSecurityToken>(); + for (RequestSecurityTokenType request : delegate.getRequestSecurityToken()) + this.requestSecurityTokens.add(new RequestSecurityToken(request)); + } + + /** + * + * Obtains the collection of {@code RequestSecurityToken} objects. The returned collection is immutable, so addition + * or removal of requests must be carried by the appropriate add/remove methods. + * + * + * @return a {@code List<RequestSecurityToken>} containing the token requests. + */ + public List<RequestSecurityToken> getRequestSecurityTokens() + { + return Collections.unmodifiableList(this.requestSecurityTokens); + } + + /** + * + * Adds the specified {@code RequestSecurityToken} object to the collection of token requests. + * + * + * @param request the {@code RequestSecurityToken} to be added. + */ + public void addRequestSecurityToken(RequestSecurityToken request) + { + this.delegate.getRequestSecurityToken().add(request.getDelegate()); + this.requestSecurityTokens.add(request); + } + + /** + * + * Removes the specified {@code RequestSecurityToken} object from the collection of token requests. + * + * + * @param request the {@code RequestSecurityToken} to be removed. + */ + public void removeRequestSecurityToken(RequestSecurityToken request) + { + this.delegate.getRequestSecurityToken().remove(request.getDelegate()); + this.requestSecurityTokens.remove(request); + } + + /** + * + * Obtains a reference to the {@code RequestSecurityTokenCollectionType} delegate. + * + * + * @return a reference to the delegate instance. + */ + public RequestSecurityTokenCollectionType getDelegate() + { + return this.delegate; + } +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java 2009-05-31 23:25:59 UTC (rev 547) @@ -0,0 +1,1159 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import java.net.URI; +import java.net.URISyntaxException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import javax.xml.bind.JAXBElement; +import javax.xml.namespace.QName; + +import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; +import org.jboss.identity.federation.ws.policy.AppliesTo; +import org.jboss.identity.federation.ws.policy.Policy; +import org.jboss.identity.federation.ws.policy.PolicyReference; +import org.jboss.identity.federation.ws.trust.AllowPostdatingType; +import org.jboss.identity.federation.ws.trust.AuthenticatorType; +import org.jboss.identity.federation.ws.trust.DelegateToType; +import org.jboss.identity.federation.ws.trust.EncryptionType; +import org.jboss.identity.federation.ws.trust.EntropyType; +import org.jboss.identity.federation.ws.trust.LifetimeType; +import org.jboss.identity.federation.ws.trust.ObjectFactory; +import org.jboss.identity.federation.ws.trust.OnBehalfOfType; +import org.jboss.identity.federation.ws.trust.ProofEncryptionType; +import org.jboss.identity.federation.ws.trust.RenewingType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseType; +import org.jboss.identity.federation.ws.trust.RequestedProofTokenType; +import org.jboss.identity.federation.ws.trust.RequestedReferenceType; +import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType; +import org.jboss.identity.federation.ws.trust.StatusType; +import org.jboss.identity.federation.ws.trust.UseKeyType; + +/** + * + * This class represents a WS-Trust {@code RequestSecurityTokenResponse}. It wraps the JAXB representation of the + * security token response and offers a series of getter/setter methods that make it easy to work with elements that are + * represented by the {@code Any} XML type. + * + * + * The following shows the intended content model of a {@code RequestSecurityTokenResponse}: + * + * <pre> + * <xs:element ref='wst:TokenType' minOccurs='0' /> + * <xs:element ref='wst:RequestType' /> + * <xs:element ref='wst:RequestedSecurityToken' minOccurs='0' /> + * <xs:element ref='wsp:AppliesTo' minOccurs='0' /> + * <xs:element ref='wst:RequestedAttachedReference' minOccurs='0' /> + * <xs:element ref='wst:RequestedUnattachedReference' minOccurs='0' /> + * <xs:element ref='wst:RequestedProofToken' minOccurs='0' /> + * <xs:element ref='wst:Entropy' minOccurs='0' /> + * <xs:element ref='wst:Lifetime' minOccurs='0' /> + * <xs:element ref='wst:Status' minOccurs='0' /> + * <xs:element ref='wst:AllowPostdating' minOccurs='0' /> + * <xs:element ref='wst:Renewing' minOccurs='0' /> + * <xs:element ref='wst:OnBehalfOf' minOccurs='0' /> + * <xs:element ref='wst:Issuer' minOccurs='0' /> + * <xs:element ref='wst:AuthenticationType' minOccurs='0' /> + * <xs:element ref='wst:Authenticator' minOccurs='0' /> + * <xs:element ref='wst:KeyType' minOccurs='0' /> + * <xs:element ref='wst:KeySize' minOccurs='0' /> + * <xs:element ref='wst:SignatureAlgorithm' minOccurs='0' /> + * <xs:element ref='wst:Encryption' minOccurs='0' /> + * <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' /> + * <xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' /> + * <xs:element ref='wst:ProofEncryption' minOccurs='0' /> + * <xs:element ref='wst:UseKey' minOccurs='0' /> + * <xs:element ref='wst:SignWith' minOccurs='0' /> + * <xs:element ref='wst:EncryptWith' minOccurs='0' /> + * <xs:element ref='wst:DelegateTo' minOccurs='0' /> + * <xs:element ref='wst:Forwardable' minOccurs='0' /> + * <xs:element ref='wst:Delegatable' minOccurs='0' /> + * <xs:element ref='wsp:Policy' minOccurs='0' /> + * <xs:element ref='wsp:PolicyReference' minOccurs='0' /> + * <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' /> + * </pre> + * + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +/** + * + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class RequestSecurityTokenResponse implements BaseRequestSecurityTokenResponse +{ + + private final RequestSecurityTokenResponseType delegate; + + private URI tokenType; + + private URI requestType; + + private RequestedSecurityTokenType requestedSecurityToken; + + private AppliesTo appliesTo; + + private RequestedReferenceType requestedAttachedReference; + + private RequestedReferenceType requestedUnattachedReference; + + private RequestedProofTokenType requestedProofToken; + + private EntropyType entropy; + + private Lifetime lifetime; + + private StatusType status; + + private AllowPostdatingType allowPostDating; + + private RenewingType renewing; + + private OnBehalfOfType onBehalfOf; + + private EndpointReferenceType issuer; + + private URI authenticationType; + + private AuthenticatorType authenticator; + + private URI keyType; + + private long keySize; + + private URI signatureAlgorithm; + + private EncryptionType encryption; + + private URI encryptionAlgorithm; + + private URI canonicalizationAlgorithm; + + private ProofEncryptionType proofEncryption; + + private UseKeyType useKey; + + private URI signWith; + + private URI encryptWith; + + private DelegateToType delegateTo; + + private boolean forwardable; + + private boolean delegatable; + + private Policy policy; + + private PolicyReference policyReference; + + private final List<Object> extensionElements = new ArrayList<Object>(); + + private final ObjectFactory factory = new ObjectFactory(); + + /** + * + * Creates an instance of {@code RequestSecurityTokenResponse}. + * + */ + public RequestSecurityTokenResponse() + { + this.delegate = new RequestSecurityTokenResponseType(); + } + + /** + * + * Creates an instance of {@code RequestSecurityTokenResponse} using the specified delegate. + * + * + * @param delegate the JAXB {@code RequestSecurityTokenResponseType} that represents a WS-Trust response. + */ + public RequestSecurityTokenResponse(RequestSecurityTokenResponseType delegate) + { + this.delegate = delegate; + // parse the delegate's Any contents. + try + { + for (Object obj : this.delegate.getAny()) + { + if (obj instanceof AppliesTo) + { + this.appliesTo = (AppliesTo) obj; + } + else if (obj instanceof Policy) + { + this.policy = (Policy) obj; + } + else if (obj instanceof PolicyReference) + { + this.policyReference = (PolicyReference) obj; + } + else if (obj instanceof JAXBElement) + { + JAXBElement<?> element = (JAXBElement<?>) obj; + String localName = element.getName().getLocalPart(); + if (localName.equalsIgnoreCase("TokenType")) + this.tokenType = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("RequestType")) + this.requestType = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("RequestedSecurityToken")) + this.requestedSecurityToken = (RequestedSecurityTokenType) element.getValue(); + else if (localName.equalsIgnoreCase("RequestedAttachedReference")) + this.requestedAttachedReference = (RequestedReferenceType) element.getValue(); + else if (localName.equalsIgnoreCase("RequestedUnattachedReference")) + this.requestedUnattachedReference = (RequestedReferenceType) element.getValue(); + else if (localName.equalsIgnoreCase("RequestedProofToken")) + this.requestedProofToken = (RequestedProofTokenType) element.getValue(); + else if (localName.equalsIgnoreCase("Entropy")) + this.entropy = (EntropyType) element.getValue(); + else if (localName.equalsIgnoreCase("Lifetime")) + this.lifetime = new Lifetime((LifetimeType) element.getValue()); + else if (localName.equalsIgnoreCase("Status")) + this.status = (StatusType) element.getValue(); + else if (localName.equalsIgnoreCase("AllowPostdating")) + this.allowPostDating = (AllowPostdatingType) element.getValue(); + else if (localName.equalsIgnoreCase("Renewing")) + this.renewing = (RenewingType) element.getValue(); + else if (localName.equalsIgnoreCase("OnBehalfOf")) + this.onBehalfOf = (OnBehalfOfType) element.getValue(); + else if (localName.equalsIgnoreCase("Issuer")) + this.issuer = (EndpointReferenceType) element.getValue(); + else if (localName.equalsIgnoreCase("AuthenticationType")) + this.authenticationType = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("Authenticator")) + this.authenticator = (AuthenticatorType) element.getValue(); + else if (localName.equalsIgnoreCase("KeyType")) + this.keyType = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("KeySize")) + this.keySize = (Long) element.getValue(); + else if (localName.equalsIgnoreCase("SignatureAlgorithm")) + this.signatureAlgorithm = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("Encryption")) + this.encryption = (EncryptionType) element.getValue(); + else if (localName.equalsIgnoreCase("EntropyAlgorithm")) + this.encryptionAlgorithm = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("CanonicalizationAlgorithm")) + this.canonicalizationAlgorithm = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("ProofEncryption")) + this.proofEncryption = (ProofEncryptionType) element.getValue(); + else if (localName.equalsIgnoreCase("UseKey")) + this.useKey = (UseKeyType) element.getValue(); + else if (localName.equalsIgnoreCase("SignWith")) + this.signWith = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("EncryptWith")) + this.encryptWith = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("DelegateTo")) + this.delegateTo = (DelegateToType) element.getValue(); + else if (localName.equalsIgnoreCase("Forwardable")) + this.forwardable = (Boolean) element.getValue(); + else if (localName.equalsIgnoreCase("Delegatable")) + this.delegatable = (Boolean) element.getValue(); + else + this.extensionElements.add(element.getValue()); + } + else + { + this.extensionElements.add(obj); + } + } + } + catch (URISyntaxException e) + { + throw new RuntimeException(e.getMessage(), e); + } + } + + /** + * + * Obtains the {@code URI} that identifies the token type. + * + * + * @return a {@code URI} that represents the token type. + */ + public URI getTokenType() + { + return tokenType; + } + + /** + * + * Sets the token type. + * + * + * @param tokenType a {@code URI} that identifies the token type. + */ + public void setTokenType(URI tokenType) + { + this.tokenType = tokenType; + this.delegate.getAny().add(this.factory.createTokenType(tokenType.toString())); + + } + + /** + * + * Obtains the request type. + * + * + * @return a {@code URI} that identifies the request type. + */ + public URI getRequestType() + { + return requestType; + } + + /** + * + * Sets the request type. The type must be one of the request types described in the WS-Trust specification. + * + * + * @param requestType a {@code URI} that identifies the request type. + */ + public void setRequestType(URI requestType) + { + this.requestType = requestType; + this.delegate.getAny().add(this.factory.createRequestType(requestType.toString())); + } + + /** + * + * Obtains the requested security token that has been set in the response. + * + * + * @return a reference to the {@code RequestedSecurityTokenType} that contains the token. + */ + public RequestedSecurityTokenType getRequestedSecurityToken() + { + return requestedSecurityToken; + } + + /** + * + * Sets the requested security token in the response. + * + * + * @param requestedSecurityToken the {@code RequestedSecurityTokenType} instance to be set. + */ + public void setRequestedSecurityToken(RequestedSecurityTokenType requestedSecurityToken) + { + this.requestedSecurityToken = requestedSecurityToken; + this.delegate.getAny().add(this.factory.createRequestedSecurityToken(requestedSecurityToken)); + } + + /** + * + * Obtains the scope to which the security token applies. + * + * + * @return a reference to the {@code AppliesTo} instance that represents the token scope. + */ + public AppliesTo getAppliesTo() + { + return appliesTo; + } + + /** + * + * Sets the scope to which the security token applies. + * + * + * @param appliesTo a reference to the {@code AppliesTo} object that represents the scope to be set. + */ + public void setAppliesTo(AppliesTo appliesTo) + { + this.appliesTo = appliesTo; + this.delegate.getAny().add(appliesTo); + } + + /** + * + * Obtains the {@code RequestedAttachedReference} that indicate how to reference the returned token when that token + * doesn't support references using URI fragments (XML ID). + * + * + * @return a {@code RequestedReferenceType} that represents the token reference. + */ + public RequestedReferenceType getRequestedAttachedReference() + { + return requestedAttachedReference; + } + + /** + * + * Sets the {@code RequestedAttachedReference} that indicate how to reference the returned token when that token + * doesn't support references using URI fragments (XML ID). + * + * + * @param requestedAttachedReference the {@code RequestedReferenceType} instance to be set. + */ + public void setRequestedAttachedReference(RequestedReferenceType requestedAttachedReference) + { + this.requestedAttachedReference = requestedAttachedReference; + this.delegate.getAny().add(this.factory.createRequestedAttachedReference(requestedAttachedReference)); + } + + /** + * + * Obtains the {@code RequestedUnattachedReference} that specifies to indicate how to reference the token when it is + * not placed inside the message. + * + * + * @return a {@code RequestedReferenceType} that represents the unattached reference. + */ + public RequestedReferenceType getRequestedUnattachedReference() + { + return requestedUnattachedReference; + } + + /** + * + * Sets the {@code RequestedUnattachedReference} that specifies to indicate how to reference the token when it is not + * placed inside the message. + * + * + * @param requestedUnattachedReference the {@code RequestedReferenceType} instance to be set. + */ + public void setRequestedUnattachedReference(RequestedReferenceType requestedUnattachedReference) + { + this.requestedUnattachedReference = requestedUnattachedReference; + this.delegate.getAny().add(this.factory.createRequestedUnattachedReference(requestedUnattachedReference)); + } + + /** + * + * Obtains the proof of possession token that has been set in the response. + * + * + * @return a reference to the {@code RequestedProofTokenType} that contains the token. + */ + public RequestedProofTokenType getRequestedProofToken() + { + return requestedProofToken; + } + + /** + * + * Sets the proof of possesion token in the response. + * + * + * @param requestedProofToken the {@code RequestedProofTokenType} instance to be set. + */ + public void setRequestedProofToken(RequestedProofTokenType requestedProofToken) + { + this.requestedProofToken = requestedProofToken; + this.delegate.getAny().add(this.factory.createRequestedProofToken(requestedProofToken)); + } + + /** + * + * Obtains the entropy that has been used in creating the key. + * + * + * @return a reference to the {@code EntropyType} that represents the entropy. + */ + public EntropyType getEntropy() + { + return entropy; + } + + /** + * + * Sets the entropy that has been used in creating the key. + * + * + * @param entropy the {@code EntropyType} representing the entropy to be set. + */ + public void setEntropy(EntropyType entropy) + { + this.entropy = entropy; + this.delegate.getAny().add(this.factory.createEntropy(entropy)); + } + + /** + * + * Obtains the lifetime of the security token. + * + * + * @return a reference to the {@code Lifetime} that represents the lifetime of the security token. + */ + public Lifetime getLifetime() + { + return lifetime; + } + + /** + * + * Sets the lifetime of the security token. + * + * + * @param lifetime the {@code Lifetime} object representing the lifetime to be set. + */ + public void setLifetime(Lifetime lifetime) + { + this.lifetime = lifetime; + this.delegate.getAny().add(this.factory.createLifetime(lifetime.getDelegate())); + } + + /** + * + * Obtains the result of a security token validation. + * + * + * @return a referece to the {@code StatusType} instance that represents the status of the validation. + */ + public StatusType getStatus() + { + return status; + } + + /** + * + * Sets the result of a security token validation. + * + * + * @param status the {@code StatusType} instance to be set. + */ + public void setStatus(StatusType status) + { + this.status = status; + this.delegate.getAny().add(this.factory.createStatus(status)); + } + + /** + * + * Checks whether the returned token is a postdated token or not. + * + * + * @return {@code null} if the token is not postdated; a {@code AllowPostdatingType} otherwise. + */ + public AllowPostdatingType getAllowPostDating() + { + return allowPostDating; + } + + /** + * + * Specifies whether the returned token is a postdated token or not. + * + * + * @param allowPostDating {@code null} if the token is not postdated; a {@code AllowPostdatingType} otherwise. + */ + public void setAllowPostDating(AllowPostdatingType allowPostDating) + { + this.allowPostDating = allowPostDating; + this.delegate.getAny().add(this.factory.createAllowPostdating(allowPostDating)); + } + + /** + * + * Obtains the renew semantics for the token request. + * + * + * @return a reference to the {@code RenewingType} that represents the renew semantics for the request. + */ + public RenewingType getRenewing() + { + return renewing; + } + + /** + * + * Sets the renew semantics for the token request. + * + * + * @param renewing the {@code RenewingType} object representing the semantics to be set. + */ + public void setRenewing(RenewingType renewing) + { + this.renewing = renewing; + this.delegate.getAny().add(this.factory.createRenewing(renewing)); + } + + /** + * + * Obtains the identity on whose behalf the token request was made. + * + * + * @return a reference to the {@code OnBehalfOfType} that represents the identity on whose behalf the token request + * was made. + */ + public OnBehalfOfType getOnBehalfOf() + { + return onBehalfOf; + } + + /** + * + * Specifies the identity on whose behalf the token request was made. + * + * + * @param onBehalfOf the {@code OnBehalfOfType} object representing the identity to be set. + */ + public void setOnBehalfOf(OnBehalfOfType onBehalfOf) + { + this.onBehalfOf = onBehalfOf; + this.delegate.getAny().add(this.factory.createOnBehalfOf(onBehalfOf)); + } + + /** + * + * Obtains the issuer of the token included in the request in the scenarios where the requestor is obtaining a token + * on behalf of another party. + * + * + * @return a reference to the {@code EndpointReferenceType} that represents the issuer. + */ + public EndpointReferenceType getIssuer() + { + return this.issuer; + } + + /** + * + * Sets the issuer of the token included in the request in scenarios where the requestor is obtaining a token on + * behalf of another party. + * + * + * @param issuer the {@code EndpointReferenceType} object representing the issuer to be set. + */ + public void setIssuer(EndpointReferenceType issuer) + { + this.issuer = issuer; + this.delegate.getAny().add(this.factory.createIssuer(issuer)); + } + + /** + * + * Obtains the type of authentication that is to be conducted. + * + * + * @return a {@code URI} that identifies the authentication type. + */ + public URI getAuthenticationType() + { + return authenticationType; + } + + /** + * + * Sets the authentication type in the response. + * + * + * @param authenticationType a {@code URI} that identifies the authentication type to be set. + */ + public void setAuthenticationType(URI authenticationType) + { + this.authenticationType = authenticationType; + this.delegate.getAny().add(this.factory.createAuthenticationType(authenticationType.toString())); + } + + /** + * + * Obtains the authenticator that must be used in authenticating exchanges. + * + * + * @return a reference to the {@code AuthenticatorType} that represents the authenticator. + */ + public AuthenticatorType getAuthenticator() + { + return authenticator; + } + + /** + * + * Sets the authenticator that must be used in authenticating exchanges. + * + * + * @param authenticator the {@code AuthenticatorType} instance to be set. + */ + public void setAuthenticator(AuthenticatorType authenticator) + { + this.authenticator = authenticator; + this.delegate.getAny().add(this.factory.createAuthenticator(authenticator)); + } + + /** + * + * Obtains the type of the key that has been set in the response. + * + * + * @return a {@code URI} that identifies the key type. + */ + public URI getKeyType() + { + return keyType; + } + + /** + * + * Sets the key type in the response. + * + * + * @param keyType a {@code URI} that specifies the key type. + */ + public void setKeyType(URI keyType) + { + this.keyType = keyType; + this.delegate.getAny().add(this.factory.createKeyType(keyType.toString())); + } + + /** + * + * Obtains the size of they key that has been set in the response. + * + * + * @return a {@code long} representing the key size in bytes. + */ + public long getKeySize() + { + return keySize; + } + + /** + * + * Sets the size of the key in the response. + * + * + * @param keySize a {@code long} representing the key size in bytes. + */ + public void setKeySize(long keySize) + { + this.keySize = keySize; + this.delegate.getAny().add(this.factory.createKeySize(keySize)); + } + + /** + * + * Obtains the signature algorithm that has been set in the response. + * + * + * @return a {@code URI} that represents the signature algorithm. + */ + public URI getSignatureAlgorithm() + { + return signatureAlgorithm; + } + + /** + * + * Sets the signature algorithm in the response. + * + * + * @param signatureAlgorithm a {@code URI} that represents the algorithm to be set. + */ + public void setSignatureAlgorithm(URI signatureAlgorithm) + { + this.signatureAlgorithm = signatureAlgorithm; + this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signatureAlgorithm.toString())); + } + + /** + * + * Obtains the {@code Encryption} section of the response. The {@code Encryption} element indicates that the + * requestor desires any returned secrets in issued security tokens to be encrypted. + * + * + * @return a reference to the {@code EncryptionType} object. + */ + public EncryptionType getEncryption() + { + return encryption; + } + + /** + * + * Sets the {@code Encryption} section of the response. The {@code Encryption} element indicates that the requestor + * desires any returned secrets in issued security tokens to be encrypted. + * + * + * @param encryption the {@code EncryptionType} to be set. + */ + public void setEncryption(EncryptionType encryption) + { + this.encryption = encryption; + this.delegate.getAny().add(this.factory.createEncryption(encryption)); + } + + /** + * + * Obtains the encryption algorithm that has been set in the response. + * + * + * @return a {@code URI} that represents the encryption algorithm. + */ + public URI getEncryptionAlgorithm() + { + return encryptionAlgorithm; + } + + /** + * + * Sets the encryption algorithm in the response. + * + * + * @param encryptionAlgorithm a {@code URI} that represents the encryption algorithm to be set. + */ + public void setEncryptionAlgorithm(URI encryptionAlgorithm) + { + this.encryptionAlgorithm = encryptionAlgorithm; + this.delegate.getAny().add(this.factory.createEncryptionAlgorithm(encryptionAlgorithm.toString())); + } + + /** + * + * Obtains the canonicalization algorithm that has been set in the response. + * + * + * @return a {@code URI} that represents the canonicalization algorithm. + */ + public URI getCanonicalizationAlgorithm() + { + return canonicalizationAlgorithm; + } + + /** + * + * Sets the canonicalization algorithm in the response. + * + * + * @param canonicalizationAlgorithm a {@code URI} that represents the algorithm to be set. + */ + public void setCanonicalizationAlgorithm(URI canonicalizationAlgorithm) + { + this.canonicalizationAlgorithm = canonicalizationAlgorithm; + this.delegate.getAny().add(this.factory.createCanonicalizationAlgorithm(canonicalizationAlgorithm.toString())); + } + + /** + * + * Obtains the {@code ProofEncryption} section of the response. The {@code ProofEncryption} indicates that the + * requestor desires any returned secrets in issued security tokens to be encrypted. + * + * + * @return a reference to the {@code ProofEncryptionType} object. + */ + public ProofEncryptionType getProofEncryption() + { + return proofEncryption; + } + + /** + * + * Sets the {@code ProofEncryption} section of the response. The {@code ProofEncryption} indicates that the requestor + * desires any returned secrets in issued security tokens to be encrypted. + * + * + * @param proofEncryption the {@code ProofEncryptionType} to be set. + */ + public void setProofEncryption(ProofEncryptionType proofEncryption) + { + this.proofEncryption = proofEncryption; + this.delegate.getAny().add(this.factory.createProofEncryption(proofEncryption)); + } + + /** + * + * Obtains the key that used in the returned token. + * + * + * @return a reference to the {@code UseKeyType} instance that represents the key used. + */ + public UseKeyType getUseKey() + { + return useKey; + } + + /** + * + * Sets the key that used in the returned token. + * + * + * @param useKey the {@code UseKeyType} instance to be set. + */ + public void setUseKey(UseKeyType useKey) + { + this.useKey = useKey; + this.delegate.getAny().add(this.factory.createUseKey(useKey)); + } + + /** + * + * Obtains the signature algorithm used with the issued security token. + * + * + * @return a {@code URI} representing the algorithm used. + */ + public URI getSignWith() + { + return signWith; + } + + /** + * + * Sets the signature algorithm used with the issued security token. + * + * + * @param signWith a {@code URI} representing the algorithm used. + */ + public void setSignWith(URI signWith) + { + this.signWith = signWith; + this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signWith.toString())); + } + + /** + * + * Obtains the encryption algorithm used with the issued security token. + * + * + * @return a {@code URI} representing the encryption algorithm used. + */ + public URI getEncryptWith() + { + return encryptWith; + } + + /** + * + * Sets the encryption algorithm used with the issued security token. + * + * + * @param encryptWith a {@code URI} representing the algorithm used. + */ + public void setEncryptWith(URI encryptWith) + { + this.encryptWith = encryptWith; + this.delegate.getAny().add(this.factory.createEncryptWith(encryptWith.toString())); + } + + /** + * + * Obtains the identity to which the requested token should be delegated. + * + * + * @return a reference to the {@code DelegateToType} instance that represents the identity. + */ + public DelegateToType getDelegateTo() + { + return delegateTo; + } + + /** + * + * Sets the identity to which the requested token should be delegated. + * + * + * @param delegateTo the {@code DelegateToType} object representing the identity to be set. + */ + public void setDelegateTo(DelegateToType delegateTo) + { + this.delegateTo = delegateTo; + this.delegate.getAny().add(this.factory.createDelegateTo(delegateTo)); + } + + /** + * + * Indicates whether the requested token has been marked as "forwardable" or not. In general, this flag is used when + * a token is normally bound to the requestor's machine or service. Using this flag, the returned token MAY be used + * from any source machine so long as the key is correctly proven. + * + * + * @return {@code true} if the requested token has been marked as "forwardable"; {@code false} otherwise. + */ + public boolean isForwardable() + { + return forwardable; + } + + /** + * + * Specifies whether the requested token has been marked as "forwardable" or not. In general, this flag is used when + * a token is normally bound to the requestor's machine or service. Using this flag, the returned token MAY be used + * from any source machine so long as the key is correctly proven. + * + * + * @param forwardable {@code true} if the requested token has been marked as "forwardable"; {@code false} otherwise. + */ + public void setForwardable(boolean forwardable) + { + this.forwardable = forwardable; + this.delegate.getAny().add(this.factory.createForwardable(forwardable)); + } + + /** + * + * Indicates whether the requested token has been marked as "delegatable" or not. Using this flag, the returned token + * MAY be delegated to another party. + * + * + * @return {@code true} if the requested token has been marked as "delegatable"; {@code false} otherwise. + */ + public boolean isDelegatable() + { + return delegatable; + } + + /** + * + * Specifies whether the requested token has been marked as "delegatable" or not. Using this flag, the returned token + * MAY be delegated to another party. + * + * + * @param delegatable {@code true} if the requested token has been marked as "delegatable"; {@code false} otherwise. + */ + public void setDelegatable(boolean delegatable) + { + this.delegatable = delegatable; + this.delegate.getAny().add(this.factory.createDelegatable(delegatable)); + } + + /** + * + * Obtains the {@code Policy} that was associated with the request. The policy specifies defaults that can be + * overridden by the previous properties. + * + * + * @return a reference to the {@code Policy} that was associated with the request. + */ + public Policy getPolicy() + { + return policy; + } + + /** + * + * Sets the {@code Policy} in the response. The policy specifies defaults that can be overridden by the previous + * properties. + * + * + * @param policy the {@code Policy} instance to be set. + */ + public void setPolicy(Policy policy) + { + this.policy = policy; + this.delegate.getAny().add(policy); + } + + /** + * + * Obtains the reference to the {@code Policy} that was associated with the request. + * + * + * @return a {@code PolicyReference} that specifies where the {@code Policy} can be found. + */ + public PolicyReference getPolicyReference() + { + return policyReference; + } + + /** + * + * Sets the reference to the {@code Policy} that was associated with the request. + * + * + * @param policyReference the {@code PolicyReference} object to be set. + */ + public void setPolicyReference(PolicyReference policyReference) + { + this.policyReference = policyReference; + this.delegate.getAny().add(policyReference); + } + + /** + * + * Obtains the list of request elements that are not part of the standard content model. + * + * + * @return a {@code List<Object>} containing the extension elements. + */ + public List<Object> getExtensionElements() + { + return Collections.unmodifiableList(this.extensionElements); + } + + /** + * + * Obtains the response context. + * + * + * @return a {@code String} that identifies the original request. + */ + public String getContext() + { + return this.delegate.getContext(); + } + + /** + * + * Sets the response context. + * + * + * @param context a {@code String} that identifies the original request. + */ + public void setContext(String context) + { + this.delegate.setContext(context); + } + + /** + * + * Obtains a map that contains attributes that aren't bound to any typed property on the response. This is a live + * reference, so attributes can be added/changed/removed directly. For this reason, there is no setter method. + * + * + * @return a {@code Map<QName, String>} that contains the attributes. + */ + public Map<QName, String> getOtherAttributes() + { + return this.delegate.getOtherAttributes(); + } + + /** + * + * Gets a reference to the list that holds all response element values. + * + * + * @return a {@code List<Object>} containing all values specified in the response. + */ + public List<Object> getAny() + { + return this.delegate.getAny(); + } + + /** + * + * Obtains a reference to the {@code RequestSecurityTokenResponseType} delegate. + * + * + * @return a reference to the delegate instance. + */ + public RequestSecurityTokenResponseType getDelegate() + { + return this.delegate; + } +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java 2009-05-31 23:25:59 UTC (rev 547) @@ -0,0 +1,124 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseCollectionType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseType; + +/** + * + * This class represents a WS-Trust {@code RequestSecurityTokenResponseCollection}. It wraps the JAXB representation of + * the security token collection response. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class RequestSecurityTokenResponseCollection implements BaseRequestSecurityTokenResponse +{ + + private final RequestSecurityTokenResponseCollectionType delegate; + + private final List<RequestSecurityTokenResponse> requestSecurityTokenResponses; + + /** + * + * Creates an instance of {@code RequestSecurityTokenResponseCollection}. + * + */ + public RequestSecurityTokenResponseCollection() + { + this.requestSecurityTokenResponses = new ArrayList<RequestSecurityTokenResponse>(); + this.delegate = new RequestSecurityTokenResponseCollectionType(); + } + + /** + * + * Creates an instance of {@code RequestSecurityTokenResponseCollection} using the specified delegate. + * + * + * @param delegate the JAXB {@code RequestSecurityTokenResponseCollectionType} that represents a WS-Trust request + * collection. + */ + public RequestSecurityTokenResponseCollection(RequestSecurityTokenResponseCollectionType delegate) + { + this.delegate = delegate; + this.requestSecurityTokenResponses = new ArrayList<RequestSecurityTokenResponse>(); + for (RequestSecurityTokenResponseType response : delegate.getRequestSecurityTokenResponse()) + this.requestSecurityTokenResponses.add(new RequestSecurityTokenResponse(response)); + } + + /** + * + * Obtains the collection of {@code RequestSecurityTokenResponse} objects. The returned collection is immutable, so + * addition or removal of requests must be carried by the appropriate add/remove methods. + * + * + * @return a {@code List<RequestSecurityToken>} containing the token requests. + */ + public List<RequestSecurityTokenResponse> getRequestSecurityTokenResponses() + { + return Collections.unmodifiableList(this.requestSecurityTokenResponses); + } + + /** + * + * Adds the specified {@code RequestSecurityTokenResponse} object to the collection of token requests. + * + * + * @param request the {@code RequestSecurityTokenResponse} to be added. + */ + public void addRequestSecurityTokenResponse(RequestSecurityTokenResponse response) + { + this.delegate.getRequestSecurityTokenResponse().add(response.getDelegate()); + this.requestSecurityTokenResponses.add(response); + } + + /** + * + * Removes the specified {@code RequestSecurityTokenResponse} object from the collection of token requests. + * + * + * @param request the {@code RequestSecurityTokenResponse} to be removed. + */ + public void removeRequestSecurityTokenResponse(RequestSecurityTokenResponse response) + { + this.delegate.getRequestSecurityTokenResponse().remove(response.getDelegate()); + this.requestSecurityTokenResponses.remove(response); + } + + /** + * + * Obtains a reference to the {@code RequestSecurityTokenResponseCollectionType} delegate. + * + * + * @return a reference to the delegate instance. + */ + public RequestSecurityTokenResponseCollectionType getDelegate() + { + return this.delegate; + } + +}

15 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r546 - identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util.

by jboss-identity-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2009-05-29 16:58:38 -0400 (Fri, 29 May 2009) New Revision: 546 Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLEncryptionUtil.java Log: use checked exceptions Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLEncryptionUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLEncryptionUtil.java 2009-05-29 20:58:27 UTC (rev 545) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLEncryptionUtil.java 2009-05-29 20:58:38 UTC (rev 546) @@ -32,7 +32,9 @@ import org.apache.xml.security.encryption.EncryptedData; import org.apache.xml.security.encryption.EncryptedKey; import org.apache.xml.security.encryption.XMLCipher; -import org.apache.xml.security.exceptions.XMLSecurityException; +import org.apache.xml.security.encryption.XMLEncryptionException; +import org.jboss.identity.federation.core.exceptions.ConfigurationException; +import org.jboss.identity.federation.core.exceptions.ProcessingException; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; @@ -136,20 +138,27 @@ * @param keyUsedToEncryptSecretKey Asymmetric Key (Public Key) * @param keySize Length of the key * @return - * @throws XMLSecurityException + * @throws ProcessingException */ public static EncryptedKey encryptKey(Document document, SecretKey keyToBeEncrypted, PublicKey keyUsedToEncryptSecretKey, - int keySize) throws XMLSecurityException + int keySize) throws ProcessingException { XMLCipher keyCipher = null; String pubKeyAlg = keyUsedToEncryptSecretKey.getAlgorithm(); - String keyWrapAlgo = getXMLEncryptionURLForKeyUnwrap(pubKeyAlg, keySize); - keyCipher = XMLCipher.getInstance(keyWrapAlgo); - - keyCipher.init(XMLCipher.WRAP_MODE, keyUsedToEncryptSecretKey); - return keyCipher.encryptKey(document, keyToBeEncrypted); + try + { + String keyWrapAlgo = getXMLEncryptionURLForKeyUnwrap(pubKeyAlg, keySize); + keyCipher = XMLCipher.getInstance(keyWrapAlgo); + + keyCipher.init(XMLCipher.WRAP_MODE, keyUsedToEncryptSecretKey); + return keyCipher.encryptKey(document, keyToBeEncrypted); + } + catch (XMLEncryptionException e) + { + throw new ProcessingException(e); + } } /** @@ -161,14 +170,14 @@ * @param keySize * @param wrappingElementQName A QName of an element that will wrap the encrypted element * @param addEncryptedKeyInKeyInfo Need for the EncryptedKey to be placed in ds:KeyInfo - * @return - * @throws Exception + * @return + * @throws ProcessingException */ public static void encryptElement(QName elementQName, Document document, PublicKey publicKey, SecretKey secretKey, int keySize, QName wrappingElementQName, - boolean addEncryptedKeyInKeyInfo) throws Exception + boolean addEncryptedKeyInKeyInfo) throws ProcessingException { if(elementQName == null) throw new IllegalArgumentException("elementQName is null"); @@ -191,10 +200,25 @@ String encryptionAlgorithm = getXMLEncryptionURL(secretKey.getAlgorithm(), keySize); //Encrypt the Document - cipher = XMLCipher.getInstance(encryptionAlgorithm); - cipher.init(XMLCipher.ENCRYPT_MODE, secretKey); + try + { + cipher = XMLCipher.getInstance(encryptionAlgorithm); + cipher.init(XMLCipher.ENCRYPT_MODE, secretKey); + } + catch (XMLEncryptionException e1) + { + throw new ProcessingException(e1); + } - Document encryptedDoc = cipher.doFinal(document, documentElement); + Document encryptedDoc; + try + { + encryptedDoc = cipher.doFinal(document, documentElement); + } + catch (Exception e) + { + throw new ProcessingException(e); + } // The EncryptedKey element is added Element encryptedKeyElement = cipher.martial(document, encryptedKey); @@ -259,13 +283,14 @@ * the cipher data. * @param addEncryptedKeyInKeyInfo Should the encrypted key be inside a KeyInfo * or added as a peer of Cipher Data - * @return An element that has the wrappingElementQName - * @throws Exception + * @return An element that has the wrappingElementQName + * @throws ProcessingException + * @throws ConfigurationException */ public static Element encryptElementInDocument(Document document, PublicKey publicKey, SecretKey secretKey, int keySize, QName wrappingElementQName, - boolean addEncryptedKeyInKeyInfo) throws Exception + boolean addEncryptedKeyInKeyInfo) throws ProcessingException, ConfigurationException { String wrappingElementPrefix = wrappingElementQName.getPrefix(); if(wrappingElementPrefix == null || wrappingElementPrefix == "") @@ -276,10 +301,25 @@ String encryptionAlgorithm = getXMLEncryptionURL(secretKey.getAlgorithm(), keySize); //Encrypt the Document - cipher = XMLCipher.getInstance(encryptionAlgorithm); - cipher.init(XMLCipher.ENCRYPT_MODE, secretKey); + try + { + cipher = XMLCipher.getInstance(encryptionAlgorithm); + cipher.init(XMLCipher.ENCRYPT_MODE, secretKey); + } + catch (XMLEncryptionException e1) + { + throw new ConfigurationException(e1); + } - Document encryptedDoc = cipher.doFinal(document, document.getDocumentElement()); + Document encryptedDoc; + try + { + encryptedDoc = cipher.doFinal(document, document.getDocumentElement()); + } + catch (Exception e) + { + throw new ProcessingException(e); + } // The EncryptedKey element is added Element encryptedKeyElement = cipher.martial(document, encryptedKey); @@ -331,11 +371,12 @@ * Decrypt an encrypted element inside a document * @param documentWithEncryptedElement * @param privateKey key need to unwrap the encryption key - * @return the document with the encrypted element replaced by the data element - * @throws Exception + * @return the document with the encrypted element replaced by the data element + * @throws XMLEncryptionException + * @throws ProcessingException */ public static Element decryptElementInDocument(Document documentWithEncryptedElement, - PrivateKey privateKey) throws Exception + PrivateKey privateKey) throws ProcessingException { if(documentWithEncryptedElement == null) throw new IllegalArgumentException("Input document is null"); @@ -359,22 +400,40 @@ encKeyElement = (Element) nodeList.item(0); } - XMLCipher cipher = XMLCipher.getInstance(); - cipher.init(XMLCipher.DECRYPT_MODE, null); - EncryptedData encryptedData = cipher.loadEncryptedData(documentWithEncryptedElement, encDataElement); - EncryptedKey encryptedKey = cipher.loadEncryptedKey(documentWithEncryptedElement, encKeyElement); + XMLCipher cipher; + EncryptedData encryptedData; + EncryptedKey encryptedKey; + try + { + cipher = XMLCipher.getInstance(); + cipher.init(XMLCipher.DECRYPT_MODE, null); + encryptedData = cipher.loadEncryptedData(documentWithEncryptedElement, encDataElement); + encryptedKey = cipher.loadEncryptedKey(documentWithEncryptedElement, encKeyElement); + } + catch (XMLEncryptionException e1) + { + throw new ProcessingException(e1); + } Document decryptedDoc = null; if (encryptedData != null && encryptedKey != null) { - String encAlgoURL = encryptedData.getEncryptionMethod().getAlgorithm(); - XMLCipher keyCipher = XMLCipher.getInstance(); - keyCipher.init(XMLCipher.UNWRAP_MODE, privateKey); - Key encryptionKey = keyCipher.decryptKey( encryptedKey, encAlgoURL ); - cipher = XMLCipher.getInstance(); - cipher.init(XMLCipher.DECRYPT_MODE, encryptionKey); - decryptedDoc = cipher.doFinal(documentWithEncryptedElement, encDataElement); + try + { + String encAlgoURL = encryptedData.getEncryptionMethod().getAlgorithm(); + XMLCipher keyCipher = XMLCipher.getInstance(); + keyCipher.init(XMLCipher.UNWRAP_MODE, privateKey); + Key encryptionKey = keyCipher.decryptKey( encryptedKey, encAlgoURL ); + cipher = XMLCipher.getInstance(); + cipher.init(XMLCipher.DECRYPT_MODE, encryptionKey); + + decryptedDoc = cipher.doFinal(documentWithEncryptedElement, encDataElement); + } + catch (Exception e) + { + throw new ProcessingException(e); + } } Element decryptedRoot = decryptedDoc.getDocumentElement();

15 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r545 - identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util.

by jboss-identity-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2009-05-29 16:58:27 -0400 (Fri, 29 May 2009) New Revision: 545 Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java Log: new methods Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-05-29 20:56:55 UTC (rev 544) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-05-29 20:58:27 UTC (rev 545) @@ -42,10 +42,13 @@ import javax.xml.transform.TransformerFactoryConfigurationError; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; +import javax.xml.xpath.XPathException; +import org.apache.log4j.Logger; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; +import org.w3c.dom.NodeList; import org.xml.sax.InputSource; import org.xml.sax.SAXException; @@ -55,8 +58,31 @@ * @since Jan 14, 2009 */ public class DocumentUtil -{ +{ + private static Logger log = Logger.getLogger(DocumentUtil.class); + + /** + * Check whether a node belongs to a document + * @param doc + * @param node + * @return + */ + public static boolean containsNode(Document doc, Node node) + { + if(node.getNodeType() == Node.ELEMENT_NODE) + { + Element elem = (Element) node; + NodeList nl = doc.getElementsByTagNameNS(elem.getNamespaceURI(), elem.getLocalName()); + if(nl != null && nl.getLength() > 0) + return true; + else + return false; + } + throw new UnsupportedOperationException(); + } + + /** * Create a new document * @return * @throws ParserConfigurationException @@ -191,9 +217,92 @@ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray()); return bis; - } + } /** + * Stream a DOM Node as a String + * @param node + * @return + * @throws TransformerFactoryConfigurationError + * @throws TransformerException + */ + public static String getNodeAsString(Node node) + throws TransformerFactoryConfigurationError, TransformerException + { + Source source = new DOMSource(node); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + + Result streamResult = new StreamResult(baos); + // Write the DOM document to the stream + Transformer transformer = TransformerFactory.newInstance().newTransformer(); + transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes"); + transformer.transform(source, streamResult); + + return new String(baos.toByteArray()); + } + + /** + * Given a document, return a Node with the given node name + * and an attribute with a particular attribute value + * @param document + * @param nsURI + * @param nodeName + * @param attributeName + * @param attributeValue + * @return + * @throws XPathException + * @throws TransformerFactoryConfigurationError + * @throws TransformerException + */ + public static Node getNodeWithAttribute(Document document, final String nsURI, + String nodeName, + String attributeName, String attributeValue) throws XPathException, + TransformerFactoryConfigurationError, TransformerException + { + NodeList nl = document.getElementsByTagNameNS(nsURI, nodeName); + int len = nl != null ? nl.getLength() : 0; + + for (int i = 0; i < len; i++) + { + Node n = nl.item(i); + if(n.getNodeType() != Node.ELEMENT_NODE) + continue; + Element el = (Element) n; + String attrValue = el.getAttributeNS(nsURI, attributeName); + if(attributeValue.equals(attrValue)) + return el; + //Take care of attributes with null NS + attrValue = el.getAttribute(attributeName); + if(attributeValue.equals(attrValue)) + return el; + } + return null; + } + + /** + * Log the nodes in the document + * @param doc + */ + public static void logNodes(Document doc) + { + visit(doc, 0); + } + + private static void visit(Node node, int level) + { + // Visit each child + NodeList list = node.getChildNodes(); + for (int i=0; i<list.getLength(); i++) + { + // Get child node + Node childNode = list.item(i); + log.trace("Node="+ childNode.getNamespaceURI()+ "::"+childNode.getLocalName()); + // Visit child node + visit(childNode, level+1); + } + } + + /** * Create a namespace aware Document builder factory * @return */

15 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r544 - in identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings: tomcat/sp and 1 other directory.

by jboss-identity-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2009-05-29 16:56:55 -0400 (Fri, 29 May 2009) New Revision: 544 Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/trust/SecurityActions.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java Log: use checked exceptions Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/trust/SecurityActions.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/trust/SecurityActions.java 2009-05-29 20:56:24 UTC (rev 543) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/trust/SecurityActions.java 2009-05-29 20:56:55 UTC (rev 544) @@ -90,17 +90,19 @@ * * @param className the fully-qualified name of the class to be instantiated. * @return a reference to the instantiated {@code Object}. + * @throws PrivilegedActionException * @throws PrivilegedActionException if an error occurs while instantiating the class. This exception wraps the real * cause of the error, so classes using this method must perform a {@code getCause()} in order to get a * reference to the root of the error. */ - static Object instantiateClass(final String className) throws PrivilegedActionException + static Object instantiateClass(final String className) throws PrivilegedActionException { return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() { public Object run() throws Exception { - Class<?> objectClass = loadClass(className); + Class<?> objectClass; + objectClass = loadClass(className); return objectClass.newInstance(); } }); Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-05-29 20:56:24 UTC (rev 543) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-05-29 20:56:55 UTC (rev 544) @@ -30,6 +30,8 @@ import java.util.List; import javax.servlet.ServletException; +import javax.xml.bind.JAXBException; +import javax.xml.datatype.DatatypeConfigurationException; import org.apache.catalina.LifecycleException; import org.apache.catalina.Session; @@ -57,6 +59,7 @@ import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType; import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; import org.jboss.identity.federation.saml.v2.protocol.ResponseType; +import org.xml.sax.SAXException; /** * Authenticator at the Service Provider @@ -171,8 +174,8 @@ return super.authenticate(request, response, loginConfig); } - protected String createSAMLRequestMessage(String relayState, Response response) - throws Exception + protected String createSAMLRequestMessage(String relayState, Response response) + throws ServletException, DatatypeConfigurationException, SAXException, JAXBException, IOException { //create a saml request if(this.serviceURL == null) @@ -237,7 +240,10 @@ throw new RuntimeException("This authenticator does not handle encryption"); } - private Principal process(Request request, Response response) throws Exception + private Principal process(Request request, Response response) + throws IOException, GeneralSecurityException, + JAXBException, SAXException, ConfigurationException, + ParsingException, DatatypeConfigurationException { Principal userPrincipal = null;

15 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r543 - in identity-federation/trunk/jboss-identity-fed-api/src: test/java/org/jboss/test/identity/federation/api/saml/v2 and 3 other directories.

by jboss-identity-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2009-05-29 16:56:24 -0400 (Fri, 29 May 2009) New Revision: 543 Added: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties identity-federation/trunk/jboss-identity-fed-api/src/test/resources/xml/dom/saml-response-2-assertions.xml Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/DocumentUtilUnitTestCase.java Log: JBID-121: SAML2Signature API Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java 2009-05-29 20:56:09 UTC (rev 542) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java 2009-05-29 20:56:24 UTC (rev 543) @@ -21,15 +21,30 @@ */ package org.jboss.identity.federation.api.saml.v2.sig; +import java.io.IOException; +import java.security.GeneralSecurityException; import java.security.KeyPair; +import javax.xml.bind.JAXBException; +import javax.xml.crypto.MarshalException; +import javax.xml.crypto.dsig.DigestMethod; +import javax.xml.crypto.dsig.SignatureMethod; +import javax.xml.crypto.dsig.XMLSignatureException; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactoryConfigurationError; +import javax.xml.xpath.XPathException; + import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; import org.jboss.identity.federation.api.util.XMLSignatureUtil; +import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; +import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType; import org.jboss.identity.federation.saml.v2.protocol.ResponseType; import org.w3c.dom.Document; import org.w3c.dom.Node; +import org.xml.sax.SAXException; /** * Class that deals with SAML2 Signature @@ -38,27 +53,54 @@ */ public class SAML2Signature { + private String signatureMethod = SignatureMethod.RSA_SHA1; + private String digestMethod = DigestMethod.SHA1; + + public String getSignatureMethod() + { + return signatureMethod; + } + + public void setSignatureMethod(String signatureMethod) + { + this.signatureMethod = signatureMethod; + } + + public String getDigestMethod() + { + return digestMethod; + } + + public void setDigestMethod(String digestMethod) + { + this.digestMethod = digestMethod; + } + /** * Sign an RequestType at the root * @param request * @param keypair Key Pair * @param digestMethod (Example: DigestMethod.SHA1) * @param signatureMethod (Example: SignatureMethod.DSA_SHA1) - * @return - * @throws Exception + * @return + * @throws ParserConfigurationException + * @throws JAXBException + * @throws IOException + * @throws SAXException + * @throws XMLSignatureException + * @throws MarshalException + * @throws GeneralSecurityException */ - public Document sign(RequestAbstractType request, KeyPair keypair, - String digestMethod, String signatureMethod) throws Exception + public Document sign(RequestAbstractType request, KeyPair keypair) throws SAXException, IOException, JAXBException, ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException { SAML2Request saml2Request = new SAML2Request(); Document doc = saml2Request.convert(request); + doc.normalize(); String referenceURI = "#" + request.getID(); - - Node root = doc.getDocumentElement(); - return XMLSignatureUtil.sign(doc, root, - keypair.getPrivate(), - keypair.getPublic(), + + return XMLSignatureUtil.sign(doc, + keypair, digestMethod, signatureMethod, referenceURI); } @@ -69,22 +111,61 @@ * @param keypair Key Pair * @param digestMethod (Example: DigestMethod.SHA1) * @param signatureMethod (Example: SignatureMethod.DSA_SHA1) - * @return - * @throws Exception + * @return + * @throws ParserConfigurationException + * @throws JAXBException + * @throws XMLSignatureException + * @throws MarshalException + * @throws GeneralSecurityException */ - public Document sign(ResponseType response,KeyPair keypair, - String digestMethod, String signatureMethod) throws Exception + public Document sign(ResponseType response,KeyPair keypair) throws JAXBException, ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException { SAML2Response saml2Request = new SAML2Response(); Document doc = saml2Request.convert(response); + doc.normalize(); String referenceURI = "#" + response.getID(); - Node root = doc.getDocumentElement(); - return XMLSignatureUtil.sign(doc, root, - keypair.getPrivate(), - keypair.getPublic(), + return XMLSignatureUtil.sign(doc, + keypair, digestMethod, signatureMethod, referenceURI); } -} + + /** + * Sign an assertion whose id value is provided in the response type + * @param response + * @param idValueOfAssertion + * @param keypair + * @param referenceURI + * @return + * @throws ParserConfigurationException + * @throws JAXBException + * @throws TransformerException + * @throws TransformerFactoryConfigurationError + * @throws XPathException + * @throws XMLSignatureException + * @throws MarshalException + * @throws GeneralSecurityException + */ + public Document sign(ResponseType response, + String idValueOfAssertion, + KeyPair keypair, + String referenceURI) throws JAXBException, ParserConfigurationException, XPathException, TransformerFactoryConfigurationError, TransformerException, GeneralSecurityException, MarshalException, XMLSignatureException + { + SAML2Response saml2Request = new SAML2Response(); + Document doc = saml2Request.convert(response); + + + Node assertionNode = DocumentUtil.getNodeWithAttribute(doc, + JBossSAMLURIConstants.ASSERTION_NSURI.get(), + "Assertion", + "ID", + idValueOfAssertion); + + return XMLSignatureUtil.sign(doc, assertionNode, + keypair, + digestMethod, signatureMethod, + referenceURI); + } +} \ No newline at end of file Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2009-05-29 20:56:09 UTC (rev 542) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2009-05-29 20:56:24 UTC (rev 543) @@ -21,12 +21,13 @@ */ package org.jboss.test.identity.federation.api.saml.v2; +import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; +import java.io.InputStream; import java.security.KeyPair; import java.security.KeyPairGenerator; -import javax.xml.crypto.dsig.DigestMethod; import javax.xml.crypto.dsig.SignatureMethod; import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; @@ -34,19 +35,18 @@ import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; import org.jboss.identity.federation.api.saml.v2.sig.SAML2Signature; import org.jboss.identity.federation.api.util.XMLSignatureUtil; -import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; -import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory; import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder; +import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil; import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil; import org.jboss.identity.federation.saml.v2.assertion.AssertionType; import org.jboss.identity.federation.saml.v2.assertion.AuthnStatementType; -import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory; import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; import org.jboss.identity.federation.saml.v2.protocol.ResponseType; import org.junit.Test; import org.w3c.dom.Document; +import org.w3c.dom.Node; /** * Signatures related unit test cases @@ -76,8 +76,11 @@ KeyPair kp = kpg.genKeyPair(); SAML2Signature ss = new SAML2Signature(); - Document signedDoc = ss.sign(authnRequest, kp, DigestMethod.SHA1, SignatureMethod.DSA_SHA1); + ss.setSignatureMethod(SignatureMethod.DSA_SHA1); + Document signedDoc = ss.sign(authnRequest, kp); + System.out.println(DocumentUtil.getDocumentAsString(signedDoc)); + //Validate the signature boolean isValid = XMLSignatureUtil.validate(signedDoc, kp.getPublic()); assertTrue(isValid); @@ -88,7 +91,7 @@ * @throws Exception */ @Test - public void testSigningAssertionWithSignature() throws Exception + public void testSigningResponse() throws Exception { IssuerInfoHolder issuerInfo = new IssuerInfoHolder("testIssuer"); String id = IDGenerator.create("ID_"); @@ -101,14 +104,11 @@ AuthnStatementType authnStatement = response.createAuthnStatement(authnContextDeclRef, XMLTimeUtil.getIssueInstant()); - ObjectFactory objectFactory = SAMLAssertionFactory.getObjectFactory(); - - AssertionType assertion = objectFactory.createAssertionType(); + //Create an assertion + AssertionType assertion = response.createAssertion(id, issuerInfo.getIssuer()); assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(authnStatement); - assertion.setID(id); - assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get()); - assertion.setIssuer(issuerInfo.getIssuer()); + KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); KeyPair kp = kpg.genKeyPair(); @@ -116,13 +116,63 @@ ResponseType responseType = response.createResponseType(id, issuerInfo, assertion); SAML2Signature ss = new SAML2Signature(); - Document signedDoc = ss.sign(responseType, kp, DigestMethod.SHA1, SignatureMethod.DSA_SHA1); + ss.setSignatureMethod(SignatureMethod.DSA_SHA1); + Document signedDoc = ss.sign(responseType, kp); //Validate the signature boolean isValid = XMLSignatureUtil.validate(signedDoc, kp.getPublic()); assertTrue(isValid); } + @Test + public void testSigningAnAssertionWithinResponse() throws Exception + { + SAML2Response response = new SAML2Response(); + String fileName = "xml/dom/saml-response-2-assertions.xml"; + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream is = tcl.getResourceAsStream(fileName); + if(is == null) + throw new RuntimeException("InputStream is null"); + + ResponseType responseType = response.getResponseType(is); + + Document doc = response.convert(responseType); + + KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA"); + KeyPair kp = kpg.genKeyPair(); + + //String id = "ID_0be488d8-7089-4892-8aeb-83594c800706"; + String id = "ID_976d8310-658a-450d-be39-f33c73c8afa6"; + + //Get the second assertion + Node assert2 = DocumentUtil.getNodeWithAttribute(doc, + "urn:oasis:names:tc:SAML:2.0:assertion", + "Assertion", + "ID", id); + + String referenceURI = "#" + id; + + assertNotNull("Found assertion?", assert2); + SAML2Signature ss = new SAML2Signature(); + Document signedDoc = ss.sign(responseType, id, kp,referenceURI); + + System.out.println(DocumentUtil.getDocumentAsString(signedDoc)); + + Node signedNode = DocumentUtil.getNodeWithAttribute(signedDoc, + "urn:oasis:names:tc:SAML:2.0:assertion", + "Assertion", + "ID", id); + + //Let us just validate the signature of the assertion + Document validatingDoc = DocumentUtil.createDocument(); + Node importedSignedNode = validatingDoc.importNode(signedNode, true); + validatingDoc.appendChild(importedSignedNode); + + //Validate the signature + boolean isValid = XMLSignatureUtil.validate(validatingDoc, kp.getPublic()); + assertTrue("Signature is valid:", isValid); + } + /** * Test signing a string * @throws Exception Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/DocumentUtilUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/DocumentUtilUnitTestCase.java 2009-05-29 20:56:09 UTC (rev 542) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/DocumentUtilUnitTestCase.java 2009-05-29 20:56:24 UTC (rev 543) @@ -23,14 +23,13 @@ import java.io.InputStream; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; - import junit.framework.TestCase; -import org.apache.xml.security.utils.EncryptionConstants; +import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.NamedNodeMap; +import org.w3c.dom.Node; /** * Unit Test the DocumentUtil @@ -39,31 +38,69 @@ */ public class DocumentUtilUnitTestCase extends TestCase { + String EncryptionSpecNS = "http://www.w3.org/2001/04/xmlenc#"; + String TAG_ENCRYPTEDDATA = "EncryptedData"; + String TAG_ENCRYPTEDKEY = "EncryptedKey"; + public void testReadSAMLEncryptedAssertion() throws Exception { - Document encDoc = getDocument(); + Document encDoc = getDocument("xml/dom/enc-sample.xml"); Element encryptedDataElement = (Element) encDoc.getElementsByTagNameNS( - EncryptionConstants.EncryptionSpecNS, - EncryptionConstants._TAG_ENCRYPTEDDATA).item(0); + EncryptionSpecNS, + TAG_ENCRYPTEDDATA).item(0); Element encryptedKeyElement = (Element) encryptedDataElement.getElementsByTagNameNS( - EncryptionConstants.EncryptionSpecNS, - EncryptionConstants._TAG_ENCRYPTEDKEY).item(0); + EncryptionSpecNS, + TAG_ENCRYPTEDKEY).item(0); assertNotNull(encryptedDataElement); assertNotNull(encryptedKeyElement); - } + } - private Document getDocument() throws Exception + /** + * The SAML ResponseType has 2 assertions. We get the second one + * @throws Exception + */ + public void testReadingAnAssertionFromSAMLResponse() throws Exception { - String fileName = "xml/dom/enc-sample.xml"; + String id = "ID_976d8310-658a-450d-be39-f33c73c8afa6"; + Document responseDoc = getDocument("xml/dom/saml-response-2-assertions.xml"); + DocumentUtil.logNodes(responseDoc); + Node n = DocumentUtil.getNodeWithAttribute(responseDoc, "urn:oasis:names:tc:SAML:2.0:assertion", + "Assertion", + "ID", id ); + assertNotNull(n); + + assertTrue("Assertion".equals(n.getNodeName())); + NamedNodeMap nnm = n.getAttributes(); + assertEquals(3, nnm.getLength() ); + Node att = nnm.getNamedItem("ID"); + assertEquals(id, att.getNodeValue()); + + assertTrue(n.getParentNode() != null); + assertTrue(n.getPreviousSibling() != null); + assertTrue(n.getNextSibling() != null); + + //Let us get the first assertion + Node firstAssertion = DocumentUtil.getNodeWithAttribute(responseDoc, + "urn:oasis:names:tc:SAML:2.0:assertion", + "Assertion", + "ID", "ID_0be488d8-7089-4892-8aeb-83594c800706" ); + Node prev = firstAssertion.getPreviousSibling(); + assertTrue(firstAssertion.getParentNode() != null); + assertTrue( prev!= null); + Node next = firstAssertion.getNextSibling(); + assertTrue( next != null); + + //We have to check that the extracted node actually exists in the document + assertTrue("Extracted Node is in doc",DocumentUtil.containsNode(responseDoc, firstAssertion)); + } + + private Document getDocument(String fileName) throws Exception + { InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(fileName); if(is == null) throw new RuntimeException("InputStream is null"); - DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance(); - factory.setNamespaceAware(true); - DocumentBuilder builder = factory.newDocumentBuilder(); - return builder.parse(is); - } - -} + return DocumentUtil.getDocument(is); + } +} \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties (rev 0) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties 2009-05-29 20:56:24 UTC (rev 543) @@ -0,0 +1,21 @@ +# Specify the handlers to create in the root logger +# (all loggers are children of the root logger) +# The following creates two handlers +handlers = java.util.logging.ConsoleHandler, java.util.logging.FileHandler + +# Set the default logging level for the root logger +.level = ALL + +# Set the default logging level for new ConsoleHandler instances +java.util.logging.ConsoleHandler.level = ALL + +# Set the default logging level for new FileHandler instances +java.util.logging.FileHandler.level = ALL + +# Set the default formatter for new ConsoleHandler instances +java.util.logging.ConsoleHandler.formatter = java.util.logging.SimpleFormatter +java.util.logging.FileHandler.formatter=java.util.logging.SimpleFormatter + +# Set the default logging level for the logger named org.jboss +org.jcp.xml.dsig.internal.level = FINER +com.sun.org.apache.xml.internal.security.level = FINER Added: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/xml/dom/saml-response-2-assertions.xml =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/xml/dom/saml-response-2-assertions.xml (rev 0) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/resources/xml/dom/saml-response-2-assertions.xml 2009-05-29 20:56:24 UTC (rev 543) @@ -0,0 +1,32 @@ +<?xml version="1.0" encoding="UTF-8" standalone="yes"?> +<ns3:Response xmlns="urn:oasis:names:tc:SAML:2.0:assertion" + xmlns:ns2="http://www.w3.org/2000/09/xmldsig#" xmlns:ns3="urn:oasis:names:tc:SAML:2.0:protocol" + xmlns:ns4="http://www.w3.org/2001/04/xmlenc#" IssueInstant="2009-05-26T14:06:26.362-05:00" + Version="2.0" ID="ID_1164e0fc-576d-4797-b11c-3d049520f566"> + <Issuer>testIssuer</Issuer> + <ns3:Status> + <ns3:StatusCode Value="urn:oasis:names:tc:SAML:2.0:status:Success" /> + </ns3:Status> + <Assertion IssueInstant="2009-05-26T14:06:26.362-05:00" + ID="ID_0be488d8-7089-4892-8aeb-83594c800706" Version="2.0"> + <Issuer>testIssuer</Issuer> + <AuthnStatement AuthnInstant="2009-05-26T14:06:26.359-05:00"> + <AuthnContext> + <AuthnContextDeclRef> + urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport + </AuthnContextDeclRef> + </AuthnContext> + </AuthnStatement> + </Assertion> + <Assertion IssueInstant="2009-05-26T14:06:26.363-05:00" + ID="ID_976d8310-658a-450d-be39-f33c73c8afa6" Version="2.0"> + <Issuer>testIssuer</Issuer> + <AuthnStatement AuthnInstant="2009-05-26T14:06:26.359-05:00"> + <AuthnContext> + <AuthnContextDeclRef> + urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport + </AuthnContextDeclRef> + </AuthnContext> + </AuthnStatement> + </Assertion> +</ns3:Response> \ No newline at end of file

15 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r542 - in identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api: util and 1 other directory.

by jboss-identity-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2009-05-29 16:56:09 -0400 (Fri, 29 May 2009) New Revision: 542 Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java Log: JBID-121: SAML2Signature API Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-05-29 20:54:08 UTC (rev 541) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-05-29 20:56:09 UTC (rev 542) @@ -37,6 +37,7 @@ import javax.xml.parsers.ParserConfigurationException; import org.jboss.identity.federation.core.exceptions.ConfigurationException; +import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory; import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory; @@ -55,6 +56,7 @@ import org.jboss.identity.federation.saml.v2.assertion.AuthnStatementType; import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType; +import org.jboss.identity.federation.saml.v2.assertion.NameIDType; import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory; import org.jboss.identity.federation.saml.v2.protocol.ResponseType; import org.w3c.dom.Document; @@ -69,6 +71,21 @@ public class SAML2Response { /** + * Create an assertion + * @param id + * @param issuer + * @return + */ + public AssertionType createAssertion(String id, NameIDType issuer) + { + AssertionType assertion = SAMLAssertionFactory.getObjectFactory().createAssertionType(); + assertion.setID(id); + assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get()); + assertion.setIssuer(issuer); + return assertion; + } + + /** * Create an AuthnStatement * @param authnContextDeclRef such as JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT * @param issueInstant Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-05-29 20:54:08 UTC (rev 541) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-05-29 20:56:09 UTC (rev 542) @@ -22,7 +22,9 @@ package org.jboss.identity.federation.api.util; import java.io.OutputStream; +import java.security.GeneralSecurityException; import java.security.Key; +import java.security.KeyPair; import java.security.PrivateKey; import java.security.PublicKey; import java.util.Collections; @@ -30,7 +32,9 @@ import javax.security.cert.X509Certificate; import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; import javax.xml.bind.Marshaller; +import javax.xml.crypto.MarshalException; import javax.xml.crypto.dsig.CanonicalizationMethod; import javax.xml.crypto.dsig.DigestMethod; import javax.xml.crypto.dsig.Reference; @@ -38,6 +42,7 @@ import javax.xml.crypto.dsig.SignedInfo; import javax.xml.crypto.dsig.Transform; import javax.xml.crypto.dsig.XMLSignature; +import javax.xml.crypto.dsig.XMLSignatureException; import javax.xml.crypto.dsig.XMLSignatureFactory; import javax.xml.crypto.dsig.dom.DOMSignContext; import javax.xml.crypto.dsig.dom.DOMValidateContext; @@ -46,17 +51,21 @@ import javax.xml.crypto.dsig.keyinfo.KeyValue; import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; import javax.xml.crypto.dsig.spec.TransformParameterSpec; +import javax.xml.parsers.ParserConfigurationException; import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; import javax.xml.transform.TransformerFactory; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; +import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; import org.jboss.identity.federation.core.util.JAXBUtil; import org.jboss.identity.xmlsec.w3.xmldsig.ObjectFactory; import org.jboss.identity.xmlsec.w3.xmldsig.SignatureType; import org.w3c.dom.Document; import org.w3c.dom.Node; import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; /** * Utility for XML Signature @@ -72,7 +81,7 @@ private static XMLSignatureFactory fac = getXMLSignatureFactory(); - public static XMLSignatureFactory getXMLSignatureFactory() + private static XMLSignatureFactory getXMLSignatureFactory() { XMLSignatureFactory xsf = null; @@ -99,7 +108,10 @@ * @param signatureMethod (Example: SignatureMethod.DSA_SHA1) * @param referenceURI * @return Document that contains the signed node - * @throws Exception + * @throws XMLSignatureException + * @throws MarshalException + * @throws GeneralSecurityException + * @throws ParserConfigurationException */ public static Document sign(Document doc, Node parentOfNodeToBeSigned, @@ -107,33 +119,78 @@ X509Certificate certificate, String digestMethod, String signatureMethod, - String referenceURI) throws Exception + String referenceURI) + throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException { - return sign(doc,parentOfNodeToBeSigned, signingKey, certificate.getPublicKey(), + KeyPair keyPair = new KeyPair(certificate.getPublicKey(),signingKey); + return sign(doc,parentOfNodeToBeSigned, keyPair, digestMethod, signatureMethod, referenceURI); } /** - * + * Sign a node in a document * @param doc - * @param parentOfNodeToBeSigned - * @param signingKey + * @param nodeToBeSigned + * @param keyPair * @param publicKey * @param digestMethod * @param signatureMethod * @param referenceURI * @return - * @throws Exception - */ + * @throws ParserConfigurationException + * @throws XMLSignatureException + * @throws MarshalException + * @throws GeneralSecurityException + */ public static Document sign(Document doc, - Node parentOfNodeToBeSigned, - PrivateKey signingKey, - PublicKey publicKey, + Node nodeToBeSigned, + KeyPair keyPair, String digestMethod, String signatureMethod, - String referenceURI) throws Exception + String referenceURI) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException + { + if(nodeToBeSigned == null) + throw new IllegalArgumentException("Node to be signed is null"); + //Let us create a new Document + Document newDoc = DocumentUtil.createDocument(); + //Import the node + Node signingNode = newDoc.importNode(nodeToBeSigned, true); + newDoc.appendChild(signingNode); + + newDoc = sign(newDoc, keyPair, digestMethod, signatureMethod, referenceURI); + + //Now let us import this signed doc into the original document we got in the method call + Node signedNode = doc.importNode(newDoc.getFirstChild(), true); + + doc.getDocumentElement().replaceChild(signedNode, nodeToBeSigned); + + return doc; + } + + + /** + * Sign the root element + * @param doc + * @param signingKey + * @param publicKey + * @param digestMethod + * @param signatureMethod + * @param referenceURI + * @return + * @throws GeneralSecurityException + * @throws XMLSignatureException + * @throws MarshalException + */ + public static Document sign(Document doc, + KeyPair keyPair, + String digestMethod, + String signatureMethod, + String referenceURI) throws GeneralSecurityException, MarshalException, XMLSignatureException { - DOMSignContext dsc = new DOMSignContext(signingKey, parentOfNodeToBeSigned); + PrivateKey signingKey = keyPair.getPrivate(); + PublicKey publicKey = keyPair.getPublic(); + + DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement()); DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null); Transform transform = fac.newTransform(Transform.ENVELOPED, @@ -163,20 +220,20 @@ return doc; } - /** * Validate a signed document with the given public key * @param signedDoc * @param publicKey - * @return - * @throws Exception + * @return + * @throws MarshalException + * @throws XMLSignatureException */ - public static boolean validate(Document signedDoc, Key publicKey) throws Exception + public static boolean validate(Document signedDoc, Key publicKey) throws MarshalException, XMLSignatureException { NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); - if (nl.getLength() == 0) + if (nl == null || nl.getLength() == 0) { - throw new Exception("Cannot find Signature element"); + throw new IllegalArgumentException("Cannot find Signature element"); } DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0)); @@ -189,10 +246,11 @@ /** * Marshall a SignatureType to output stream * @param signature - * @param os - * @throws Exception + * @param os + * @throws SAXException + * @throws JAXBException */ - public static void marshall(SignatureType signature, OutputStream os) throws Exception + public static void marshall(SignatureType signature, OutputStream os) throws JAXBException, SAXException { JAXBElement<SignatureType> jsig = objectFactory.createSignature(signature); Marshaller marshaller = JAXBUtil.getValidatingMarshaller(pkgName, schemaLocation); @@ -203,9 +261,10 @@ * Marshall the signed document to an output stream * @param signedDocument * @param os - * @throws Exception + * @throws TransformerException */ - public static void marshall(Document signedDocument, OutputStream os) throws Exception + public static void marshall(Document signedDocument, OutputStream os) + throws TransformerException { TransformerFactory tf = TransformerFactory.newInstance(); Transformer trans = tf.newTransformer();

15 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r541 - identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust.

by jboss-identity-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2009-05-29 16:54:08 -0400 (Fri, 29 May 2009) New Revision: 541 Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java Log: make use of util Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java 2009-05-28 17:17:16 UTC (rev 540) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java 2009-05-29 20:54:08 UTC (rev 541) @@ -31,9 +31,9 @@ import javax.xml.datatype.DatatypeConfigurationException; import javax.xml.datatype.DatatypeFactory; import javax.xml.datatype.XMLGregorianCalendar; -import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.transform.dom.DOMResult; +import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; import org.jboss.identity.federation.saml.v2.assertion.AssertionType; import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType; import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; @@ -120,7 +120,7 @@ Document document = null; try { - document = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument(); + document = DocumentUtil.createDocument(); DOMResult result = new DOMResult(document); JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion"); Marshaller marshaller = jaxbContext.createMarshaller();

15 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r540 - in idm/trunk/integration/deployer/src: main/java/org/jboss/identity/idm/integration/jboss5/jaxb2 and 5 other directories.

by jboss-identity-commits＠lists.jboss.org

Author: jeff.yuchang Date: 2009-05-28 13:17:16 -0400 (Thu, 28 May 2009) New Revision: 540 Added: idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/HibernateDeployerType.java idm/trunk/integration/deployer/src/test/resources/jbpm.identity/ idm/trunk/integration/deployer/src/test/resources/jbpm.identity/META-INF/ idm/trunk/integration/deployer/src/test/resources/jbpm.identity/META-INF/jbpm-jboss-idm.xml idm/trunk/integration/deployer/src/test/resources/jbpm.identity/jbpm.idm.cfg.xml Modified: idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMConfigParsingDeployer.java idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMDeployer.java idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/HibernateInitializerType.java idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/InitializerType.java idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/JbossIDMDeployerType.java idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/ObjectFactory.java idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/OptionType.java idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/OptionsType.java idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/SqlInitializerType.java idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/package-info.java idm/trunk/integration/deployer/src/main/resources/META-INF/default-jboss-idm.xml idm/trunk/integration/deployer/src/main/resources/identity-deployer.xsd idm/trunk/integration/deployer/src/main/resources/jboss.idm.cfg.xml Log: * Update the deployer schema, (make the default hibernate cfg file in the JNDI, so that others can reuse the defaultHibernateSessionFactory). * Add the jbpm.identity as a test case. Modified: idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMConfigParsingDeployer.java =================================================================== --- idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMConfigParsingDeployer.java 2009-05-28 14:04:33 UTC (rev 539) +++ idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMConfigParsingDeployer.java 2009-05-28 17:17:16 UTC (rev 540) @@ -33,8 +33,7 @@ metaData.setDeployerFileName(file.getPathName()); JbossIDMDeployerType deployerMetadata = JAXB2IdentityDeployerConfiguration.createDeployerConfiguration(file.openStream()); - metaData.setDeploperType(deployerMetadata); - + metaData.setDeploperType(deployerMetadata); logger.fine("the configuration file path name is: [" + file.getPathName() + "]"); return metaData; Modified: idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMDeployer.java =================================================================== --- idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMDeployer.java 2009-05-28 14:04:33 UTC (rev 539) +++ idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMDeployer.java 2009-05-28 17:17:16 UTC (rev 540) @@ -10,9 +10,12 @@ import java.util.logging.Logger; import javax.naming.InitialContext; +import javax.naming.NamingException; import javax.sql.DataSource; import javax.transaction.TransactionManager; +import org.hibernate.SessionFactory; +import org.hibernate.cfg.AnnotationConfiguration; import org.hibernate.dialect.Dialect; import org.hibernate.dialect.DialectFactory; import org.jboss.deployers.spi.DeploymentException; @@ -20,9 +23,11 @@ import org.jboss.deployers.vfs.spi.structure.VFSDeploymentUnit; import org.jboss.identity.idm.api.IdentitySessionFactory; import org.jboss.identity.idm.api.cfg.IdentityConfiguration; +import org.jboss.identity.idm.common.exception.IdentityException; import org.jboss.identity.idm.common.transaction.Transactions; import org.jboss.identity.idm.impl.configuration.IdentityConfigurationImpl; import org.jboss.identity.idm.impl.configuration.jaxb2.JAXB2IdentityConfiguration; +import org.jboss.identity.idm.integration.jboss5.jaxb2.HibernateDeployerType; import org.jboss.identity.idm.integration.jboss5.jaxb2.HibernateInitializerType; import org.jboss.identity.idm.integration.jboss5.jaxb2.JbossIDMDeployerType; import org.jboss.identity.idm.integration.jboss5.jaxb2.SqlInitializerType; @@ -44,8 +49,12 @@ private IdentitySessionFactory idSF; + private SessionFactory hibernateSF; + private TransactionManager transactionManager; + private IdentityConfiguration identityConfiguration; + public IDMDeployer() { super(IDMMetadata.class); } @@ -54,36 +63,17 @@ public void deploy(VFSDeploymentUnit deploymentUnit, IDMMetadata metadata) throws DeploymentException { JbossIDMDeployerType config = metadata.getDeploperType(); - try { - + try { InputStream is = deploymentUnit.getClassLoader().getResourceAsStream(config.getIdmConfigFile()); IdentityConfigurationMetaData identityMetadata = JAXB2IdentityConfiguration.createConfigurationMetaData(is); - final IdentityConfiguration identityConfiguration = new IdentityConfigurationImpl().configure(identityMetadata); + identityConfiguration = new IdentityConfigurationImpl().configure(identityMetadata); + if (config.getHibernateDeployer() != null) { + deployHibernateConfigurationFile(config, identityConfiguration); + } + if (config.getInitializers() != null) { - logger.fine("starting to populate the schema into db"); - String datasource = config.getInitializers().getDatasource(); - - checkTargetDB(config.getInitializers().getDatasource()); - - HibernateInitializerType hibernateInitializer = config.getInitializers().getHibernateInitializer(); - SqlInitializerType sqlInitializer = config.getInitializers().getSqlInitializer(); - - if (hibernateInitializer != null) { - for (IdentityStoreConfigurationMetaData store : identityMetadata.getIdentityStores()) { - String hibernateConfigFile = store.getOptionSingleValue(HIBERNATE_CONFIGFILE); - if (hibernateConfigFile != null && !"".equals(hibernateConfigFile.trim())) { - logger.fine("starting to populate the schema from file [" + hibernateConfigFile + "]"); - HibernatePopulator hibernatePopulator = new HibernatePopulator(hibernateInitializer, identityConfiguration); - hibernatePopulator.populateSchema(); - } - } - - }else if (sqlInitializer != null) { - logger.fine("starting to populate the schema from script file [" + sqlInitializer.getSqlFile() + "]"); - SQLPopulator sqlPopulator = new SQLPopulator(datasource, sqlInitializer.getSqlFile(), sqlInitializer.getExitSQL()); - sqlPopulator.populateSchema(); - } + initializeDB(config, identityMetadata, identityConfiguration); } try { @@ -101,14 +91,58 @@ InitialContext context = new InitialContext(); context.bind(config.getJNDIName(), idSF); - logger.info("Started the JBoss Identity Management Service"); + logger.info("Started [" + metadata.getDeployerFileName() + "] IDM SessionFactory at JNDI [" + config.getJNDIName() + "]"); } catch (Exception e) { throw new DeploymentException(e); } } + + private void initializeDB(JbossIDMDeployerType config, IdentityConfigurationMetaData identityMetadata, + final IdentityConfiguration identityConfiguration) throws Exception { + logger.fine("starting to populate the schema into db"); + + String datasource = config.getInitializers().getDatasource(); + checkTargetDB(config.getInitializers().getDatasource()); + + HibernateInitializerType hibernateInitializer = config.getInitializers().getHibernateInitializer(); + SqlInitializerType sqlInitializer = config.getInitializers().getSqlInitializer(); + + if (hibernateInitializer != null) { + for (IdentityStoreConfigurationMetaData store : identityMetadata.getIdentityStores()) { + String hibernateConfigFile = store.getOptionSingleValue(HIBERNATE_CONFIGFILE); + if (hibernateConfigFile != null && !"".equals(hibernateConfigFile.trim())) { + logger.fine("starting to populate the schema from file [" + hibernateConfigFile + "]"); + HibernatePopulator hibernatePopulator = new HibernatePopulator(hibernateInitializer, identityConfiguration); + hibernatePopulator.populateSchema(); + } + } + + }else if (sqlInitializer != null) { + logger.fine("starting to populate the schema from script file [" + sqlInitializer.getSqlFile() + "]"); + SQLPopulator sqlPopulator = new SQLPopulator(datasource, sqlInitializer.getSqlFile(), sqlInitializer.getExitSQL()); + sqlPopulator.populateSchema(); + } + } + + private void deployHibernateConfigurationFile(JbossIDMDeployerType config, + final IdentityConfiguration identityConfiguration) throws NamingException, IdentityException { + HibernateDeployerType hibernateConfig = config.getHibernateDeployer(); + hibernateSF = new AnnotationConfiguration(). + configure(hibernateConfig.getHibernateConfiguration()).buildSessionFactory(); + if (hibernateConfig.getHibernateSessionFactoryJNDIName() != null) { + InitialContext context = new InitialContext(); + context.bind(hibernateConfig.getHibernateSessionFactoryJNDIName(), hibernateSF); + logger.fine("Registered the Hibernate Session Factory in JNDI of " + hibernateConfig.getHibernateSessionFactoryJNDIName()); + } + if (hibernateConfig.getHibernateSessionFactoryRegistryName() != null) { + identityConfiguration.getIdentityConfigurationRegistry().register(hibernateSF, hibernateConfig.getHibernateSessionFactoryRegistryName()); + logger.fine("Registered the Hibernate Session Factory in Identity Registration of " + hibernateConfig.getHibernateSessionFactoryRegistryName()); + } + } + @Override public void undeploy(VFSDeploymentUnit deploymentUnit, IDMMetadata metadata) { if (idSF != null) { @@ -118,12 +152,27 @@ try { InitialContext context = new InitialContext(); context.unbind(metadata.getDeploperType().getJNDIName()); + + if (metadata.getDeploperType().getHibernateDeployer() != null) { + + if (hibernateSF != null) { + hibernateSF.close(); + } + + HibernateDeployerType hibernateDeployer = metadata.getDeploperType().getHibernateDeployer(); + if (hibernateDeployer.getHibernateSessionFactoryJNDIName() != null) { + context.unbind(hibernateDeployer.getHibernateSessionFactoryJNDIName()); + } + if (hibernateDeployer.getHibernateSessionFactoryRegistryName() != null) { + identityConfiguration.getIdentityConfigurationRegistry().unregister(hibernateDeployer.getHibernateSessionFactoryRegistryName()); + } + } } catch (Exception e) { logger.severe(e.getMessage()); throw new RuntimeException(e); } - logger.info("Stopped the JBoss IDM Service"); + logger.info("Stopped [" + metadata.getDeployerFileName() + "] IDM SessionFactory at JNDI [" + metadata.getDeploperType().getJNDIName() + "]"); } Added: idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/HibernateDeployerType.java =================================================================== --- idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/HibernateDeployerType.java (rev 0) +++ idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/HibernateDeployerType.java 2009-05-28 17:17:16 UTC (rev 540) @@ -0,0 +1,125 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-619 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2009.05.28 at 11:27:34 PM CST +// + + +package org.jboss.identity.idm.integration.jboss5.jaxb2; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * Java class for hibernateDeployerType complex type. + * + * The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="hibernateDeployerType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="hibernateConfiguration" type="{http://www.w3.org/2001/XMLSchema}string"/> + * <choice> + * <element name="hibernateSessionFactoryRegistryName" type="{http://www.w3.org/2001/XMLSchema}string"/> + * <element name="hibernateSessionFactoryJNDIName" type="{http://www.w3.org/2001/XMLSchema}string"/> + * </choice> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +(a)XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "hibernateDeployerType", propOrder = { + "hibernateConfiguration", + "hibernateSessionFactoryRegistryName", + "hibernateSessionFactoryJNDIName" +}) +public class HibernateDeployerType { + + @XmlElement(required = true) + protected String hibernateConfiguration; + protected String hibernateSessionFactoryRegistryName; + protected String hibernateSessionFactoryJNDIName; + + /** + * Gets the value of the hibernateConfiguration property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getHibernateConfiguration() { + return hibernateConfiguration; + } + + /** + * Sets the value of the hibernateConfiguration property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setHibernateConfiguration(String value) { + this.hibernateConfiguration = value; + } + + /** + * Gets the value of the hibernateSessionFactoryRegistryName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getHibernateSessionFactoryRegistryName() { + return hibernateSessionFactoryRegistryName; + } + + /** + * Sets the value of the hibernateSessionFactoryRegistryName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setHibernateSessionFactoryRegistryName(String value) { + this.hibernateSessionFactoryRegistryName = value; + } + + /** + * Gets the value of the hibernateSessionFactoryJNDIName property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getHibernateSessionFactoryJNDIName() { + return hibernateSessionFactoryJNDIName; + } + + /** + * Sets the value of the hibernateSessionFactoryJNDIName property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setHibernateSessionFactoryJNDIName(String value) { + this.hibernateSessionFactoryJNDIName = value; + } + +} Modified: idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/HibernateInitializerType.java =================================================================== --- idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/HibernateInitializerType.java 2009-05-28 14:04:33 UTC (rev 539) +++ idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/HibernateInitializerType.java 2009-05-28 17:17:16 UTC (rev 540) @@ -2,7 +2,7 @@ // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-619 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.05.20 at 03:35:46 PM CST +// Generated on: 2009.05.28 at 11:27:34 PM CST // Modified: idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/InitializerType.java =================================================================== --- idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/InitializerType.java 2009-05-28 14:04:33 UTC (rev 539) +++ idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/InitializerType.java 2009-05-28 17:17:16 UTC (rev 540) @@ -2,7 +2,7 @@ // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-619 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.05.20 at 03:35:46 PM CST +// Generated on: 2009.05.28 at 11:27:34 PM CST // Modified: idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/JbossIDMDeployerType.java =================================================================== --- idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/JbossIDMDeployerType.java 2009-05-28 14:04:33 UTC (rev 539) +++ idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/JbossIDMDeployerType.java 2009-05-28 17:17:16 UTC (rev 540) @@ -2,7 +2,7 @@ // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-619 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.05.20 at 03:35:46 PM CST +// Generated on: 2009.05.28 at 11:27:34 PM CST // @@ -28,7 +28,7 @@ * <sequence> * <element name="JNDIName" type="{http://www.w3.org/2001/XMLSchema}string"/> * <element name="idmConfigFile" type="{http://www.w3.org/2001/XMLSchema}string"/> - * <element name="jmxObjectName" type="{http://www.w3.org/2001/XMLSchema}string"/> + * <element name="hibernateDeployer" type="{urn:jboss:identity:idm:deployer:v1_0_alpha}hibernateDeployerType" minOccurs="0"/> * <element name="initializers" type="{urn:jboss:identity:idm:deployer:v1_0_alpha}initializerType" minOccurs="0"/> * <element name="options" type="{urn:jboss:identity:idm:deployer:v1_0_alpha}optionsType" minOccurs="0"/> * <element name="depends" type="{http://www.w3.org/2001/XMLSchema}string" maxOccurs="unbounded" minOccurs="0"/> @@ -44,7 +44,7 @@ @XmlType(name = "jbossIDMDeployerType", propOrder = { "jndiName", "idmConfigFile", - "jmxObjectName", + "hibernateDeployer", "initializers", "options", "depends" @@ -55,8 +55,7 @@ protected String jndiName; @XmlElement(required = true) protected String idmConfigFile; - @XmlElement(required = true) - protected String jmxObjectName; + protected HibernateDeployerType hibernateDeployer; protected InitializerType initializers; protected OptionsType options; protected List<String> depends; @@ -110,27 +109,27 @@ } /** - * Gets the value of the jmxObjectName property. + * Gets the value of the hibernateDeployer property. * * @return * possible object is - * {@link String } + * {@link HibernateDeployerType } * */ - public String getJmxObjectName() { - return jmxObjectName; + public HibernateDeployerType getHibernateDeployer() { + return hibernateDeployer; } /** - * Sets the value of the jmxObjectName property. + * Sets the value of the hibernateDeployer property. * * @param value * allowed object is - * {@link String } + * {@link HibernateDeployerType } * */ - public void setJmxObjectName(String value) { - this.jmxObjectName = value; + public void setHibernateDeployer(HibernateDeployerType value) { + this.hibernateDeployer = value; } /** Modified: idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/ObjectFactory.java =================================================================== --- idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/ObjectFactory.java 2009-05-28 14:04:33 UTC (rev 539) +++ idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/ObjectFactory.java 2009-05-28 17:17:16 UTC (rev 540) @@ -2,7 +2,7 @@ // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-619 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.05.20 at 03:35:46 PM CST +// Generated on: 2009.05.28 at 11:27:34 PM CST // @@ -41,11 +41,11 @@ } /** - * Create an instance of {@link InitializerType } + * Create an instance of {@link OptionType } * */ - public InitializerType createInitializerType() { - return new InitializerType(); + public OptionType createOptionType() { + return new OptionType(); } /** @@ -57,38 +57,46 @@ } /** - * Create an instance of {@link SqlInitializerType } + * Create an instance of {@link JbossIDMDeployerType } * */ - public SqlInitializerType createSqlInitializerType() { - return new SqlInitializerType(); + public JbossIDMDeployerType createJbossIDMDeployerType() { + return new JbossIDMDeployerType(); } /** - * Create an instance of {@link HibernateInitializerType } + * Create an instance of {@link InitializerType } * */ - public HibernateInitializerType createHibernateInitializerType() { - return new HibernateInitializerType(); + public InitializerType createInitializerType() { + return new InitializerType(); } /** - * Create an instance of {@link JbossIDMDeployerType } + * Create an instance of {@link HibernateDeployerType } * */ - public JbossIDMDeployerType createJbossIDMDeployerType() { - return new JbossIDMDeployerType(); + public HibernateDeployerType createHibernateDeployerType() { + return new HibernateDeployerType(); } /** - * Create an instance of {@link OptionType } + * Create an instance of {@link SqlInitializerType } * */ - public OptionType createOptionType() { - return new OptionType(); + public SqlInitializerType createSqlInitializerType() { + return new SqlInitializerType(); } /** + * Create an instance of {@link HibernateInitializerType } + * + */ + public HibernateInitializerType createHibernateInitializerType() { + return new HibernateInitializerType(); + } + + /** * Create an instance of {@link JAXBElement }{@code <}{@link JbossIDMDeployerType }{@code >}} * */ Modified: idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/OptionType.java =================================================================== --- idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/OptionType.java 2009-05-28 14:04:33 UTC (rev 539) +++ idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/OptionType.java 2009-05-28 17:17:16 UTC (rev 540) @@ -2,7 +2,7 @@ // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-619 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.05.20 at 03:35:46 PM CST +// Generated on: 2009.05.28 at 11:27:34 PM CST // Modified: idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/OptionsType.java =================================================================== --- idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/OptionsType.java 2009-05-28 14:04:33 UTC (rev 539) +++ idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/OptionsType.java 2009-05-28 17:17:16 UTC (rev 540) @@ -2,7 +2,7 @@ // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-619 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.05.20 at 03:35:46 PM CST +// Generated on: 2009.05.28 at 11:27:34 PM CST // Modified: idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/SqlInitializerType.java =================================================================== --- idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/SqlInitializerType.java 2009-05-28 14:04:33 UTC (rev 539) +++ idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/SqlInitializerType.java 2009-05-28 17:17:16 UTC (rev 540) @@ -2,7 +2,7 @@ // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-619 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.05.20 at 03:35:46 PM CST +// Generated on: 2009.05.28 at 11:27:34 PM CST // Modified: idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/package-info.java =================================================================== --- idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/package-info.java 2009-05-28 14:04:33 UTC (rev 539) +++ idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/jaxb2/package-info.java 2009-05-28 17:17:16 UTC (rev 540) @@ -2,7 +2,7 @@ // This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-619 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.05.20 at 03:35:46 PM CST +// Generated on: 2009.05.28 at 11:27:34 PM CST // @javax.xml.bind.annotation.XmlSchema(namespace = "urn:jboss:identity:idm:deployer:v1_0_alpha", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED) Modified: idm/trunk/integration/deployer/src/main/resources/META-INF/default-jboss-idm.xml =================================================================== --- idm/trunk/integration/deployer/src/main/resources/META-INF/default-jboss-idm.xml 2009-05-28 14:04:33 UTC (rev 539) +++ idm/trunk/integration/deployer/src/main/resources/META-INF/default-jboss-idm.xml 2009-05-28 17:17:16 UTC (rev 540) @@ -4,4 +4,8 @@ xsi:schemaLocation="urn:jboss:identity:idm:deployer:v1_0_alpha identity-deployer.xsd"> <JNDIName>java:/IdentitySessionFactory</JNDIName> <idmConfigFile>jboss.idm.cfg.xml</idmConfigFile> + <hibernateDeployer> + <hibernateConfiguration>jboss.idm.hibernate.cfg.xml</hibernateConfiguration> + <hibernateSessionFactoryJNDIName>java:/IDMHibernateSessionFactory</hibernateSessionFactoryJNDIName> + </hibernateDeployer> </jboss-idm-deployer> Modified: idm/trunk/integration/deployer/src/main/resources/identity-deployer.xsd =================================================================== --- idm/trunk/integration/deployer/src/main/resources/identity-deployer.xsd 2009-05-28 14:04:33 UTC (rev 539) +++ idm/trunk/integration/deployer/src/main/resources/identity-deployer.xsd 2009-05-28 17:17:16 UTC (rev 540) @@ -10,7 +10,7 @@ <xs:sequence> <xs:element name="JNDIName" type="xs:string" /> <xs:element name="idmConfigFile" type="xs:string" /> - <xs:element name="jmxObjectName" type="xs:string"/> + <xs:element name="hibernateDeployer" minOccurs="0" type="urn:hibernateDeployerType" xmlns:urn="urn:jboss:identity:idm:deployer:v1_0_alpha"/> <xs:element name="initializers" minOccurs="0" type="urn:initializerType" xmlns:urn="urn:jboss:identity:idm:deployer:v1_0_alpha"/> <xs:element name="options" minOccurs="0" type="urn:optionsType" xmlns:urn="urn:jboss:identity:idm:deployer:v1_0_alpha"/> <xs:element name="depends" type="xs:string" minOccurs="0" maxOccurs="unbounded" /> @@ -55,5 +55,15 @@ <xs:element type="xs:string" name="value"/> </xs:sequence> </xs:complexType> + + <xs:complexType name="hibernateDeployerType"> + <xs:sequence> + <xs:element type="xs:string" name="hibernateConfiguration"/> + <xs:choice> + <xs:element type="xs:string" name="hibernateSessionFactoryRegistryName" /> + <xs:element type="xs:string" name="hibernateSessionFactoryJNDIName" /> + </xs:choice> + </xs:sequence> + </xs:complexType> </xs:schema> \ No newline at end of file Modified: idm/trunk/integration/deployer/src/main/resources/jboss.idm.cfg.xml =================================================================== --- idm/trunk/integration/deployer/src/main/resources/jboss.idm.cfg.xml 2009-05-28 14:04:33 UTC (rev 539) +++ idm/trunk/integration/deployer/src/main/resources/jboss.idm.cfg.xml 2009-05-28 17:17:16 UTC (rev 540) @@ -89,8 +89,8 @@ </supported-identity-object-types> <options> <option> - <name>hibernateConfiguration</name> - <value>jboss.idm.hibernate.cfg.xml</value> + <name>hibernateSessionFactoryJNDIName</name> + <value>java:/IDMHibernateSessionFactory</value> </option> <option> <name>populateRelationshipTypes</name> Added: idm/trunk/integration/deployer/src/test/resources/jbpm.identity/META-INF/jbpm-jboss-idm.xml =================================================================== --- idm/trunk/integration/deployer/src/test/resources/jbpm.identity/META-INF/jbpm-jboss-idm.xml (rev 0) +++ idm/trunk/integration/deployer/src/test/resources/jbpm.identity/META-INF/jbpm-jboss-idm.xml 2009-05-28 17:17:16 UTC (rev 540) @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<jboss-idm-deployer xmlns="urn:jboss:identity:idm:deployer:v1_0_alpha" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="urn:jboss:identity:idm:deployer:v1_0_alpha identity-deployer.xsd"> + <JNDIName>java:/jbpmIdentitySessionFactory</JNDIName> + <idmConfigFile>jbpm.idm.cfg.xml</idmConfigFile> +</jboss-idm-deployer> Added: idm/trunk/integration/deployer/src/test/resources/jbpm.identity/jbpm.idm.cfg.xml =================================================================== --- idm/trunk/integration/deployer/src/test/resources/jbpm.identity/jbpm.idm.cfg.xml (rev 0) +++ idm/trunk/integration/deployer/src/test/resources/jbpm.identity/jbpm.idm.cfg.xml 2009-05-28 17:17:16 UTC (rev 540) @@ -0,0 +1,95 @@ +<?xml version="1.0" encoding="UTF-8"?> +<jboss-identity xmlns="urn:jboss:identity:idm:config:v1_0_alpha" + xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" + xsi:schemaLocation="urn:jboss:identity:idm:config:v1_0_alpha identity-config.xsd"> + <realms> + <realm> + <id>realm://jbpmIdentity</id> + <repository-id-ref>jbpm_Identity_Repository</repository-id-ref> + <identity-type-mappings> + <user-mapping>USER</user-mapping> + </identity-type-mappings> + </realm> + </realms> + <repositories> + <repository> + <id>jbpm_Identity_Repository</id> + <class>org.jboss.identity.idm.impl.repository.WrapperIdentityStoreRepository</class> + <external-config/> + <default-identity-store-id>jbpm_Identity_DB_Store</default-identity-store-id> + <default-attribute-store-id>jbpm_Identity_DB_Store</default-attribute-store-id> + </repository> + </repositories> + <stores> + <attribute-stores/> + <identity-stores> + <identity-store> + <id>jbpm_Identity_DB_Store</id> + <class>org.jboss.identity.idm.impl.store.hibernate.HibernateIdentityStoreImpl</class> + <external-config/> + <supported-relationship-types> + <relationship-type>JBOSS_IDENTITY_MEMBERSHIP</relationship-type> + <relationship-type>JBOSS_IDENTITY_ROLE</relationship-type> + </supported-relationship-types> + <supported-identity-object-types> + <identity-object-type> + <name>USER</name> + <relationships> + <relationship> + <relationship-type-ref>JBOSS_IDENTITY_ROLE</relationship-type-ref> + <identity-object-type-ref>unit</identity-object-type-ref> + </relationship> + </relationships> + <credentials> + <credential-type>PASSWORD</credential-type> + </credentials> + <attributes/> + <options/> + </identity-object-type> + <identity-object-type> + <name>unit</name> + <relationships> + <relationship> + <relationship-type-ref>JBOSS_IDENTITY_ROLE</relationship-type-ref> + <identity-object-type-ref>USER</identity-object-type-ref> + </relationship> + <relationship> + <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref> + <identity-object-type-ref>USER</identity-object-type-ref> + </relationship> + <relationship> + <relationship-type-ref>JBOSS_IDENTITY_MEMBERSHIP</relationship-type-ref> + <identity-object-type-ref>unit</identity-object-type-ref> + </relationship> + </relationships> + <credentials/> + <attributes/> + <options/> + </identity-object-type> + </supported-identity-object-types> + <options> + <option> + <name>hibernateSessionFactoryJNDIName</name> + <value>java:/IDMHibernateSessionFactory</value> + </option> + <option> + <name>populateRelationshipTypes</name> + <value>true</value> + </option> + <option> + <name>populateIdentityObjectTypes</name> + <value>true</value> + </option> + <option> + <name>allowNotDefinedAttributes</name> + <value>true</value> + </option> + <option> + <name>isRealmAware</name> + <value>true</value> + </option> + </options> + </identity-store> + </identity-stores> + </stores> +</jboss-identity>

15 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r538 - in idm/trunk/integration/deployer: src/main/java/org/jboss/identity/idm/integration/jboss5 and 2 other directories.

by jboss-identity-commits＠lists.jboss.org

Author: jeff.yuchang Date: 2009-05-28 07:27:59 -0400 (Thu, 28 May 2009) New Revision: 538 Added: idm/trunk/integration/deployer/src/main/resources/META-INF/jboss-dependency.xml Modified: idm/trunk/integration/deployer/pom.xml idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMDeployer.java idm/trunk/integration/deployer/src/main/resources/META-INF/idm-deployer-jboss-beans.xml idm/trunk/integration/deployer/src/main/resources/deployer-assembly.xml idm/trunk/integration/deployer/src/main/resources/idm-assembly.xml Log: * Update the TransactionManager injection. * Add the jboss-dependency for the datasource. Modified: idm/trunk/integration/deployer/pom.xml =================================================================== --- idm/trunk/integration/deployer/pom.xml 2009-05-26 18:52:06 UTC (rev 537) +++ idm/trunk/integration/deployer/pom.xml 2009-05-28 11:27:59 UTC (rev 538) @@ -18,6 +18,7 @@ <properties> <jboss.version>5.0.0.GA</jboss.version> + <jboss.deployers.version>2.0.3.GA</jboss.deployers.version> </properties> <dependencies> @@ -99,16 +100,40 @@ </exclusions> </dependency> <dependency> - <groupId>org.jboss.jbossas</groupId> - <artifactId>jboss-as-system-jmx</artifactId> - <version>${jboss.version}</version> - <scope>provided</scope> - </dependency> - <dependency> <groupId>bsh</groupId> <artifactId>bsh</artifactId> <version>1.3.0</version> </dependency> + <dependency> + <groupId>org.jboss.deployers</groupId> + <artifactId>jboss-deployers-client</artifactId> + <version>${jboss.deployers.version}</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.jboss.deployers</groupId> + <artifactId>jboss-deployers-client-spi</artifactId> + <version>${jboss.deployers.version}</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.jboss.deployers</groupId> + <artifactId>jboss-deployers-spi</artifactId> + <version>${jboss.deployers.version}</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.jboss.deployers</groupId> + <artifactId>jboss-deployers-structure-spi</artifactId> + <version>${jboss.deployers.version}</version> + <scope>provided</scope> + </dependency> + <dependency> + <groupId>org.jboss.deployers</groupId> + <artifactId>jboss-deployers-vfs-spi</artifactId> + <version>${jboss.deployers.version}</version> + <scope>provided</scope> + </dependency> </dependencies> @@ -128,10 +153,11 @@ <plugin> <groupId>org.apache.maven.plugins</groupId> <artifactId>maven-jar-plugin</artifactId> + <version>2.2</version> <configuration> <excludes> <exclude>META-INF/*.xml</exclude> - <exclude>*.xml</exclude> + <exclude>**/*.xml</exclude> </excludes> </configuration> </plugin> @@ -160,8 +186,8 @@ <goal>single</goal> </goals> <configuration> - <finalName>idm.config</finalName> - <appendAssemblyId>false</appendAssemblyId> + <finalName>idm-service.sar</finalName> + <appendAssemblyId>true</appendAssemblyId> <descriptors> <descriptor>src/main/resources/idm-assembly.xml</descriptor> </descriptors> Modified: idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMDeployer.java =================================================================== --- idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMDeployer.java 2009-05-26 18:52:06 UTC (rev 537) +++ idm/trunk/integration/deployer/src/main/java/org/jboss/identity/idm/integration/jboss5/IDMDeployer.java 2009-05-28 11:27:59 UTC (rev 538) @@ -20,7 +20,6 @@ import org.jboss.deployers.vfs.spi.structure.VFSDeploymentUnit; import org.jboss.identity.idm.api.IdentitySessionFactory; import org.jboss.identity.idm.api.cfg.IdentityConfiguration; -import org.jboss.identity.idm.common.transaction.TransactionManagerProvider; import org.jboss.identity.idm.common.transaction.Transactions; import org.jboss.identity.idm.impl.configuration.IdentityConfigurationImpl; import org.jboss.identity.idm.impl.configuration.jaxb2.JAXB2IdentityConfiguration; @@ -45,6 +44,8 @@ private IdentitySessionFactory idSF; + private TransactionManager transactionManager; + public IDMDeployer() { super(IDMMetadata.class); } @@ -86,8 +87,7 @@ } try { - TransactionManager tm = TransactionManagerProvider.JBOSS_PROVIDER.getTransactionManager(); - Transactions.required(tm, new Transactions.Runnable() + Transactions.required(transactionManager, new Transactions.Runnable() { public Object run() throws Exception { @@ -165,6 +165,17 @@ logger.fine("could not get database version from JDBC metadata"); return 0; } - } + } + public TransactionManager getTransactionManager() { + return transactionManager; + } + + public void setTransactionManager(TransactionManager transactionManager) { + this.transactionManager = transactionManager; + } + + + + } Modified: idm/trunk/integration/deployer/src/main/resources/META-INF/idm-deployer-jboss-beans.xml =================================================================== --- idm/trunk/integration/deployer/src/main/resources/META-INF/idm-deployer-jboss-beans.xml 2009-05-26 18:52:06 UTC (rev 537) +++ idm/trunk/integration/deployer/src/main/resources/META-INF/idm-deployer-jboss-beans.xml 2009-05-28 11:27:59 UTC (rev 538) @@ -16,6 +16,10 @@ The actual IDM Deployer --> <bean name="org.jboss.identity.idm:service=Deployer" - class="org.jboss.identity.idm.integration.jboss5.IDMDeployer"/> + class="org.jboss.identity.idm.integration.jboss5.IDMDeployer"> + <property name="transactionManager"> + <inject bean="RealTransactionManager" option="callback"/> + </property> + </bean> </deployment> \ No newline at end of file Added: idm/trunk/integration/deployer/src/main/resources/META-INF/jboss-dependency.xml =================================================================== --- idm/trunk/integration/deployer/src/main/resources/META-INF/jboss-dependency.xml (rev 0) +++ idm/trunk/integration/deployer/src/main/resources/META-INF/jboss-dependency.xml 2009-05-28 11:27:59 UTC (rev 538) @@ -0,0 +1,3 @@ +<dependency xmlns="urn:jboss:dependency:1.0"> + <item whenRequired="Real" dependentState="Installed">jboss.jca:service=DataSourceBinding,name=jbossidmDS</item> +</dependency> \ No newline at end of file Modified: idm/trunk/integration/deployer/src/main/resources/deployer-assembly.xml =================================================================== --- idm/trunk/integration/deployer/src/main/resources/deployer-assembly.xml 2009-05-26 18:52:06 UTC (rev 537) +++ idm/trunk/integration/deployer/src/main/resources/deployer-assembly.xml 2009-05-28 11:27:59 UTC (rev 538) @@ -1,6 +1,6 @@ <assembly xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/assembly-1.1.0-SNAPSHOT.xsd"> - <id></id> + <id>deployer</id> <formats> <format>zip</format> </formats> Modified: idm/trunk/integration/deployer/src/main/resources/idm-assembly.xml =================================================================== --- idm/trunk/integration/deployer/src/main/resources/idm-assembly.xml 2009-05-26 18:52:06 UTC (rev 537) +++ idm/trunk/integration/deployer/src/main/resources/idm-assembly.xml 2009-05-28 11:27:59 UTC (rev 538) @@ -1,6 +1,6 @@ <assembly xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/assembly-1.1.0-SNAPSHOT.xsd"> - <id></id> + <id>config</id> <formats> <format>zip</format> </formats> @@ -12,8 +12,8 @@ <includes> <include>jboss.idm.cfg.xml</include> <include>jboss.idm.hibernate.cfg.xml</include> - <include>jbidm-hsqldb-ds.xml</include> <include>META-INF/default-jboss-idm.xml</include> + <include>META-INF/jboss-dependency.xml</include> </includes> </fileSet> </fileSets>

15 years, 7 months

1
0
0 / 0

JBoss Identity SVN: r537 - in identity-federation/trunk: jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request and 5 other directories.

by jboss-identity-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2009-05-26 14:52:06 -0400 (Tue, 26 May 2009) New Revision: 537 Added: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java Log: signature updates Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-05-26 15:43:37 UTC (rev 536) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-05-26 18:52:06 UTC (rev 537) @@ -21,20 +21,24 @@ */ package org.jboss.identity.federation.api.saml.v2.request; +import java.io.IOException; import java.io.InputStream; import java.io.OutputStream; import java.io.Writer; +import javax.xml.bind.Binder; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBElement; import javax.xml.bind.JAXBException; import javax.xml.bind.Marshaller; import javax.xml.bind.Unmarshaller; import javax.xml.datatype.DatatypeConfigurationException; +import javax.xml.parsers.ParserConfigurationException; import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants; import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory; import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory; +import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; import org.jboss.identity.federation.core.saml.v2.util.JAXBElementMappingUtil; import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil; import org.jboss.identity.federation.saml.v2.assertion.NameIDType; @@ -42,6 +46,9 @@ import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; import org.jboss.identity.federation.saml.v2.protocol.LogoutRequestType; import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType; +import org.jboss.identity.federation.saml.v2.protocol.ResponseType; +import org.w3c.dom.Document; +import org.w3c.dom.Node; import org.xml.sax.SAXException; /** @@ -193,6 +200,43 @@ } /** + * Return the DOM object + * @param rat + * @return + * @throws SAXException + * @throws IOException + * @throws JAXBException + * @throws ParserConfigurationException + */ + public Document convert(RequestAbstractType rat) + throws SAXException, IOException, JAXBException, ParserConfigurationException + { + JAXBContext jaxb = JAXBContext.newInstance(RequestAbstractType.class); + Binder<Node> binder = jaxb.createBinder(); + + Document doc = DocumentUtil.createDocument(); + binder.marshal(JAXBElementMappingUtil.get(rat), doc); + return doc; + } + + /** + * Convert a SAML2 Response into a Document + * @param responseType + * @return + * @throws JAXBException + * @throws ParserConfigurationException + */ + public Document convert(ResponseType responseType) throws JAXBException, ParserConfigurationException + { + JAXBContext jaxb = JAXBContext.newInstance(ResponseType.class); + Binder<Node> binder = jaxb.createBinder(); + + Document doc = DocumentUtil.createDocument(); + binder.marshal(JAXBElementMappingUtil.get(responseType), doc); + return doc; + } + + /** * Marshall the AuthnRequestType to an output stream * @param requestType * @param os Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-05-26 15:43:37 UTC (rev 536) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-05-26 18:52:06 UTC (rev 537) @@ -37,8 +37,10 @@ import javax.xml.parsers.ParserConfigurationException; import org.jboss.identity.federation.core.exceptions.ConfigurationException; +import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory; import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory; +import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory; import org.jboss.identity.federation.core.saml.v2.factories.SAMLProtocolFactory; import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder; import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder; @@ -49,8 +51,11 @@ import org.jboss.identity.federation.saml.v2.assertion.AssertionType; import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType; import org.jboss.identity.federation.saml.v2.assertion.AttributeType; +import org.jboss.identity.federation.saml.v2.assertion.AuthnContextType; +import org.jboss.identity.federation.saml.v2.assertion.AuthnStatementType; import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType; +import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory; import org.jboss.identity.federation.saml.v2.protocol.ResponseType; import org.w3c.dom.Document; import org.w3c.dom.Node; @@ -64,6 +69,24 @@ public class SAML2Response { /** + * Create an AuthnStatement + * @param authnContextDeclRef such as JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT + * @param issueInstant + * @return + */ + public AuthnStatementType createAuthnStatement(String authnContextDeclRef, + XMLGregorianCalendar issueInstant) + { + ObjectFactory objectFactory = SAMLAssertionFactory.getObjectFactory(); + AuthnStatementType authnStatement = objectFactory.createAuthnStatementType(); + authnStatement.setAuthnInstant(issueInstant); + AuthnContextType act = objectFactory.createAuthnContextType(); + String authContextDeclRef = JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get(); + act.getContent().add(objectFactory.createAuthnContextDeclRef(authContextDeclRef)); + authnStatement.setAuthnContext(act); + return authnStatement; + } + /** * Given a set of roles, create an attribute statement * @param roles * @return Added: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java 2009-05-26 18:52:06 UTC (rev 537) @@ -0,0 +1,90 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.saml.v2.sig; + +import java.security.KeyPair; + +import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; +import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; +import org.jboss.identity.federation.api.util.XMLSignatureUtil; +import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType; +import org.jboss.identity.federation.saml.v2.protocol.ResponseType; +import org.w3c.dom.Document; +import org.w3c.dom.Node; + +/** + * Class that deals with SAML2 Signature + * @author Anil.Saldhana(a)redhat.com + * @since May 26, 2009 + */ +public class SAML2Signature +{ + /** + * Sign an RequestType at the root + * @param request + * @param keypair Key Pair + * @param digestMethod (Example: DigestMethod.SHA1) + * @param signatureMethod (Example: SignatureMethod.DSA_SHA1) + * @return + * @throws Exception + */ + public Document sign(RequestAbstractType request, KeyPair keypair, + String digestMethod, String signatureMethod) throws Exception + { + SAML2Request saml2Request = new SAML2Request(); + Document doc = saml2Request.convert(request); + + String referenceURI = "#" + request.getID(); + + Node root = doc.getDocumentElement(); + return XMLSignatureUtil.sign(doc, root, + keypair.getPrivate(), + keypair.getPublic(), + digestMethod, signatureMethod, + referenceURI); + } + + /** + * Sign an ResponseType at the root + * @param response + * @param keypair Key Pair + * @param digestMethod (Example: DigestMethod.SHA1) + * @param signatureMethod (Example: SignatureMethod.DSA_SHA1) + * @return + * @throws Exception + */ + public Document sign(ResponseType response,KeyPair keypair, + String digestMethod, String signatureMethod) throws Exception + { + SAML2Response saml2Request = new SAML2Response(); + Document doc = saml2Request.convert(response); + + String referenceURI = "#" + response.getID(); + + Node root = doc.getDocumentElement(); + return XMLSignatureUtil.sign(doc, root, + keypair.getPrivate(), + keypair.getPublic(), + digestMethod, signatureMethod, + referenceURI); + } +} Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-05-26 15:43:37 UTC (rev 536) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-05-26 18:52:06 UTC (rev 537) @@ -21,19 +21,20 @@ */ package org.jboss.identity.federation.api.util; -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; import java.io.OutputStream; import java.security.Key; -import java.security.KeyPair; import java.security.PrivateKey; +import java.security.PublicKey; import java.util.Collections; +import java.util.List; import javax.security.cert.X509Certificate; import javax.xml.bind.JAXBElement; import javax.xml.bind.Marshaller; import javax.xml.crypto.dsig.CanonicalizationMethod; +import javax.xml.crypto.dsig.DigestMethod; import javax.xml.crypto.dsig.Reference; +import javax.xml.crypto.dsig.SignatureMethod; import javax.xml.crypto.dsig.SignedInfo; import javax.xml.crypto.dsig.Transform; import javax.xml.crypto.dsig.XMLSignature; @@ -45,20 +46,16 @@ import javax.xml.crypto.dsig.keyinfo.KeyValue; import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; import javax.xml.crypto.dsig.spec.TransformParameterSpec; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.transform.Transformer; import javax.xml.transform.TransformerFactory; import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; - -import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; + import org.jboss.identity.federation.core.util.JAXBUtil; -import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; -import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType; import org.jboss.identity.xmlsec.w3.xmldsig.ObjectFactory; import org.jboss.identity.xmlsec.w3.xmldsig.SignatureType; import org.w3c.dom.Document; +import org.w3c.dom.Node; import org.w3c.dom.NodeList; /** @@ -75,7 +72,7 @@ private static XMLSignatureFactory fac = getXMLSignatureFactory(); - private static XMLSignatureFactory getXMLSignatureFactory() + public static XMLSignatureFactory getXMLSignatureFactory() { XMLSignatureFactory xsf = null; @@ -93,112 +90,79 @@ } /** - * Sign an AuthnRequestType - * @param request - * @param signingKey Private Key for signing - * @param cert X509Certificate public key certificate (may be null) + * Sign a node in a document + * @param doc Document + * @param parentOfNodeToBeSigned Parent Node of the node to be signed + * @param signingKey Private Key + * @param certificate X509 Certificate holding the public key * @param digestMethod (Example: DigestMethod.SHA1) * @param signatureMethod (Example: SignatureMethod.DSA_SHA1) - * @return + * @param referenceURI + * @return Document that contains the signed node * @throws Exception */ - public static Document sign(AuthnRequestType request, PrivateKey signingKey, - X509Certificate certificate, - String digestMethod, String signatureMethod) throws Exception + public static Document sign(Document doc, + Node parentOfNodeToBeSigned, + PrivateKey signingKey, + X509Certificate certificate, + String digestMethod, + String signatureMethod, + String referenceURI) throws Exception { - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - dbf.setNamespaceAware(true); - - SAML2Request saml2Request = new SAML2Request(); - - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - saml2Request.marshall(request, baos); - - DocumentBuilder builder = dbf.newDocumentBuilder(); - Document doc = builder.parse(new ByteArrayInputStream(baos.toByteArray()) ); - - DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement()); - - String referenceURI = "#" + request.getID(); - - Reference ref = fac.newReference - ( referenceURI, fac.newDigestMethod(digestMethod, null), - Collections.singletonList - (fac.newTransform(Transform.ENVELOPED, - (TransformParameterSpec) null)), null, null); - - SignedInfo si = fac.newSignedInfo - (fac.newCanonicalizationMethod - (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, - (C14NMethodParameterSpec) null), - fac.newSignatureMethod(signatureMethod, null), - Collections.singletonList(ref)); - - KeyInfo ki = null; - if(certificate != null) - { - KeyInfoFactory kif = fac.getKeyInfoFactory(); - KeyValue kv = kif.newKeyValue(certificate.getPublicKey()); - ki = kif.newKeyInfo(Collections.singletonList(kv)); - } - - XMLSignature signature = fac.newXMLSignature(si, ki); - - signature.sign(dsc); - - return doc; + return sign(doc,parentOfNodeToBeSigned, signingKey, certificate.getPublicKey(), + digestMethod, signatureMethod, referenceURI); } /** - * Sign an RequestType - * @param request - * @param keypair Key Pair - * @param digestMethod (Example: DigestMethod.SHA1) - * @param signatureMethod (Example: SignatureMethod.DSA_SHA1) + * + * @param doc + * @param parentOfNodeToBeSigned + * @param signingKey + * @param publicKey + * @param digestMethod + * @param signatureMethod + * @param referenceURI * @return * @throws Exception */ - public static Document sign(RequestAbstractType request, KeyPair keypair, - String digestMethod, String signatureMethod) throws Exception - { - DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); - dbf.setNamespaceAware(true); - - SAML2Request saml2Request = new SAML2Request(); - - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - saml2Request.marshall(request, baos); - - DocumentBuilder builder = dbf.newDocumentBuilder(); - Document doc = builder.parse(new ByteArrayInputStream(baos.toByteArray()) ); - - DOMSignContext dsc = new DOMSignContext(keypair.getPrivate(), doc.getDocumentElement()); + public static Document sign(Document doc, + Node parentOfNodeToBeSigned, + PrivateKey signingKey, + PublicKey publicKey, + String digestMethod, + String signatureMethod, + String referenceURI) throws Exception + { + DOMSignContext dsc = new DOMSignContext(signingKey, parentOfNodeToBeSigned); - String referenceURI = "#" + request.getID(); - - Reference ref = fac.newReference - ( referenceURI, fac.newDigestMethod(digestMethod, null), - Collections.singletonList - (fac.newTransform(Transform.ENVELOPED, - (TransformParameterSpec) null)), null, null); - - SignedInfo si = fac.newSignedInfo - (fac.newCanonicalizationMethod - (CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS, - (C14NMethodParameterSpec) null), - fac.newSignatureMethod(signatureMethod, null), - Collections.singletonList(ref)); - - KeyInfoFactory kif = fac.getKeyInfoFactory(); - KeyValue kv = kif.newKeyValue(keypair.getPublic()); - KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); + DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null); + Transform transform = fac.newTransform(Transform.ENVELOPED, + (TransformParameterSpec) null); + + List<Transform> transformList = Collections.singletonList(transform); + Reference ref = fac.newReference + ( referenceURI, digestMethodObj,transformList,null, null); + + String canonicalizationMethodType = CanonicalizationMethod.INCLUSIVE_WITH_COMMENTS; + CanonicalizationMethod canonicalizationMethod + = fac.newCanonicalizationMethod + (canonicalizationMethodType, (C14NMethodParameterSpec) null); + + List<Reference> referenceList = Collections.singletonList(ref); + SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null); + SignedInfo si = fac.newSignedInfo (canonicalizationMethod, signatureMethodObj , + referenceList); + + KeyInfoFactory kif = fac.getKeyInfoFactory(); + KeyValue kv = kif.newKeyValue(publicKey); + KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); - XMLSignature signature = fac.newXMLSignature(si, ki); + XMLSignature signature = fac.newXMLSignature(si, ki); - signature.sign(dsc); - - return doc; - } + signature.sign(dsc); + + return doc; + } /** * Validate a signed document with the given public key Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2009-05-26 15:43:37 UTC (rev 536) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2009-05-26 18:52:06 UTC (rev 537) @@ -29,11 +29,22 @@ import javax.xml.crypto.dsig.DigestMethod; import javax.xml.crypto.dsig.SignatureMethod; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; +import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; +import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; +import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; +import org.jboss.identity.federation.api.saml.v2.sig.SAML2Signature; import org.jboss.identity.federation.api.util.XMLSignatureUtil; -import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory; +import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants; +import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; +import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory; +import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder; import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil; +import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil; +import org.jboss.identity.federation.saml.v2.assertion.AssertionType; +import org.jboss.identity.federation.saml.v2.assertion.AuthnStatementType; +import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory; import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; +import org.jboss.identity.federation.saml.v2.protocol.ResponseType; import org.junit.Test; import org.w3c.dom.Document; @@ -53,19 +64,66 @@ @Test public void testAuthnRequestCreationWithSignature() throws Exception { - AuthnRequestType authnRequest = JBossSAMLAuthnRequestFactory.createAuthnRequestType( - IDGenerator.create("ID_"), "http://sp", "http://idp", "http://sp"); + SAML2Request saml2Request = new SAML2Request(); + String id = IDGenerator.create("ID_"); + String assertionConsumerURL= "http://sp"; + String destination = "http://idp"; + String issuerValue = "http://sp"; + AuthnRequestType authnRequest = + saml2Request.createAuthnRequestType(id, assertionConsumerURL, destination, issuerValue); + KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); KeyPair kp = kpg.genKeyPair(); - Document signedDoc = XMLSignatureUtil.sign(authnRequest, kp.getPrivate(), null, - DigestMethod.SHA1, SignatureMethod.DSA_SHA1); + SAML2Signature ss = new SAML2Signature(); + Document signedDoc = ss.sign(authnRequest, kp, DigestMethod.SHA1, SignatureMethod.DSA_SHA1); + //Validate the signature boolean isValid = XMLSignatureUtil.validate(signedDoc, kp.getPublic()); assertTrue(isValid); } /** + * Test the signature for ResponseType + * @throws Exception + */ + @Test + public void testSigningAssertionWithSignature() throws Exception + { + IssuerInfoHolder issuerInfo = new IssuerInfoHolder("testIssuer"); + String id = IDGenerator.create("ID_"); + + + SAML2Response response = new SAML2Response(); + + String authnContextDeclRef = JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get(); + + AuthnStatementType authnStatement = + response.createAuthnStatement(authnContextDeclRef, XMLTimeUtil.getIssueInstant()); + + ObjectFactory objectFactory = SAMLAssertionFactory.getObjectFactory(); + + AssertionType assertion = objectFactory.createAssertionType(); + assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(authnStatement); + assertion.setID(id); + assertion.setVersion(JBossSAMLConstants.VERSION_2_0.get()); + assertion.setIssuer(issuerInfo.getIssuer()); + + KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); + KeyPair kp = kpg.genKeyPair(); + + id = IDGenerator.create("ID_"); //regenerate + ResponseType responseType = response.createResponseType(id, issuerInfo, assertion); + + SAML2Signature ss = new SAML2Signature(); + Document signedDoc = ss.sign(responseType, kp, DigestMethod.SHA1, SignatureMethod.DSA_SHA1); + + //Validate the signature + boolean isValid = XMLSignatureUtil.validate(signedDoc, kp.getPublic()); + assertTrue(isValid); + } + + /** * Test signing a string * @throws Exception */ Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-05-26 15:43:37 UTC (rev 536) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-05-26 18:52:06 UTC (rev 537) @@ -174,7 +174,7 @@ * @param node * @return * @throws TransformerFactoryConfigurationError - * @throws TransformerException s + * @throws TransformerException */ public static InputStream getNodeAsStream(Node node) throws TransformerFactoryConfigurationError, TransformerException

15 years, 7 months

1
0
0 / 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

jboss-identity-commits May 2009