jboss-identity-commits
May 2009
jboss-identity-commits@lists.jboss.org
- 1 participants
- 73 discussions
JBoss Identity SVN: r516 - in identity-federation/trunk: jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets and 14 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-05-23 00:49:33 -0400 (Sat, 23 May 2009)
New Revision: 516
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/CircleOfTrustServlet.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/EncryptionKeyUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/KeyStoreUtil.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/metadata/MetaDataBuilder.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/KeyUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLBaseFactory.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/IMetadataConfigurationStore.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/SecurityActions.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SignatureUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/xmlenc/factories/XMLEncryptionFactory.java
identity-federation/trunk/jboss-identity-xmlsec-model/src/main/java/org/jboss/identity/xmlsec/util/XMLEncryptionUtil.java
Log:
JBID-111: generic exception throwing cleaned up
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -43,41 +43,46 @@
* Provide a set of properties used for authentication
* into the storage of keys - keystore, ldap, db, HSM etc
* @param authList
- * @throws Exception
+ * @throws {@link IOException}
*/
- void setAuthProperties(List<AuthPropertyType> authList) throws Exception;
+ void setAuthProperties(List<AuthPropertyType> authList)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException;
/**
* Set a list of (domain,alias) tuple to trust domains
* The alias is a string that represents the validating key stored
* for a domain
* @param aliases
- * @throws Exception
+ * @throws {@link IOException}
*/
- void setValidatingAlias(List<KeyValueType> aliases) throws Exception;
+ void setValidatingAlias(List<KeyValueType> aliases)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException;
/**
* Get the Signing Key
* @return
- * @throws Exception
+ * @throws {@link CertificateException}
*/
- PrivateKey getSigningKey() throws Exception;
+ PrivateKey getSigningKey()
+ throws TrustKeyConfigurationException, TrustKeyProcessingException;
/**
* Get the certificate given an alias
* @param alias
* @return
- * @throws Exception
+ * @throws {@link CertificateException}
*/
- Certificate getCertificate(String alias) throws Exception;
+ Certificate getCertificate(String alias)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException;
/**
* Get a Public Key given an alias
* @param alias
* @return
- * @throws Exception
+ * @throws {@link CertificateException}
*/
- PublicKey getPublicKey(String alias) throws Exception;
+ PublicKey getPublicKey(String alias)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException;
/**
* Given a domain, obtain a secret key
@@ -85,16 +90,16 @@
* @param domain
* @param encryptionAlgorithm Encryption Algorithm
* @param keyLength length of keys
- * @return
- * @throws Exception
+ * @return
*/
- SecretKey getEncryptionKey(String domain, String encryptionAlgorithm, int keyLength) throws Exception;
+ SecretKey getEncryptionKey(String domain, String encryptionAlgorithm, int keyLength)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException;
/**
* Get the Validating Public Key of the domain
* @param domain
- * @return
- * @throws Exception
+ * @return
*/
- PublicKey getValidatingKey(String domain) throws Exception;
+ PublicKey getValidatingKey(String domain)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException;
}
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/CircleOfTrustServlet.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/CircleOfTrustServlet.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/CircleOfTrustServlet.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -35,6 +35,7 @@
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import org.jboss.identity.federation.api.saml.v2.metadata.MetaDataBuilder;
@@ -149,7 +150,8 @@
}
}
- private void addIDP(HttpServletRequest request, HttpServletResponse response) throws Exception
+ private void addIDP(HttpServletRequest request, HttpServletResponse response)
+ throws IOException, JAXBException
{
String spName = request.getParameter("spname");
String idpName = request.getParameter("idpname");
@@ -179,7 +181,8 @@
}
}
- private void addSP(HttpServletRequest request, HttpServletResponse response) throws Exception
+ private void addSP(HttpServletRequest request, HttpServletResponse response)
+ throws JAXBException, IOException
{
String idpName = request.getParameter("idpname");
String spName = request.getParameter("spname");
@@ -209,7 +212,7 @@
}
- private EntityDescriptorType getMetaData(String metadataURL) throws Exception
+ private EntityDescriptorType getMetaData(String metadataURL) throws JAXBException, IOException
{
InputStream is;
URL md = new URL(metadataURL);
@@ -226,7 +229,8 @@
return edt;
}
- private void displayTrustedProvidersForIDP(HttpServletRequest request, HttpServletResponse response) throws Exception
+ private void displayTrustedProvidersForIDP(HttpServletRequest request, HttpServletResponse response)
+ throws IOException, ClassNotFoundException
{
String idpName = request.getParameter("name");
@@ -237,7 +241,8 @@
httpSession.setAttribute("providers", trustedProviders);
}
- private void displayTrustedProvidersForSP(HttpServletRequest request, HttpServletResponse response) throws Exception
+ private void displayTrustedProvidersForSP(HttpServletRequest request, HttpServletResponse response)
+ throws IOException, ClassNotFoundException
{
String spName = request.getParameter("name");
@@ -247,5 +252,4 @@
httpSession.setAttribute("spName", spName);
httpSession.setAttribute("providers", trustedProviders);
}
-
}
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -25,6 +25,8 @@
import java.io.InputStream;
import java.security.GeneralSecurityException;
import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.UnrecoverableKeyException;
@@ -37,7 +39,9 @@
import org.jboss.identity.federation.bindings.config.AuthPropertyType;
import org.jboss.identity.federation.bindings.config.KeyValueType;
+import org.jboss.identity.federation.bindings.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.bindings.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.bindings.interfaces.TrustKeyProcessingException;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.bindings.util.cert.EncryptionKeyUtil;
import org.jboss.identity.federation.bindings.util.cert.KeyStoreUtil;
@@ -77,72 +81,151 @@
/**
* @see TrustKeyManager#getSigningKey()
*/
- public PrivateKey getSigningKey() throws Exception
+ public PrivateKey getSigningKey()
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
{
- if(ks == null)
- this.setUpKeyStore();
-
- if(ks == null)
- throw new IllegalStateException("KeyStore is null");
- return (PrivateKey) ks.getKey(this.signingAlias, this.signingKeyPass);
+ try
+ {
+ if(ks == null)
+ this.setUpKeyStore();
+
+ if(ks == null)
+ throw new IllegalStateException("KeyStore is null");
+ return (PrivateKey) ks.getKey(this.signingAlias, this.signingKeyPass);
+ }
+ catch (KeyStoreException e)
+ {
+ throw new TrustKeyConfigurationException(e);
+ }
+ catch (NoSuchAlgorithmException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (UnrecoverableKeyException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
}
/**
* @see TrustKeyManager#getCertificate(String)
*/
- public Certificate getCertificate(String alias) throws Exception
+ public Certificate getCertificate(String alias)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
{
- if(ks == null)
- this.setUpKeyStore();
-
- if(ks == null)
- throw new IllegalStateException("KeyStore is null");
- return ks.getCertificate(alias);
+ try
+ {
+ if(ks == null)
+ this.setUpKeyStore();
+
+ if(ks == null)
+ throw new IllegalStateException("KeyStore is null");
+ return ks.getCertificate(alias);
+ }
+ catch (KeyStoreException e)
+ {
+ throw new TrustKeyConfigurationException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
}
/**
* @see TrustKeyManager#getPublicKey(String)
*/
- public PublicKey getPublicKey(String alias) throws Exception
+ public PublicKey getPublicKey(String alias)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
{
- if(ks == null)
- this.setUpKeyStore();
-
- if(ks == null)
- throw new IllegalStateException("KeyStore is null");
- return ks.getCertificate(alias).getPublicKey();
+ try
+ {
+ if(ks == null)
+ this.setUpKeyStore();
+
+ if(ks == null)
+ throw new IllegalStateException("KeyStore is null");
+ return ks.getCertificate(alias).getPublicKey();
+ }
+ catch (KeyStoreException e)
+ {
+ throw new TrustKeyConfigurationException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
}
/**
+ * @throws IOException
* @see TrustKeyManager#getValidatingKey(String)
*/
- public PublicKey getValidatingKey(String domain) throws Exception
+ public PublicKey getValidatingKey(String domain)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
{
- if(ks == null)
- this.setUpKeyStore();
-
- if(ks == null)
- throw new IllegalStateException("KeyStore is null");
- String domainAlias = this.domainAliasMap.get(domain);
- if(domainAlias == null)
- throw new IllegalStateException("Domain Alias missing for "+ domain);
PublicKey publicKey = null;
try
{
- publicKey = KeyStoreUtil.getPublicKey(ks, domainAlias, this.keyStorePass.toCharArray());
+ if(ks == null)
+ this.setUpKeyStore();
+
+ if(ks == null)
+ throw new IllegalStateException("KeyStore is null");
+ String domainAlias = this.domainAliasMap.get(domain);
+ if(domainAlias == null)
+ throw new IllegalStateException("Domain Alias missing for "+ domain);
+ publicKey = null;
+ try
+ {
+ publicKey = KeyStoreUtil.getPublicKey(ks, domainAlias, this.keyStorePass.toCharArray());
+ }
+ catch(UnrecoverableKeyException urke)
+ {
+ //Try with the signing key pass
+ publicKey = KeyStoreUtil.getPublicKey(ks, domainAlias, this.signingKeyPass);
+ }
}
- catch(UnrecoverableKeyException urke)
+ catch (KeyStoreException e)
{
- //Try with the signing key pass
- publicKey = KeyStoreUtil.getPublicKey(ks, domainAlias, this.signingKeyPass);
+ throw new TrustKeyConfigurationException(e);
}
+ catch (NoSuchAlgorithmException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
return publicKey;
}
/**
* @see TrustKeyManager#setAuthProperties(List)
*/
- public void setAuthProperties(List<AuthPropertyType> authList) throws Exception
+ public void setAuthProperties(List<AuthPropertyType> authList)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
{
for(AuthPropertyType auth: authList)
{
@@ -165,6 +248,7 @@
* @see TrustKeyManager#setValidatingAlias(List)
*/
public void setValidatingAlias(List<KeyValueType> aliases)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
{
for(KeyValueType alias: aliases)
{
@@ -173,14 +257,23 @@
}
/**
+ * @throws GeneralSecurityException
* @see TrustKeyManager#getEncryptionKey(String)
*/
- public SecretKey getEncryptionKey(String domain,String encryptionAlgorithm, int keyLength) throws Exception
+ public SecretKey getEncryptionKey(String domain,String encryptionAlgorithm, int keyLength)
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
{
SecretKey key = keys.get(domain);
if(key == null)
{
- key = EncryptionKeyUtil.getSecretKey(encryptionAlgorithm, keyLength);
+ try
+ {
+ key = EncryptionKeyUtil.getSecretKey(encryptionAlgorithm, keyLength);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
keys.put(domain, key);
}
return key;
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -25,11 +25,14 @@
import java.io.IOException;
import java.io.InputStream;
import java.io.StringWriter;
+import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.List;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBException;
+import javax.xml.datatype.DatatypeConfigurationException;
import org.apache.catalina.Context;
import org.apache.catalina.Lifecycle;
@@ -50,6 +53,9 @@
import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil;
import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
@@ -60,6 +66,7 @@
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.xml.sax.SAXException;
/**
* Valve at the IDP that supports the HTTP/Redirect Binding
@@ -216,10 +223,9 @@
/**
* Validate the incoming Request
* @param request
- * @return
- * @throws Exception
+ * @return
*/
- protected boolean validate(Request request) throws Exception
+ protected boolean validate(Request request) throws IOException,GeneralSecurityException
{
return this.hasSAMLRequestMessage(request);
}
@@ -229,7 +235,7 @@
return request.getParameter("SAMLRequest") != null;
}
- private RequestAbstractType getSAMLRequest(Request request) throws Exception
+ private RequestAbstractType getSAMLRequest(Request request) throws JAXBException, SAXException
{
String samlMessage = getSAMLMessage(request);
InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
@@ -243,9 +249,12 @@
* @param request
* @param userPrincipal
* @return
- * @throws Exception
+ * @throws ParsingException
+ * @throws ConfigurationException
+ * @throws ProcessingException
*/
- protected ResponseType getResponse(Request request, Principal userPrincipal) throws Exception
+ protected ResponseType getResponse(Request request, Principal userPrincipal)
+ throws ParsingException, ConfigurationException, ProcessingException
{
ResponseType responseType = null;
@@ -253,14 +262,37 @@
InputStream is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
SAML2Request saml2Request = new SAML2Request();
- AuthnRequestType authnRequestType = saml2Request.getAuthnRequestType(is);
+ AuthnRequestType authnRequestType = null;
+ try
+ {
+ authnRequestType = saml2Request.getAuthnRequestType(is);
+ }
+ catch (JAXBException e2)
+ {
+ throw new ParsingException(e2);
+ }
+ catch (SAXException e2)
+ {
+ throw new ParsingException(e2);
+ }
if(authnRequestType == null)
throw new IllegalStateException("AuthnRequest is null");
if(log.isTraceEnabled())
{
StringWriter sw = new StringWriter();
- saml2Request.marshall(authnRequestType, sw);
+ try
+ {
+ saml2Request.marshall(authnRequestType, sw);
+ }
+ catch (SAXException e)
+ {
+ log.trace(e);
+ }
+ catch (JAXBException e)
+ {
+ log.trace(e);
+ }
log.trace("IDPRedirectValve::AuthnRequest="+sw.toString());
}
SAML2Response saml2Response = new SAML2Response();
@@ -286,13 +318,31 @@
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
//Add timed conditions
- saml2Response.createTimedConditions(assertion, this.assertionValidity);
+ try
+ {
+ saml2Response.createTimedConditions(assertion, this.assertionValidity);
+ }
+ catch (DatatypeConfigurationException e1)
+ {
+ throw new ConfigurationException(e1);
+ }
//Lets see how the response looks like
if(log.isTraceEnabled())
{
StringWriter sw = new StringWriter();
- saml2Response.marshall(responseType, sw);
+ try
+ {
+ saml2Response.marshall(responseType, sw);
+ }
+ catch (JAXBException e)
+ {
+ log.trace(e);
+ }
+ catch (SAXException e)
+ {
+ log.trace(e);
+ }
log.trace("IDPRedirectValve::Response="+sw.toString());
}
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -21,24 +21,36 @@
*/
package org.jboss.identity.federation.bindings.tomcat.idp;
+import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
+import java.net.MalformedURLException;
import java.net.URL;
+import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.PrivateKey;
import java.security.PublicKey;
import javax.crypto.SecretKey;
+import javax.xml.bind.JAXBException;
import javax.xml.namespace.QName;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.bindings.config.EncryptionType;
import org.jboss.identity.federation.bindings.config.KeyProviderType;
+import org.jboss.identity.federation.bindings.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.bindings.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.bindings.interfaces.TrustKeyProcessingException;
import org.jboss.identity.federation.bindings.util.RedirectBindingSignatureUtil;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
@@ -47,6 +59,7 @@
import org.jboss.identity.xmlsec.util.XMLEncryptionUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
/**
@@ -106,7 +119,7 @@
}
@Override
- protected boolean validate(Request request) throws Exception
+ protected boolean validate(Request request) throws IOException, GeneralSecurityException
{
boolean result = super.validate(request);
if( result == false)
@@ -138,7 +151,19 @@
}
sb.append("&SigAlg=").append(sigAlgFromURL);
- PublicKey validatingKey = keyManager.getValidatingKey(request.getRemoteAddr());
+ PublicKey validatingKey;
+ try
+ {
+ validatingKey = keyManager.getValidatingKey(request.getRemoteAddr());
+ }
+ catch (TrustKeyConfigurationException e)
+ {
+ throw new GeneralSecurityException(e.getCause());
+ }
+ catch (TrustKeyProcessingException e)
+ {
+ throw new GeneralSecurityException(e.getCause());
+ }
boolean isValid = SignatureUtil.validate(sb.toString().getBytes("UTF-8"), sigValue, validatingKey);
return isValid;
}
@@ -162,7 +187,8 @@
}
@Override
- protected ResponseType getResponse(Request request, Principal userPrincipal) throws Exception
+ protected ResponseType getResponse(Request request, Principal userPrincipal)
+ throws ParsingException, ConfigurationException, ProcessingException
{
SAML2Response saml2Response = new SAML2Response();
@@ -175,37 +201,84 @@
String sp = responseType.getDestination();
if(sp == null)
throw new IllegalStateException("Unable to handle encryption as SP url is null");
- URL spurl = new URL(sp);
- PublicKey publicKey = keyManager.getValidatingKey(spurl.getHost());
- EncryptionType enc = idpConfiguration.getEncryption();
- if(enc == null)
- throw new IllegalStateException("EncryptionType not configured");
- String encAlgo = enc.getEncAlgo().value();
- int keyLength = enc.getKeySize();
- //Generate a key on the fly
- SecretKey sk = keyManager.getEncryptionKey(spurl.getHost(), encAlgo, keyLength);
-
- StringWriter sw = new StringWriter();
- saml2Response.marshall(responseType, sw);
-
- Document responseDoc = DocumentUtil.getDocument(new StringReader(sw.toString()));
-
- String assertionNS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
-
- QName assertionQName = new QName(assertionNS, "EncryptedAssertion", "saml");
-
- Element encAssertion = XMLEncryptionUtil.encryptElementInDocument(responseDoc,
- publicKey, sk, keyLength, assertionQName, true);
-
-
- EncryptedElementType eet = saml2Response.getEncryptedAssertion(DocumentUtil.getNodeAsStream(encAssertion));
- responseType.getAssertionOrEncryptedAssertion().set(0, eet);
+ try
+ {
+ URL spurl = new URL(sp);
+ PublicKey publicKey = keyManager.getValidatingKey(spurl.getHost());
+ EncryptionType enc = idpConfiguration.getEncryption();
+ if(enc == null)
+ throw new IllegalStateException("EncryptionType not configured");
+ String encAlgo = enc.getEncAlgo().value();
+ int keyLength = enc.getKeySize();
+ //Generate a key on the fly
+ SecretKey sk = keyManager.getEncryptionKey(spurl.getHost(), encAlgo, keyLength);
+
+ StringWriter sw = new StringWriter();
+ saml2Response.marshall(responseType, sw);
+
+ Document responseDoc = DocumentUtil.getDocument(new StringReader(sw.toString()));
+
+ String assertionNS = JBossSAMLURIConstants.ASSERTION_NSURI.get();
+
+ QName assertionQName = new QName(assertionNS, "EncryptedAssertion", "saml");
+
+ Element encAssertion = XMLEncryptionUtil.encryptElementInDocument(responseDoc,
+ publicKey, sk, keyLength, assertionQName, true);
+
+
+ EncryptedElementType eet = saml2Response.getEncryptedAssertion(DocumentUtil.getNodeAsStream(encAssertion));
+ responseType.getAssertionOrEncryptedAssertion().set(0, eet);
+ }
+ catch (MalformedURLException e)
+ {
+ // TODO Auto-generated catch block
+ e.printStackTrace();
+ }
+ catch (JAXBException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (SAXException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (IOException e)
+ {
+ throw new ProcessingException(e);
+ }
+ catch (TransformerFactoryConfigurationError e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (TransformerException e)
+ {
+ throw new ProcessingException(e);
+ }
+ catch (Exception e)
+ {
+ throw new ProcessingException(e);
+ }
}
//Lets see how the response looks like
if(log.isTraceEnabled())
{
StringWriter sw = new StringWriter();
- saml2Response.marshall(responseType, sw);
+ try
+ {
+ saml2Response.marshall(responseType, sw);
+ }
+ catch (JAXBException e)
+ {
+ log.trace(e);
+ }
+ catch (SAXException e)
+ {
+ log.trace(e);
+ }
log.trace("IDPRedirectValveWithSignature::Response="+sw.toString());
}
return responseType;
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -32,6 +32,7 @@
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.xml.bind.JAXBException;
+import javax.xml.datatype.DatatypeConfigurationException;
import org.apache.catalina.connector.Response;
import org.apache.log4j.Logger;
@@ -44,6 +45,7 @@
import org.jboss.identity.federation.bindings.util.PostBindingUtil;
import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
@@ -99,7 +101,7 @@
return postProfile;
}
- public RequestAbstractType getSAMLRequest(String samlMessage) throws Exception
+ public RequestAbstractType getSAMLRequest(String samlMessage) throws JAXBException, SAXException
{
InputStream is = null;
SAML2Request saml2Request = new SAML2Request();
@@ -122,7 +124,7 @@
Principal userPrincipal,
List<String> roles,
String identityURL,
- long assertionValidity) throws Exception
+ long assertionValidity) throws ConfigurationException, DatatypeConfigurationException, JAXBException, SAXException
{
ResponseType responseType = null;
@@ -189,7 +191,14 @@
}
}
-
+ /**
+ * Send a response
+ * @param responseType
+ * @param relayState
+ * @param response
+ * @throws IOException
+ * @throws ParsingException
+ */
public void send(ResponseType responseType, String relayState,
Response response) throws IOException, ParsingException
{
@@ -258,6 +267,14 @@
return null;
}
+ /**
+ * Create an Error Response
+ * @param responseURL
+ * @param status
+ * @param identityURL
+ * @return
+ * @throws ServletException
+ */
public ResponseType getErrorResponse(String responseURL, String status,
String identityURL) throws ServletException
{
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -31,6 +31,7 @@
import javax.servlet.ServletException;
import javax.xml.bind.JAXBException;
+import javax.xml.datatype.DatatypeConfigurationException;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.Session;
@@ -181,16 +182,15 @@
PostBindingUtil.sendPost(destination, samlMessage, relayState, response, true);
}
- protected AuthnRequestType createSAMLRequestMessage(String relayState, Response response)
- throws Exception
+ protected AuthnRequestType createSAMLRequestMessage(String relayState, Response response)
+ throws ServletException, DatatypeConfigurationException
{
//create a saml request
if(this.serviceURL == null)
throw new ServletException("serviceURL is not configured");
SPUtil spUtil = new SPUtil();
- return spUtil.createSAMLRequest(serviceURL, identityURL);
-
+ return spUtil.createSAMLRequest(serviceURL, identityURL);
}
protected String getDestination(String urlEncodedRequest, String urlEncodedRelayState)
@@ -221,7 +221,7 @@
}
}
- protected boolean validate(Request request) throws Exception
+ protected boolean validate(Request request)
{
return request.getParameter("SAMLResponse") != null;
}
@@ -231,12 +231,14 @@
* @param responseType ResponseType that contains the encrypted assertion
* @return response type with the decrypted assertion
*/
- protected ResponseType decryptAssertion(ResponseType responseType) throws Exception
+ protected ResponseType decryptAssertion(ResponseType responseType)
{
throw new RuntimeException("This authenticator does not handle encryption");
}
- private Principal process(Request request, Response response) throws Exception
+ private Principal process(Request request, Response response)
+ throws JAXBException, SAXException, IssuerNotTrustedException,
+ AssertionExpiredException, DatatypeConfigurationException
{
Principal userPrincipal = null;
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -24,6 +24,7 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.security.GeneralSecurityException;
import java.security.Principal;
import java.util.Arrays;
import java.util.List;
@@ -49,6 +50,8 @@
import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil;
import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
@@ -218,7 +221,7 @@
}
}
- protected boolean validate(Request request) throws Exception
+ protected boolean validate(Request request) throws IOException, GeneralSecurityException
{
return request.getParameter("SAMLResponse") != null;
}
@@ -228,7 +231,8 @@
* @param responseType ResponseType that contains the encrypted assertion
* @return response type with the decrypted assertion
*/
- protected ResponseType decryptAssertion(ResponseType responseType) throws Exception
+ protected ResponseType decryptAssertion(ResponseType responseType)
+ throws IOException, GeneralSecurityException, ConfigurationException, ParsingException
{
throw new RuntimeException("This authenticator does not handle encryption");
}
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -21,16 +21,26 @@
*/
package org.jboss.identity.federation.bindings.tomcat.sp;
+import java.io.IOException;
+import java.security.GeneralSecurityException;
import java.security.PrivateKey;
import java.security.PublicKey;
+import javax.xml.bind.JAXBException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Request;
import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.bindings.config.KeyProviderType;
+import org.jboss.identity.federation.bindings.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.bindings.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.bindings.interfaces.TrustKeyProcessingException;
import org.jboss.identity.federation.bindings.util.RedirectBindingSignatureUtil;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
@@ -38,6 +48,7 @@
import org.jboss.identity.xmlsec.util.XMLEncryptionUtil;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.xml.sax.SAXException;
/**
* Tomcat Authenticator for the HTTP/Redirect binding with Signature support
@@ -45,9 +56,7 @@
* @since Jan 12, 2009
*/
public class SPRedirectSignatureFormAuthenticator extends SPRedirectFormAuthenticator
-{
-
-
+{
private static Logger log = Logger.getLogger(SPRedirectSignatureFormAuthenticator.class);
private TrustKeyManager keyManager;
@@ -82,7 +91,7 @@
log.trace("Key Provider=" + keyProvider.getClassName());
}
- protected boolean validate(Request request) throws Exception
+ protected boolean validate(Request request) throws IOException, GeneralSecurityException
{
boolean result = super.validate(request);
if( result == false)
@@ -108,7 +117,19 @@
}
sb.append("&SigAlg=").append(sigAlgFromURL);
- PublicKey validatingKey = keyManager.getValidatingKey(request.getRemoteAddr());
+ PublicKey validatingKey;
+ try
+ {
+ validatingKey = keyManager.getValidatingKey(request.getRemoteAddr());
+ }
+ catch (TrustKeyConfigurationException e)
+ {
+ throw new GeneralSecurityException(e.getCause());
+ }
+ catch (TrustKeyProcessingException e)
+ {
+ throw new GeneralSecurityException(e.getCause());
+ }
boolean isValid = SignatureUtil.validate(sb.toString().getBytes("UTF-8"), sigValue, validatingKey);
return isValid;
}
@@ -132,17 +153,41 @@
}
@Override
- protected ResponseType decryptAssertion(ResponseType responseType) throws Exception
+ protected ResponseType decryptAssertion(ResponseType responseType)
+ throws IOException, GeneralSecurityException, ConfigurationException, ParsingException
{
- SAML2Response saml2Response = new SAML2Response();
- PrivateKey privateKey = keyManager.getSigningKey();
-
- EncryptedElementType myEET = (EncryptedElementType) responseType.getAssertionOrEncryptedAssertion().get(0);
- Document eetDoc = saml2Response.convert(myEET);
-
- Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(eetDoc,privateKey);
-
- //Let us use the encrypted doc element to decrypt it
- return saml2Response.getResponseType(DocumentUtil.getNodeAsStream(decryptedDocumentElement));
+ try
+ {
+ SAML2Response saml2Response = new SAML2Response();
+ PrivateKey privateKey = keyManager.getSigningKey();
+
+ EncryptedElementType myEET = (EncryptedElementType) responseType.getAssertionOrEncryptedAssertion().get(0);
+ Document eetDoc = saml2Response.convert(myEET);
+
+ Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(eetDoc,privateKey);
+
+ //Let us use the encrypted doc element to decrypt it
+ return saml2Response.getResponseType(DocumentUtil.getNodeAsStream(decryptedDocumentElement));
+ }
+ catch (JAXBException e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (SAXException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (TransformerFactoryConfigurationError e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (TransformerException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (Exception e)
+ {
+ throw new GeneralSecurityException(e);
+ }
}
}
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -26,6 +26,7 @@
import java.util.List;
import javax.xml.bind.JAXBElement;
+import javax.xml.datatype.DatatypeConfigurationException;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Request;
@@ -56,10 +57,10 @@
* Create a SAML2 auth request
* @param serviceURL URL of the service
* @param identityURL URL of the identity provider
- * @return
- * @throws Exception
+ * @return
+ * @throws DatatypeConfigurationException
*/
- public AuthnRequestType createSAMLRequest(String serviceURL, String identityURL) throws Exception
+ public AuthnRequestType createSAMLRequest(String serviceURL, String identityURL) throws DatatypeConfigurationException
{
if(serviceURL == null)
throw new IllegalArgumentException("serviceURL is null");
@@ -76,11 +77,13 @@
* @param request entire request from IDP
* @param responseType ResponseType that has been generated
* @param serverEnvironment tomcat,jboss etc
- * @return
- * @throws Exception
+ * @return
+ * @throws DatatypeConfigurationException
+ * @throws AssertionExpiredException
*/
@SuppressWarnings("unchecked")
- public Principal handleSAMLResponse(Request request, ResponseType responseType) throws Exception
+ public Principal handleSAMLResponse(Request request, ResponseType responseType)
+ throws DatatypeConfigurationException, AssertionExpiredException
{
if(request == null)
throw new IllegalArgumentException("request is null");
@@ -89,7 +92,7 @@
StatusType statusType = responseType.getStatus();
if(statusType == null)
- throw new Exception("Status Type from the IDP is null");
+ throw new IllegalArgumentException("Status Type from the IDP is null");
String statusValue = statusType.getStatusCode().getValue();
if(JBossSAMLURIConstants.STATUS_SUCCESS.get().equals(statusValue) == false)
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -21,15 +21,20 @@
*/
package org.jboss.identity.federation.bindings.util;
+import java.io.IOException;
import java.io.StringWriter;
import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
import java.security.PrivateKey;
+import javax.xml.bind.JAXBException;
+
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.xml.sax.SAXException;
/**
@@ -45,10 +50,13 @@
* @param relayState
* @param signingKey
* @return
- * @throws Exception
+ * @throws JAXBException
+ * @throws SAXException
+ * @throws IOException
+ * @throws GeneralSecurityException
*/
public static String getSAMLRequestURLWithSignature(AuthnRequestType authRequest, String relayState,
- PrivateKey signingKey) throws Exception
+ PrivateKey signingKey) throws SAXException, JAXBException, IOException, GeneralSecurityException
{
SAML2Request saml2Request = new SAML2Request();
@@ -74,11 +82,14 @@
* @param responseType
* @param relayState
* @param signingKey
- * @return
- * @throws Exception
+ * @return
+ * @throws SAXException
+ * @throws JAXBException
+ * @throws IOException
+ * @throws GeneralSecurityException
*/
public static String getSAMLResponseURLWithSignature(ResponseType responseType, String relayState,
- PrivateKey signingKey) throws Exception
+ PrivateKey signingKey) throws JAXBException, SAXException, IOException, GeneralSecurityException
{
SAML2Response saml2Response = new SAML2Response();
@@ -103,11 +114,12 @@
* @param urlEncodedRequest
* @param urlEncodedRelayState
* @param signingKey
- * @return
- * @throws Exception
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
*/
public static String getSAMLRequestURLWithSignature(String urlEncodedRequest, String urlEncodedRelayState,
- PrivateKey signingKey) throws Exception
+ PrivateKey signingKey) throws IOException, GeneralSecurityException
{
byte[] sigValue = computeSignature(urlEncodedRequest, urlEncodedRelayState, signingKey);
return getRequestRedirectURLWithSignature(urlEncodedRequest, urlEncodedRelayState, sigValue, signingKey.getAlgorithm());
@@ -118,11 +130,12 @@
* @param urlEncodedResponse
* @param urlEncodedRelayState
* @param signingKey
- * @return
- * @throws Exception
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
*/
public static String getSAMLResponseURLWithSignature(String urlEncodedResponse, String urlEncodedRelayState,
- PrivateKey signingKey) throws Exception
+ PrivateKey signingKey) throws IOException, GeneralSecurityException
{
byte[] sigValue = computeSignature(urlEncodedResponse, urlEncodedRelayState, signingKey);
return getResponseRedirectURLWithSignature(urlEncodedResponse, urlEncodedRelayState, sigValue, signingKey.getAlgorithm());
@@ -131,10 +144,13 @@
/**
* From the SAML Request URL, get the Request object
* @param signedURL
- * @return
- * @throws Exception
+ * @return
+ * @throws IOException
+ * @throws SAXException
+ * @throws JAXBException
*/
- public static AuthnRequestType getRequestFromSignedURL(String signedURL) throws Exception
+ public static AuthnRequestType getRequestFromSignedURL(String signedURL)
+ throws JAXBException, SAXException, IOException
{
String samlRequestTokenValue = getTokenValue(signedURL, "SAMLRequest");
@@ -145,10 +161,10 @@
/**
* Get the signature value from the url
* @param signedURL
- * @return
- * @throws Exception
+ * @return
+ * @throws IOException
*/
- public static byte[] getSignatureValueFromSignedURL(String signedURL) throws Exception
+ public static byte[] getSignatureValueFromSignedURL(String signedURL) throws IOException
{
String sigValueTokenValue = getTokenValue(signedURL,"Signature");
if(sigValueTokenValue == null)
@@ -173,7 +189,7 @@
private static byte[] computeSignature(
String urlEncodedRequest, String urlEncodedRelayState,
- PrivateKey signingKey) throws Exception
+ PrivateKey signingKey) throws IOException, GeneralSecurityException
{
StringBuilder sb = new StringBuilder();
sb.append("SAMLRequest=").append(urlEncodedRequest);
@@ -195,7 +211,8 @@
}
private static String getRequestRedirectURLWithSignature(
- String urlEncodedRequest, String urlEncodedRelayState, byte[] signature, String sigAlgo) throws Exception
+ String urlEncodedRequest, String urlEncodedRelayState, byte[] signature, String sigAlgo)
+ throws IOException
{
StringBuilder sb = new StringBuilder();
sb.append("SAMLRequest=").append(urlEncodedRequest);
@@ -219,7 +236,8 @@
}
private static String getResponseRedirectURLWithSignature(
- String urlEncodedResponse, String urlEncodedRelayState, byte[] signature, String sigAlgo) throws Exception
+ String urlEncodedResponse, String urlEncodedRelayState, byte[] signature, String sigAlgo)
+ throws IOException
{
StringBuilder sb = new StringBuilder();
sb.append("SAMLResponse=").append(urlEncodedResponse);
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -40,7 +40,7 @@
* URL encode the string
* @param str
* @return
- * @throws Exception
+ * @throws IOException
*/
public static String urlEncode(String str) throws IOException
{
@@ -51,7 +51,7 @@
* URL decode the string
* @param str
* @return
- * @throws Exception
+ * @throws IOException
*/
public static String urlDecode(String str) throws IOException
{
@@ -62,8 +62,7 @@
* On the byte array, apply base64 encoding following by URL encoding
* @param stringToEncode
* @return
- * @throws IOException
- * @throws Exception
+ * @throws IOException
*/
public static String base64URLEncode(byte[] stringToEncode) throws IOException
{
@@ -75,8 +74,7 @@
* On the byte array, apply URL decoding followed by base64 decoding
* @param encodedString
* @return
- * @throws IOException
- * @throws Exception
+ * @throws IOException
*/
public static byte[] urlBase64Decode(String encodedString) throws IOException
{
@@ -88,9 +86,7 @@
* Apply deflate compression followed by base64 encoding and URL encoding
* @param stringToEncode
* @return
- * @throws IOException
- * @throws IOException
- * @throws Exception
+ * @throws IOException
*/
public static String deflateBase64URLEncode(String stringToEncode) throws IOException
{
@@ -101,7 +97,7 @@
* Apply deflate compression followed by base64 encoding and URL encoding
* @param stringToEncode
* @return
- * @throws Exception
+ * @throws IOException
*/
public static String deflateBase64URLEncode(byte[] stringToEncode) throws IOException
{
@@ -113,8 +109,7 @@
* Apply URL decoding, followed by base64 decoding followed by deflate decompression
* @param encodedString
* @return
- * @throws IOException
- * @throws Exception
+ * @throws IOException
*/
public static InputStream urlBase64DeflateDecode(String encodedString) throws IOException
{
@@ -125,8 +120,7 @@
/**
* Base64 decode followed by Deflate decoding
* @param encodedString
- * @return
- * @throws Exception
+ * @return
*/
public static InputStream base64DeflateDecode(String encodedString)
{
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/ValveUtil.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -24,16 +24,19 @@
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
+import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
import javax.xml.bind.Unmarshaller;
import org.jboss.identity.federation.bindings.config.IDPType;
import org.jboss.identity.federation.bindings.config.SPType;
import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
+import org.xml.sax.SAXException;
/**
* Util for tomcat valves
@@ -93,7 +96,7 @@
}
@SuppressWarnings("unchecked")
- public static IDPType getIDPConfiguration(InputStream is) throws Exception
+ public static IDPType getIDPConfiguration(InputStream is) throws JAXBException, SAXException
{
if(is == null)
throw new IllegalArgumentException("inputstream is null");
@@ -114,7 +117,7 @@
}
@SuppressWarnings("unchecked")
- public static SPType getSPConfiguration(InputStream is) throws Exception
+ public static SPType getSPConfiguration(InputStream is) throws JAXBException, SAXException
{
if(is == null)
throw new IllegalArgumentException("inputstream is null");
@@ -138,9 +141,9 @@
* Given a SP or IDP issuer from the assertion, return the host
* @param domainURL
* @return
- * @throws Exception
+ * @throws IOException
*/
- public static String getDomain(String domainURL) throws Exception
+ public static String getDomain(String domainURL) throws IOException
{
URL url = new URL(domainURL);
return url.getHost();
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/EncryptionKeyUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/EncryptionKeyUtil.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/EncryptionKeyUtil.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -21,6 +21,8 @@
*/
package org.jboss.identity.federation.bindings.util.cert;
+import java.security.GeneralSecurityException;
+
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
@@ -35,10 +37,10 @@
* Generate a secret key useful for encryption/decryption
* @param encAlgo
* @param keySize Length of the key (if 0, defaults to 128 bits)
- * @return
- * @throws Exception
+ * @return
+ * @throws GeneralSecurityException
*/
- public static SecretKey getSecretKey(String encAlgo, int keySize) throws Exception
+ public static SecretKey getSecretKey(String encAlgo, int keySize) throws GeneralSecurityException
{
KeyGenerator keyGenerator = KeyGenerator.getInstance(encAlgo);
if(keySize == 0)
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/KeyStoreUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/KeyStoreUtil.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/KeyStoreUtil.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -32,6 +32,8 @@
import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
@@ -114,9 +116,9 @@
* Generate a Key Pair
* @param algo (RSA, DSA etc)
* @return
- * @throws Exception
+ * @throws GeneralSecurityException
*/
- public static KeyPair generateKeyPair(String algo) throws Exception
+ public static KeyPair generateKeyPair(String algo) throws GeneralSecurityException
{
KeyPairGenerator kpg = KeyPairGenerator.getInstance(algo);
return kpg.genKeyPair();
@@ -127,10 +129,10 @@
* @param ks
* @param alias
* @param password
- * @return
- * @throws Exception
+ * @return
+ * @throws GeneralSecurityException
*/
- public static PublicKey getPublicKey(KeyStore ks, String alias, char[] password) throws Exception
+ public static PublicKey getPublicKey(KeyStore ks, String alias, char[] password) throws KeyStoreException, NoSuchAlgorithmException, GeneralSecurityException
{
PublicKey publicKey = null;
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/metadata/MetaDataBuilder.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/metadata/MetaDataBuilder.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/metadata/MetaDataBuilder.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -23,6 +23,7 @@
import java.util.List;
+import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
@@ -174,20 +175,20 @@
/**
* Get the marshaller
- * @return
- * @throws Exception
+ * @return
+ * @throws JAXBException
*/
- public static Marshaller getMarshaller() throws Exception
+ public static Marshaller getMarshaller() throws JAXBException
{
return JBossSAMLBaseFactory.getMarshaller(pkgName);
}
/**
* Get the Unmarshaller
- * @return
- * @throws Exception
+ * @return
+ * @throws JAXBException
*/
- public static Unmarshaller getUnmarshaller() throws Exception
+ public static Unmarshaller getUnmarshaller() throws JAXBException
{
return JBossSAMLBaseFactory.getUnmarshaller(pkgName);
}
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -31,7 +31,7 @@
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import javax.xml.datatype.DatatypeConfigurationException;
-
+
import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
@@ -58,8 +58,7 @@
* @param destination
* @param issuerValue
* @return
- * @throws DatatypeConfigurationException
- * @throws Exception
+ * @throws DatatypeConfigurationException
*/
public AuthnRequestType createAuthnRequestType(String id,
String assertionConsumerURL,
@@ -76,7 +75,6 @@
* @return AuthnRequestType
* @throws SAXException
* @throws JAXBException
- * @throws Exception
* @throws IllegalArgumentException if the input fileName is null
* IllegalStateException if the InputStream from the fileName is null
*/
@@ -95,7 +93,6 @@
* @return
* @throws SAXException
* @throws JAXBException
- * @throws Exception
* @throws IllegalArgumentException inputstream is null
*/
@SuppressWarnings("unchecked")
@@ -117,7 +114,6 @@
* @return
* @throws SAXException
* @throws JAXBException
- * @throws Exception
* @throws IllegalArgumentException inputstream is null
*/
@SuppressWarnings("unchecked")
@@ -138,7 +134,6 @@
* @param issuer
* @return
* @throws DatatypeConfigurationException
- * @throws Exception
*/
public LogoutRequestType createLogoutRequest(String issuer) throws DatatypeConfigurationException
{
@@ -160,7 +155,6 @@
* @param resourceName
* @return
* @throws JAXBException
- * @throws Exception
*/
public XACMLAuthzDecisionQueryType parseXACMLDecisionQuery(String resourceName) throws JAXBException
{
@@ -173,8 +167,7 @@
* XACMLAuthorizationDecisionQuery from an input stream
* @param is The InputStream where the xacml query exists
* @return
- * @throws JAXBException
- * @throws Exception
+ * @throws JAXBException
*/
@SuppressWarnings("unchecked")
public XACMLAuthzDecisionQueryType parseXACMLDecisionQuery(InputStream is) throws JAXBException
@@ -205,7 +198,6 @@
* @param os
* @throws JAXBException
* @throws SAXException
- * @throws Exception
*/
public void marshall(RequestAbstractType requestType, OutputStream os) throws SAXException, JAXBException
{
@@ -223,7 +215,6 @@
* @param writer
* @throws JAXBException
* @throws SAXException
- * @throws Exception
*/
public void marshall(RequestAbstractType requestType, Writer writer) throws SAXException, JAXBException
{
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -32,8 +32,11 @@
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
+import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.XMLGregorianCalendar;
+import javax.xml.parsers.ParserConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
import org.jboss.identity.federation.core.saml.v2.factories.SAMLProtocolFactory;
@@ -83,25 +86,50 @@
* @param idp holder with the information on the Identity Provider
* @param issuerInfo holder with information on the issuer
* @return
- * @throws Exception
+ * @throws ConfigurationException
*/
- public ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp, IssuerInfoHolder issuerInfo) throws Exception
+ public ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp, IssuerInfoHolder issuerInfo)
+ throws ConfigurationException
{
- return JBossSAMLAuthnResponseFactory.createResponseType(ID, sp, idp, issuerInfo);
+ try
+ {
+ return JBossSAMLAuthnResponseFactory.createResponseType(ID, sp, idp, issuerInfo);
+ }
+ catch (DatatypeConfigurationException e)
+ {
+ throw new ConfigurationException(e);
+ }
}
- public ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, AssertionType assertion) throws Exception
+ /**
+ * Create a ResponseType
+ * @param ID
+ * @param issuerInfo
+ * @param assertion
+ * @return
+ * @throws ConfigurationException
+ */
+ public ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, AssertionType assertion)
+ throws ConfigurationException
{
- return JBossSAMLAuthnResponseFactory.createResponseType(ID, issuerInfo, assertion);
+ try
+ {
+ return JBossSAMLAuthnResponseFactory.createResponseType(ID, issuerInfo, assertion);
+ }
+ catch (DatatypeConfigurationException e)
+ {
+ throw new ConfigurationException(e);
+ }
}
/**
* Add validity conditions to the SAML2 Assertion
* @param assertion
* @param durationInMilis
- * @throws Exception
+ * @throws DatatypeConfigurationException
*/
- public void createTimedConditions(AssertionType assertion, long durationInMilis) throws Exception
+ public void createTimedConditions(AssertionType assertion, long durationInMilis)
+ throws DatatypeConfigurationException
{
XMLGregorianCalendar issueInstant = assertion.getIssueInstant();
if(issueInstant == null)
@@ -117,11 +145,12 @@
/**
* Get an encrypted assertion from the stream
* @param is
- * @return
- * @throws Exception
+ * @return
+ * @throws SAXException
+ * @throws JAXBException
*/
@SuppressWarnings("unchecked")
- public EncryptedElementType getEncryptedAssertion(InputStream is) throws Exception
+ public EncryptedElementType getEncryptedAssertion(InputStream is) throws JAXBException, SAXException
{
if(is == null)
throw new IllegalArgumentException("inputstream is null");
@@ -131,8 +160,15 @@
return jaxb.getValue();
}
+ /**
+ * Read an assertion from an input stream
+ * @param is
+ * @return
+ * @throws JAXBException
+ * @throws SAXException
+ */
@SuppressWarnings("unchecked")
- public AssertionType getAssertionType(InputStream is) throws Exception
+ public AssertionType getAssertionType(InputStream is) throws JAXBException, SAXException
{
if(is == null)
throw new IllegalArgumentException("inputstream is null");
@@ -146,10 +182,11 @@
* Read a ResponseType from an input stream
* @param is
* @return
- * @throws Exception
+ * @throws SAXException
+ * @throws JAXBException
*/
@SuppressWarnings("unchecked")
- public ResponseType getResponseType(InputStream is) throws Exception
+ public ResponseType getResponseType(InputStream is) throws JAXBException, SAXException
{
if(is == null)
throw new IllegalArgumentException("inputstream is null");
@@ -159,7 +196,15 @@
return jaxbAuthnRequestType.getValue();
}
- public Document convert(EncryptedElementType encryptedElementType) throws Exception
+ /**
+ * Convert an EncryptedElement into a Document
+ * @param encryptedElementType
+ * @return
+ * @throws JAXBException
+ * @throws ParserConfigurationException
+ */
+ public Document convert(EncryptedElementType encryptedElementType)
+ throws JAXBException, ParserConfigurationException
{
JAXBContext jaxb = JAXBContext.newInstance(EncryptedElementType.class);
Binder<Node> binder = jaxb.createBinder();
@@ -169,7 +214,14 @@
return doc;
}
- public Document convert(ResponseType responseType) throws Exception
+ /**
+ * Convert a SAML2 Response into a Document
+ * @param responseType
+ * @return
+ * @throws JAXBException
+ * @throws ParserConfigurationException
+ */
+ public Document convert(ResponseType responseType) throws JAXBException, ParserConfigurationException
{
JAXBContext jaxb = JAXBContext.newInstance(ResponseType.class);
Binder<Node> binder = jaxb.createBinder();
@@ -186,10 +238,11 @@
* that may be needed (this is a TODO) to get a prefix such as saml, samlp </b>
*
* @param responseType
- * @param os
- * @throws Exception
+ * @param os
+ * @throws SAXException
+ * @throws JAXBException
*/
- public void marshall(ResponseType responseType, OutputStream os) throws SAXException, JAXBException
+ public void marshall(ResponseType responseType, OutputStream os) throws JAXBException, SAXException
{
Marshaller marshaller = JBossSAMLAuthnResponseFactory.getValidatingMarshaller();
JAXBElement<ResponseType> jaxb = SAMLProtocolFactory.getObjectFactory().createResponse(responseType);
@@ -200,9 +253,10 @@
* Marshall the ResponseType into a writer
* @param responseType
* @param writer
- * @throws Exception
+ * @throws SAXException
+ * @throws JAXBException
*/
- public void marshall(ResponseType responseType, Writer writer) throws Exception
+ public void marshall(ResponseType responseType, Writer writer) throws JAXBException, SAXException
{
Marshaller marshaller = JBossSAMLAuthnResponseFactory.getValidatingMarshaller();
JAXBElement<ResponseType> jaxb = SAMLProtocolFactory.getObjectFactory().createResponse(responseType);
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/KeyUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/KeyUtil.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/KeyUtil.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -26,9 +26,11 @@
import java.security.PrivilegedAction;
import java.security.cert.Certificate;
import java.security.cert.CertificateEncodingException;
+import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
@@ -61,10 +63,11 @@
/**
* Given a certificate, build a keyinfo type
* @param certificate
- * @return
- * @throws Exception
+ * @return
+ * @throws JAXBException
+ * @throws CertificateException
*/
- public static KeyInfoType getKeyInfo(Certificate certificate) throws Exception
+ public static KeyInfoType getKeyInfo(Certificate certificate) throws JAXBException, CertificateException
{
StringBuilder builder = new StringBuilder();
@@ -101,20 +104,20 @@
/**
* Get the Unmarshaller for the W3 XMLDSIG
- * @return
- * @throws Exception
+ * @return
+ * @throws JAXBException
*/
- public static Unmarshaller getUnmarshaller() throws Exception
+ public static Unmarshaller getUnmarshaller() throws JAXBException
{
return JBossSAMLBaseFactory.getUnmarshaller("org.jboss.identity.xmlsec.w3.xmldsig");
}
/**
* Get the marshaller for the W3 XMLDSig
- * @return
- * @throws Exception
+ * @return
+ * @throws JAXBException
*/
- public static Marshaller getMarshaller() throws Exception
+ public static Marshaller getMarshaller() throws JAXBException
{
return JBossSAMLBaseFactory.getMarshaller("org.jboss.identity.xmlsec.w3.xmldsig");
}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -60,8 +60,7 @@
* @param assertionConsumerURL URL of the requestor where the response assertion is requested
* @param issuerValue URL of the issuer
* @return
- * @throws DatatypeConfigurationException
- * @throws Exception
+ * @throws DatatypeConfigurationException
*/
public static AuthnRequestType createAuthnRequestType(String id,
String assertionConsumerURL, String destination, String issuerValue) throws DatatypeConfigurationException
@@ -100,8 +99,7 @@
* @param schemaValidation Whether schema validation is needed
* @return
* @throws JAXBException
- * @throws SAXException
- * @throws Exception
+ * @throws SAXException
*/
public static Marshaller getValidatingMarshaller(boolean schemaValidation) throws SAXException, JAXBException
{
@@ -116,8 +114,7 @@
* @param schemaValidation whether schema validation is needed
* @return
* @throws SAXException
- * @throws JAXBException
- * @throws Exception
+ * @throws JAXBException
*/
public static Unmarshaller getValidatingUnmarshaller(boolean schemaValidation) throws JAXBException, SAXException
{
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -74,9 +74,10 @@
* @param idp holder with the information on the Identity Provider
* @param issuerInfo holder with information on the issuer
* @return
- * @throws Exception
+ * @throws DatatypeConfigurationException
*/
- public static ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp, IssuerInfoHolder issuerInfo) throws Exception
+ public static ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp, IssuerInfoHolder issuerInfo)
+ throws DatatypeConfigurationException
{
String responseDestinationURI = sp.getResponseDestinationURI();
@@ -124,6 +125,14 @@
return responseType;
}
+ /**
+ * Create a Response Type
+ * @param ID
+ * @param issuerInfo
+ * @param assertionType
+ * @return
+ * @throws DatatypeConfigurationException
+ */
public static ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, AssertionType assertionType)
throws DatatypeConfigurationException
{
@@ -157,10 +166,11 @@
/**
* Get the JAXB2 marshaller
- * @return
- * @throws Exception
+ * @return
+ * @throws JAXBException
+ * @throws SAXException
*/
- public static Marshaller getValidatingMarshaller() throws JAXBException, SAXException
+ public static Marshaller getValidatingMarshaller() throws SAXException, JAXBException
{
return JBossSAMLBaseFactory.getValidatingMarshaller(pkgName, schemaLocation);
}
@@ -169,8 +179,7 @@
* Get the JAXB2 Unmarshaller
* @return
* @throws SAXException
- * @throws JAXBException
- * @throws Exception
+ * @throws JAXBException
*/
public static Unmarshaller getValidatingUnmarshaller() throws JAXBException, SAXException
{
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLBaseFactory.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLBaseFactory.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLBaseFactory.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -54,11 +54,19 @@
public static final String W3C_XML_SCHEMA_NS_URI = "http://www.w3.org/2001/XMLSchema";
+ /**
+ * Create a plain assertion type
+ * @return
+ */
public static AssertionType createAssertion()
{
return assertionObjectFactory.createAssertionType();
}
+ /**
+ * Create an empty attribute statement
+ * @return
+ */
public static AttributeStatementType createAttributeStatement()
{
return assertionObjectFactory.createAttributeStatementType();
@@ -97,22 +105,40 @@
return attribStatement;
}
+ /**
+ * Create an empty name id
+ * @return
+ */
public static NameIDType createNameID()
{
return assertionObjectFactory.createNameIDType();
}
+ /**
+ * Create the JAXBElement type of nameid
+ * @param nameIDType
+ * @return
+ */
public static JAXBElement<NameIDType> createNameID(NameIDType nameIDType)
{
return assertionObjectFactory.createNameID(nameIDType);
}
+ /**
+ * Create an empty subject
+ * @return
+ */
public static SubjectType createSubject()
{
SubjectType subjectType = assertionObjectFactory.createSubjectType();
return subjectType;
}
+ /**
+ * Create a Subject confirmation type given the method
+ * @param method
+ * @return
+ */
public static SubjectConfirmationType createSubjectConfirmation(String method)
{
SubjectConfirmationType sct = assertionObjectFactory.createSubjectConfirmationType();
@@ -120,11 +146,24 @@
return sct;
}
+ /**
+ * Create a JAXBElement for subject confirmtation type
+ * @param sct
+ * @return
+ */
+
public static JAXBElement<SubjectConfirmationType> createSubjectConfirmation(SubjectConfirmationType sct)
{
return assertionObjectFactory.createSubjectConfirmation(sct);
}
+ /**
+ * Create a Subject Confirmation
+ * @param inResponseTo
+ * @param destinationURI
+ * @param issueInstant
+ * @return
+ */
public static SubjectConfirmationDataType createSubjectConfirmationData(String inResponseTo,
String destinationURI, XMLGregorianCalendar issueInstant)
{
@@ -146,6 +185,10 @@
return java.util.UUID.randomUUID().toString();
}
+ /**
+ * Get the Object Factory
+ * @return
+ */
public static ObjectFactory getObjectFactory()
{
return assertionObjectFactory;
@@ -166,11 +209,10 @@
/**
* Get the JAXB Marshaller
* @param pkgName The package name for the jaxb context
- * @return Marshaller
- * @throws Exception
+ * @return Marshaller
+ * @throws JAXBException
*/
- public static Marshaller getMarshaller(String pkgName)
- throws JAXBException
+ public static Marshaller getMarshaller(String pkgName) throws JAXBException
{
if(pkgName == null)
throw new IllegalArgumentException("pkgName is null");
@@ -185,12 +227,12 @@
* Get the JAXB Marshaller
* @param pkgName The package name for the jaxb context
* @param schemaLocation location of the schema to validate against
- * @return Marshaller
+ * @return Marshaller
+ * @throws JAXBException
* @throws SAXException
- * @throws Exception
*/
public static Marshaller getValidatingMarshaller(String pkgName, String schemaLocation)
- throws SAXException, JAXBException
+ throws JAXBException, SAXException
{
Marshaller marshaller = getMarshaller(pkgName);
marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
@@ -210,8 +252,7 @@
* Get the JAXB Unmarshaller
* @param pkgName The package name for the jaxb context
* @return unmarshaller
- * @throws JAXBException
- * @throws Exception
+ * @throws JAXBException
*/
public static Unmarshaller getUnmarshaller(String pkgName) throws JAXBException
{
@@ -227,8 +268,7 @@
* @param schemaLocation location of the schema to validate against
* @return unmarshaller
* @throws JAXBException
- * @throws SAXException
- * @throws Exception
+ * @throws SAXException
*/
public static Unmarshaller getValidatingUnmarshaller(String pkgName, String schemaLocation)
throws JAXBException, SAXException
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -24,11 +24,13 @@
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
+import java.io.IOException;
import java.io.ObjectInputStream;
import java.io.ObjectOutputStream;
import java.util.Map;
import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
@@ -68,24 +70,35 @@
}
}
- /**
+ /**
* @see IMetadataConfigurationStore#load(String)
*/
@SuppressWarnings("unchecked")
- public EntityDescriptorType load(String id) throws Exception
+ public EntityDescriptorType load(String id) throws IOException
{
File persistedFile = validateIdAndReturnMDFile(id);
- Unmarshaller un = JBossSAMLBaseFactory.getUnmarshaller(pkgName);
- JAXBElement<EntityDescriptorType> je =
- (JAXBElement<EntityDescriptorType>) un.unmarshal(persistedFile);
- return je.getValue();
+ Unmarshaller un;
+ try
+ {
+ un = JBossSAMLBaseFactory.getUnmarshaller(pkgName);
+ JAXBElement<EntityDescriptorType> je =
+ (JAXBElement<EntityDescriptorType>) un.unmarshal(persistedFile);
+ return je.getValue();
+ }
+ catch (JAXBException e)
+ {
+ IOException ioe =new IOException(e.getLocalizedMessage());
+ ioe.initCause(e);
+ throw ioe;
+ }
+
}
- /**
+ /**
* @see IMetadataConfigurationStore#persist(EntityDescriptorType, String)
*/
- public void persist(EntityDescriptorType entity, String id) throws Exception
+ public void persist(EntityDescriptorType entity, String id) throws IOException
{
File persistedFile = validateIdAndReturnMDFile(id);
@@ -93,15 +106,25 @@
JAXBElement<?> jentity = of.createEntityDescriptor(entity);
- Marshaller m = JBossSAMLBaseFactory.getMarshaller(pkgName);
- m.marshal(jentity, persistedFile);
+ Marshaller m;
+ try
+ {
+ m = JBossSAMLBaseFactory.getMarshaller(pkgName);
+ m.marshal(jentity, persistedFile);
+ }
+ catch (JAXBException e)
+ {
+ IOException ioe =new IOException(e.getLocalizedMessage());
+ ioe.initCause(e);
+ throw ioe;
+ }
log.trace("Persisted into " + persistedFile.getPath());
}
/**
* @see IMetadataConfigurationStore#delete(String)
*/
- public void delete(String id) throws Exception
+ public void delete(String id)
{
File persistedFile = validateIdAndReturnMDFile(id);
@@ -110,10 +133,12 @@
}
/**
+ * @throws IOException
+ * @throws ClassNotFoundException
* @see IMetadataConfigurationStore#loadTrustedProviders(String)
*/
@SuppressWarnings("unchecked")
- public Map<String, String> loadTrustedProviders(String id) throws Exception
+ public Map<String, String> loadTrustedProviders(String id) throws IOException, ClassNotFoundException
{
File trustedFile = validateIdAndReturnTrustedProvidersFile(id);
ObjectInputStream ois = new ObjectInputStream(new FileInputStream(trustedFile));
@@ -122,9 +147,11 @@
}
/**
+ * @throws IOException
* @see IMetadataConfigurationStore#persistTrustedProviders(Map)
*/
- public void persistTrustedProviders(String id, Map<String, String> trusted) throws Exception
+ public void persistTrustedProviders(String id, Map<String, String> trusted)
+ throws IOException
{
File trustedFile = validateIdAndReturnTrustedProvidersFile(id);
ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(trustedFile));
@@ -136,7 +163,7 @@
/**
* @see IMetadataConfigurationStore#deleteTrustedProviders(String)
*/
- public void deleteTrustedProviders(String id) throws Exception
+ public void deleteTrustedProviders(String id)
{
File persistedFile = validateIdAndReturnTrustedProvidersFile(id);
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/IMetadataConfigurationStore.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/IMetadataConfigurationStore.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/IMetadataConfigurationStore.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -21,6 +21,7 @@
*/
package org.jboss.identity.federation.core.saml.v2.metadata.store;
+import java.io.IOException;
import java.util.Map;
import org.jboss.identity.federation.saml.v2.metadata.EntityDescriptorType;
@@ -35,46 +36,45 @@
/**
* Get the Trusted Providers
* @param id
- * @return a map of name of provider, metadata urls
- * @throws Exception
+ * @return a map of name of provider, metadata urls
+ * @throws {@link IOException}
+ * @throws {@link ClassNotFoundException}
*/
- Map<String, String> loadTrustedProviders(String id) throws Exception;
+ Map<String, String> loadTrustedProviders(String id) throws IOException, ClassNotFoundException ;
/**
* Persist the map of trusted providers
* @param id
* @param trusted
- * @throws Exception
+ * @throws {@link IOException}
*/
- void persistTrustedProviders(String id, Map<String,String> trusted) throws Exception;
+ void persistTrustedProviders(String id, Map<String,String> trusted) throws IOException;
/**
* Persist into an external sink (file system, ldap, db etc)
* @param entity
* @param id An unique identifier useful for retrieval
- * @throws Exception
+ * @throws {@link IOException}
*/
- void persist(EntityDescriptorType entity, String id) throws Exception;
+ void persist(EntityDescriptorType entity, String id) throws IOException;
/**
* Load the descriptor from the external data sink
* @param id unique identifier used during persistence
* @return
- * @throws Exception
+ * @throws {@link IOException}
*/
- EntityDescriptorType load(String id) throws Exception;
+ EntityDescriptorType load(String id) throws IOException;
/**
* Delete the descriptor from the external data sink
- * @param id
- * @throws Exception
+ * @param id
*/
- void delete(String id) throws Exception;
+ void delete(String id);
/**
* Delete the trusted providers from the external data sink
- * @param id
- * @throws Exception
+ * @param id
*/
- void deleteTrustedProviders(String id) throws Exception;
+ void deleteTrustedProviders(String id);
}
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/SecurityActions.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/SecurityActions.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/SecurityActions.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -23,8 +23,6 @@
import java.security.AccessController;
import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
/**
* Privileged Blocks
@@ -56,11 +54,11 @@
});
}
- static ClassLoader getContextClassLoader() throws PrivilegedActionException
+ static ClassLoader getContextClassLoader()
{
- return AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
- public ClassLoader run() throws Exception
+ public ClassLoader run()
{
return Thread.currentThread().getContextClassLoader();
}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -24,6 +24,7 @@
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.File;
+import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import java.io.StringReader;
@@ -31,11 +32,14 @@
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.parsers.ParserConfigurationException;
import javax.xml.transform.OutputKeys;
import javax.xml.transform.Result;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.TransformerFactoryConfigurationError;
import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
@@ -43,6 +47,7 @@
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.xml.sax.InputSource;
+import org.xml.sax.SAXException;
/**
* Utility dealing with DOM
@@ -54,9 +59,9 @@
/**
* Create a new document
* @return
- * @throws Exception
+ * @throws ParserConfigurationException
*/
- public static Document createDocument() throws Exception
+ public static Document createDocument() throws ParserConfigurationException
{
DocumentBuilderFactory factory = getDocumentBuilderFactory();
DocumentBuilder builder = factory.newDocumentBuilder();
@@ -66,10 +71,12 @@
/**
* Parse a document from the string
* @param docString
- * @return
- * @throws Exception
+ * @return
+ * @throws IOException
+ * @throws SAXException
+ * @throws ParserConfigurationException
*/
- public static Document getDocument(String docString) throws Exception
+ public static Document getDocument(String docString) throws ParserConfigurationException, SAXException, IOException
{
return getDocument(new StringReader(docString));
}
@@ -78,9 +85,12 @@
* Parse a document from a reader
* @param reader
* @return
- * @throws Exception
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
*/
- public static Document getDocument(Reader reader) throws Exception
+ public static Document getDocument(Reader reader)
+ throws ParserConfigurationException, SAXException, IOException
{
DocumentBuilderFactory factory = DocumentBuilderFactory.newInstance();
DocumentBuilder builder = factory.newDocumentBuilder();
@@ -90,10 +100,12 @@
/**
* Get Document from a file
* @param file
- * @return
- * @throws Exception
+ * @return
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
*/
- public static Document getDocument(File file) throws Exception
+ public static Document getDocument(File file) throws ParserConfigurationException, SAXException, IOException
{
DocumentBuilderFactory factory = getDocumentBuilderFactory();
DocumentBuilder builder = factory.newDocumentBuilder();
@@ -104,9 +116,11 @@
* Get Document from an inputstream
* @param is
* @return
- * @throws Exception
+ * @throws ParserConfigurationException
+ * @throws IOException
+ * @throws SAXException
*/
- public static Document getDocument(InputStream is) throws Exception
+ public static Document getDocument(InputStream is) throws ParserConfigurationException, SAXException, IOException
{
DocumentBuilderFactory factory = getDocumentBuilderFactory();
DocumentBuilder builder = factory.newDocumentBuilder();
@@ -118,9 +132,10 @@
* Marshall a document into a String
* @param signedDoc
* @return
- * @throws Exception
+ * @throws TransformerFactoryConfigurationError
+ * @throws TransformerException
*/
- public static String getDocumentAsString(Document signedDoc) throws Exception
+ public static String getDocumentAsString(Document signedDoc) throws TransformerFactoryConfigurationError, TransformerException
{
Source source = new DOMSource(signedDoc);
StringWriter sw = new StringWriter();
@@ -137,9 +152,11 @@
* Marshall a DOM Element as string
* @param element
* @return
- * @throws Exception
+ * @throws TransformerFactoryConfigurationError
+ * @throws TransformerException
*/
- public static String getDOMElementAsString(Element element) throws Exception
+ public static String getDOMElementAsString(Element element)
+ throws TransformerFactoryConfigurationError, TransformerException
{
Source source = new DOMSource(element);
StringWriter sw = new StringWriter();
@@ -156,9 +173,11 @@
* Stream a DOM Node as an input stream
* @param node
* @return
- * @throws Exception
+ * @throws TransformerFactoryConfigurationError
+ * @throws TransformerException s
*/
- public static InputStream getNodeAsStream(Node node) throws Exception
+ public static InputStream getNodeAsStream(Node node)
+ throws TransformerFactoryConfigurationError, TransformerException
{
Source source = new DOMSource(node);
ByteArrayOutputStream baos = new ByteArrayOutputStream();
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -28,6 +28,8 @@
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.ObjectFactory;
import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
@@ -67,10 +69,13 @@
/**
* Parse the XACML Authorization Decision Query from the Dom Element
* @param samlRequest
- * @return
- * @throws Exception
+ * @return
+ * @throws TransformerException
+ * @throws TransformerFactoryConfigurationError
+ * @throws JAXBException
*/
- public static XACMLAuthzDecisionQueryType getXACMLQueryType(Element samlRequest) throws Exception
+ public static XACMLAuthzDecisionQueryType getXACMLQueryType(Element samlRequest)
+ throws TransformerFactoryConfigurationError, TransformerException, JAXBException
{
//We reparse it because the document may have issues with namespaces
String elementString = DocumentUtil.getDOMElementAsString(samlRequest);
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SignatureUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SignatureUtil.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SignatureUtil.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -62,11 +62,10 @@
* Sign a string using the private key
* @param stringToBeSigned
* @param signingKey
- * @return
- * @throws Exception
+ * @return
+ * @throws GeneralSecurityException
*/
- public static byte[] sign(String stringToBeSigned, PrivateKey signingKey)
- throws Exception
+ public static byte[] sign(String stringToBeSigned, PrivateKey signingKey) throws GeneralSecurityException
{
if(stringToBeSigned == null)
throw new IllegalArgumentException("stringToBeSigned is null");
@@ -85,11 +84,11 @@
* @param signedContent
* @param signatureValue
* @param validatingKey
- * @return
- * @throws Exception
+ * @return
+ * @throws GeneralSecurityException
*/
public static boolean validate(byte[] signedContent,
- byte[] signatureValue, PublicKey validatingKey) throws Exception
+ byte[] signatureValue, PublicKey validatingKey) throws GeneralSecurityException
{
if(signedContent == null)
throw new IllegalArgumentException("signedContent is null");
@@ -114,13 +113,13 @@
* @param signatureValue
* @param signatureAlgorithm
* @param validatingCert
- * @return
- * @throws Exception
+ * @return
+ * @throws GeneralSecurityException
*/
public static boolean validate(byte[] signedContent,
byte[] signatureValue,
String signatureAlgorithm,
- X509Certificate validatingCert) throws Exception
+ X509Certificate validatingCert) throws GeneralSecurityException
{
if(signedContent == null)
throw new IllegalArgumentException("signedContent is null");
@@ -138,7 +137,7 @@
return sig.verify(signatureValue);
}
- private static Signature getSignature(String algo) throws Exception
+ private static Signature getSignature(String algo) throws GeneralSecurityException
{
Signature sig = null;
String xmlSignatureAlgo = getXMLSignatureAlgorithmURI(algo);
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -42,9 +42,10 @@
* @param value calendar whose value needs to be updated
* @param milis
* @return calendar value with the addition
- * @throws Exception
+ * @throws DatatypeConfigurationException
*/
- public static XMLGregorianCalendar add(XMLGregorianCalendar value, long milis) throws Exception
+ public static XMLGregorianCalendar add(XMLGregorianCalendar value, long milis)
+ throws DatatypeConfigurationException
{
XMLGregorianCalendar newVal = (XMLGregorianCalendar) value.clone();
@@ -59,8 +60,7 @@
* to "GMT"
* @param timezone
* @return
- * @throws DatatypeConfigurationException
- * @throws Exception
+ * @throws DatatypeConfigurationException
*/
public static XMLGregorianCalendar getIssueInstant(String timezone) throws DatatypeConfigurationException
{
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/xmlenc/factories/XMLEncryptionFactory.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/xmlenc/factories/XMLEncryptionFactory.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/xmlenc/factories/XMLEncryptionFactory.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -22,6 +22,7 @@
package org.jboss.identity.federation.core.xmlenc.factories;
import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import org.jboss.identity.xmlsec.w3.xmlenc.ObjectFactory;
@@ -41,7 +42,7 @@
return factory;
}
- public static Marshaller getMarshaller() throws Exception
+ public static Marshaller getMarshaller() throws JAXBException
{
JAXBContext jc = JAXBContext.newInstance("org.jboss.identity.xmlsec.w3.xmlenc");
Marshaller marshaller = jc.createMarshaller();
Modified: identity-federation/trunk/jboss-identity-xmlsec-model/src/main/java/org/jboss/identity/xmlsec/util/XMLEncryptionUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-xmlsec-model/src/main/java/org/jboss/identity/xmlsec/util/XMLEncryptionUtil.java 2009-05-23 02:52:43 UTC (rev 515)
+++ identity-federation/trunk/jboss-identity-xmlsec-model/src/main/java/org/jboss/identity/xmlsec/util/XMLEncryptionUtil.java 2009-05-23 04:49:33 UTC (rev 516)
@@ -30,7 +30,8 @@
import org.apache.xml.security.encryption.EncryptedData;
import org.apache.xml.security.encryption.EncryptedKey;
-import org.apache.xml.security.encryption.XMLCipher;
+import org.apache.xml.security.encryption.XMLCipher;
+import org.apache.xml.security.exceptions.XMLSecurityException;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -76,12 +77,12 @@
* @param keyToBeEncrypted Symmetric Key (SecretKey)
* @param keyUsedToEncryptSecretKey Asymmetric Key (Public Key)
* @param keySize Length of the key
- * @return
- * @throws Exception
+ * @return
+ * @throws XMLSecurityException
*/
public static EncryptedKey encryptKey(Document document,
SecretKey keyToBeEncrypted, PublicKey keyUsedToEncryptSecretKey,
- int keySize) throws Exception
+ int keySize) throws XMLSecurityException
{
XMLCipher keyCipher = null;
String pubKeyAlg = keyUsedToEncryptSecretKey.getAlgorithm();
@@ -200,8 +201,8 @@
* the cipher data.
* @param addEncryptedKeyInKeyInfo Should the encrypted key be inside a KeyInfo
* or added as a peer of Cipher Data
- * @return An element that has the wrappingElementQName
- * @throws Exception
+ * @return An element that has the wrappingElementQName
+ * @throws Exception
*/
public static Element encryptElementInDocument(Document document,
PublicKey publicKey,
@@ -272,8 +273,8 @@
* Decrypt an encrypted element inside a document
* @param documentWithEncryptedElement
* @param privateKey key need to unwrap the encryption key
- * @return the document with the encrypted element replaced by the data element
- * @throws Exception
+ * @return the document with the encrypted element replaced by the data element
+ * @throws Exception
*/
public static Element decryptElementInDocument(Document documentWithEncryptedElement,
PrivateKey privateKey) throws Exception
15 years, 8 months
- 1
- 0
JBoss Identity SVN: r515 - in identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings: servlets and 1 other directory.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-05-22 22:52:43 -0400 (Fri, 22 May 2009)
New Revision: 515
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/providers/SecurityActions.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SecurityActions.java
Log:
simplify the method
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/providers/SecurityActions.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/providers/SecurityActions.java 2009-05-22 23:01:32 UTC (rev 514)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/providers/SecurityActions.java 2009-05-23 02:52:43 UTC (rev 515)
@@ -23,8 +23,6 @@
import java.security.AccessController;
import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
/**
* Privileged Blocks
@@ -45,11 +43,11 @@
});
}
- static ClassLoader getContextClassLoader() throws PrivilegedActionException
+ static ClassLoader getContextClassLoader()
{
- return AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
- public ClassLoader run() throws Exception
+ public ClassLoader run()
{
return Thread.currentThread().getContextClassLoader();
}
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SecurityActions.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SecurityActions.java 2009-05-22 23:01:32 UTC (rev 514)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SecurityActions.java 2009-05-23 02:52:43 UTC (rev 515)
@@ -23,8 +23,6 @@
import java.security.AccessController;
import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
/**
* Privileged Blocks
@@ -45,11 +43,11 @@
});
}
- static ClassLoader getContextClassLoader() throws PrivilegedActionException
+ static ClassLoader getContextClassLoader()
{
- return AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>()
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
{
- public ClassLoader run() throws Exception
+ public ClassLoader run()
{
return Thread.currentThread().getContextClassLoader();
}
15 years, 8 months
- 1
- 0
JBoss Identity SVN: r514 - in identity-federation/trunk/jboss-identity-fed-model/src/main/resources: wsdl and 2 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-05-22 19:01:32 -0400 (Fri, 22 May 2009)
New Revision: 514
Added:
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-authn-svc-v2.0.wsdl
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-disco-svc-v2.0.wsdl
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-idmapping-svc-v2.0.wsdl
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-interaction-svc-v2.0.wsdl
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-people-service-v1.0.wsdl
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-sso-svc-v2.0.wsdl
Log:
JBID-114: liberty ID-wsf 2 wsdl
Added: identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-authn-svc-v2.0.wsdl
===================================================================
--- identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-authn-svc-v2.0.wsdl (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-authn-svc-v2.0.wsdl 2009-05-22 23:01:32 UTC (rev 514)
@@ -0,0 +1,67 @@
+<?xml version="1.0"?>
+<definitions name="AuthenticationService"
+ targetNamespace="urn:liberty:sa:2006-08"
+ xmlns:tns="urn:liberty:sa:2006-08"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:S="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:sa="urn:liberty:sa:2006-08"
+ xmlns:wsaw="http://www.w3.org/2006/02/addressing/wsdl"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/
+ http://schemas.xmlsoap.org/wsdl/
+ http://www.w3.org/2006/02/addressing/wsdl
+ http://www.w3.org/2006/02/addressing/wsdl/ws-addr-wsdl.xsd">
+
+ <xsd:documentation>
+The source code in this WSDL file was excerpted verbatim from:
+
+Liberty ID-WSF Liberty ID-WSF Authentication, Single Sign-On, and Identity Mapping Services Specification
+Version 2.0-errata-v1.0
+28 November, 2006
+
+Copyright (c) 2007 Liberty Alliance participants, see
+http://projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications/idwsf_feb_copyrights
+
+ </xsd:documentation>
+
+ <types>
+ <xs:schema>
+ <xs:import namespace="urn:liberty:sa:2006-08"
+ schemaLocation="liberty-idwsf-authn-svc-v2.0.xsd"/>
+ </xs:schema>
+ </types>
+
+ <message name="AuthenticationSoapRequest">
+ <part name="parameters" element="sa:SASLRequest"/>
+ </message>
+ <message name="AuthenticationSoapResponse">
+ <part name="parameters" element="sa:SASLResponse"/>
+ </message>
+
+ <portType name="AuthServicePortType">
+ <operation name="Authenticate">
+ <input message="sa:AuthenticationSoapRequest"
+ wsaw:Action="urn:liberty:sa:2006-08:SASLRequest"/>
+ <output message="sa:AuthenticationSoapResponse"
+ wsaw:Action="urn:liberty:sa:2006-08:SASLResponse"/>
+ </operation>
+ </portType>
+ <binding name="AuthenticationSoapBinding" type="sa:AuthServicePortType">
+ <S:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="Authenticate">
+ <input>
+ <S:body use="literal"/>
+ </input>
+ <output>
+ <S:body use="literal"/>
+ </output>
+ </operation>
+ </binding>
+ <service name="AuthenticationService">
+ <port name="AuthServicePortType" binding="sa:AuthenticationSoapBinding">
+ <S:address location="http://example.com/authentication"/>
+ </port>
+ </service>
+</definitions>
Added: identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-disco-svc-v2.0.wsdl
===================================================================
--- identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-disco-svc-v2.0.wsdl (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-disco-svc-v2.0.wsdl 2009-05-22 23:01:32 UTC (rev 514)
@@ -0,0 +1,219 @@
+<?xml version="1.0"?>
+<definitions name="disco-svc"
+ targetNamespace="urn:liberty:disco:2006-08"
+ xmlns:tns="urn:liberty:disco:2006-08"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:sb="urn:liberty:sb:2006-08"
+ xmlns:wsaw="http://www.w3.org/2006/02/addressing/wsdl"
+ xmlns:disco="urn:liberty:disco:2006-08"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/
+ http://schemas.xmlsoap.org/wsdl/
+ http://www.w3.org/2006/02/addressing/wsdl
+ http://www.w3.org/2006/02/addressing/wsdl/ws-addr-wsdl.xsd">
+
+ <xsd:documentation>
+The source code in this WSDL file was excerpted verbatim from:
+
+Liberty ID-WSF Discovery Service Specification
+Version 2.0-errata-v1.0
+29 November, 2006
+
+Copyright (c) 2007 Liberty Alliance participants, see
+http://projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications/idwsf_feb_copyrights
+
+ </xsd:documentation>
+
+ <types>
+ <xsd:schema>
+ <xsd:import namespace="urn:liberty:disco:2006-08"
+ schemaLocation="liberty-idwsf-disco-svc-v2.0.xsd"/>
+ </xsd:schema>
+ </types>
+
+ <message name="Query">
+ <part name="body" element="disco:Query"/>
+ </message>
+ <message name="QueryResponse">
+ <part name="body" element="disco:QueryResponse"/>
+ </message>
+
+ <message name="SvcMDAssociationAdd">
+ <part name="body" element="disco:SvcMDAssociationAdd"/>
+ </message>
+ <message name="SvcMDAssociationAddResponse">
+ <part name="body" element="disco:SvcMDAssociationAddResponse"/>
+ </message>
+
+ <message name="SvcMDAssociationQuery">
+ <part name="body" element="disco:SvcMDAssociationQuery"/>
+ </message>
+ <message name="SvcMDAssociationQueryResponse">
+ <part name="body" element="disco:SvcMDAssociationQueryResponse"/>
+ </message>
+
+ <message name="SvcMDAssociationDelete">
+ <part name="body" element="disco:SvcMDAssociationDelete"/>
+ </message>
+ <message name="SvcMDAssociationDeleteResponse">
+ <part name="body" element="disco:SvcMDAssociationDeleteResponse"/>
+ </message>
+
+ <message name="SvcMDRegister">
+ <part name="body" element="disco:SvcMDRegister"/>
+ </message>
+ <message name="SvcMDRegisterResponse">
+ <part name="body" element="disco:SvcMDRegisterResponse"/>
+ </message>
+
+ <message name="SvcMDQuery">
+ <part name="body" element="disco:SvcMDQuery"/>
+ </message>
+ <message name="SvcMDQueryResponse">
+ <part name="body" element="disco:SvcMDQueryResponse"/>
+ </message>
+
+ <message name="SvcMDReplace">
+ <part name="body" element="disco:SvcMDReplace"/>
+ </message>
+ <message name="SvcMDReplaceResponse">
+ <part name="body" element="disco:SvcMDReplaceResponse"/>
+ </message>
+
+ <message name="SvcMDDelete">
+ <part name="body" element="disco:SvcMDDelete"/>
+ </message>
+ <message name="SvcMDDeleteResponse">
+ <part name="body" element="disco:SvcMDDeleteResponse"/>
+ </message>
+
+
+ <portType name="DiscoveryPort">
+
+ <operation name="DiscoveryQuery">
+ <input message="tns:Query"
+ wsaw:Action="urn:liberty:disco:2006-08:Query" />
+ <output message="tns:QueryResponse"
+ wsaw:Action="urn:liberty:disco:2006-08:QueryResponse" />
+ </operation>
+
+ <operation name="MDAssociationAdd">
+ <input message="tns:SvcMDAssociationAdd"
+ wsaw:Action="urn:liberty:disco:2006-08:SvcMDAssociationAdd" />
+ <output message="tns:SvcMDAssociationAddResponse"
+ wsaw:Action="urn:liberty:disco:2006-08:SvcMDAssociationAddResponse" />
+ </operation>
+
+ <operation name="MDAssociationQuery">
+ <input message="tns:SvcMDAssociationQuery"
+ wsaw:Action="urn:liberty:disco:2006-08:SvcMDAssociationQuery" />
+ <output message="tns:SvcMDAssociationQueryResponse"
+ wsaw:Action="urn:liberty:disco:2006-08:SvcMDAssociationQueryResponse"/>
+ </operation>
+
+ <operation name="MDAssociationDelete">
+ <input message="tns:SvcMDAssociationDelete"
+ wsaw:Action="urn:liberty:disco:2006-08:SvcMDAssociationDelete" />
+ <output message="tns:SvcMDAssociationDeleteResponse"
+ wsaw:Action="urn:liberty:disco:2006-08:SvcMDAssociationDeleteResponse"/>
+ </operation>
+
+ <operation name="MetadataRegister">
+ <input message="tns:SvcMDRegister"
+ wsaw:Action="urn:liberty:disco:2006-08:SvcMDRegister" />
+ <output message="tns:SvcMDRegisterResponse"
+ wsaw:Action="urn:liberty:disco:2006-08:SvcMDRegisterResponse" />
+ </operation>
+
+ <operation name="MetadataQuery">
+ <input message="tns:SvcMDQuery"
+ wsaw:Action="urn:liberty:disco:2006-08:SvcMDQuery" />
+ <output message="tns:SvcMDQueryResponse"
+ wsaw:Action="urn:liberty:disco:2006-08:SvcMDQueryResponse" />
+ </operation>
+
+ <operation name="MetadataReplace">
+ <input message="tns:SvcMDReplace"
+ wsaw:Action="urn:liberty:disco:2006-08:SvcMDReplace" />
+ <output message="tns:SvcMDReplaceResponse"
+ wsaw:Action="urn:liberty:disco:2006-08:SvcMDReplaceResponse" />
+ </operation>
+
+ <operation name="MetadataDelete">
+ <input message="tns:SvcMDDelete"
+ wsaw:Action="urn:liberty:disco:2006-08:SvcMDDelete" />
+ <output message="tns:SvcMDDeleteResponse"
+ wsaw:Action="urn:liberty:disco:2006-08:SvcMDDeleteResponse" />
+ </operation>
+
+
+ </portType>
+
+ <!--
+ An example of a binding and service that can be used with this
+ abstract service description is provided below.
+ -->
+
+ <binding name="DiscoveryBinding" type="tns:DiscoveryPort">
+
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+
+ <operation name="DiscoveryQuery">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+
+ <operation name="MDAssociationAdd">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+
+
+ <operation name="MDAssociationQuery">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+
+ <operation name="MDAssociationDelete">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+
+ <operation name="MetadataRegister">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+
+ <operation name="MetadataQuery">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+
+ <operation name="MetadataReplace">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+
+ <operation name="MetadataDelete">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+
+
+ </binding>
+
+ <service name="DiscoveryService">
+
+ <port name="DiscoveryPort" binding="tns:DiscoveryBinding">
+
+ <!-- Modify with the REAL SOAP endpoint -->
+
+ <soap:address location="http://example.com/discovery"/>
+
+ </port>
+
+ </service>
+
+</definitions>
Added: identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-idmapping-svc-v2.0.wsdl
===================================================================
--- identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-idmapping-svc-v2.0.wsdl (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-idmapping-svc-v2.0.wsdl 2009-05-22 23:01:32 UTC (rev 514)
@@ -0,0 +1,67 @@
+<?xml version="1.0"?>
+<definitions name="AuthenticationService"
+ targetNamespace="urn:liberty:ims:2006-08"
+ xmlns:tns="urn:liberty:ims:2006-08"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:S="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:ims="urn:liberty:ims:2006-08"
+ xmlns:wsaw="http://www.w3.org/2006/02/addressing/wsdl"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/
+ http://schemas.xmlsoap.org/wsdl/
+ http://www.w3.org/2006/02/addressing/wsdl
+ http://www.w3.org/2006/02/addressing/wsdl/ws-addr-wsdl.xsd">
+
+ <xsd:documentation>
+The source code in this WSDL file was excerpted verbatim from:
+
+Liberty ID-WSF Liberty ID-WSF Authentication, Single Sign-On, and Identity Mapping Services Specification
+Version 2.0-errata-v1.0
+28 November, 2006
+
+Copyright (c) 2007 Liberty Alliance participants, see
+http://projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications/idwsf_feb_copyrights
+
+ </xsd:documentation>
+
+ <types>
+ <xs:schema>
+ <xs:import namespace="urn:liberty:ims:2006-08"
+ schemaLocation="liberty-idwsf-idmapping-svc-v2.0.xsd"/>
+ </xs:schema>
+ </types>
+
+ <message name="IdentityMappingSoapRequest">
+ <part name="parameters" element="ims:IdentityMappingRequest"/>
+ </message>
+ <message name="IdentityMappingSoapResponse">
+ <part name="parameters" element="ims:IdentityMappingResponse"/>
+ </message>
+
+ <portType name="IdMappingPortType">
+ <operation name="IdentityMapping">
+ <input message="ims:IdentityMappingSoapRequest"
+ wsaw:Action="urn:liberty:ims:2006-08:IdentityMappingRequest"/>
+ <output message="ims:IdentityMappingSoapResponse"
+ wsaw:Action="urn:liberty:ims:2006-08:IdentityMappingResponse"/>
+ </operation>
+ </portType>
+ <binding name="IdMappingSoapBinding" type="ims:IdMappingPortType">
+ <S:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="IdentityMapping">
+ <input>
+ <S:body use="literal"/>
+ </input>
+ <output>
+ <S:body use="literal"/>
+ </output>
+ </operation>
+ </binding>
+ <service name="IdMappingService">
+ <port name="IdMappingPortType" binding="ims:IdMappingSoapBinding">
+ <S:address location="http://example.com/idmapping"/>
+ </port>
+ </service>
+</definitions>
Added: identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-interaction-svc-v2.0.wsdl
===================================================================
--- identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-interaction-svc-v2.0.wsdl (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-interaction-svc-v2.0.wsdl 2009-05-22 23:01:32 UTC (rev 514)
@@ -0,0 +1,80 @@
+<?xml version="1.0"?>
+<definitions
+ name="id-wsf-is_2006-08_wsdl_interface"
+ targetNamespace="urn:liberty:is:2006-08"
+ xmlns:tns="urn:liberty:is:2006-08"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:wsaw="http://www.w3.org/2006/02/addressing/wsdl"
+ xmlns:is="urn:liberty:is:2006-08"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/
+ http://schemas.xmlsoap.org/wsdl/
+ http://www.w3.org/2006/02/addressing/wsdl
+ http://www.w3.org/2006/02/addressing/wsdl/ws-addr-wsdl.xsd">
+
+ <xsd:documentation>
+The source code in this WSDL file was excerpted verbatim from:
+
+Liberty ID-WSF Interaction Service Specification
+Version 2.0-errata-v1.0
+21 April, 2007
+
+Copyright (c) 2007 Liberty Alliance participants, see
+http://projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications/idwsf_feb_copyrights
+
+ </xsd:documentation>
+
+ <types>
+ <xsd:import namespace="urn:liberty:is:2006-08"
+ schemaLocation="liberty-idwsf-interaction-svc-v2.0.xsd"/>
+ </types>
+
+ <!-- Messages -->
+
+ <message name="InteractionRequest">
+ <part name="body" type="is:InteractionRequest"/>
+ </message>
+
+ <message name="InteractionResponse">
+ <part name="body" type="is:InteractionResponse"/>
+ </message>
+
+ <!-- Port Type -->
+
+ <portType name="ISPort">
+ <operation name="ISInteraction">
+ <input message="tns:InteractionRequest"
+ wsaw:Action="urn:liberty:is:2006-08:InteractionRequest"/>
+ <output message="tns:InteractionResponse"
+ wsaw:Action="urn:liberty:is:2006-08:InteractionResponse"/>
+ </operation>
+ </portType>
+
+ <!--
+ An example of a binding and service that can be used with this
+ abstract service description is provided below.
+ -->
+
+ <binding name="ISBinding" type="tns:ISPort">
+
+ <soap:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+
+ <operation name="Interaction">
+ <soap:operation soapAction="urn:liberty:is:2006-08:Interaction"/>
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+ </binding>
+
+ <service name="InteractionService">
+ <port name="ISPort" binding="tns:ISBinding">
+
+ <!-- Modify with the REAL SOAP endpoint -->
+
+ <soap:address location="http://example.com/id-wsf/is"/>
+ </port>
+ </service>
+
+</definitions>
Added: identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-people-service-v1.0.wsdl
===================================================================
--- identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-people-service-v1.0.wsdl (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-people-service-v1.0.wsdl 2009-05-22 23:01:32 UTC (rev 514)
@@ -0,0 +1,341 @@
+<definitions
+ name="id-wsf-ps_2006-08_wsdl_interface"
+ targetNamespace="urn:liberty:ps:2006-08"
+ xmlns:tns="urn:liberty:ps:2006-08"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:soap="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:wsaw="http://www.w3.org/2006/02/addressing/wsdl"
+ xmlns:ps="urn:liberty:ps:2006-08"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/
+ http://schemas.xmlsoap.org/wsdl/
+ http://www.w3.org/2006/02/addressing/wsdl
+ http://www.w3.org/2006/02/addressing/wsdl/ws-addr-wsdl.xsd">
+
+ <xsd:documentation>
+The source code in this WSDL file was excerpted verbatim from:
+
+Liberty ID-WSF People Service Specification
+Version 1.0-errata-v1.0
+06 March, 2007
+
+Copyright (c) 2007 Liberty Alliance participants, see
+http://projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications/idwsf_feb_copyrights
+
+ </xsd:documentation>
+
+ <types>
+ <xsd:schema>
+ <xsd:import namespace="urn:liberty:ps:2006-08"
+ schemaLocation="liberty-idwsf-people-service-v1.0.xsd"/>
+ </xsd:schema>
+ </types>
+
+ <!-- Messages -->
+
+ <!-- Adding a User -->
+
+ <message name="AddEntityRequest">
+ <part name="body" element="ps:AddEntityRequest"/>
+ </message>
+
+ <message name="AddEntityResponse">
+ <part name="body" element="ps:AddEntityResponse"/>
+ </message>
+
+ <!-- Adding a Known User -->
+
+ <message name="AddKnownEntityRequest">
+ <part name="body" element="ps:AddKnownEntityRequest"/>
+ </message>
+
+ <message name="AddKnownEntityResponse">
+ <part name="body" element="ps:AddKnownEntityResponse"/>
+ </message>
+
+
+ <!-- Removing a User -->
+
+ <message name="RemoveEntityRequest">
+ <part name="body" element="ps:RemoveEntityRequest"/>
+ </message>
+
+ <message name="RemoveEntityResponse">
+ <part name="body" element="ps:RemoveEntityResponse"/>
+ </message>
+
+ <!-- Adding a Group -->
+
+ <message name="AddCollectionRequest">
+ <part name="body" element="ps:AddCollectionRequest"/>
+ </message>
+
+ <message name="AddCollectionResponse">
+ <part name="body" element="ps:AddCollectionResponse"/>
+ </message>
+
+ <!-- Removing a Group -->
+
+ <message name="RemoveCollectionRequest">
+ <part name="body" element="ps:RemoveCollectionRequest"/>
+ </message>
+
+ <message name="RemoveCollectionResponse">
+ <part name="body" element="ps:RemoveCollectionResponse"/>
+ </message>
+
+ <!-- Adding to a Group -->
+
+ <message name="AddToCollectionRequest">
+ <part name="body" element="ps:AddToCollectionRequest"/>
+ </message>
+
+ <message name="AddToCollectionResponse">
+ <part name="body" element="ps:AddToCollectionResponse"/>
+ </message>
+
+ <!-- Removing From a Group -->
+
+ <message name="RemoveFromCollectionRequest">
+ <part name="body" element="ps:RemoveFromCollectionRequest"/>
+ </message>
+
+ <message name="RemoveFromCollectionResponse">
+ <part name="body" element="ps:RemoveFromCollectionResponse"/>
+ </message>
+
+ <!-- Listing Members -->
+
+ <message name="ListMembersRequest">
+ <part name="body" element="ps:ListMembersRequest"/>
+ </message>
+
+ <message name="ListMembersResponse">
+ <part name="body" element="ps:ListMembersResponse"/>
+ </message>
+
+ <!-- Retrieving Object Info -->
+
+ <message name="GetObjectInfoRequest">
+ <part name="body" element="ps:GetObjectInfoRequest"/>
+ </message>
+
+ <message name="GetObjectInfoResponse">
+ <part name="body" element="ps:GetObjectInfoResponse"/>
+ </message>
+
+ <!-- Updating Object Info -->
+
+ <message name="SetObjectInfoRequest">
+ <part name="body" element="ps:SetObjectInfoRequest"/>
+ </message>
+
+ <message name="SetObjectInfoResponse">
+ <part name="body" element="ps:SetObjectInfoResponse"/>
+ </message>
+
+ <!-- Querying Objects -->
+
+ <message name="QueryObjectsRequest">
+ <part name="body" element="ps:QueryObjectsRequest"/>
+ </message>
+
+ <message name="QueryObjectsResponse">
+ <part name="body" element="ps:QueryObjectsResponse"/>
+ </message>
+
+ <!-- Testing Membership -->
+
+ <message name="TestMembershipRequest">
+ <part name="body" element="ps:TestMembershipRequest"/>
+ </message>
+
+ <message name="TestMembershipResponse">
+ <part name="body" element="ps:TestMembershipResponse"/>
+ </message>
+
+ <!-- Resolving Identifiers -->
+
+ <message name="ResolveIdentifierRequest">
+ <part name="body" element="ps:ResolveIdentifierRequest"/>
+ </message>
+
+ <message name="ResolveIdentifierResponse">
+ <part name="body" element="ps:ResolveIdentifierResponse"/>
+ </message>
+
+ <!-- Port Type -->
+
+ <portType name="LibertyPS1">
+
+ <operation name="AddEntity">
+ <input message="tns:AddEntityRequest"
+ wsaw:Action="urn:liberty:ps:2006-08:AddEntityRequest"/>
+ <output message="tns:AddEntityResponse"
+ wsaw:Action="urn:liberty:ps:2006-08:AddEntityResponse"/>
+ </operation>
+
+ <operation name="AddKnownEntity">
+ <input message="tns:AddKnownEntityRequest"
+ wsaw:Action="urn:liberty:ps:2006-08:AddKnownEntityRequest"/>
+ <output message="tns:AddKnownEntityResponse"
+ wsaw:Action="urn:liberty:ps:2006-08:AddKnownEntityResponse"/>
+ </operation>
+
+ <operation name="RemoveEntity">
+ <input message="tns:RemoveEntityRequest"
+ wsaw:Action="urn:liberty:ps:2006-08:RemoveEntityRequest"/>
+ <output message="tns:RemoveEntityResponse"
+ wsaw:Action="urn:liberty:ps:2006-08:RemoveEntityResponse"/>
+ </operation>
+
+ <operation name="AddCollection">
+ <input message="tns:AddCollectionRequest"
+ wsaw:Action="urn:liberty:ps:2006-08:AddCollectionRequest"/>
+ <output message="tns:AddCollectionResponse"
+ wsaw:Action="urn:liberty:ps:2006-08:AddCollectionResponse"/>
+ </operation>
+
+ <operation name="RemoveCollection">
+ <input message="tns:RemoveCollectionRequest"
+ wsaw:Action="urn:liberty:ps:2006-08:RemoveCollectionRequest"/>
+ <output message="tns:RemoveCollectionResponse"
+ wsaw:Action="urn:liberty:ps:2006-08:RemoveCollectionResponse"/>
+ </operation>
+
+ <operation name="AddToCollection">
+ <input message="tns:AddToCollectionRequest"
+ wsaw:Action="urn:liberty:ps:2006-08:AddToCollectionRequest"/>
+ <output message="tns:AddToCollectionResponse"
+ wsaw:Action="urn:liberty:ps:2006-08:AddToCollectionResponse"/>
+ </operation>
+
+ <operation name="RemoveFromCollection">
+ <input message="tns:RemoveFromCollectionRequest"
+ wsaw:Action="urn:liberty:ps:2006-08:RemoveFromCollectionRequest"/>
+ <output message="tns:RemoveFromCollectionResponse"
+ wsaw:Action="urn:liberty:ps:2006-08:RemoveFromCollectionResponse"/>
+ </operation>
+
+ <operation name="ListMembersOfCollection">
+ <input message="tns:ListMembersRequest"
+ wsaw:Action="urn:liberty:ps:2006-08:ListMembersRequest"/>
+ <output message="tns:ListMembersResponse"
+ wsaw:Action="urn:liberty:ps:2006-08:ListMembersResponse"/>
+ </operation>
+
+ <operation name="GetObjectInfo">
+ <input message="tns:GetObjectInfoRequest"
+ wsaw:Action="urn:liberty:ps:2006-08:GetObjectInfoRequest"/>
+ <output message="tns:GetObjectInfoResponse"
+ wsaw:Action="urn:liberty:ps:2006-08:GetObjectInfoResponse"/>
+ </operation>
+
+ <operation name="SetObjectInfo">
+ <input message="tns:SetObjectInfoRequest"
+ wsaw:Action="urn:liberty:ps:2006-08:SetObjectInfoRequest"/>
+ <output message="tns:SetObjectInfoResponse"
+ wsaw:Action="urn:liberty:ps:2006-08:SetObjectInfoResponse"/>
+ </operation>
+
+ <operation name="QueryObjects">
+ <input message="tns:QueryObjectsRequest"
+ wsaw:Action="urn:liberty:ps:2006-08:QueryObjectsRequest"/>
+ <output message="tns:QueryObjectsResponse"
+ wsaw:Action="urn:liberty:ps:2006-08:QueryObjectsResponse"/>
+ </operation>
+
+ <operation name="TestMembership">
+ <input message="tns:TestMembershipRequest"
+ wsaw:Action="urn:liberty:ps:2006-08:TestMembershipRequest"/>
+ <output message="tns:TestMembershipResponse"
+ wsaw:Action="urn:liberty:ps:2006-08:TestMembershipResponse"/>
+ </operation>
+
+ <operation name="ResolveIdentifier">
+ <input message="tns:ResolveIdentifierRequest"
+ wsaw:Action="urn:liberty:ps:2006-08:ResolveIdentifierRequest"/>
+ <output message="tns:ResolveIdentifierResponse"
+ wsaw:Action="urn:liberty:ps:2006-08:ResolveIdentifierResponse"/>
+ </operation>
+
+ </portType>
+
+ <!--
+ An example of a binding and service that can be used with this
+ abstract service description is provided below.
+ -->
+
+ <binding name="PeopleServiceSoapBinding" type="tns:LibertyPS1">
+
+ <soap:binding style="document"
+ transport="http://schemas.xmlsoap.org/soap/http"/>
+
+ <operation name="AddEntity">
+ <soap:operation/>
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+
+ <operation name="AddKnownEntity">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+ <operation name="RemoveEntity">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+ <operation name="AddCollection">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+ <operation name="RemoveCollection">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+ <operation name="AddToCollection">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+ <operation name="RemoveFromCollection">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+ <operation name="ListMembersOfCollection">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+ <operation name="GetObjectInfo">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+ <operation name="SetObjectInfo">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+ <operation name="QueryObjects">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+ <operation name="TestMembership">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+ <operation name="ResolveIdentifier">
+ <input> <soap:body use="literal"/> </input>
+ <output> <soap:body use="literal"/> </output>
+ </operation>
+
+ </binding>
+
+ <service name="PeopleService">
+ <port name="PeoplePort" binding="ps:PeopleServiceSoapBinding">
+
+ <!-- Modify with the REAL SOAP endpoint -->
+
+ <soap:address location="http://example.com/peopleservice"/>
+ </port>
+ </service>
+
+</definitions>
Added: identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-sso-svc-v2.0.wsdl
===================================================================
--- identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-sso-svc-v2.0.wsdl (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-model/src/main/resources/wsdl/liberty/idwsf/liberty-idwsf-sso-svc-v2.0.wsdl 2009-05-22 23:01:32 UTC (rev 514)
@@ -0,0 +1,68 @@
+<?xml version="1.0"?>
+<definitions name="AuthenticationService"
+ targetNamespace="urn:liberty:ssos:2006-08"
+ xmlns:tns="urn:liberty:ssos:2006-08"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:S="http://schemas.xmlsoap.org/wsdl/soap/"
+ xmlns="http://schemas.xmlsoap.org/wsdl/"
+ xmlns:ssos="urn:liberty:ssos:2006-08"
+ xmlns:samlp2="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:wsaw="http://www.w3.org/2006/02/addressing/wsdl"
+ xmlns:xsd="http://www.w3.org/2001/XMLSchema"
+ xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://schemas.xmlsoap.org/wsdl/
+ http://schemas.xmlsoap.org/wsdl/
+ http://www.w3.org/2006/02/addressing/wsdl
+ http://www.w3.org/2006/02/addressing/wsdl/ws-addr-wsdl.xsd">
+
+ <xsd:documentation>
+The source code in this WSDL file was excerpted verbatim from:
+
+Liberty ID-WSF Liberty ID-WSF Authentication, Single Sign-On, and Identity Mapping Services Specification
+Version 2.0-errata-v1.0
+28 November, 2006
+
+Copyright (c) 2007 Liberty Alliance participants, see
+http://projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications/idwsf_feb_copyrights
+
+ </xsd:documentation>
+
+ <types>
+ <xs:schema>
+ <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
+ schemaLocation="saml-schema-protocol-2.0.xsd"/>
+ </xs:schema>
+ </types>
+
+ <message name="SSOSoapRequest">
+ <part name="parameters" element="samlp2:AuthnRequest"/>
+ </message>
+ <message name="SSOSoapResponse">
+ <part name="parameters" element="samlp2:Response"/>
+ </message>
+
+ <portType name="SSOSPortType">
+ <operation name="SingleSignOn">
+ <input message="ssos:SSOSoapRequest"
+ wsaw:Action="urn:liberty:ssos:2006-08:AuthnRequest"/>
+ <output message="ssos:SSOSoapResponse"
+ wsaw:Action="urn:liberty:ssos:2006-08:Response"/>
+ </operation>
+ </portType>
+ <binding name="SSOSSoapBinding" type="ssos:SSOSPortType">
+ <S:binding style="document" transport="http://schemas.xmlsoap.org/soap/http"/>
+ <operation name="SingleSignOn">
+ <input>
+ <S:body use="literal"/>
+ </input>
+ <output>
+ <S:body use="literal"/>
+ </output>
+ </operation>
+ </binding>
+ <service name="SSOService">
+ <port name="SSOSPortType" binding="ssos:SSOSSoapBinding">
+ <S:address location="http://example.com/idmapping"/>
+ </port>
+ </service>
+</definitions>
15 years, 8 months
- 1
- 0
JBoss Identity SVN: r513 - in identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema: liberty and 1 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-05-22 19:00:43 -0400 (Fri, 22 May 2009)
New Revision: 513
Added:
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-authn-svc-v2.0.xsd
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-disco-svc-v2.0.xsd
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-idmapping-svc-v2.0.xsd
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-interaction-svc-v2.0.xsd
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-people-service-v1.0.xsd
identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-soap-binding.xsd
Log:
JBID-113: liberty ID-wsf 2 schemas
Added: identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-authn-svc-v2.0.xsd
===================================================================
--- identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-authn-svc-v2.0.xsd (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-authn-svc-v2.0.xsd 2009-05-22 23:00:43 UTC (rev 513)
@@ -0,0 +1,163 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema
+ targetNamespace="urn:liberty:sa:2006-08"
+ xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:sa="urn:liberty:sa:2006-08"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:samlp2="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:wsa="http://www.w3.org/2005/08/addressing"
+ xmlns:lu="urn:liberty:util:2006-08"
+ xmlns="urn:liberty:sa:2006-08"
+ elementFormDefault="qualified"
+ attributeFormDefault="unqualified"
+ version="09"
+ >
+
+ <xs:import
+ namespace="http://www.w3.org/2005/08/addressing"
+ schemaLocation="ws-addr-1.0.xsd"/>
+
+ <xs:import
+ namespace="urn:oasis:names:tc:SAML:2.0:protocol"
+ schemaLocation="saml-schema-protocol-2.0.xsd"/>
+
+ <xs:import namespace="urn:liberty:util:2006-08"
+ schemaLocation="liberty-idwsf-utility-v2.0.xsd"/>
+
+ <xs:annotation>
+ <xs:documentation>
+The source code in this schema file was excerpted verbatim from:
+
+Liberty ID-WSF Liberty ID-WSF Authentication, Single Sign-On, and Identity Mapping Services Specification
+Version 2.0-errata-v1.0
+28 November, 2006
+
+Copyright (c) 2007 Liberty Alliance participants, see
+http://projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications/idwsf_feb_copyrights
+
+ </xs:documentation>
+ </xs:annotation>
+
+ <!-- SASLRequest and SASLResponse ID-* messages -->
+
+ <xs:element name="SASLRequest">
+ <xs:complexType>
+ <xs:sequence>
+
+ <xs:element name="Data" minOccurs="0">
+ <xs:complexType>
+ <xs:simpleContent>
+ <xs:extension base="xs:base64Binary"/>
+ </xs:simpleContent>
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element ref="samlp2:RequestedAuthnContext" minOccurs="0"/>
+
+ <xs:element name="Extensions" minOccurs="0">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:any namespace="##other" processContents="lax" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ </xs:sequence>
+
+ <xs:attribute name="mechanism"
+ type="xs:string"
+ use="required"/>
+
+ <xs:attribute name="authzID"
+ type="xs:string"
+ use="optional"/>
+
+ <xs:attribute name="advisoryAuthnID"
+ type="xs:string"
+ use="optional"/>
+
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+
+ </xs:complexType>
+ </xs:element>
+
+ <xs:element name="SASLResponse">
+ <xs:complexType>
+ <xs:sequence>
+
+ <xs:element ref="lu:Status"/>
+
+ <xs:element ref="PasswordTransforms" minOccurs="0"/>
+
+ <xs:element name="Data" minOccurs="0">
+ <xs:complexType>
+ <xs:simpleContent>
+ <xs:extension base="xs:base64Binary"/>
+ </xs:simpleContent>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- ID-WSF EPRs -->
+ <xs:element ref="wsa:EndpointReference"
+ minOccurs="0"
+ maxOccurs="unbounded"/>
+
+ </xs:sequence>
+
+ <xs:attribute name="serverMechanism"
+ type="xs:string"
+ use="optional"/>
+
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+
+ </xs:complexType>
+ </xs:element>
+
+
+ <!-- Password Transformations -->
+
+ <xs:element name="PasswordTransforms">
+
+ <xs:annotation>
+ <xs:documentation>
+ Contains ordered list of sequential password transformations
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:complexType>
+ <xs:sequence>
+
+ <xs:element name="Transform" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+
+ <xs:element name="Parameter"
+ minOccurs="0"
+ maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:simpleContent>
+ <xs:extension base="xs:string">
+ <xs:attribute name="name"
+ type="xs:string"
+ use="required"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+ </xs:element>
+
+ </xs:sequence>
+
+ <xs:attribute name="name"
+ type="xs:anyURI"
+ use="required"/>
+
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+</xs:schema>
Added: identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-disco-svc-v2.0.xsd
===================================================================
--- identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-disco-svc-v2.0.xsd (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-disco-svc-v2.0.xsd 2009-05-22 23:00:43 UTC (rev 513)
@@ -0,0 +1,414 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema targetNamespace="urn:liberty:disco:2006-08"
+ xmlns:md="urn:oasis:names:tc:SAML:2.0:metadata"
+ xmlns:sb="urn:liberty:sb:2006-08"
+ xmlns:sbf="urn:liberty:sb"
+ xmlns:sec="urn:liberty:security:2006-08"
+ xmlns:lu="urn:liberty:util:2006-08"
+ xmlns:wsa="http://www.w3.org/2005/08/addressing"
+ xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext..."
+ xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."
+ xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+
+ xmlns="urn:liberty:disco:2006-08"
+ elementFormDefault="qualified"
+ attributeFormDefault="unqualified"
+>
+
+ <xs:import namespace="urn:liberty:util:2006-08"
+ schemaLocation="liberty-idwsf-utility-v2.0.xsd"/>
+
+ <xs:import namespace="urn:liberty:sb:2006-08"
+ schemaLocation="liberty-idwsf-soap-binding-v2.0.xsd"/>
+
+ <xs:import namespace="urn:liberty:sb"
+ schemaLocation="liberty-idwsf-soap-binding.xsd"/>
+
+ <xs:import namespace="http://www.w3.org/2005/08/addressing"
+ schemaLocation="ws-addr-1.0.xsd"/>
+
+ <xs:import namespace="urn:oasis:names:tc:SAML:2.0:metadata"
+ schemaLocation="saml-schema-metadata-2.0.xsd"/>
+
+ <xs:import namespace="urn:liberty:security:2006-08"
+ schemaLocation="liberty-idwsf-security-mechanisms-v2.0.xsd"/>
+
+ <xs:import
+ namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext..."
+ schemaLocation="wss-secext-1.0.xsd"/>
+
+ <xs:import
+ namespace="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."
+ schemaLocation="wss-util-1.0.xsd"/>
+
+ <xs:annotation>
+ <xs:documentation>
+The source code in this schema file was excerpted verbatim from:
+
+Liberty ID-WSF Discovery Service Specification
+Version 2.0-errata-v1.0
+29 November, 2006
+
+Copyright (c) 2007 Liberty Alliance participants, see
+http://projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications/idwsf_feb_copyrights
+
+ </xs:documentation>
+ </xs:annotation>
+
+
+ <!-- **** Discovery Service Data Elements & Types **** -->
+
+ <!-- The data elements and types in this section are used to
+ embellish WS-Addressing Endpoint References (EPRs).
+ They are placed in the /wsa:EndpointReference/Metadata
+ element. Specific usage and cardinalities are stipulated
+ in the Discovery Service v2.0 Specification. -->
+
+ <!-- Abstract: natural-language description of service -->
+
+ <xs:element name="Abstract" type="xs:string"/>
+
+ <!-- Provider ID -->
+
+ <xs:element name="ProviderID" type="xs:anyURI"/>
+
+ <!-- Service Type -->
+
+ <xs:element name="ServiceType" type="xs:anyURI"/>
+
+ <!-- Framework Description -->
+
+ <xs:element name="Framework" type="sbf:FrameworkType" />
+
+ <!-- EPR Expiration Timestamp -->
+
+ <xs:attribute name="notOnOrAfter" type="xs:dateTime"/>
+
+ <!-- Security Context Container -->
+
+ <xs:element name="SecurityContext">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="SecurityMechID"
+ minOccurs="1"
+ maxOccurs="unbounded"/>
+
+ <xs:element ref="sec:Token"
+ minOccurs="0"
+ maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+ </xs:element>
+
+ <!-- Security Mechanism ID -->
+
+ <xs:element name="SecurityMechID" type="xs:anyURI"/>
+
+ <!-- Options -->
+
+ <xs:element name="Options" type="OptionsType"/>
+
+ <xs:element name="Option" type="xs:anyURI" />
+
+ <xs:complexType name="OptionsType">
+ <xs:sequence>
+ <xs:element ref="Option" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <!-- Address -->
+
+ <xs:element name="Address" type="xs:anyURI"/>
+
+ <!-- Action(s) - the interfaces available at this service -->
+
+ <xs:element name="Action" type="xs:anyURI" />
+ <!-- Keys Element - For use in ModifyResponse -->
+
+ <xs:element name="Keys" type="KeysType"/>
+
+ <xs:complexType name="KeysType">
+ <xs:sequence>
+ <xs:element ref="md:KeyDescriptor"
+ minOccurs="1"
+ maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:complexType>
+
+ <!-- Service Metadata (SvcMD) - metadata about service instance -->
+
+ <xs:element name="SvcMD" type="SvcMetadataType"/>
+ <xs:complexType name="SvcMetadataType">
+ <xs:sequence>
+ <xs:element ref="Abstract" />
+ <xs:element ref="ProviderID" />
+ <xs:element ref="ServiceContext" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:attribute name="svcMDID" type="xs:string" use="optional" />
+ </xs:complexType>
+
+ <!-- ServiceContext - describes service type/option/endpoint context -->
+ <xs:element name="ServiceContext" type="ServiceContextType"/>
+ <xs:complexType name="ServiceContextType">
+ <xs:sequence>
+ <xs:element ref="ServiceType" maxOccurs="unbounded" />
+ <xs:element ref="Options" minOccurs="0"
+ maxOccurs="unbounded" />
+ <xs:element ref="EndpointContext" maxOccurs="unbounded" />
+ </xs:sequence>
+ </xs:complexType>
+
+ <!-- EndpointContext - describes endpoints used to access service -->
+ <xs:element name="EndpointContext" type="EndpointContextType" />
+ <xs:complexType name="EndpointContextType">
+ <xs:sequence>
+ <xs:element ref="Address" maxOccurs="unbounded" />
+ <xs:element ref="sbf:Framework" maxOccurs="unbounded" />
+ <xs:element ref="SecurityMechID" maxOccurs="unbounded" />
+ <xs:element ref="Action" minOccurs="0"
+ maxOccurs="unbounded" />
+ </xs:sequence>
+ </xs:complexType>
+
+ <!-- SvcMD ID element used to refer to Service Metadata elements -->
+ <xs:element name="SvcMDID" type="xs:string" />
+
+ <!-- **** Discovery Service Protocol Messages Elements & Types **** -->
+
+ <!-- Query Message Element & Type -->
+
+ <xs:element name="Query" type="QueryType"/>
+
+ <xs:complexType name="QueryType">
+ <xs:sequence>
+ <xs:element name="RequestedService"
+ type="RequestedServiceType"
+ minOccurs="0"
+ maxOccurs="unbounded"/>
+ </xs:sequence>
+
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+ <xs:complexType name="RequestedServiceType">
+ <xs:sequence>
+ <xs:element ref="ServiceType" minOccurs="0" maxOccurs="unbounded" />
+
+ <xs:element ref="ProviderID" minOccurs="0" maxOccurs="unbounded" />
+
+ <xs:element ref="Options" minOccurs="0" maxOccurs="unbounded"/>
+
+ <xs:element ref="SecurityMechID" minOccurs="0" maxOccurs="unbounded"/>
+
+ <xs:element ref="Framework" minOccurs="0" maxOccurs="unbounded"/>
+
+ <xs:element ref="Action" minOccurs="0" maxOccurs="unbounded"/>
+
+ <xs:any namespace="##other"
+ processContents="lax"
+ minOccurs="0"
+ maxOccurs="unbounded"/>
+
+ </xs:sequence>
+
+ <xs:attribute name="reqID" type="xs:string" use="optional" />
+ <xs:attribute name="resultsType" type="xs:string" use="optional" />
+
+ </xs:complexType>
+
+ <!-- QueryResponse Message Element & Type -->
+
+ <xs:element name="QueryResponse" type="QueryResponseType"/>
+
+ <xs:complexType name="QueryResponseType">
+ <xs:sequence>
+ <xs:element ref="lu:Status"/>
+
+ <xs:element ref="wsa:EndpointReference"
+ minOccurs="0"
+ maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+
+ <!-- -->
+ <!-- DS Interfaces for SvcMD Associations -->
+ <!-- -->
+ <!-- These interfaces support the adding, deleting,-->
+ <!-- querying SvcMD Associations for a principal. -->
+ <!-- -->
+
+ <!-- SvcMDAssociationAdd operation -->
+
+ <xs:element name="SvcMDAssociationAdd" type="SvcMDAssociationAddType"/>
+
+ <xs:complexType name="SvcMDAssociationAddType">
+ <xs:sequence>
+ <xs:element ref="SvcMDID" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+ <!-- Response for SvcMDAssociationAdd operation -->
+
+ <xs:element name="SvcMDAssociationAddResponse"
+ type="SvcMDAssociationAddResponseType"/>
+
+ <xs:complexType name="SvcMDAssociationAddResponseType">
+ <xs:sequence>
+ <xs:element ref="lu:Status" />
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+ <!-- SvcMDAssociationDelete operation -->
+
+ <xs:element name="SvcMDAssociationDelete" type="SvcMDAssociationDeleteType"/>
+
+ <xs:complexType name="SvcMDAssociationDeleteType">
+ <xs:sequence>
+ <xs:element ref="SvcMDID" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+ <!-- Response for SvcMDAssociationDelete operation -->
+
+ <xs:element name="SvcMDAssociationDeleteResponse"
+ type="SvcMDAssociationDeleteResponseType"/>
+
+ <xs:complexType name="SvcMDAssociationDeleteResponseType">
+ <xs:sequence>
+ <xs:element ref="lu:Status" />
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+ <!-- SvcMDAssociationQuery operation -->
+
+ <xs:element name="SvcMDAssociationQuery" type="SvcMDAssociationQueryType"/>
+
+ <xs:complexType name="SvcMDAssociationQueryType">
+ <xs:sequence>
+ <xs:element ref="SvcMDID" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+ <!-- Response for SvcMDAssociationQuery operation -->
+
+ <xs:element name="SvcMDAssociationQueryResponse"
+ type="SvcMDAssociationQueryResponseType"/>
+
+ <xs:complexType name="SvcMDAssociationQueryResponseType">
+ <xs:sequence>
+ <xs:element ref="lu:Status" />
+ <xs:element ref="SvcMDID" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+ <!-- -->
+ <!-- DS Interfaces for Service Metadata Management -->
+ <!-- -->
+ <!-- These interfaces document a create, replace, -->
+ <!-- delete, and query interface for the service -->
+ <!-- metadata which is later associated with a -->
+ <!-- principal. -->
+ <!-- -->
+
+ <!-- Register operation for Service Metadata -->
+
+ <xs:element name="SvcMDRegister" type="SvcMDRegisterType"/>
+
+ <xs:complexType name="SvcMDRegisterType">
+ <xs:sequence>
+ <xs:element ref="SvcMD" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+ <!-- Response for SvcMDRegister operation -->
+
+ <xs:element name="SvcMDRegisterResponse"
+ type="SvcMDRegisterResponseType"/>
+
+ <xs:complexType name="SvcMDRegisterResponseType">
+ <xs:sequence>
+
+ <xs:element ref="lu:Status" />
+ <xs:element ref="SvcMDID" minOccurs="0" maxOccurs="unbounded" />
+ <xs:element ref="Keys" minOccurs="0" maxOccurs="unbounded" />
+
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+ <!-- Delete operation on Service Metadata -->
+
+ <xs:element name="SvcMDDelete" type="SvcMDDeleteType"/>
+
+ <xs:complexType name="SvcMDDeleteType">
+ <xs:sequence>
+ <xs:element ref="SvcMDID" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+ <!-- Response for delete operation on Service Metadata -->
+
+ <xs:element name="SvcMDDeleteResponse" type="SvcMDDeleteResponseType"/>
+
+ <xs:complexType name="SvcMDDeleteResponseType">
+ <xs:sequence>
+ <xs:element ref="lu:Status" />
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+ <!-- Query operation on Service Metadata -->
+
+ <xs:element name="SvcMDQuery" type="SvcMDQueryType"/>
+
+ <xs:complexType name="SvcMDQueryType">
+ <xs:sequence>
+ <xs:element ref="SvcMDID"
+ minOccurs="0"
+ maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+ <!-- Response for Query operation on Service Metadata -->
+
+ <xs:element name="SvcMDQueryResponse" type="SvcMDQueryResponseType"/>
+
+ <xs:complexType name="SvcMDQueryResponseType">
+ <xs:sequence>
+ <xs:element ref="lu:Status" />
+ <xs:element ref="SvcMD" minOccurs="0" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+ <!-- Replace operation on Service Metadata -->
+
+ <xs:element name="SvcMDReplace" type="SvcMDReplaceType"/>
+
+ <xs:complexType name="SvcMDReplaceType">
+ <xs:sequence>
+ <xs:element ref="SvcMD" maxOccurs="unbounded" />
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+ <!-- Response for SvcMDReplace operation -->
+
+ <xs:element name="SvcMDReplaceResponse" type="SvcMDReplaceResponseType"/>
+
+ <xs:complexType name="SvcMDReplaceResponseType">
+ <xs:sequence>
+ <xs:element ref="lu:Status" />
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+</xs:schema>
Added: identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-idmapping-svc-v2.0.xsd
===================================================================
--- identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-idmapping-svc-v2.0.xsd (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-idmapping-svc-v2.0.xsd 2009-05-22 23:00:43 UTC (rev 513)
@@ -0,0 +1,70 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<xs:schema
+ targetNamespace="urn:liberty:ims:2006-08"
+ xmlns:S="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ims="urn:liberty:ims:2006-08"
+ xmlns:sec="urn:liberty:security:2006-08"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:lu="urn:liberty:util:2006-08"
+ xmlns="urn:liberty:ims:2006-08"
+ elementFormDefault="qualified"
+ attributeFormDefault="unqualified"
+ >
+
+ <xs:import
+ namespace="urn:liberty:security:2006-08"
+ schemaLocation="liberty-idwsf-security-mechanisms-v2.0.xsd"/>
+
+ <xs:import namespace="urn:liberty:util:2006-08"
+ schemaLocation="liberty-idwsf-utility-v2.0.xsd"/>
+
+ <xs:annotation>
+ <xs:documentation>
+The source code in this schema file was excerpted verbatim from:
+
+Liberty ID-WSF Liberty ID-WSF Authentication, Single Sign-On, and Identity Mapping Services Specification
+Version 2.0-errata-v1.0
+28 November, 2006
+
+Copyright (c) 2007 Liberty Alliance participants, see
+http://projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications/idwsf_feb_copyrights
+
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:element name="MappingInput" type="MappingInputType"/>
+ <xs:complexType name="MappingInputType">
+ <xs:sequence>
+ <xs:element ref="sec:TokenPolicy" minOccurs="0"/>
+ <xs:element ref="sec:Token" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="reqID" type="lu:IDType" use="optional"/>
+ </xs:complexType>
+
+ <xs:element name="MappingOutput" type="MappingOutputType"/>
+ <xs:complexType name="MappingOutputType">
+ <xs:sequence>
+ <xs:element ref="sec:Token"/>
+ </xs:sequence>
+ <xs:attribute name="reqRef" type="lu:IDReferenceType" use="optional"/>
+ </xs:complexType>
+
+ <xs:element name="IdentityMappingRequest" type="IdentityMappingRequestType"/>
+ <xs:complexType name="IdentityMappingRequestType">
+ <xs:sequence>
+ <xs:element ref="MappingInput" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+ <xs:element name="IdentityMappingResponse" type="IdentityMappingResponseType"/>
+ <xs:complexType name="IdentityMappingResponseType">
+ <xs:sequence>
+ <xs:element ref="lu:Status"/>
+ <xs:element ref="MappingOutput" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+</xs:schema>
Added: identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-interaction-svc-v2.0.xsd
===================================================================
--- identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-interaction-svc-v2.0.xsd (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-interaction-svc-v2.0.xsd 2009-05-22 23:00:43 UTC (rev 513)
@@ -0,0 +1,135 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema targetNamespace="urn:liberty:is:2006-08"
+ xmlns="urn:liberty:is:2006-08"
+ xmlns:is="urn:liberty:is:2006-08"
+ xmlns:lu="urn:liberty:util:2006-08"
+ xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ elementFormDefault="qualified"
+ attributeFormDefault="unqualified"
+ version="2.0">
+
+ <xs:import namespace="urn:liberty:util:2006-08"
+ schemaLocation="liberty-idwsf-utility-v2.0.xsd"/>
+
+ <xs:import namespace="http://schemas.xmlsoap.org/soap/envelope/"
+ schemaLocation="http://schemas.xmlsoap.org/soap/envelope/"/>
+ <xs:import namespace="http://www.w3.org/2000/09/xmldsig#"
+ schemaLocation="http://www.w3.org/TR/2002/REC-xmldsig-core-20020212/xmldsig-core-schema.xsd"/>
+
+ <xs:annotation>
+ <xs:documentation>
+The source code in this schema file was excerpted verbatim from:
+
+Liberty ID-WSF Interaction Service Specification
+Version 2.0-errata-v1.0
+21 April, 2007
+
+Copyright (c) 2007 Liberty Alliance participants, see
+http://projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications/idwsf_feb_copyrights
+
+ </xs:documentation>
+ </xs:annotation>
+
+ <xs:element name="InteractionRequest" type="InteractionRequestType"/>
+ <xs:complexType name="InteractionRequestType">
+ <xs:sequence>
+ <xs:element ref="Inquiry" maxOccurs="unbounded"/>
+ <xs:element ref="ds:KeyInfo" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="id" type="xs:ID" use="optional"/>
+ <xs:attribute name="language" type="xs:NMTOKENS" use="optional"/>
+ <xs:attribute name="maxInteractTime" type="xs:integer" use="optional"/>
+ <xs:attribute name="signed" type="xs:token" use="optional"/>
+ </xs:complexType>
+
+ <xs:element name="Inquiry" type="InquiryType"/>
+ <xs:complexType name="InquiryType">
+ <xs:sequence>
+ <xs:element ref="Help" minOccurs="0"/>
+ <xs:choice maxOccurs="unbounded">
+ <xs:element ref="Select" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="Confirm" type="InquiryElementType"
+ minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="Text" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:choice>
+ </xs:sequence>
+ <xs:attribute name="id" type="xs:ID" use="optional"/>
+ <xs:attribute name="title" type="xs:string" use="optional"/>
+ </xs:complexType>
+
+ <xs:element name="Help" type="HelpType"/>
+ <xs:complexType name="HelpType">
+ <xs:attribute name="label" type="xs:string" use="optional"/>
+ <xs:attribute name="link" type="xs:anyURI" use="optional"/>
+ <xs:attribute name="moreLink" type="xs:anyURI" use="optional"/>
+ </xs:complexType>
+
+ <xs:element name="Hint" type="xs:string"/>
+
+ <xs:element name="Select" type="SelectType"/>
+ <xs:complexType name="SelectType">
+ <xs:complexContent>
+ <xs:extension base="InquiryElementType">
+ <xs:sequence>
+ <xs:element name="Item" minOccurs="2" maxOccurs="unbounded">
+ <xs:complexType>
+ <xs:sequence>
+ <xs:element ref="Hint" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="label" type="xs:string" use="optional"/>
+ <xs:attribute name="value" type="xs:NMTOKEN" use="required"/>
+ </xs:complexType>
+ </xs:element>
+ </xs:sequence>
+ <xs:attribute name="multiple" type="xs:boolean" use="optional" default="false"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:element name="Text" type="TextType"/>
+ <xs:complexType name="TextType">
+ <xs:complexContent>
+ <xs:extension base="InquiryElementType">
+ <xs:attribute name="minChars" type="xs:integer" use="optional"/>
+ <xs:attribute name="maxChars" type="xs:integer" use="optional"/>
+ <xs:attribute name="format" type="xs:string" use="optional"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <xs:complexType name="InquiryElementType" abstract="true">
+ <xs:sequence>
+ <xs:element ref="Help" minOccurs="0"/>
+ <xs:element ref="Hint" minOccurs="0"/>
+ <xs:element name="Label" type="xs:normalizedString" minOccurs="0"/>
+ <xs:element name="Value" type="xs:normalizedString" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="name" type="xs:ID" use="required"/>
+ </xs:complexType>
+
+<xs:element name="InteractionResponse" type="InteractionResponseType"/>
+ <xs:complexType name="InteractionResponseType">
+ <xs:sequence>
+ <xs:element ref="lu:Status"/>
+ <xs:choice>
+ <xs:element name="InteractionStatement" type="InteractionStatementType"
+ minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="Parameter" type="ParameterType" minOccurs="0"
+ maxOccurs="unbounded"/>
+ </xs:choice>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="InteractionStatementType">
+ <xs:sequence>
+ <xs:element ref="Inquiry" maxOccurs="unbounded"/>
+ <xs:element ref="ds:Signature"/>
+ </xs:sequence>
+ </xs:complexType>
+ <xs:complexType name="ParameterType">
+ <xs:attribute name="name" type="xs:ID" use="required"/>
+ <xs:attribute name="value" type="xs:string" use="required"/>
+ </xs:complexType>
+
+</xs:schema>
Added: identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-people-service-v1.0.xsd
===================================================================
--- identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-people-service-v1.0.xsd (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-people-service-v1.0.xsd 2009-05-22 23:00:43 UTC (rev 513)
@@ -0,0 +1,547 @@
+<xs:schema
+ targetNamespace="urn:liberty:ps:2006-08"
+ xmlns="urn:liberty:ps:2006-08"
+ xmlns:lu="urn:liberty:util:2006-08"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns:ims="urn:liberty:ims:2006-08"
+ xmlns:subs="urn:liberty:ssos:2006-08"
+ xmlns:sec="urn:liberty:security:2006-08"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ elementFormDefault="qualified"
+ attributeFormDefault="unqualified">
+
+ <xs:import namespace="urn:liberty:util:2006-08"
+ schemaLocation="liberty-idwsf-utility-v2.0.xsd"/>
+ <xs:import namespace="urn:liberty:ims:2006-08"
+ schemaLocation="liberty-idwsf-idmapping-svc-v2.0.xsd"/>
+ <xs:import namespace="urn:liberty:ssos:2006-08"
+ schemaLocation="liberty-idwsf-subs-v1.0.xsd"/>
+ <xs:import namespace="urn:liberty:security:2006-08"
+ schemaLocation="liberty-idwsf-security-mechanisms-v2.0.xsd"/>
+ <xs:import namespace="urn:oasis:names:tc:SAML:2.0:protocol"
+ schemaLocation="saml-schema-protocol-2.0.xsd"/>
+
+ <xs:annotation>
+ <xs:documentation>
+The source code in this XSD file was excerpted verbatim from:
+
+Liberty ID-WSF People Service Specification
+Version 1.0-errata-v1.0
+06 March, 2007
+
+Copyright (c) 2007 Liberty Alliance participants, see
+http://projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications/idwsf_feb_copyrights
+
+ </xs:documentation>
+ </xs:annotation>
+
+ <!-- Definition of LocalizedDisplayNameType -->
+ <xs:complexType name="LocalizedDisplayNameType">
+ <xs:simpleContent>
+ <xs:extension base="xs:string">
+ <xs:attribute name="Locale" type="xs:language" use="optional"/>
+ <xs:attribute name="IsDefault" type="xs:boolean" use="optional"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+
+ <!-- Definition of TagType -->
+ <xs:complexType name="TagType">
+ <xs:simpleContent>
+ <xs:extension base="xs:string">
+ <xs:attribute name="Ref" type="xs:anyURI" use="required"/>
+ </xs:extension>
+ </xs:simpleContent>
+ </xs:complexType>
+
+ <!-- Declaration of ObjectID element -->
+ <xs:element name="ObjectID" type="ObjectIDType"/>
+
+ <!-- Declaration of TargetObjectID element -->
+ <xs:element name="TargetObjectID" type="ObjectIDType"/>
+
+ <!-- Definition of ObjectIDType -->
+ <xs:complexType name="ObjectIDType">
+ <xs:simpleContent>
+ <xs:extension base="xs:anyURI"/>
+ </xs:simpleContent>
+ </xs:complexType>
+
+ <!-- Declaration of Object element -->
+ <xs:element name="Object" type="ObjectType"/>
+
+ <!-- Definition of ObjectType -->
+ <xs:complexType name="ObjectType">
+ <xs:sequence>
+ <xs:element ref="ObjectID" minOccurs="0"/>
+ <xs:element name="DisplayName" type="LocalizedDisplayNameType"
+ minOccurs="1" maxOccurs="unbounded"/>
+ <xs:element name="Tag" type="TagType" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="Object" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element name="ObjectRef" type="ObjectIDType" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="NodeType" type="xs:anyURI" use="required"/>
+ <xs:attribute name="CreatedDateTime" type="xs:dateTime" use="optional"/>
+ <xs:attribute name="ModifiedDateTime" type="xs:dateTime" use="optional"/>
+ </xs:complexType>
+
+ <!-- Declaration of PStoSPRedirectURL-->
+
+ <xs:element name="PStoSPRedirectURL" type="PStoSPRedirectURLType"/>
+
+ <!-- Definition of PStoSPRedirectURLType-->
+
+ <xs:complexType name="PStoSPRedirectURLType">
+ <xs:annotation>
+ <xs:documentation>
+ When sending a AddEntityRequest to a PS provider,
+ the SP may insert a PStoSPRedirectURL. It will be
+ to this URL that the invited principals will be
+ sent after federating their IDP account to the PS
+ provider.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:simpleContent>
+ <xs:extension base="xs:anyURI"/>
+ </xs:simpleContent>
+ </xs:complexType>
+
+ <!-- Declaration of SPtoPSRedirectURL-->
+
+ <xs:element name="SPtoPSRedirectURL" type="SPtoPSRedirectURLType"/>
+
+ <!-- Definition of SPtoPSRedirectURLType-->
+
+ <xs:complexType name="SPtoPSRedirectURLType">
+ <xs:annotation>
+ <xs:documentation>
+ A PS provider may insert a SPtoPSRedirectURL in its
+ AddEntityResponse. It will be to this URL that the
+ invited principal will be sent after responding to the
+ invitation.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:simpleContent>
+ <xs:extension base="xs:anyURI"/>
+ </xs:simpleContent>
+ </xs:complexType>
+
+ <!-- Declaration of QueryString -->
+
+ <xs:element name="QueryString" type="QueryStringType"/>
+
+ <!-- Definition of QueryStringType-->
+
+ <xs:complexType name="QueryStringType">
+ <xs:annotation>
+ <xs:documentation>
+ A PS provider may insert a QueryString in its
+ AddEntityResponse or AddKnownEntityResponse. The
+ invited Principal can present this artifact string
+ to a certain provider.
+ </xs:documentation>
+ </xs:annotation>
+ <xs:simpleContent>
+ <xs:extension base="xs:string"/>
+ </xs:simpleContent>
+ </xs:complexType>
+
+ <!-- Declaration of CreatePSObject element -->
+ <xs:element name="CreatePSObject"/>
+
+ <!-- Definition of RequestAbstractType -->
+ <xs:complexType name="RequestAbstractType" abstract="true">
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+ <!-- Definition of ResponseAbstractType -->
+ <xs:complexType name="ResponseAbstractType" abstract="true">
+ <xs:sequence>
+ <xs:element ref="lu:Status"/>
+ </xs:sequence>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+ <!-- Declaration of AddEntityRequest element -->
+ <xs:element name="AddEntityRequest" type="AddEntityRequestType"/>
+ <!-- Definition of AddEntityRequestType -->
+ <xs:complexType name="AddEntityRequestType">
+ <xs:complexContent>
+ <xs:extension base="RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="Object"/>
+ <xs:element ref="PStoSPRedirectURL" minOccurs="0"/>
+ <xs:element ref="CreatePSObject" minOccurs="0"/>
+ <xs:element ref="Subscription" minOccurs="0"/>
+ <xs:element ref="sec:TokenPolicy" minOccurs="0"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of AddEntityResponse element -->
+ <xs:element name="AddEntityResponse" type="AddEntityResponseType"/>
+ <!-- Definition of AddEntityResponseType -->
+ <xs:complexType name="AddEntityResponseType">
+ <xs:complexContent>
+ <xs:extension base="ResponseAbstractType">
+ <xs:sequence>
+ <xs:element ref="Object" minOccurs="0"/>
+ <xs:element ref="SPtoPSRedirectURL" minOccurs="0" maxOccurs="1"/>
+ <xs:element ref="QueryString" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of AddKnownEntityRequest element -->
+ <xs:element name="AddKnownEntityRequest" type="AddKnownEntityRequestType"/>
+ <!-- Definition of AddKnownEntityRequestType -->
+ <xs:complexType name="AddKnownEntityRequestType">
+ <xs:complexContent>
+ <xs:extension base="RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="Object"/>
+ <xs:element ref="sec:Token"/>
+ <xs:element ref="CreatePSObject" minOccurs="0"/>
+ <xs:element ref="Subscription" minOccurs="0"/>
+ <xs:element ref="sec:TokenPolicy" minOccurs="0"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of AddKnownEntityResponse element -->
+ <xs:element name="AddKnownEntityResponse" type="AddKnownEntityResponseType"/>
+ <!-- Definition of AddKnownEntityResponseType -->
+ <xs:complexType name="AddKnownEntityResponseType">
+ <xs:complexContent>
+ <xs:extension base="ResponseAbstractType">
+ <xs:sequence>
+ <xs:element ref="Object" minOccurs="0"/>
+ <xs:element ref="SPtoPSRedirectURL" minOccurs="0" maxOccurs="1"/>
+ <xs:element ref="QueryString" minOccurs="0" maxOccurs="1"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of AddCollectionRequest element -->
+ <xs:element name="AddCollectionRequest" type="AddCollectionRequestType"/>
+ <!-- Definition of AddCollectionRequestType -->
+ <xs:complexType name="AddCollectionRequestType">
+ <xs:complexContent>
+ <xs:extension base="RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="Object"/>
+ <xs:element ref="Subscription" minOccurs="0"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of AddCollectionResponse element -->
+ <xs:element name="AddCollectionResponse" type="AddCollectionResponseType"/>
+ <!-- Definition of AddCollectionResponseType -->
+ <xs:complexType name="AddCollectionResponseType">
+ <xs:complexContent>
+ <xs:extension base="ResponseAbstractType">
+ <xs:sequence>
+ <xs:element ref="Object" minOccurs="0"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of AddToCollectionRequest element -->
+ <xs:element name="AddToCollectionRequest" type="AddToCollectionRequestType"/>
+ <!-- Definition of AddToCollectionRequestType -->
+ <xs:complexType name="AddToCollectionRequestType">
+ <xs:complexContent>
+ <xs:extension base="RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="TargetObjectID"/>
+ <xs:element ref="ObjectID" minOccurs="1" maxOccurs="unbounded"/>
+ <xs:element ref="Subscription" minOccurs="0"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of AddToCollectionResponse element -->
+ <xs:element name="AddToCollectionResponse" type="ResponseAbstractType"/>
+
+ <!-- Declaration of RemoveEntityRequest element -->
+ <xs:element name="RemoveEntityRequest" type="RemoveEntityRequestType"/>
+ <!-- Definition of RemoveEntityRequestType -->
+ <xs:complexType name="RemoveEntityRequestType">
+ <xs:complexContent>
+ <xs:extension base="RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="TargetObjectID" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of RemoveEntityResponse element -->
+ <xs:element name="RemoveEntityResponse" type="ResponseAbstractType"/>
+
+ <!-- Declaration of RemoveCollectionRequest element -->
+ <xs:element name="RemoveCollectionRequest" type="RemoveCollectionRequestType"/>
+ <!-- Definition of RemoveCollectionRequestType -->
+ <xs:complexType name="RemoveCollectionRequestType">
+ <xs:complexContent>
+ <xs:extension base="RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="TargetObjectID" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of RemoveCollectionResponse element -->
+ <xs:element name="RemoveCollectionResponse" type="ResponseAbstractType"/>
+
+ <!-- Declaration of RemoveFromCollectionRequest element -->
+ <xs:element name="RemoveFromCollectionRequest" type="RemoveFromCollectionRequestType"/>
+ <!-- Definition of RemoveFromCollectionRequestType -->
+ <xs:complexType name="RemoveFromCollectionRequestType">
+ <xs:complexContent>
+ <xs:extension base="RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="TargetObjectID"/>
+ <xs:element ref="ObjectID" maxOccurs="unbounded"/>
+ <xs:element ref="Subscription" minOccurs="0"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of RemoveFromCollectionResponse element -->
+ <xs:element name="RemoveFromCollectionResponse" type="ResponseAbstractType"/>
+
+ <!-- Declaration of ListMembersRequest element -->
+ <xs:element name="ListMembersRequest" type="ListMembersRequestType"/>
+ <!-- Definition of ListMembersRequestType -->
+ <xs:complexType name="ListMembersRequestType">
+ <xs:complexContent>
+ <xs:extension base="RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="TargetObjectID" minOccurs="0"/>
+ <xs:element ref="Subscription" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="Structured" type="xs:anyURI" use="optional"/>
+ <xs:attribute name="Count" type="xs:nonNegativeInteger" use="optional"/>
+ <xs:attribute name="Offset" type="xs:nonNegativeInteger" default="0" use="optional"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of ListMembersResponse element -->
+ <xs:element name="ListMembersResponse" type="ListMembersResponseType"/>
+ <!-- Definition of ListMembersResponseType -->
+ <xs:complexType name="ListMembersResponseType">
+ <xs:complexContent>
+ <xs:extension base="ResponseAbstractType">
+ <xs:sequence>
+ <xs:element ref="Object" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of QueryObjectsRequest element -->
+ <xs:element name="QueryObjectsRequest" type="QueryObjectsRequestType"/>
+ <!-- Definition of QueryObjectsRequestType -->
+ <xs:complexType name="QueryObjectsRequestType">
+ <xs:complexContent>
+ <xs:extension base="RequestAbstractType">
+ <xs:sequence>
+ <xs:element name="Filter" type="xs:string"/>
+ <xs:element ref="Subscription" minOccurs="0"/>
+ </xs:sequence>
+ <xs:attribute name="Count" type="xs:nonNegativeInteger" use="optional"/>
+ <xs:attribute name="Offset" type="xs:nonNegativeInteger" default="0" use="optional"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of QueryObjectsResponse element -->
+ <xs:element name="QueryObjectsResponse" type="QueryObjectsResponseType"/>
+ <!-- Definition of QueryObjectsResponseType -->
+ <xs:complexType name="QueryObjectsResponseType">
+ <xs:complexContent>
+ <xs:extension base="ResponseAbstractType">
+ <xs:sequence>
+ <xs:element ref="Object" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of GetObjectInfoRequest element -->
+ <xs:element name="GetObjectInfoRequest" type="GetObjectInfoRequestType"/>
+ <!-- Definition of GetObjectInfoRequestType -->
+ <xs:complexType name="GetObjectInfoRequestType">
+ <xs:complexContent>
+ <xs:extension base="RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="TargetObjectID" minOccurs="0"/>
+ <xs:element ref="Subscription" minOccurs="0"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of GetObjectInfoResponse element -->
+ <xs:element name="GetObjectInfoResponse" type="GetObjectInfoResponseType"/>
+ <!-- Definition of GetObjectInfoResponseType -->
+ <xs:complexType name="GetObjectInfoResponseType">
+ <xs:complexContent>
+ <xs:extension base="ResponseAbstractType">
+ <xs:sequence>
+ <xs:element ref="Object" minOccurs="0"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of SetObjectInfoRequest element -->
+ <xs:element name="SetObjectInfoRequest" type="SetObjectInfoRequestType"/>
+ <!-- Definition of SetObjectInfoRequestType -->
+ <xs:complexType name="SetObjectInfoRequestType">
+ <xs:complexContent>
+ <xs:extension base="RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="Object" maxOccurs="unbounded"/>
+ <xs:element ref="Subscription" minOccurs="0"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of SetObjectInfoResponse element -->
+ <xs:element name="SetObjectInfoResponse" type="ResponseAbstractType"/>
+
+ <!-- Declaration of TestMembershipRequest element -->
+ <xs:element name="TestMembershipRequest" type="TestMembershipRequestType"/>
+ <!-- Definition of TestMembershipRequestType -->
+ <xs:complexType name="TestMembershipRequestType">
+ <xs:complexContent>
+ <xs:extension base="RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="TargetObjectID" minOccurs="0"/>
+ <xs:element ref="sec:Token"/>
+ <xs:element ref="Subscription" minOccurs="0"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Definition of ResultType -->
+ <xs:complexType name="ResultType">
+ <xs:simpleContent>
+ <xs:extension base="xs:boolean"/>
+ </xs:simpleContent>
+ </xs:complexType>
+
+ <!-- Declaration of TestMembershipResponse element -->
+ <xs:element name="TestMembershipResponse" type="TestMembershipResponseType"/>
+ <!-- Definition of TestMembershipResponseType -->
+ <xs:complexType name="TestMembershipResponseType">
+ <xs:complexContent>
+ <xs:extension base="ResponseAbstractType">
+ <xs:sequence>
+ <xs:element name="Result" type="ResultType" minOccurs="0"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of ResolveIdentifierRequest element -->
+ <xs:element name="ResolveIdentifierRequest" type="ResolveIdentifierRequestType"/>
+ <!-- Definition of ResolveIdentifierRequestType -->
+ <xs:complexType name="ResolveIdentifierRequestType">
+ <xs:complexContent>
+ <xs:extension base="RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="ResolveInput" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of ResolveInput element -->
+ <xs:element name="ResolveInput" type="ResolveInputType"/>
+ <!-- Definition of ResolveInputType -->
+ <xs:complexType name="ResolveInputType">
+ <xs:complexContent>
+ <xs:extension base="ims:MappingInputType">
+ <xs:sequence>
+ <xs:element ref="TargetObjectID" minOccurs="0"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of ResolveIdentifierResponse element -->
+ <xs:element name="ResolveIdentifierResponse" type="ResolveIdentifierResponseType"/>
+ <!-- Definition of ResolveIdentifierResponseType -->
+ <xs:complexType name="ResolveIdentifierResponseType">
+ <xs:complexContent>
+ <xs:extension base="ResponseAbstractType">
+ <xs:sequence>
+ <xs:element ref="ResolveOutput" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of ResolveOutput element -->
+ <xs:element name="ResolveOutput" type="ims:MappingOutputType"/>
+
+ <!-- Declaration of Subscription element -->
+ <xs:element name="Subscription" type="subs:SubscriptionType"/>
+
+ <!-- Declaration of Notification element -->
+ <xs:element name="Notification" type="NotificationType"/>
+ <!-- Definition of NotificationType -->
+ <xs:complexType name="NotificationType">
+ <xs:complexContent>
+ <xs:extension base="subs:NotificationType">
+ <xs:sequence>
+ <xs:element ref="ItemData" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of ItemData element -->
+ <xs:element name="ItemData" type="ItemDataType"/>
+ <!-- Definition of ItemDataType -->
+ <xs:complexType name="ItemDataType">
+ <xs:choice>
+ <xs:element ref="Object" minOccurs="0" maxOccurs="unbounded"/>
+ <xs:element ref="sec:Token" minOccurs="0"/>
+ </xs:choice>
+ </xs:complexType>
+
+ <!-- Declaration of Notify element -->
+ <xs:element name="Notify" type="NotifyType"/>
+ <!-- Definition of NotifyType -->
+ <xs:complexType name="NotifyType">
+ <xs:complexContent>
+ <xs:extension base="RequestAbstractType">
+ <xs:sequence>
+ <xs:element ref="Notification" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attributeGroup ref="subs:NotifyAttributeGroup"/>
+ </xs:extension>
+ </xs:complexContent>
+ </xs:complexType>
+
+ <!-- Declaration of NotifyResponse element -->
+ <xs:element name="NotifyResponse" type="subs:NotifyResponseType"/>
+
+</xs:schema>
Added: identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-soap-binding.xsd
===================================================================
--- identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-soap-binding.xsd (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-model/src/main/resources/schema/liberty/idwsf/liberty-idwsf-soap-binding.xsd 2009-05-22 23:00:43 UTC (rev 513)
@@ -0,0 +1,34 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<xs:schema targetNamespace="urn:liberty:sb"
+ xmlns:xs="http://www.w3.org/2001/XMLSchema"
+ xmlns="urn:liberty:sb"
+ elementFormDefault="qualified"
+ attributeFormDefault="unqualified">
+
+ <xs:annotation>
+ <xs:documentation>
+The source code in this schema file was excerpted verbatim from:
+
+Liberty ID-WSF SOAP Binding Specification
+Version 2.0 errata 1.0
+21 April, 2007
+
+Copyright (c) 2007 Liberty Alliance participants, see
+http://projectliberty.org/resource_center/specifications/liberty_alliance_id_wsf_2_0_specifications/idwsf_feb_copyrights
+
+ </xs:documentation>
+ </xs:annotation>
+
+ <!-- framework header block -->
+
+ <xs:complexType name="FrameworkType">
+ <xs:sequence>
+ <xs:any namespace="##any" processContents="lax" minOccurs="0" maxOccurs="unbounded"/>
+ </xs:sequence>
+ <xs:attribute name="version" type="xs:string" use="required"/>
+ <xs:anyAttribute namespace="##other" processContents="lax"/>
+ </xs:complexType>
+
+ <xs:element name="Framework" type="FrameworkType"/>
+
+</xs:schema>
15 years, 8 months
- 1
- 0
JBoss Identity SVN: r512 - in identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings: tomcat/sp and 1 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-05-22 18:38:21 -0400 (Fri, 22 May 2009)
New Revision: 512
Added:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java
Log:
JBID-41: http post web browser profile
Added: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java (rev 0)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPSAMLDebugValve.java 2009-05-22 22:38:21 UTC (rev 512)
@@ -0,0 +1,59 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.idp;
+
+import java.io.IOException;
+
+import javax.servlet.ServletException;
+
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.valves.ValveBase;
+import org.apache.log4j.Logger;
+
+/**
+ * Debug Valve on the IDP end that will
+ * inform whether the SP is sending the SAMLRequest or not
+ * properly
+ * @author Anil.Saldhana(a)redhat.com
+ * @since May 22, 2009
+ */
+public class IDPSAMLDebugValve extends ValveBase
+{
+ private static Logger log = Logger.getLogger(IDPSAMLDebugValve.class);
+
+ @Override
+ public void invoke(Request request, Response response)
+ throws IOException, ServletException
+ {
+ StringBuilder builder = new StringBuilder();
+ String param = request.getParameter("SAMLRequest");
+ builder.append("Method = " + request.getMethod()).append("\n");
+ builder.append("SAMLRequest=" + param).append("\n");
+ builder.append("Parameter exists?="+ param != null).append("\n");
+ String debugInfo = builder.toString();
+ log.debug("SP Sent POST::"+ debugInfo);
+
+ getNext().invoke(request, response);
+ }
+
+}
Added: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java (rev 0)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-05-22 22:38:21 UTC (rev 512)
@@ -0,0 +1,296 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.idp;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.Principal;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.Lifecycle;
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.LifecycleListener;
+import org.apache.catalina.Session;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.util.LifecycleSupport;
+import org.apache.catalina.valves.ValveBase;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.bindings.config.IDPType;
+import org.jboss.identity.federation.bindings.interfaces.RoleGenerator;
+import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
+import org.jboss.identity.federation.bindings.util.ValveUtil;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+
+/**
+ * Generic Web Browser SSO valve for the IDP
+ * @author Anil.Saldhana(a)redhat.com
+ * @since May 18, 2009
+ */
+public class IDPWebBrowserSSOValve extends ValveBase implements Lifecycle
+{
+ private static Logger log = Logger.getLogger(IDPWebBrowserSSOValve.class);
+
+ protected IDPType idpConfiguration = null;
+
+ private RoleGenerator rg = new TomcatRoleGenerator();
+
+ private long assertionValidity = 5000; // 5 seconds in miliseconds
+
+ private String identityURL = null;
+
+ @Override
+ public void invoke(Request request, Response response) throws IOException, ServletException
+ {
+ String referer = request.getHeader("Referer");
+ String relayState = request.getParameter("RelayState");
+ String samlMessage = request.getParameter("SAMLRequest");
+ boolean containsSAMLRequestMessage = samlMessage != null;
+
+ Session session = request.getSessionInternal();
+
+ if(containsSAMLRequestMessage)
+ {
+ session.setNote("SAMLRequest", samlMessage);
+ if(relayState != null)
+ session.setNote("RelayState", relayState);
+ }
+
+ //Lets check if the user has been authenticated
+ Principal userPrincipal = request.getPrincipal();
+ if(userPrincipal == null)
+ {
+ try
+ {
+ //Next in the invocation chain
+ getNext().invoke(request, response);
+ }
+ finally
+ {
+ userPrincipal = request.getPrincipal();
+ referer = request.getHeader("Referer");
+ log.debug("Referer in finally block="+ referer);
+ }
+ }
+
+
+ IDPWebRequestUtil webRequestUtil = new IDPWebRequestUtil(request, idpConfiguration);
+
+ //Look for unauthorized status
+ if(response.getStatus() == HttpServletResponse.SC_FORBIDDEN)
+ {
+ ResponseType errorResponseType =
+ webRequestUtil.getErrorResponse(referer,
+ JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
+ this.identityURL);
+ try
+ {
+ webRequestUtil.send(errorResponseType, relayState, response);
+ }
+ catch (ParsingException e)
+ {
+ throw new ServletException(e);
+ }
+ return;
+ }
+
+ if(userPrincipal != null)
+ {
+ /**
+ * Since the container has finished the authentication,
+ * we can retrieve the original saml message as well as
+ * any relay state from the SP
+ */
+ samlMessage = (String) session.getNote("SAMLRequest");
+ relayState = (String) session.getNote("RelayState");
+ session.removeNote("SAMLRequest");
+ session.removeNote("RelayState");
+
+ //Send valid saml response after processing the request
+ if(samlMessage != null)
+ {
+ //Get the SAML Request Message
+ RequestAbstractType requestAbstractType = null;
+ try
+ {
+ requestAbstractType = webRequestUtil.getSAMLRequest(samlMessage);
+ this.validate(request);
+ webRequestUtil.isTrusted(requestAbstractType.getIssuer().getValue());
+
+ List<String> roles = rg.generateRoles(userPrincipal);
+
+ AuthnRequestType art = (AuthnRequestType) requestAbstractType;
+ ResponseType responseType =
+ webRequestUtil.getResponse(art.getAssertionConsumerServiceURL(),
+ userPrincipal, roles,
+ this.identityURL, this.assertionValidity);
+ webRequestUtil.send(responseType, relayState, response);
+
+ }
+ catch (Exception e)
+ {
+ log.error("Exception:" ,e);
+ if(requestAbstractType != null)
+ referer = requestAbstractType.getIssuer().getValue();
+ sendErrorResponseToSP(referer, response, relayState, webRequestUtil);
+ }
+ return;
+ }
+ else
+ {
+ log.error("No SAML Request Message");
+ log.trace("Referer="+referer);
+
+ sendErrorResponseToSP(referer, response, relayState, webRequestUtil);
+ }
+ }
+ }
+
+ protected void sendErrorResponseToSP(String referrer, Response response, String relayState,
+ IDPWebRequestUtil webRequestUtil) throws ServletException, IOException
+ {
+ ResponseType errorResponseType =
+ webRequestUtil.getErrorResponse(referrer, JBossSAMLURIConstants.STATUS_RESPONDER.get(),
+ this.identityURL);
+ try
+ {
+ webRequestUtil.send(errorResponseType, relayState, response);
+ }
+ catch (ParsingException e1)
+ {
+ throw new ServletException(e1);
+ }
+ }
+
+
+ //***************Lifecycle
+ /**
+ * The lifecycle event support for this component.
+ */
+ protected LifecycleSupport lifecycle = new LifecycleSupport(this);
+
+ /**
+ * Has this component been started yet?
+ */
+ private boolean started = false;
+
+ /**
+ * Add a lifecycle event listener to this component.
+ *
+ * @param listener The listener to add
+ */
+ public void addLifecycleListener(LifecycleListener listener)
+ {
+ lifecycle.addLifecycleListener(listener);
+ }
+
+
+ /**
+ * Get the lifecycle listeners associated with this lifecycle. If this
+ * Lifecycle has no listeners registered, a zero-length array is returned.
+ */
+ public LifecycleListener[] findLifecycleListeners()
+ {
+ return lifecycle.findLifecycleListeners();
+ }
+
+
+ /**
+ * Remove a lifecycle event listener from this component.
+ *
+ * @param listener The listener to add
+ */
+ public void removeLifecycleListener(LifecycleListener listener)
+ {
+ lifecycle.removeLifecycleListener(listener);
+ }
+
+
+ /**
+ * Prepare for the beginning of active use of the public methods of this
+ * component. This method should be called after <code>configure()</code>,
+ * and before any of the public methods of the component are utilized.
+ *
+ * @exception LifecycleException if this component detects a fatal error
+ * that prevents this component from being used
+ */
+ public void start() throws LifecycleException
+ {
+ // Validate and update our current component state
+ if (started)
+ throw new LifecycleException
+ ("IDPRedirectValve already Started");
+ lifecycle.fireLifecycleEvent(START_EVENT, null);
+ started = true;
+
+ String configFile = "/WEB-INF/jboss-idfed.xml";
+ Context context = (Context) getContainer();
+ InputStream is = context.getServletContext().getResourceAsStream(configFile);
+ if(is == null)
+ throw new RuntimeException(configFile + " missing");
+ try
+ {
+ idpConfiguration = ValveUtil.getIDPConfiguration(is);
+ this.identityURL = idpConfiguration.getIdentityURL();
+ log.trace("Identity Provider URL=" + this.identityURL);
+ this.assertionValidity = idpConfiguration.getAssertionValidity();
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+
+ /**
+ * Gracefully terminate the active use of the public methods of this
+ * component. This method should be the last one called on a given
+ * instance of this component.
+ *
+ * @exception LifecycleException if this component detects a fatal error
+ * that needs to be reported
+ */
+ public void stop() throws LifecycleException
+ {
+ // Validate and update our current component state
+ if (!started)
+ throw new LifecycleException
+ ("IDPRedirectValve NotStarted");
+ lifecycle.fireLifecycleEvent(STOP_EVENT, null);
+ started = false;
+ }
+
+ protected boolean validate(Request request) throws Exception
+ {
+ return request.getParameter("SAMLRequest") != null;
+ }
+
+ //Private Methods
+}
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java (rev 0)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java 2009-05-22 22:38:21 UTC (rev 512)
@@ -0,0 +1,306 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.idp;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.security.Principal;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.xml.bind.JAXBException;
+
+import org.apache.catalina.connector.Response;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.bindings.config.IDPType;
+import org.jboss.identity.federation.bindings.config.TrustType;
+import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil;
+import org.jboss.identity.federation.bindings.util.PostBindingUtil;
+import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
+import org.jboss.identity.federation.bindings.util.ValveUtil;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.xml.sax.SAXException;
+
+/**
+ * Request Util
+ * <b> Not thread safe</b>
+ * @author Anil.Saldhana(a)redhat.com
+ * @since May 18, 2009
+ */
+public class IDPWebRequestUtil
+{
+ private static Logger log = Logger.getLogger(IDPWebRequestUtil.class);
+
+ private HttpServletRequest request;
+
+ private boolean redirectProfile = false;
+ private boolean postProfile = false;
+
+ private IDPType idpConfiguration;
+
+ public IDPWebRequestUtil(HttpServletRequest request, IDPType idp)
+ {
+ this.request = request;
+ this.idpConfiguration = idp;
+ hasSAMLRequestInRedirectProfile();
+ hasSAMLRequestInPostProfile();
+ }
+
+ public boolean hasSAMLRequestInRedirectProfile()
+ {
+ if("GET".equalsIgnoreCase(request.getMethod()))
+ {
+ redirectProfile = request.getParameter("SAMLRequest") != null;
+ }
+ return redirectProfile;
+ }
+
+ public boolean hasSAMLRequestInPostProfile()
+ {
+ if("POST".equalsIgnoreCase(request.getMethod()))
+ {
+ postProfile = request.getParameter("SAMLRequest") != null;
+ }
+ return postProfile;
+ }
+
+ public RequestAbstractType getSAMLRequest(String samlMessage) throws Exception
+ {
+ InputStream is = null;
+ SAML2Request saml2Request = new SAML2Request();
+ if(redirectProfile)
+ {
+ is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
+ }
+ else
+ {
+ byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage);
+ log.trace("SAMLRequest=" + new String(samlBytes));
+ is = new ByteArrayInputStream(samlBytes);
+ }
+
+ return saml2Request.getRequestType(is);
+ }
+
+
+ public ResponseType getResponse( String assertionConsumerURL,
+ Principal userPrincipal,
+ List<String> roles,
+ String identityURL,
+ long assertionValidity) throws Exception
+ {
+ ResponseType responseType = null;
+
+ SAML2Response saml2Response = new SAML2Response();
+
+ //Create a response type
+ String id = IDGenerator.create("ID_");
+
+ IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
+ issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
+
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue(userPrincipal.getName());
+ idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
+
+ SPInfoHolder sp = new SPInfoHolder();
+ sp.setResponseDestinationURI(assertionConsumerURL);
+ responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
+
+
+ //Add information on the roles
+ AssertionType assertion = (AssertionType) responseType.getAssertionOrEncryptedAssertion().get(0);
+
+ AttributeStatementType attrStatement = saml2Response.createAttributeStatement(roles);
+ assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
+
+ //Add timed conditions
+ saml2Response.createTimedConditions(assertion, assertionValidity);
+
+ //Lets see how the response looks like
+ if(log.isTraceEnabled())
+ {
+ StringWriter sw = new StringWriter();
+ saml2Response.marshall(responseType, sw);
+ log.trace("Response="+sw.toString());
+ }
+
+ return responseType;
+ }
+
+
+
+ /**
+ * Verify that the issuer is trusted
+ * @param issuer
+ * @throws IssuerNotTrustedException
+ */
+ public void isTrusted(String issuer) throws IssuerNotTrustedException
+ {
+ try
+ {
+ String issuerDomain = ValveUtil.getDomain(issuer);
+ TrustType idpTrust = idpConfiguration.getTrust();
+ if(idpTrust != null)
+ {
+ String domainsTrusted = idpTrust.getDomains();
+ if(domainsTrusted.indexOf(issuerDomain) < 0)
+ throw new IssuerNotTrustedException(issuer);
+ }
+ }
+ catch (Exception e)
+ {
+ throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
+ }
+ }
+
+
+ public void send(ResponseType responseType, String relayState,
+ Response response) throws IOException, ParsingException
+ {
+
+ SAML2Response saml2Response = new SAML2Response();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ try
+ {
+ saml2Response.marshall(responseType, baos);
+ }
+ catch (SAXException e1)
+ {
+ throw new ParsingException(e1);
+ }
+ catch (JAXBException e1)
+ {
+ throw new ParsingException(e1);
+ }
+
+ if(redirectProfile)
+ {
+ String urlEncodedResponse = RedirectBindingUtil.deflateBase64URLEncode(baos.toByteArray());
+
+ String destination = responseType.getDestination();
+ log.trace("IDP:Destination=" + destination);
+
+ if(relayState != null && relayState.length() > 0)
+ relayState = RedirectBindingUtil.urlEncode(relayState);
+
+ String finalDest = destination + getDestination(urlEncodedResponse, relayState);
+ HTTPRedirectUtil.sendRedirectForResponder(finalDest, response);
+ }
+ else
+ {
+ /**
+ * Since the container finished authentication, it will try to locate
+ * index.jsp or index.html. We need to recycle whatever is in the
+ * response object such that we direct it to the html that is being
+ * created as part of the HTTP/POST binding
+ */
+ response.recycle();
+ String samlResponse = PostBindingUtil.base64Encode(baos.toString());
+ PostBindingUtil.sendPost(responseType.getDestination(),
+ samlResponse, relayState, response, false);
+ }
+ }
+
+ /**
+ * Generate a Destination URL for the HTTPRedirect binding
+ * with the saml response and relay state
+ * @param urlEncodedResponse
+ * @param urlEncodedRelayState
+ * @return
+ */
+ public String getDestination(String urlEncodedResponse, String urlEncodedRelayState)
+ {
+ if(redirectProfile)
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append("?SAMLResponse=").append(urlEncodedResponse);
+ if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
+ sb.append("&RelayState=").append(urlEncodedRelayState);
+ return sb.toString();
+
+ }
+ return null;
+ }
+
+ public ResponseType getErrorResponse(String responseURL, String status,
+ String identityURL) throws ServletException
+ {
+ if(redirectProfile)
+ {
+ try
+ {
+ ResponseType responseType = null;
+
+ SAML2Response saml2Response = new SAML2Response();
+
+ //Create a response type
+ String id = IDGenerator.create("ID_");
+
+ IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
+ issuerHolder.setStatusCode(status);
+
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue(null);
+ idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
+
+ SPInfoHolder sp = new SPInfoHolder();
+ sp.setResponseDestinationURI(responseURL);
+ responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
+
+ log.debug("ResponseType = ");
+ //Lets see how the response looks like
+ if(log.isTraceEnabled())
+ {
+ StringWriter sw = new StringWriter();
+ saml2Response.marshall(responseType, sw);
+ log.trace("Response="+sw.toString());
+ }
+
+ return responseType;
+ }
+ catch(Exception e)
+ {
+ log.error("Exception in getErrorResponse::",e);
+ throw new ServletException(e.getLocalizedMessage());
+ }
+ }
+
+ return null;
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java (rev 0)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-05-22 22:38:21 UTC (rev 512)
@@ -0,0 +1,273 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.tomcat.sp;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.security.Principal;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.servlet.ServletException;
+import javax.xml.bind.JAXBException;
+
+import org.apache.catalina.LifecycleException;
+import org.apache.catalina.Session;
+import org.apache.catalina.authenticator.Constants;
+import org.apache.catalina.authenticator.FormAuthenticator;
+import org.apache.catalina.connector.Request;
+import org.apache.catalina.connector.Response;
+import org.apache.catalina.deploy.LoginConfig;
+import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.bindings.config.SPType;
+import org.jboss.identity.federation.bindings.config.TrustType;
+import org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
+import org.jboss.identity.federation.bindings.util.PostBindingUtil;
+import org.jboss.identity.federation.bindings.util.ValveUtil;
+import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.xml.sax.SAXException;
+
+/**
+ * Authenticator at the Service Provider
+ * that handles HTTP/Post binding of SAML 2
+ * but falls back on Form Authentication
+ *
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 12, 2008
+ */
+public class SPPostFormAuthenticator extends FormAuthenticator
+{
+ private static Logger log = Logger.getLogger(SPPostFormAuthenticator.class);
+
+ protected SPType spConfiguration = null;
+
+ private String serviceURL = null;
+ private String identityURL = null;
+
+ public SPPostFormAuthenticator()
+ {
+ super();
+ }
+
+ @Override
+ public void start() throws LifecycleException
+ {
+ String configFile = "/WEB-INF/jboss-idfed.xml";
+ super.start();
+
+ InputStream is = context.getServletContext().getResourceAsStream(configFile);
+ if(is == null)
+ throw new RuntimeException(configFile + " missing");
+ try
+ {
+ spConfiguration = ValveUtil.getSPConfiguration(is);
+ this.identityURL = spConfiguration.getIdentityURL();
+ this.serviceURL = spConfiguration.getServiceURL();
+ log.trace("Identity Provider URL=" + this.identityURL);
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e);
+ }
+ }
+
+ @Override
+ public boolean authenticate(Request request, Response response, LoginConfig loginConfig) throws IOException
+ {
+ SPUtil spUtil = new SPUtil();
+
+ Principal principal = request.getUserPrincipal();
+ if (principal != null)
+ {
+ log.debug("Already authenticated '" + principal.getName() + "'");
+ return true;
+ }
+
+ Session session = request.getSessionInternal(true);
+ String relayState = request.getParameter("RelayState");
+
+ //Try to get the username
+ try
+ {
+ principal = (GenericPrincipal) process(request,response);
+
+ if(principal == null)
+ {
+ AuthnRequestType authnRequest = spUtil.createSAMLRequest(serviceURL, identityURL);
+ sendRequestToIDP(authnRequest, relayState, response);
+ return false;
+ }
+
+ String username = principal.getName();
+ String password = ServiceProviderSAMLContext.EMPTY_PASSWORD;
+
+ //Map to JBoss specific principal
+ if(spConfiguration.getServerEnvironment().equalsIgnoreCase("JBOSS"))
+ {
+ GenericPrincipal gp = (GenericPrincipal) principal;
+ //Push a context
+ ServiceProviderSAMLContext.push(username, Arrays.asList(gp.getRoles()));
+ principal = context.getRealm().authenticate(username, password);
+ ServiceProviderSAMLContext.clear();
+ }
+
+ session.setNote(Constants.SESS_USERNAME_NOTE, username);
+ session.setNote(Constants.SESS_PASSWORD_NOTE, password);
+ request.setUserPrincipal(principal);
+ register(request, response, principal, Constants.FORM_METHOD, username, password);
+
+ return true;
+ }
+ catch(AssertionExpiredException aie)
+ {
+ log.debug("Assertion has expired. Issuing a new saml2 request to the IDP");
+ try
+ {
+ AuthnRequestType authnRequest = spUtil.createSAMLRequest(serviceURL, identityURL);
+ sendRequestToIDP(authnRequest, relayState, response);
+ }
+ catch (Exception e)
+ {
+ log.trace("Exception:",e);
+ }
+ return false;
+ }
+ catch(Exception e)
+ {
+ log.debug("Exception :",e);
+ }
+
+ //fallback
+ return super.authenticate(request, response, loginConfig);
+ }
+
+ protected void sendRequestToIDP(AuthnRequestType authnRequest, String relayState, Response response)
+ throws IOException, SAXException, JAXBException
+ {
+ SAML2Request saml2Request = new SAML2Request();
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ saml2Request.marshall(authnRequest, baos);
+
+ String samlMessage = PostBindingUtil.base64Encode(baos.toString());
+ String destination = authnRequest.getDestination();
+ PostBindingUtil.sendPost(destination, samlMessage, relayState, response, true);
+ }
+
+ protected AuthnRequestType createSAMLRequestMessage(String relayState, Response response)
+ throws Exception
+ {
+ //create a saml request
+ if(this.serviceURL == null)
+ throw new ServletException("serviceURL is not configured");
+
+ SPUtil spUtil = new SPUtil();
+ return spUtil.createSAMLRequest(serviceURL, identityURL);
+
+ }
+
+ protected String getDestination(String urlEncodedRequest, String urlEncodedRelayState)
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append("?SAMLRequest=").append(urlEncodedRequest);
+ if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
+ sb.append("&RelayState=").append(urlEncodedRelayState);
+ return sb.toString();
+ }
+
+ protected void isTrusted(String issuer) throws IssuerNotTrustedException
+ {
+ try
+ {
+ String issuerDomain = ValveUtil.getDomain(issuer);
+ TrustType idpTrust = spConfiguration.getTrust();
+ if(idpTrust != null)
+ {
+ String domainsTrusted = idpTrust.getDomains();
+ if(domainsTrusted.indexOf(issuerDomain) < 0)
+ throw new IssuerNotTrustedException(issuer);
+ }
+ }
+ catch (Exception e)
+ {
+ throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
+ }
+ }
+
+ protected boolean validate(Request request) throws Exception
+ {
+ return request.getParameter("SAMLResponse") != null;
+ }
+
+ /**
+ * Subclasses should provide the implementation
+ * @param responseType ResponseType that contains the encrypted assertion
+ * @return response type with the decrypted assertion
+ */
+ protected ResponseType decryptAssertion(ResponseType responseType) throws Exception
+ {
+ throw new RuntimeException("This authenticator does not handle encryption");
+ }
+
+ private Principal process(Request request, Response response) throws Exception
+ {
+ Principal userPrincipal = null;
+
+ String samlResponse = request.getParameter("SAMLResponse");
+ if(samlResponse != null && samlResponse.length() > 0 )
+ {
+ this.validate(request);
+
+ //deal with SAML response from IDP
+ byte[] base64DecodedResponse = PostBindingUtil.base64Decode(samlResponse);
+ InputStream is = new ByteArrayInputStream(base64DecodedResponse);
+
+ SAML2Response saml2Response = new SAML2Response();
+
+ ResponseType responseType = saml2Response.getResponseType(is);
+
+ this.isTrusted(responseType.getIssuer().getValue());
+
+ List<Object> assertions = responseType.getAssertionOrEncryptedAssertion();
+ if(assertions.size() == 0)
+ throw new IllegalStateException("No assertions in reply from IDP");
+
+ Object assertion = assertions.get(0);
+ if(assertion instanceof EncryptedElementType)
+ {
+ responseType = this.decryptAssertion(responseType);
+ }
+
+ SPUtil spUtil = new SPUtil();
+ return spUtil.handleSAMLResponse(request, responseType);
+ }
+ return userPrincipal;
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java (rev 0)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java 2009-05-22 22:38:21 UTC (rev 512)
@@ -0,0 +1,106 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.bindings.util;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.util.Base64;
+
+/**
+ * Utility for the HTTP/Post binding
+ * @author Anil.Saldhana(a)redhat.com
+ * @since May 22, 2009
+ */
+public class PostBindingUtil
+{
+ private static Logger log = Logger.getLogger(PostBindingUtil.class);
+
+
+ public static String base64Encode(String stringToEncode) throws IOException
+ {
+ return Base64.encodeBytes(stringToEncode.getBytes("UTF-8"), Base64.DONT_BREAK_LINES);
+ }
+
+ public static byte[] base64Decode(String encodedString)
+ {
+ return Base64.decode(encodedString);
+ }
+
+ /**
+ * Send the response to the redirected destination while
+ * adding the character encoding of "UTF-8" as well as
+ * adding headers for cache-control and Pragma
+ * @param destination Destination URI where the response needs to redirect
+ * @param response HttpServletResponse
+ * @throws IOException
+ */
+ public static void sendPost(String destination,
+ String samlMessage, String relayState,
+ HttpServletResponse response,
+ boolean sendToIDP)
+ throws IOException
+ {
+ String key = sendToIDP ? "SAMLRequest" : "SAMLResponse";
+
+ response.setContentType("text/html");
+ PrintWriter out = response.getWriter();
+ common(destination, response);
+ StringBuilder builder = new StringBuilder();
+
+ builder.append("<HTML>");
+ builder.append("<HEAD>");
+ if(sendToIDP)
+ builder.append("<TITLE>HTTP Post Binding To Identity Provider</TITLE>");
+ else
+ builder.append("<TITLE>HTTP Post Binding Response To Service Provider</TITLE>");
+
+ builder.append("</HEAD>");
+ builder.append("<BODY Onload=\"document.forms[0].submit()\">");
+
+ builder.append("<FORM METHOD=\"POST\" ACTION=\"" + destination + "\">");
+ builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\""+ key +"\"" + " VALUE=\"" + samlMessage
+ + "\"/>");
+ if (relayState != null && relayState.length() > 0)
+ {
+ builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\"RelayState\" " +
+ "VALUE=\"" + relayState + "\"/>");
+ }
+ //builder.append("<INPUT TYPE=\"submit\" VALUE=\"Continue\"/>");
+ builder.append("</FORM></BODY></HTML>");
+
+ String str = builder.toString();
+ log.debug(str);
+ out.println(str);
+ out.close();
+ }
+
+ private static void common(String destination, HttpServletResponse response)
+ {
+ response.setCharacterEncoding("UTF-8");
+ response.setHeader("Pragma", "no-cache");
+ response.setHeader("Cache-Control", "no-cache, no-store");
+ }
+}
\ No newline at end of file
15 years, 8 months
- 1
- 0
JBoss Identity SVN: r511 - in identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2: response and 1 other directory.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-05-22 18:35:53 -0400 (Fri, 22 May 2009)
New Revision: 511
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
Log:
JBID-111: project specific exceptions
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-05-22 22:35:06 UTC (rev 510)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-05-22 22:35:53 UTC (rev 511)
@@ -27,8 +27,10 @@
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
+import javax.xml.datatype.DatatypeConfigurationException;
import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
@@ -40,6 +42,7 @@
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.LogoutRequestType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.xml.sax.SAXException;
/**
* API for SAML2 Request
@@ -55,12 +58,13 @@
* @param destination
* @param issuerValue
* @return
+ * @throws DatatypeConfigurationException
* @throws Exception
*/
public AuthnRequestType createAuthnRequestType(String id,
String assertionConsumerURL,
String destination,
- String issuerValue) throws Exception
+ String issuerValue) throws DatatypeConfigurationException
{
return JBossSAMLAuthnRequestFactory.createAuthnRequestType(
id, assertionConsumerURL, destination, issuerValue);
@@ -70,11 +74,13 @@
* Get AuthnRequestType from a file
* @param fileName file with the serialized AuthnRequestType
* @return AuthnRequestType
+ * @throws SAXException
+ * @throws JAXBException
* @throws Exception
* @throws IllegalArgumentException if the input fileName is null
* IllegalStateException if the InputStream from the fileName is null
*/
- public AuthnRequestType getAuthnRequestType(String fileName) throws Exception
+ public AuthnRequestType getAuthnRequestType(String fileName) throws JAXBException, SAXException
{
if(fileName == null)
throw new IllegalArgumentException("fileName is null");
@@ -83,16 +89,17 @@
return getAuthnRequestType(is);
}
-
/**
* Get a Request Type from Input Stream
* @param is
* @return
+ * @throws SAXException
+ * @throws JAXBException
* @throws Exception
* @throws IllegalArgumentException inputstream is null
*/
@SuppressWarnings("unchecked")
- public RequestAbstractType getRequestType(InputStream is) throws Exception
+ public RequestAbstractType getRequestType(InputStream is) throws JAXBException, SAXException
{
if(is == null)
throw new IllegalStateException("InputStream is null");
@@ -108,11 +115,13 @@
* Get the AuthnRequestType from an input stream
* @param is Inputstream containing the AuthnRequest
* @return
+ * @throws SAXException
+ * @throws JAXBException
* @throws Exception
* @throws IllegalArgumentException inputstream is null
*/
@SuppressWarnings("unchecked")
- public AuthnRequestType getAuthnRequestType(InputStream is) throws Exception
+ public AuthnRequestType getAuthnRequestType(InputStream is) throws JAXBException, SAXException
{
if(is == null)
throw new IllegalStateException("InputStream is null");
@@ -128,9 +137,10 @@
* Create a Logout Request
* @param issuer
* @return
+ * @throws DatatypeConfigurationException
* @throws Exception
*/
- public LogoutRequestType createLogoutRequest(String issuer) throws Exception
+ public LogoutRequestType createLogoutRequest(String issuer) throws DatatypeConfigurationException
{
org.jboss.identity.federation.saml.v2.protocol.ObjectFactory of
= new org.jboss.identity.federation.saml.v2.protocol.ObjectFactory();
@@ -149,9 +159,10 @@
* Parse an XACML Authorization Decision Query from an xml file
* @param resourceName
* @return
+ * @throws JAXBException
* @throws Exception
*/
- public XACMLAuthzDecisionQueryType parseXACMLDecisionQuery(String resourceName) throws Exception
+ public XACMLAuthzDecisionQueryType parseXACMLDecisionQuery(String resourceName) throws JAXBException
{
ClassLoader tcl = SecurityActions.getContextClassLoader();
InputStream is = tcl.getResourceAsStream(resourceName);
@@ -162,10 +173,11 @@
* XACMLAuthorizationDecisionQuery from an input stream
* @param is The InputStream where the xacml query exists
* @return
+ * @throws JAXBException
* @throws Exception
*/
@SuppressWarnings("unchecked")
- public XACMLAuthzDecisionQueryType parseXACMLDecisionQuery(InputStream is) throws Exception
+ public XACMLAuthzDecisionQueryType parseXACMLDecisionQuery(InputStream is) throws JAXBException
{
if(is == null)
throw new IllegalArgumentException("Inputstream is null");
@@ -191,9 +203,11 @@
* Marshall the AuthnRequestType to an output stream
* @param requestType
* @param os
+ * @throws JAXBException
+ * @throws SAXException
* @throws Exception
*/
- public void marshall(RequestAbstractType requestType, OutputStream os) throws Exception
+ public void marshall(RequestAbstractType requestType, OutputStream os) throws SAXException, JAXBException
{
String key = JBossIdentityFederationConstants.JAXB_SCHEMA_VALIDATION;
boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key, "false"));
@@ -207,9 +221,11 @@
* Marshall the AuthnRequestType to a writer
* @param requestType
* @param writer
+ * @throws JAXBException
+ * @throws SAXException
* @throws Exception
*/
- public void marshall(RequestAbstractType requestType, Writer writer) throws Exception
+ public void marshall(RequestAbstractType requestType, Writer writer) throws SAXException, JAXBException
{
String key = JBossIdentityFederationConstants.JAXB_SCHEMA_VALIDATION;
boolean validate = Boolean.parseBoolean(SecurityActions.getSystemProperty(key, "false"));
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-05-22 22:35:06 UTC (rev 510)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-05-22 22:35:53 UTC (rev 511)
@@ -29,6 +29,7 @@
import javax.xml.bind.Binder;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import javax.xml.datatype.XMLGregorianCalendar;
@@ -50,6 +51,7 @@
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.w3c.dom.Document;
import org.w3c.dom.Node;
+import org.xml.sax.SAXException;
/**
* API for dealing with SAML2 Response objects
@@ -187,7 +189,7 @@
* @param os
* @throws Exception
*/
- public void marshall(ResponseType responseType, OutputStream os) throws Exception
+ public void marshall(ResponseType responseType, OutputStream os) throws SAXException, JAXBException
{
Marshaller marshaller = JBossSAMLAuthnResponseFactory.getValidatingMarshaller();
JAXBElement<ResponseType> jaxb = SAMLProtocolFactory.getObjectFactory().createResponse(responseType);
15 years, 8 months
- 1
- 0
JBoss Identity SVN: r510 - in identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings: servlets and 1 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-05-22 18:35:06 -0400 (Fri, 22 May 2009)
New Revision: 510
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/CircleOfTrustServlet.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
Log:
Circle of trust changes
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java 2009-05-22 22:34:41 UTC (rev 509)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java 2009-05-22 22:35:06 UTC (rev 510)
@@ -62,21 +62,23 @@
* @throws Exception
*/
PrivateKey getSigningKey() throws Exception;
-
+
/**
- * Get the Public Key corresponding to the signing key
+ * Get the certificate given an alias
+ * @param alias
* @return
* @throws Exception
*/
- PublicKey getPublicKeyForSignature() throws Exception;
-
+ Certificate getCertificate(String alias) throws Exception;
+
/**
- * Get the certificate associated with the signing key
+ * Get a Public Key given an alias
+ * @param alias
* @return
* @throws Exception
*/
- Certificate getCertificateForSignature() throws Exception;
-
+ PublicKey getPublicKey(String alias) throws Exception;
+
/**
* Given a domain, obtain a secret key
* @see {@code EncryptionKeyUtil}
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/CircleOfTrustServlet.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/CircleOfTrustServlet.java 2009-05-22 22:34:41 UTC (rev 509)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/CircleOfTrustServlet.java 2009-05-22 22:35:06 UTC (rev 510)
@@ -105,7 +105,48 @@
throw new ServletException(e);
}
}
+ if("display_trusted_providers".equalsIgnoreCase(action))
+ {
+ try
+ {
+ displayTrustedProvidersForSP(req,resp);
+ req.getRequestDispatcher("/spTrustedProviders.jsp").forward(req, resp);
+ }
+ catch (Exception e)
+ {
+ throw new ServletException(e);
+ }
+ }
}
+ else
+ //IDP
+ if("idp".equalsIgnoreCase(type))
+ {
+ if("add".equalsIgnoreCase(action))
+ {
+ try
+ {
+ addSP(req,resp);
+ req.getRequestDispatcher("/addedSP.jsp").forward(req, resp);
+ }
+ catch (Exception e)
+ {
+ throw new ServletException(e);
+ }
+ }
+ if("display_trusted_providers".equalsIgnoreCase(action))
+ {
+ try
+ {
+ displayTrustedProvidersForIDP(req,resp);
+ req.getRequestDispatcher("/idpTrustedProviders.jsp").forward(req, resp);
+ }
+ catch (Exception e)
+ {
+ throw new ServletException(e);
+ }
+ }
+ }
}
private void addIDP(HttpServletRequest request, HttpServletResponse response) throws Exception
@@ -113,19 +154,9 @@
String spName = request.getParameter("spname");
String idpName = request.getParameter("idpname");
String metadataURL = request.getParameter("metadataURL");
- InputStream is = null;
-
- URL md = new URL(metadataURL);
- HttpURLConnection http = (HttpURLConnection) md.openConnection();
- http.setInstanceFollowRedirects(true);
- is = http.getInputStream();
-
- Unmarshaller un = MetaDataBuilder.getUnmarshaller();
- JAXBElement<?> j = (JAXBElement<?>) un.unmarshal(is);
- Object obj = j.getValue();
- if(obj instanceof EntityDescriptorType == false)
- throw new RuntimeException("Unsupported type:"+ obj.getClass());
- EntityDescriptorType edt = (EntityDescriptorType) obj;
+
+ EntityDescriptorType edt = getMetaData(metadataURL);
+
configProvider.persist(edt, idpName);
HttpSession httpSession = request.getSession();
@@ -135,7 +166,7 @@
Map<String,String> trustedProviders = new HashMap<String, String>();
try
{
- configProvider.loadTrustedProviders(spName);
+ trustedProviders = configProvider.loadTrustedProviders(spName);
}
catch(Exception e)
{
@@ -147,4 +178,74 @@
configProvider.persistTrustedProviders(spName, trustedProviders);
}
}
+
+ private void addSP(HttpServletRequest request, HttpServletResponse response) throws Exception
+ {
+ String idpName = request.getParameter("idpname");
+ String spName = request.getParameter("spname");
+ String metadataURL = request.getParameter("metadataURL");
+
+ EntityDescriptorType edt = getMetaData(metadataURL);
+ configProvider.persist(edt, spName);
+
+ HttpSession httpSession = request.getSession();
+ httpSession.setAttribute("sp", edt);
+
+ //Let us add the trusted providers
+ Map<String,String> trustedProviders = new HashMap<String, String>();
+ try
+ {
+ trustedProviders = configProvider.loadTrustedProviders(spName);
+ }
+ catch(Exception e)
+ {
+ log("Error obtaining the trusted providers for "+spName);
+ }
+ finally
+ {
+ trustedProviders.put(spName, metadataURL);
+ configProvider.persistTrustedProviders(idpName, trustedProviders);
+ }
+ }
+
+
+ private EntityDescriptorType getMetaData(String metadataURL) throws Exception
+ {
+ InputStream is;
+ URL md = new URL(metadataURL);
+ HttpURLConnection http = (HttpURLConnection) md.openConnection();
+ http.setInstanceFollowRedirects(true);
+ is = http.getInputStream();
+
+ Unmarshaller un = MetaDataBuilder.getUnmarshaller();
+ JAXBElement<?> j = (JAXBElement<?>) un.unmarshal(is);
+ Object obj = j.getValue();
+ if(obj instanceof EntityDescriptorType == false)
+ throw new RuntimeException("Unsupported type:"+ obj.getClass());
+ EntityDescriptorType edt = (EntityDescriptorType) obj;
+ return edt;
+ }
+
+ private void displayTrustedProvidersForIDP(HttpServletRequest request, HttpServletResponse response) throws Exception
+ {
+ String idpName = request.getParameter("name");
+
+ Map<String, String> trustedProviders = configProvider.loadTrustedProviders(idpName);
+
+ HttpSession httpSession = request.getSession();
+ httpSession.setAttribute("idpName", idpName);
+ httpSession.setAttribute("providers", trustedProviders);
+ }
+
+ private void displayTrustedProvidersForSP(HttpServletRequest request, HttpServletResponse response) throws Exception
+ {
+ String spName = request.getParameter("name");
+
+ Map<String, String> trustedProviders = configProvider.loadTrustedProviders(spName);
+
+ HttpSession httpSession = request.getSession();
+ httpSession.setAttribute("spName", spName);
+ httpSession.setAttribute("providers", trustedProviders);
+ }
+
}
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java 2009-05-22 22:34:41 UTC (rev 509)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java 2009-05-22 22:35:06 UTC (rev 510)
@@ -50,6 +50,7 @@
import org.jboss.identity.federation.bindings.providers.IMetadataProvider;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.jboss.identity.federation.core.util.XMLEncryptionUtil;
import org.jboss.identity.federation.saml.v2.metadata.EntityDescriptorType;
import org.jboss.identity.federation.saml.v2.metadata.KeyDescriptorType;
import org.jboss.identity.federation.saml.v2.metadata.RoleDescriptorType;
@@ -138,7 +139,7 @@
this.keyManager = (TrustKeyManager) clazz.newInstance();
keyManager.setAuthProperties(keyProvider.getAuth());
- Certificate cert = keyManager.getCertificateForSignature();
+ Certificate cert = keyManager.getCertificate(signingAlias);
KeyInfoType keyInfo = KeyUtil.getKeyInfo(cert);
//TODO: Assume just signing key for now
@@ -146,6 +147,18 @@
null, 0, true, false);
updateKeyDescriptor(metadata, keyDescriptor);
+
+ //encryption
+ if(this.encryptingAlias != null)
+ {
+ cert = keyManager.getCertificate(encryptingAlias);
+ keyInfo = KeyUtil.getKeyInfo(cert);
+ String certAlgo = cert.getPublicKey().getAlgorithm();
+ keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo,
+ XMLEncryptionUtil.getEncryptionURL(certAlgo),
+ XMLEncryptionUtil.getEncryptionKeySize(certAlgo), false, true);
+ updateKeyDescriptor(metadata, keyDescriptor);
+ }
}
catch(Exception e)
{
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-05-22 22:34:41 UTC (rev 509)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-05-22 22:35:06 UTC (rev 510)
@@ -87,29 +87,31 @@
return (PrivateKey) ks.getKey(this.signingAlias, this.signingKeyPass);
}
-
/**
- * @see TrustKeyManager#getPublicKeyForSignature()
+ * @see TrustKeyManager#getCertificate(String)
*/
- public PublicKey getPublicKeyForSignature() throws Exception
+ public Certificate getCertificate(String alias) throws Exception
{
if(ks == null)
this.setUpKeyStore();
if(ks == null)
throw new IllegalStateException("KeyStore is null");
- return ks.getCertificate(signingAlias).getPublicKey();
- }
-
- public Certificate getCertificateForSignature() throws Exception
+ return ks.getCertificate(alias);
+ }
+
+ /**
+ * @see TrustKeyManager#getPublicKey(String)
+ */
+ public PublicKey getPublicKey(String alias) throws Exception
{
if(ks == null)
this.setUpKeyStore();
if(ks == null)
throw new IllegalStateException("KeyStore is null");
- return ks.getCertificate(signingAlias);
- }
+ return ks.getCertificate(alias).getPublicKey();
+ }
/**
* @see TrustKeyManager#getValidatingKey(String)
15 years, 8 months
- 1
- 0
JBoss Identity SVN: r509 - identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-05-22 18:34:41 -0400 (Fri, 22 May 2009)
New Revision: 509
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java
Log:
JBID-111: project specific exceptions
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java 2009-05-22 22:32:44 UTC (rev 508)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java 2009-05-22 22:34:41 UTC (rev 509)
@@ -21,6 +21,7 @@
*/
package org.jboss.identity.federation.bindings.util;
+import java.io.IOException;
import java.io.InputStream;
import java.net.URLDecoder;
import java.net.URLEncoder;
@@ -41,7 +42,7 @@
* @return
* @throws Exception
*/
- public static String urlEncode(String str) throws Exception
+ public static String urlEncode(String str) throws IOException
{
return URLEncoder.encode(str, "UTF-8");
}
@@ -52,7 +53,7 @@
* @return
* @throws Exception
*/
- public static String urlDecode(String str) throws Exception
+ public static String urlDecode(String str) throws IOException
{
return URLDecoder.decode(str, "UTF-8");
}
@@ -61,9 +62,10 @@
* On the byte array, apply base64 encoding following by URL encoding
* @param stringToEncode
* @return
+ * @throws IOException
* @throws Exception
*/
- public static String base64URLEncode(byte[] stringToEncode) throws Exception
+ public static String base64URLEncode(byte[] stringToEncode) throws IOException
{
String base64Request = Base64.encodeBytes(stringToEncode, Base64.DONT_BREAK_LINES);
return urlEncode(base64Request);
@@ -73,9 +75,10 @@
* On the byte array, apply URL decoding followed by base64 decoding
* @param encodedString
* @return
+ * @throws IOException
* @throws Exception
*/
- public static byte[] urlBase64Decode(String encodedString) throws Exception
+ public static byte[] urlBase64Decode(String encodedString) throws IOException
{
String decodedString = urlDecode(encodedString);
return Base64.decode(decodedString);
@@ -85,9 +88,11 @@
* Apply deflate compression followed by base64 encoding and URL encoding
* @param stringToEncode
* @return
+ * @throws IOException
+ * @throws IOException
* @throws Exception
*/
- public static String deflateBase64URLEncode(String stringToEncode) throws Exception
+ public static String deflateBase64URLEncode(String stringToEncode) throws IOException
{
return deflateBase64URLEncode(stringToEncode.getBytes("UTF-8"));
}
@@ -98,7 +103,7 @@
* @return
* @throws Exception
*/
- public static String deflateBase64URLEncode(byte[] stringToEncode) throws Exception
+ public static String deflateBase64URLEncode(byte[] stringToEncode) throws IOException
{
byte[] deflatedMsg = DeflateUtil.encode(stringToEncode);
return base64URLEncode(deflatedMsg);
@@ -108,9 +113,10 @@
* Apply URL decoding, followed by base64 decoding followed by deflate decompression
* @param encodedString
* @return
+ * @throws IOException
* @throws Exception
*/
- public static InputStream urlBase64DeflateDecode(String encodedString) throws Exception
+ public static InputStream urlBase64DeflateDecode(String encodedString) throws IOException
{
byte[] deflatedString = urlBase64Decode(encodedString);
return DeflateUtil.decode(deflatedString);
@@ -122,7 +128,7 @@
* @return
* @throws Exception
*/
- public static InputStream base64DeflateDecode(String encodedString) throws Exception
+ public static InputStream base64DeflateDecode(String encodedString)
{
byte[] base64decodedMsg = Base64.decode(encodedString);
return DeflateUtil.decode(base64decodedMsg);
15 years, 8 months
- 1
- 0
JBoss Identity SVN: r508 - in identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2: util and 1 other directory.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-05-22 18:32:44 -0400 (Fri, 22 May 2009)
New Revision: 508
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLBaseFactory.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java
Log:
JBID-111: project specific exceptions
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2009-05-22 22:32:21 UTC (rev 507)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2009-05-22 22:32:44 UTC (rev 508)
@@ -22,14 +22,17 @@
package org.jboss.identity.federation.core.saml.v2.factories;
import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
+import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.XMLGregorianCalendar;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.xml.sax.SAXException;
/**
* Factory for SAML2 AuthnRequest
@@ -57,10 +60,11 @@
* @param assertionConsumerURL URL of the requestor where the response assertion is requested
* @param issuerValue URL of the issuer
* @return
+ * @throws DatatypeConfigurationException
* @throws Exception
*/
public static AuthnRequestType createAuthnRequestType(String id,
- String assertionConsumerURL, String destination, String issuerValue) throws Exception
+ String assertionConsumerURL, String destination, String issuerValue) throws DatatypeConfigurationException
{
XMLGregorianCalendar issueInstant = XMLTimeUtil.getIssueInstant();
@@ -95,9 +99,11 @@
* Get the validating marshaller
* @param schemaValidation Whether schema validation is needed
* @return
+ * @throws JAXBException
+ * @throws SAXException
* @throws Exception
*/
- public static Marshaller getValidatingMarshaller(boolean schemaValidation) throws Exception
+ public static Marshaller getValidatingMarshaller(boolean schemaValidation) throws SAXException, JAXBException
{
if(schemaValidation)
return JBossSAMLBaseFactory.getValidatingMarshaller(pkgName, schemaLocation);
@@ -109,9 +115,11 @@
* Get the validating unmarshaller
* @param schemaValidation whether schema validation is needed
* @return
+ * @throws SAXException
+ * @throws JAXBException
* @throws Exception
*/
- public static Unmarshaller getValidatingUnmarshaller(boolean schemaValidation) throws Exception
+ public static Unmarshaller getValidatingUnmarshaller(boolean schemaValidation) throws JAXBException, SAXException
{
if(schemaValidation)
return JBossSAMLBaseFactory.getValidatingUnmarshaller(pkgName, schemaLocation);
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2009-05-22 22:32:21 UTC (rev 507)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2009-05-22 22:32:44 UTC (rev 508)
@@ -22,8 +22,10 @@
package org.jboss.identity.federation.core.saml.v2.factories;
import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
+import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.XMLGregorianCalendar;
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
@@ -38,6 +40,7 @@
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.jboss.identity.federation.saml.v2.protocol.StatusCodeType;
import org.jboss.identity.federation.saml.v2.protocol.StatusType;
+import org.xml.sax.SAXException;
/**
* Factory for the SAML v2 Authn Response
@@ -121,8 +124,8 @@
return responseType;
}
- public static ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, AssertionType assertionType)
- throws Exception
+ public static ResponseType createResponseType(String ID, IssuerInfoHolder issuerInfo, AssertionType assertionType)
+ throws DatatypeConfigurationException
{
ResponseType responseType = SAMLProtocolFactory.getObjectFactory().createResponseType();
responseType.setVersion(issuerInfo.getSamlVersion());
@@ -157,7 +160,7 @@
* @return
* @throws Exception
*/
- public static Marshaller getValidatingMarshaller() throws Exception
+ public static Marshaller getValidatingMarshaller() throws JAXBException, SAXException
{
return JBossSAMLBaseFactory.getValidatingMarshaller(pkgName, schemaLocation);
}
@@ -165,9 +168,11 @@
/**
* Get the JAXB2 Unmarshaller
* @return
+ * @throws SAXException
+ * @throws JAXBException
* @throws Exception
*/
- public static Unmarshaller getValidatingUnmarshaller() throws Exception
+ public static Unmarshaller getValidatingUnmarshaller() throws JAXBException, SAXException
{
return JBossSAMLBaseFactory.getValidatingUnmarshaller(pkgName, schemaLocation);
}
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLBaseFactory.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLBaseFactory.java 2009-05-22 22:32:21 UTC (rev 507)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/JBossSAMLBaseFactory.java 2009-05-22 22:32:44 UTC (rev 508)
@@ -25,6 +25,7 @@
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
import javax.xml.datatype.XMLGregorianCalendar;
@@ -40,6 +41,7 @@
import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationDataType;
import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType;
import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
+import org.xml.sax.SAXException;
/**
* Base methods for the factories
@@ -168,7 +170,7 @@
* @throws Exception
*/
public static Marshaller getMarshaller(String pkgName)
- throws Exception
+ throws JAXBException
{
if(pkgName == null)
throw new IllegalArgumentException("pkgName is null");
@@ -184,10 +186,11 @@
* @param pkgName The package name for the jaxb context
* @param schemaLocation location of the schema to validate against
* @return Marshaller
+ * @throws SAXException
* @throws Exception
*/
- public static Marshaller getValidatingMarshaller(String pkgName, String schemaLocation)
- throws Exception
+ public static Marshaller getValidatingMarshaller(String pkgName, String schemaLocation)
+ throws SAXException, JAXBException
{
Marshaller marshaller = getMarshaller(pkgName);
marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
@@ -207,9 +210,10 @@
* Get the JAXB Unmarshaller
* @param pkgName The package name for the jaxb context
* @return unmarshaller
+ * @throws JAXBException
* @throws Exception
*/
- public static Unmarshaller getUnmarshaller(String pkgName) throws Exception
+ public static Unmarshaller getUnmarshaller(String pkgName) throws JAXBException
{
if(pkgName == null)
throw new IllegalArgumentException("pkgName is null");
@@ -222,10 +226,12 @@
* @param pkgName The package name for the jaxb context
* @param schemaLocation location of the schema to validate against
* @return unmarshaller
+ * @throws JAXBException
+ * @throws SAXException
* @throws Exception
*/
- public static Unmarshaller getValidatingUnmarshaller(String pkgName, String schemaLocation)
- throws Exception
+ public static Unmarshaller getValidatingUnmarshaller(String pkgName, String schemaLocation)
+ throws JAXBException, SAXException
{
Unmarshaller unmarshaller = getUnmarshaller(pkgName);
//Validate against schema
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2009-05-22 22:32:21 UTC (rev 507)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java 2009-05-22 22:32:44 UTC (rev 508)
@@ -29,7 +29,6 @@
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
-import org.apache.log4j.Logger;
import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.ObjectFactory;
import org.jboss.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
import org.jboss.identity.federation.saml.v2.profiles.xacml.protocol.XACMLAuthzDecisionQueryType;
@@ -42,9 +41,7 @@
* @since Jan 28, 2009
*/
public class SOAPSAMLXACMLUtil
-{
- private static Logger log = Logger.getLogger(SOAPSAMLXACMLUtil.class);
-
+{
private static String SOAP_PKG = "org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope";
private static String SAML_PROTO_PKG = "org.jboss.identity.federation.saml.v2.protocol";
private static String XACML_CTX_PKG = "org.jboss.security.xacml.core.model.context";
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java 2009-05-22 22:32:21 UTC (rev 507)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/XMLTimeUtil.java 2009-05-22 22:32:44 UTC (rev 508)
@@ -24,6 +24,7 @@
import java.util.GregorianCalendar;
import java.util.TimeZone;
+import javax.xml.datatype.DatatypeConfigurationException;
import javax.xml.datatype.DatatypeConstants;
import javax.xml.datatype.DatatypeFactory;
import javax.xml.datatype.Duration;
@@ -58,9 +59,10 @@
* to "GMT"
* @param timezone
* @return
+ * @throws DatatypeConfigurationException
* @throws Exception
*/
- public static XMLGregorianCalendar getIssueInstant(String timezone) throws Exception
+ public static XMLGregorianCalendar getIssueInstant(String timezone) throws DatatypeConfigurationException
{
TimeZone tz = TimeZone.getTimeZone(timezone);
DatatypeFactory dtf = DatatypeFactory.newInstance();
@@ -74,8 +76,9 @@
/**
* Get the current instant of time
* @return
+ * @throws DatatypeConfigurationException
*/
- public static XMLGregorianCalendar getIssueInstant() throws Exception
+ public static XMLGregorianCalendar getIssueInstant() throws DatatypeConfigurationException
{
return getIssueInstant(TimeZone.getDefault().getID());
}
15 years, 8 months
- 1
- 0
JBoss Identity SVN: r507 - in identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core: util and 1 other directory.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-05-22 18:32:21 -0400 (Fri, 22 May 2009)
New Revision: 507
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLEncryptionUtil.java
Log:
new version of xmlenc util
Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLEncryptionUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLEncryptionUtil.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLEncryptionUtil.java 2009-05-22 22:32:21 UTC (rev 507)
@@ -0,0 +1,88 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.util;
+
+import java.util.HashMap;
+
+import org.apache.xml.security.encryption.XMLCipher;
+
+/**
+ * Utility for XML Encryption
+ * @author Anil.Saldhana(a)redhat.com
+ * @since May 4, 2009
+ */
+public class XMLEncryptionUtil
+{
+ private static HashMap <String, EncryptionAlgorithm> algorithms
+ = new HashMap<String, EncryptionAlgorithm>(4);
+
+ private static class EncryptionAlgorithm
+ {
+ EncryptionAlgorithm(String jceName, String xmlSecName, int size)
+ {
+ this.jceName = jceName;
+ this.xmlSecName = xmlSecName;
+ this.size = size;
+ }
+
+ public String jceName;
+ public String xmlSecName;
+ public int size;
+ }
+
+ static
+ {
+ algorithms.put("aes-128", new EncryptionAlgorithm("AES", XMLCipher.AES_128, 128));
+ algorithms.put("aes-192", new EncryptionAlgorithm("AES", XMLCipher.AES_192, 192));
+ algorithms.put("aes-256", new EncryptionAlgorithm("AES", XMLCipher.AES_256, 256));
+ algorithms.put("aes", new EncryptionAlgorithm("AES", XMLCipher.AES_256, 256));
+
+ algorithms.put("tripledes", new EncryptionAlgorithm("TripleDes",
+ XMLCipher.TRIPLEDES, 168));
+ }
+
+ /**
+ * Given the JCE algorithm, get the XML Encryption URL
+ * @param certAlgo
+ * @return
+ */
+ public static String getEncryptionURL(String certAlgo)
+ {
+ EncryptionAlgorithm ea = algorithms.get(certAlgo);
+ if(ea == null)
+ throw new RuntimeException("Unknown jce algorithm:" + certAlgo);
+ return ea.xmlSecName;
+ }
+
+ /**
+ * Given the JCE algorithm, get the XML Encryption KeySize
+ * @param certAlgo
+ * @return
+ */
+ public static int getEncryptionKeySize(String certAlgo)
+ {
+ EncryptionAlgorithm ea = algorithms.get(certAlgo);
+ if(ea == null)
+ throw new RuntimeException("Unknown jce algorithm:" + certAlgo);
+ return ea.size;
+ }
+}
\ No newline at end of file
15 years, 8 months
- 1
- 0