Author: sguilhen(a)redhat.com
Date: 2009-06-02 20:05:55 -0400 (Tue, 02 Jun 2009)
New Revision: 564
Added:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/keystore/sts_keystore.jks
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java
Log:
JBID-124: Added SAMLV2.0 assertion validation logic to SAML20TokenProvider. Updated the
tests to showcase the validation.
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-06-02
21:39:22 UTC (rev 563)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-06-03
00:05:55 UTC (rev 564)
@@ -40,10 +40,12 @@
import org.jboss.identity.federation.api.wstrust.STSConfiguration;
import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider;
import org.jboss.identity.federation.api.wstrust.StandardRequestHandler;
+import org.jboss.identity.federation.api.wstrust.WSTrustConstants;
import org.jboss.identity.federation.api.wstrust.WSTrustException;
import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory;
import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler;
import org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider;
+import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil;
import org.jboss.identity.federation.bindings.jboss.subject.JBossIdentityPrincipal;
import org.jboss.identity.federation.bindings.jboss.wstrust.JBossSTS;
import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse;
@@ -63,6 +65,8 @@
import org.jboss.identity.federation.ws.policy.AppliesTo;
import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.jboss.identity.federation.ws.trust.ValidateTargetType;
import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType;
import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType;
import org.w3c.dom.Element;
@@ -149,8 +153,7 @@
SecurityTokenProvider provider =
config.getProviderForTokenType("http://www.tokens.org/SpecialToken&q...;
assertNotNull("Unexpected null token provider", provider);
assertTrue("Unexpected token provider type", provider instanceof
SpecialTokenProvider);
- provider = config
-
.getProviderForTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
+ provider = config.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE);
assertNotNull("Unexpected null token provider", provider);
assertTrue("Unexpected token provider type", provider instanceof
SAML20TokenProvider);
assertNull(config.getProviderForTokenType("unexistentType"));
@@ -158,9 +161,8 @@
// check the service provider -> token type mapping.
assertEquals("Invalid token type for service provider 1",
"http://www.tokens.org/SpecialToken", config
.getTokenTypeForService("http://services.testcorp.org/provider1"));
- assertEquals("Invalid token type for service provider 2",
-
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0",
config
-
.getTokenTypeForService("http://services.testcorp.org/provider2"));
+ assertEquals("Invalid token type for service provider 2",
SAMLUtil.SAML2_TOKEN_TYPE, config
+
.getTokenTypeForService("http://services.testcorp.org/provider2"));
assertNull(config.getTokenTypeForService("http://invalid.service/service"));
// check the service provider -> token provider mapping.
@@ -201,7 +203,8 @@
public void testInvokeCustom() throws Exception
{
// create a simple token request, asking for a "special" test token.
- RequestSecurityToken request = this.createRequest("testcontext",
"http://www.tokens.org/SpecialToken", null);
+ RequestSecurityToken request = this.createRequest("testcontext",
WSTrustConstants.ISSUE_REQUEST,
+ "http://www.tokens.org/SpecialToken", null);
// use the factory to marshall the request.
WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
@@ -226,7 +229,7 @@
*
xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
*
xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
* ID="ID-cc541137-74dc-4fc0-8bcc-7e9e3a4c899d"
- *
IssueInstant="2009-05-29T18:02:13.458-03:00">
+ * IssueInstant="2009-05-29T18:02:13.458Z">
* <saml2:Issuer>
* JBossSTS
* </saml2:Issuer>
@@ -236,13 +239,16 @@
* </saml2:NameID>
* <saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
* </saml2:Subject>
- * <saml2:Conditions
NotBefore="2009-05-29T18:02:13.458-03:00"
NotOnOrAfter="2009-05-29T19:02:13.458-03:00">
+ * <saml2:Conditions NotBefore="2009-05-29T18:02:13.458Z"
NotOnOrAfter="2009-05-29T19:02:13.458Z">
* <saml2:AudienceRestriction>
* <saml2:Audience>
*
http://services.testcorp.org/provider2
* </saml2:Audience>
* </saml2:AudienceRestriction>
* </saml2:Conditions>
+ * <ds:Signature>
+ * ...
+ * </ds:Signature>
* </saml2:Assertion>
* </pre>
*
@@ -253,8 +259,8 @@
public void testInvokeSAML20() throws Exception
{
// create a simple token request, asking for a SAMLv2.0 token.
- RequestSecurityToken request = this.createRequest("testcontext",
-
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0",
null);
+ RequestSecurityToken request = this.createRequest("testcontext",
WSTrustConstants.ISSUE_REQUEST,
+ SAMLUtil.SAML2_TOKEN_TYPE, null);
// use the factory to marshall the request.
WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
@@ -281,7 +287,8 @@
public void testInvokeCustomAppliesTo() throws Exception
{
// create a simple token request, this time using the applies to get to the token
type.
- RequestSecurityToken request = this.createRequest("testcontext", null,
"http://services.testcorp.org/provider1");
+ RequestSecurityToken request = this.createRequest("testcontext",
WSTrustConstants.ISSUE_REQUEST, null,
+ "http://services.testcorp.org/provider1");
// use the factory to marshall the request.
WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
@@ -307,7 +314,8 @@
*/
public void testInvokeSAML20AppliesTo() throws Exception
{
- RequestSecurityToken request = this.createRequest("testcontext", null,
"http://services.testcorp.org/provider2");
+ RequestSecurityToken request = this.createRequest("testcontext",
WSTrustConstants.ISSUE_REQUEST, null,
+ "http://services.testcorp.org/provider2");
// use the factory to marshall the request.
WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
@@ -335,6 +343,73 @@
/**
* <p>
+ * This test case first generates a SAMLV2.0 assertion and then sends a WS-Trust
validate message to the STS to get
+ * the assertion validated, checking the validation results.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testInvokeSAML20Validate() throws Exception
+ {
+ // create a simple token request, this time using the applies to get to the token
type.
+ RequestSecurityToken request = this.createRequest("testcontext",
WSTrustConstants.ISSUE_REQUEST,
+ SAMLUtil.SAML2_TOKEN_TYPE, null);
+
+ // use the factory to marshall the request.
+ WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
+ Source requestMessage = factory.marshallRequestSecurityToken(request);
+
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ BaseRequestSecurityTokenResponse baseResponse = WSTrustJAXBFactory.getInstance()
+ .parseRequestSecurityTokenResponse(responseMessage);
+
+ // get the SAML assertion from the request.
+ RequestSecurityTokenResponseCollection collection =
(RequestSecurityTokenResponseCollection) baseResponse;
+ Element assertion = (Element)
collection.getRequestSecurityTokenResponses().get(0).getRequestedSecurityToken()
+ .getAny();
+
+ // now construct a WS-Trust validate request with the generated assertion.
+ request = this.createRequest("validatecontext",
WSTrustConstants.VALIDATE_REQUEST, WSTrustConstants.STATUS_TYPE,
+ null);
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.setAny(assertion);
+ request.setValidateTarget(validateTarget);
+
+ // invoke the token service.
+ responseMessage =
this.tokenService.invoke(factory.marshallRequestSecurityToken(request));
+ baseResponse =
WSTrustJAXBFactory.getInstance().parseRequestSecurityTokenResponse(responseMessage);
+
+ // validate the response contents.
+ assertNotNull("Unexpected null response", baseResponse);
+ assertTrue("Unexpected response type", baseResponse instanceof
RequestSecurityTokenResponseCollection);
+ collection = (RequestSecurityTokenResponseCollection) baseResponse;
+ assertEquals("Unexpected number of responses", 1,
collection.getRequestSecurityTokenResponses().size());
+ RequestSecurityTokenResponse response =
collection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected response context", "validatecontext",
response.getContext());
+ assertEquals("Unexpected token type", WSTrustConstants.STATUS_TYPE,
response.getTokenType().toString());
+ StatusType status = response.getStatus();
+ assertNotNull("Unexpected null status", status);
+ assertEquals("Unexpected status code",
WSTrustConstants.STATUS_CODE_VALID, status.getCode());
+ assertEquals("Unexpected status reason", "SAMLV2.0 Assertion
successfuly validated", status.getReason());
+
+ // now let's temper the SAML assertion and try to validate it again.
+ assertion.getFirstChild().getFirstChild().setNodeValue("Tempered
Issuer");
+ responseMessage =
this.tokenService.invoke(factory.marshallRequestSecurityToken(request));
+ collection = (RequestSecurityTokenResponseCollection)
WSTrustJAXBFactory.getInstance()
+ .parseRequestSecurityTokenResponse(responseMessage);
+ assertEquals("Unexpected number of responses", 1,
collection.getRequestSecurityTokenResponses().size());
+ response = collection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected response context", "validatecontext",
response.getContext());
+ assertEquals("Unexpected token type", WSTrustConstants.STATUS_TYPE,
response.getTokenType().toString());
+ status = response.getStatus();
+ assertNotNull("Unexpected null status", status);
+ assertEquals("Unexpected status code",
WSTrustConstants.STATUS_CODE_INVALID, status.getCode());
+ assertEquals("Unexpected status reason", "Validation failure:
digital signature is invalid", status.getReason());
+ }
+
+ /**
+ * <p>
* This test tries to request a token of an unknown type, checking if an exception is
correctly thrown by the
* security token service.
* </p>
@@ -344,10 +419,8 @@
public void testInvokeUnknownTokenType() throws Exception
{
// create a simple token request, asking for an "unknown" test token.
- RequestSecurityToken request = new RequestSecurityToken();
- request.setContext("testcontext");
- request.setTokenType(new
URI("http://www.tokens.org/UnknownToken"));
- request.setRequestType(new
URI("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"));
+ RequestSecurityToken request = this.createRequest("testcontext",
WSTrustConstants.ISSUE_REQUEST,
+ "http://www.tokens.org/UnknownToken", null);
// use the factory to marshall the request.
WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
@@ -428,8 +501,7 @@
assertEquals("Unexpected number of responses", 1,
collection.getRequestSecurityTokenResponses().size());
RequestSecurityTokenResponse response =
collection.getRequestSecurityTokenResponses().get(0);
assertEquals("Unexpected response context", "testcontext",
response.getContext());
- assertEquals("Unexpected token type",
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0",
- response.getTokenType().toString());
+ assertEquals("Unexpected token type", SAMLUtil.SAML2_TOKEN_TYPE,
response.getTokenType().toString());
Lifetime lifetime = response.getLifetime();
assertNotNull("Unexpected null token lifetime", lifetime);
@@ -438,15 +510,12 @@
assertNotNull("Unexpected null attached reference", reference);
SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
assertNotNull("Unexpected null security reference", securityRef);
- String tokenTypeAttr = securityRef.getOtherAttributes().get(
- new
QName("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1....;,
"TokenType"));
+ String tokenTypeAttr = securityRef.getOtherAttributes().get(new
QName(WSTrustConstants.WSSE11_NS, "TokenType"));
assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
- assertEquals("TokenType attribute has an unexpected value",
-
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0",
tokenTypeAttr);
+ assertEquals("TokenType attribute has an unexpected value",
SAMLUtil.SAML2_TOKEN_TYPE, tokenTypeAttr);
JAXBElement<?> keyIdElement = (JAXBElement<?>)
securityRef.getAny().get(0);
KeyIdentifierType keyId = (KeyIdentifierType) keyIdElement.getValue();
- assertEquals("Unexpected key value type",
-
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID",
keyId.getValueType());
+ assertEquals("Unexpected key value type", SAMLUtil.SAML2_VALUE_TYPE,
keyId.getValueType());
assertNotNull("Unexpected null key identifier value", keyId.getValue());
// ====================================== SAMLV2.0 Assertion Validation
======================================//
@@ -481,13 +550,16 @@
assertEquals("Unexpected name id value", "sguilhen",
nameID.getValue());
assertEquals("Unexpected type found", SubjectConfirmationType.class,
content.get(1).getDeclaredType());
SubjectConfirmationType subjType = (SubjectConfirmationType)
content.get(1).getValue();
- assertEquals("Unexpected confirmation method",
"urn:oasis:names:tc:SAML:2.0:cm:bearer", subjType.getMethod());
+ assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_BEARER_URI,
subjType.getMethod());
// validate the assertion conditions.
assertNotNull("Unexpected null conditions", assertion.getConditions());
assertEquals(lifetime.getCreated(), assertion.getConditions().getNotBefore());
assertEquals(lifetime.getExpires(), assertion.getConditions().getNotOnOrAfter());
+ // verify if the assertion has been signed.
+ assertNotNull("Assertion should have been signed",
assertion.getSignature());
+
return assertion;
}
@@ -496,18 +568,20 @@
* Utility method that creates a simple WS-Trust request using the specified
information.
* </p>
*
- * @param context a {@code String} representing the request context.
- * @param tokenType a {@code String} representing the type of the requested token.
- * @param appliesToString a {@code String} representing the URL of a service
provider.
+ * @param context a {@code String} that represents the request context.
+ * @param requestType a {@code String} that represents the WS-Trust request type.
+ * @param tokenType a {@code String} that represents the requested token type.
+ * @param appliesToString a {@code String} that represents the URL of a service
provider.
* @return the constructed {@code RequestSecurityToken} object.
*/
- private RequestSecurityToken createRequest(String context, String tokenType, String
appliesToString)
+ private RequestSecurityToken createRequest(String context, String requestType, String
tokenType,
+ String appliesToString)
{
RequestSecurityToken request = new RequestSecurityToken();
request.setContext(context);
+ request.setRequestType(URI.create(requestType));
if (tokenType != null)
request.setTokenType(URI.create(tokenType));
-
request.setRequestType(URI.create("http://docs.oasis-open.org/ws-sx/...;
if (appliesToString != null)
{
AttributedURIType attributedURI = new AttributedURIType();
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-06-02
21:39:22 UTC (rev 563)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-06-03
00:05:55 UTC (rev 564)
@@ -25,6 +25,7 @@
import java.security.Principal;
import java.security.PublicKey;
+import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil;
import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
import org.jboss.identity.federation.ws.policy.AppliesTo;
@@ -152,8 +153,23 @@
public RequestSecurityTokenResponse validate(RequestSecurityToken request, Principal
callerPrincipal)
throws WSTrustException
{
- // TODO: implement validate logic.
- throw new UnsupportedOperationException();
+ if(request.getTokenType() == null)
+ request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
+
+ // TODO: get the provider using the token from the request.
+ SecurityTokenProvider provider =
this.configuration.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE);
+ WSTrustRequestContext context = new WSTrustRequestContext(request,
callerPrincipal);
+ context.setSTSKeyPair(this.configuration.getSTSKeyPair());
+
+ provider.validateToken(context);
+
+ RequestSecurityTokenResponse response = new RequestSecurityTokenResponse();
+ if (request.getContext() != null)
+ response.setContext(request.getContext());
+ response.setTokenType(request.getTokenType());
+ response.setStatus(context.getStatus());
+
+ return response;
}
/*
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java 2009-06-02
21:39:22 UTC (rev 563)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java 2009-06-03
00:05:55 UTC (rev 564)
@@ -30,20 +30,25 @@
*/
public class WSTrustConstants
{
- public final static String BASE_NAMESPACE =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512";
+ public static final String BASE_NAMESPACE =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512";
// WS-Trust request types.
- public final static String ISSUE_REQUEST = BASE_NAMESPACE + "/Issue";
- public final static String RENEW_REQUEST = BASE_NAMESPACE + "/Renew";
- public final static String CANCEL_REQUEST = BASE_NAMESPACE + "/Cancel";
- public final static String VALIDATE_REQUEST = BASE_NAMESPACE + "/Validate";
+ public static final String ISSUE_REQUEST = BASE_NAMESPACE + "/Issue";
+ public static final String RENEW_REQUEST = BASE_NAMESPACE + "/Renew";
+ public static final String CANCEL_REQUEST = BASE_NAMESPACE + "/Cancel";
+ public static final String VALIDATE_REQUEST = BASE_NAMESPACE + "/Validate";
+ // WS-Trust validation constants.
+ public static final String STATUS_TYPE = BASE_NAMESPACE + "/RSTR/Status";
+ public static final String STATUS_CODE_VALID = BASE_NAMESPACE +
"/status/valid";
+ public static final String STATUS_CODE_INVALID = BASE_NAMESPACE +
"/status/invalid";
+
// WSS namespaces values.
- public final static String WSA_NS = "http://www.w3.org/2005/08/addressing";
- public final static String WSU_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
- public final static String WSSE_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
- public final static String WSSE11_NS =
"http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
- public final static String XENC_NS = "http://www.w3.org/2001/04/xmlenc#";
- public final static String DSIG_NS = "http://www.w3.org/2000/09/xmldsig#";
- public final static String SAML2_ASSERTION_NS =
"urn:oasis:names:tc:SAML:2.0:assertion";
+ public static final String WSA_NS = "http://www.w3.org/2005/08/addressing";
+ public static final String WSU_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+ public static final String WSSE_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
+ public static final String WSSE11_NS =
"http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
+ public static final String XENC_NS = "http://www.w3.org/2001/04/xmlenc#";
+ public static final String DSIG_NS = "http://www.w3.org/2000/09/xmldsig#";
+ public static final String SAML2_ASSERTION_NS =
"urn:oasis:names:tc:SAML:2.0:assertion";
}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java 2009-06-02
21:39:22 UTC (rev 563)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java 2009-06-03
00:05:55 UTC (rev 564)
@@ -50,8 +50,11 @@
import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
import org.jboss.identity.federation.ws.policy.AppliesTo;
import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.jboss.identity.federation.ws.trust.ValidateTargetType;
import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
/**
* <p>
@@ -166,6 +169,75 @@
*/
public void validateToken(WSTrustRequestContext context) throws WSTrustException
{
- // TODO: implement validate logic.
+ // get the SAML assertion that must be validated.
+ ValidateTargetType validateTarget =
context.getRequestSecurityToken().getValidateTarget();
+ if(validateTarget == null)
+ throw new WSTrustException("Invalid validate message: missing required
ValidateTarget");
+ Element assertionElement = (Element) validateTarget.getAny();
+
+ String code = WSTrustConstants.STATUS_CODE_VALID;
+ String reason = "SAMLV2.0 Assertion successfuly validated";
+
+ if(!this.isAssertion(assertionElement))
+ {
+ code = WSTrustConstants.STATUS_CODE_INVALID;
+ reason = "Validation failure: supplied token is not a SAMLV2.0
Assertion";
+ }
+ else
+ {
+ AssertionType assertion = null;
+
+ // validate the SAML assertion digital signature.
+ KeyPair keyPair = context.getSTSKeyPair();
+ try
+ {
+ assertion = SAMLUtil.fromDocument(assertionElement.getOwnerDocument());
+ if(!XMLSignatureUtil.validate(SAMLUtil.toDocument(assertion),
keyPair.getPublic()))
+ {
+ code = WSTrustConstants.STATUS_CODE_INVALID;
+ reason = "Validation failure: digital signature is invalid";
+ }
+ }
+ catch (Exception e)
+ {
+ code = WSTrustConstants.STATUS_CODE_INVALID;
+ reason = "Validation failure: unable to verify digital signature: "
+ e.getMessage();
+ }
+
+ // if the signature is valid, check the lifetime.
+ try
+ {
+ if(!SAMLUtil.isLifetimeValid(assertion))
+ {
+ code = WSTrustConstants.STATUS_CODE_INVALID;
+ reason = "Validation failure: assertion expired or used before its
lifetime period";
+ }
+ }
+ catch(Exception e)
+ {
+ code = WSTrustConstants.STATUS_CODE_INVALID;
+ reason = "Validation failure: unable to verify assertion lifetime:
" + e.getMessage();
+ }
+ }
+
+ // construct the status and set it on the request context.
+ StatusType status = new StatusType();
+ status.setCode(code);
+ status.setReason(reason);
+ context.setStatus(status);
}
+
+ /**
+ * <p>
+ * Checks whether the specified element is a SAMLV2.0 assertion or not.
+ * </p>
+ *
+ * @param element the {@code Element} being verified.
+ * @return {@code true} if the element is a SAMLV2.0 assertion; {@code false}
otherwise.
+ */
+ private boolean isAssertion(Element element)
+ {
+ return element == null ? false :
"Assertion".equals(element.getLocalName())
+ &&
WSTrustConstants.SAML2_ASSERTION_NS.equals(element.getNamespaceURI());
+ }
}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java 2009-06-02
21:39:22 UTC (rev 563)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java 2009-06-03
00:05:55 UTC (rev 564)
@@ -21,13 +21,23 @@
*/
package org.jboss.identity.federation.api.wstrust.plugins.saml;
+import java.util.GregorianCalendar;
+
import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.datatype.DatatypeConfigurationException;
+import javax.xml.datatype.DatatypeConstants;
+import javax.xml.datatype.DatatypeFactory;
+import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.transform.dom.DOMResult;
import org.jboss.identity.federation.api.wstrust.WSTrustConstants;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
import org.w3c.dom.Document;
@@ -44,11 +54,11 @@
{
public static final String SAML2_BEARER_URI =
"urn:oasis:names:tc:SAML:2.0:cm:bearer";
-
+
public static final String SAML2_TOKEN_TYPE =
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
-
+
public static final String SAML2_VALUE_TYPE =
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";
-
+
/**
* <p>
* Utility method that marshals the specified {@code AssertionType} object into a
{@code Document} instance.
@@ -56,6 +66,7 @@
*
* @param assertion an {@code AssertionType} object representing the SAML assertion to
be marshaled.
* @return a reference to the {@code Document} that contains the marshaled SAML
assertion.
+ * @throws Exception if an error occurs while marshaling the assertion.
*/
public static Document toDocument(AssertionType assertion) throws Exception
{
@@ -66,12 +77,66 @@
Marshaller marshaller = jaxbContext.createMarshaller();
marshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper", new
DefaultPrefixMapper());
marshaller.marshal(new ObjectFactory().createAssertion(assertion), result);
-
+
return document;
}
/**
* <p>
+ * Utility method that unmarshals the specified {@code Document} into an {@code
AssertionType} instance.
+ * </p>
+ *
+ * @param document the {@code Document} that contains a marshaled SAMLV2.0 Assertion.
+ * @return a reference to the unmarshaled {@code AssertionType} instance.
+ * @throws JAXBException if an error occurs while unmarshaling the document.
+ */
+ public static AssertionType fromDocument(Document document) throws JAXBException
+ {
+ JAXBContext jaxbContext =
JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion");
+ Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+ Object object = unmarshaller.unmarshal(document);
+ if (object instanceof AssertionType)
+ return (AssertionType) object;
+ else if (object instanceof JAXBElement)
+ {
+ JAXBElement<?> element = (JAXBElement<?>) object;
+ if (element.getDeclaredType().equals(AssertionType.class))
+ return (AssertionType) element.getValue();
+ }
+ throw new IllegalArgumentException("Supplied document does not contain a
SAMLV2.0 Assertion");
+ }
+
+ /**
+ * <p>
+ * Checks if the specified assertion is being used within its lifetime period.
+ * </p>
+ *
+ * @param assertion the {@code AssertionType} whose lifetime is being validated.
+ * @return {@code true} if the specified assertion's lifetime is valid; {@code
false} otherwise.
+ * @throws DatatypeConfigurationException if a configuration error prevents us from
creating a
+ * {@code XMLGregorianCalendar} that represents the current time. This
object is compared to the lifetime
+ * boundaries specified by the assertion conditions.
+ */
+ public static boolean isLifetimeValid(AssertionType assertion) throws
DatatypeConfigurationException
+ {
+ DatatypeFactory factory = DatatypeFactory.newInstance();
+
+ // construct a XMLGregorianCalendar representing the current UTC time.
+ XMLGregorianCalendar currentTime = factory.newXMLGregorianCalendar(new
GregorianCalendar()).normalize();
+ ConditionsType conditions = assertion.getConditions();
+
+ // compare the current time with the conditions of the assertion.
+ XMLGregorianCalendar notBefore = conditions.getNotBefore();
+ XMLGregorianCalendar notOnOrAfter = conditions.getNotOnOrAfter();
+
+ boolean isNotBefore = currentTime.compare(notBefore) != DatatypeConstants.LESSER;
+ boolean isNotOnOrAfter = currentTime.compare(notOnOrAfter) ==
DatatypeConstants.LESSER;
+
+ return isNotBefore && isNotOnOrAfter;
+ }
+
+ /**
+ * <p>
* A {@code NamespacePrefixMapper} implementation that maps the most used namespaces
to commonly used prefixes.
* </p>
*
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java 2009-06-02
21:39:22 UTC (rev 563)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java 2009-06-03
00:05:55 UTC (rev 564)
@@ -21,8 +21,14 @@
*/
package org.jboss.test.identity.federation.api.wstrust;
+import java.io.InputStream;
import java.net.URI;
+import java.security.KeyPair;
+import java.security.KeyStore;
import java.security.Principal;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.GregorianCalendar;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
@@ -32,9 +38,12 @@
import junit.framework.TestCase;
import org.jboss.identity.federation.api.wstrust.StandardSecurityToken;
+import org.jboss.identity.federation.api.wstrust.WSTrustConstants;
import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext;
import org.jboss.identity.federation.api.wstrust.WSTrustUtil;
import org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider;
+import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil;
+import org.jboss.identity.federation.core.wstrust.Lifetime;
import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType;
@@ -43,6 +52,8 @@
import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType;
import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.jboss.identity.federation.ws.trust.ValidateTargetType;
import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType;
import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType;
import org.w3c.dom.Element;
@@ -64,16 +75,17 @@
*
* @throws Exception if an error occurs while running the test.
*/
- public void testIssueSAMLToken() throws Exception
+ public void testIssueSAMLV20Token() throws Exception
{
// create a WSTrustRequestContext with a simple WS-Trust request.
RequestSecurityToken request = new RequestSecurityToken();
request.setLifetime(WSTrustUtil.createDefaultLifetime(3600000));
request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.te...;
- request.setTokenType(new URI("urn:oasis:names:tc:SAML:2.0:assertion"));
+ request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
WSTrustRequestContext context = new WSTrustRequestContext(request, new
TestPrincipal("sguilhen"));
context.setTokenIssuer("JBossSTS");
+ context.setSTSKeyPair(this.getKeyPair("keystore/sts_keystore.jks",
"testpass", "sts", "keypass"));
// call the SAML token provider and check the generated token.
new SAML20TokenProvider().issueToken(context);
@@ -104,9 +116,9 @@
.getConditionOrAudienceRestrictionOrOneTimeUse().get(0);
assertNotNull("Unexpected null audience list",
restrictionType.getAudience());
assertEquals("Unexpected number of audience elements", 1,
restrictionType.getAudience().size());
- assertEquals("Unexpected audience value",
"http://services.testcorp.org/provider2",
- restrictionType.getAudience().get(0));
-
+ assertEquals("Unexpected audience value",
"http://services.testcorp.org/provider2", restrictionType.getAudience()
+ .get(0));
+
// check the contents of the assertion subject.
SubjectType subject = assertion.getSubject();
assertNotNull("Unexpected null subject", subject);
@@ -114,33 +126,166 @@
JAXBElement<?> content = subject.getContent().get(0);
assertEquals("Unexpected content type", NameIDType.class,
content.getDeclaredType());
NameIDType nameID = (NameIDType) content.getValue();
+ assertEquals("Unexpected name id qualifier",
"urn:jboss:identity-federation", nameID.getNameQualifier());
assertEquals("Unexpected name id", "sguilhen",
nameID.getValue());
content = subject.getContent().get(1);
assertEquals("Unexpected content type", SubjectConfirmationType.class,
content.getDeclaredType());
SubjectConfirmationType confirmation = (SubjectConfirmationType)
content.getValue();
- assertEquals("Unexpected confirmation method",
"urn:oasis:names:tc:SAML:2.0:cm:bearer", confirmation.getMethod());
-
+ assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_BEARER_URI,
confirmation.getMethod());
+
+ // verify if the assertion has been signed.
+ assertNotNull("Assertion should have been signed",
assertion.getSignature());
+
// validate the attached token reference created by the SAML provider.
RequestedReferenceType reference = context.getAttachedReference();
assertNotNull("Unexpected null attached reference", reference);
SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
assertNotNull("Unexpected null security reference", securityRef);
- String tokenTypeAttr = securityRef.getOtherAttributes().get(
- new
QName("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1....;,
"TokenType"));
+ String tokenTypeAttr = securityRef.getOtherAttributes().get(new
QName(WSTrustConstants.WSSE11_NS, "TokenType"));
assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
- assertEquals("TokenType attribute has an unexpected value",
-
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0",
tokenTypeAttr);
+ assertEquals("TokenType attribute has an unexpected value",
SAMLUtil.SAML2_TOKEN_TYPE, tokenTypeAttr);
JAXBElement<?> keyIdElement = (JAXBElement<?>)
securityRef.getAny().get(0);
KeyIdentifierType keyId = (KeyIdentifierType) keyIdElement.getValue();
- assertEquals("Unexpected key value type",
-
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID",
keyId.getValueType());
+ assertEquals("Unexpected key value type", SAMLUtil.SAML2_VALUE_TYPE,
keyId.getValueType());
assertNotNull("Unexpected null key identifier value", keyId.getValue());
assertEquals(assertion.getID(), keyId.getValue().substring(1));
+ }
+ /**
+ * <p>
+ * Tests the validation of a SAMLV2.0 Assertion.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testValidateSAMLV20Token() throws Exception
+ {
+
+ // issue a SAMLV2.0 assertion.
+ WSTrustRequestContext context =
this.createIssuingContext(WSTrustUtil.createDefaultLifetime(3600000));
+ SAML20TokenProvider provider = new SAML20TokenProvider();
+ provider.issueToken(context);
+
+ // get the issued SAMLV2.0 assertion.
+ Element assertion = (Element) context.getSecurityToken().getTokenValue();
+
+ // now create a WS-Trust validate context.
+ context = this.createValidatingContext(assertion);
+
+ // validate the SAMLV2.0 assertion.
+ provider.validateToken(context);
+ StatusType status = context.getStatus();
+ assertNotNull("Unexpected null status type", status);
+ assertEquals("Unexpected status code",
WSTrustConstants.STATUS_CODE_VALID, status.getCode());
+ assertEquals("Unexpected status reason", "SAMLV2.0 Assertion
successfuly validated", status.getReason());
+
+ // now let's temper the assertion and try to validate it again.
+ assertion.getFirstChild().getFirstChild().setNodeValue("Tempered
Issuer");
+ provider.validateToken(context);
+ status = context.getStatus();
+ assertNotNull("Unexpected null status type", status);
+ assertEquals("Unexpected status code",
WSTrustConstants.STATUS_CODE_INVALID, status.getCode());
+ assertEquals("Unexpected status reason", "Validation failure:
digital signature is invalid", status.getReason());
+
+ // now let's create a new SAMLV2.0 assertion with an expired lifetime.
+ long currentTimeMillis = System.currentTimeMillis();
+ GregorianCalendar created = new GregorianCalendar();
+ created.setTimeInMillis(currentTimeMillis - 3600000);
+ GregorianCalendar expires = new GregorianCalendar();
+ expires.setTimeInMillis(currentTimeMillis - 1800000);
+ context = this.createIssuingContext(new Lifetime(created, expires));
+
+ provider.issueToken(context);
+ assertion = (Element) context.getSecurityToken().getTokenValue();
+
+ // try to validate the expired token.
+ context = this.createValidatingContext(assertion);
+ provider.validateToken(context);
+ status = context.getStatus();
+ assertNotNull("Unexpected null status type", status);
+ assertEquals("Unexpected status code",
WSTrustConstants.STATUS_CODE_INVALID, status.getCode());
+ assertEquals("Unexpected status reason",
+ "Validation failure: assertion expired or used before its lifetime
period", status.getReason());
}
/**
* <p>
+ * Utility method that retrieves the signing key and corresponding public key from the
specified keystore.
+ * </p>
+ *
+ * @param keyStoreFile a {@code String} representing the keystore file path.
+ * @param keyStorePass a {@code String} representing the keystore password.
+ * @param signingKeyAlias a {@code String} representing the alias of the private key.
+ * @param signingKeyPass a {@code String} representing the password that protects the
private key.
+ *
+ * @return a {@code KeyPair} instance containing the retrieved private and public
keys.
+ */
+ private KeyPair getKeyPair(String keyStoreFile, String keyStorePass, String
signingKeyAlias, String signingKeyPass)
+ throws Exception
+ {
+ InputStream stream =
Thread.currentThread().getContextClassLoader().getResourceAsStream(keyStoreFile);
+ KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
+ keyStore.load(stream, keyStorePass.toCharArray());
+
+ PrivateKey privateKey = (PrivateKey) keyStore.getKey(signingKeyAlias,
signingKeyPass.toCharArray());
+ PublicKey publicKey = keyStore.getCertificate(signingKeyAlias).getPublicKey();
+ return new KeyPair(publicKey, privateKey);
+ }
+
+ /**
+ * <p>
+ * Creates a {@code WSTrustRequestContext} using the specified lifetime. The created
context is used in the issuing
+ * test scenarios.
+ * </p>
+ *
+ * @param lifetime the {@code Lifetime} of the assertion to be issued.
+ * @return the constructed {@code WSTrustRequestHandler} instance.
+ * @throws Exception if an error occurs while creating the context.
+ */
+ private WSTrustRequestContext createIssuingContext(Lifetime lifetime) throws
Exception
+ {
+ // create a WSTrustRequestContext with a simple WS-Trust issue request.
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setLifetime(lifetime);
+
request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.te...;
+ request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
+ request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
+
+ WSTrustRequestContext context = new WSTrustRequestContext(request, new
TestPrincipal("sguilhen"));
+ KeyPair keyPair = this.getKeyPair("keystore/sts_keystore.jks",
"testpass", "sts", "keypass");
+ context.setTokenIssuer("JBossSTS");
+ context.setSTSKeyPair(keyPair);
+
+ return context;
+ }
+
+ /**
+ * <p>
+ * Creates a {@code WSTrustRequestContext} for validating the specified assertion.
+ * </p>
+ *
+ * @param assertion an {@code Element} representing the SAMLV2.0 assertion to be
validated.
+ * @return the constructed {@code WSTrustRequestContext} instance.
+ * @throws Exception if an error occurs while creating the validating context.
+ */
+ private WSTrustRequestContext createValidatingContext(Element assertion) throws
Exception
+ {
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST));
+ request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.setAny(assertion);
+ request.setValidateTarget(validateTarget);
+
+ WSTrustRequestContext context = new WSTrustRequestContext(request, new
TestPrincipal("sguilhen"));
+ KeyPair keyPair = this.getKeyPair("keystore/sts_keystore.jks",
"testpass", "sts", "keypass");
+ context.setSTSKeyPair(keyPair);
+
+ return context;
+ }
+
+ /**
+ * <p>
* Simple {@code Principal} implementation used in the test scenarios.
* </p>
*
Added:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/keystore/sts_keystore.jks
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/keystore/sts_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java 2009-06-02
21:39:22 UTC (rev 563)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java 2009-06-03
00:05:55 UTC (rev 564)
@@ -22,7 +22,6 @@
package org.jboss.identity.federation.core.wstrust;
import java.net.URI;
-import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -36,6 +35,7 @@
import org.jboss.identity.federation.ws.policy.Policy;
import org.jboss.identity.federation.ws.policy.PolicyReference;
import org.jboss.identity.federation.ws.trust.AllowPostdatingType;
+import org.jboss.identity.federation.ws.trust.CancelTargetType;
import org.jboss.identity.federation.ws.trust.ClaimsType;
import org.jboss.identity.federation.ws.trust.DelegateToType;
import org.jboss.identity.federation.ws.trust.EncryptionType;
@@ -44,9 +44,11 @@
import org.jboss.identity.federation.ws.trust.ObjectFactory;
import org.jboss.identity.federation.ws.trust.OnBehalfOfType;
import org.jboss.identity.federation.ws.trust.ProofEncryptionType;
+import org.jboss.identity.federation.ws.trust.RenewTargetType;
import org.jboss.identity.federation.ws.trust.RenewingType;
import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType;
import org.jboss.identity.federation.ws.trust.UseKeyType;
+import org.jboss.identity.federation.ws.trust.ValidateTargetType;
/**
* <p>
@@ -148,6 +150,12 @@
private PolicyReference policyReference;
+ private ValidateTargetType validateTarget;
+
+ private RenewTargetType renewTarget;
+
+ private CancelTargetType cancelTarget;
+
private final List<Object> extensionElements = new ArrayList<Object>();
private final ObjectFactory factory = new ObjectFactory();
@@ -173,85 +181,84 @@
{
this.delegate = delegate;
// parse the delegate's Any contents.
- try
+ for (Object obj : this.delegate.getAny())
{
- for (Object obj : this.delegate.getAny())
+ if (obj instanceof AppliesTo)
{
- if (obj instanceof AppliesTo)
- {
- this.appliesTo = (AppliesTo) obj;
- }
- else if (obj instanceof Policy)
- {
- this.policy = (Policy) obj;
- }
- else if (obj instanceof PolicyReference)
- {
- this.policyReference = (PolicyReference) obj;
- }
- else if (obj instanceof JAXBElement)
- {
- JAXBElement<?> element = (JAXBElement<?>) obj;
- String localName = element.getName().getLocalPart();
- if (localName.equalsIgnoreCase("TokenType"))
- this.tokenType = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("RequestType"))
- this.requestType = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("Claims"))
- this.claims = (ClaimsType) element.getValue();
- else if (localName.equalsIgnoreCase("Entropy"))
- this.entropy = (EntropyType) element.getValue();
- else if (localName.equalsIgnoreCase("Lifetime"))
- this.lifetime = new Lifetime((LifetimeType) element.getValue());
- else if (localName.equalsIgnoreCase("AllowPostdating"))
- this.allowPostDating = (AllowPostdatingType) element.getValue();
- else if (localName.equalsIgnoreCase("Renewing"))
- this.renewing = (RenewingType) element.getValue();
- else if (localName.equalsIgnoreCase("OnBehalfOf"))
- this.onBehalfOf = (OnBehalfOfType) element.getValue();
- else if (localName.equalsIgnoreCase("Issuer"))
- this.issuer = (EndpointReferenceType) element.getValue();
- else if (localName.equalsIgnoreCase("AuthenticationType"))
- this.authenticationType = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("KeyType"))
- this.keyType = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("KeySize"))
- this.keySize = (Long) element.getValue();
- else if (localName.equalsIgnoreCase("SignatureAlgorithm"))
- this.signatureAlgorithm = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("Encryption"))
- this.encryption = (EncryptionType) element.getValue();
- else if (localName.equalsIgnoreCase("EntropyAlgorithm"))
- this.encryptionAlgorithm = new URI((String) element.getValue());
- else if
(localName.equalsIgnoreCase("CanonicalizationAlgorithm"))
- this.canonicalizationAlgorithm = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("ProofEncryption"))
- this.proofEncryption = (ProofEncryptionType) element.getValue();
- else if (localName.equalsIgnoreCase("UseKey"))
- this.useKey = (UseKeyType) element.getValue();
- else if (localName.equalsIgnoreCase("SignWith"))
- this.signWith = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("EncryptWith"))
- this.encryptWith = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("DelegateTo"))
- this.delegateTo = (DelegateToType) element.getValue();
- else if (localName.equalsIgnoreCase("Forwardable"))
- this.forwardable = (Boolean) element.getValue();
- else if (localName.equalsIgnoreCase("Delegatable"))
- this.delegatable = (Boolean) element.getValue();
- else
- this.extensionElements.add(element.getValue());
- }
+ this.appliesTo = (AppliesTo) obj;
+ }
+ else if (obj instanceof Policy)
+ {
+ this.policy = (Policy) obj;
+ }
+ else if (obj instanceof PolicyReference)
+ {
+ this.policyReference = (PolicyReference) obj;
+ }
+ else if (obj instanceof JAXBElement)
+ {
+ JAXBElement<?> element = (JAXBElement<?>) obj;
+ String localName = element.getName().getLocalPart();
+ if (localName.equalsIgnoreCase("TokenType"))
+ this.tokenType = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("RequestType"))
+ this.requestType = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("Claims"))
+ this.claims = (ClaimsType) element.getValue();
+ else if (localName.equalsIgnoreCase("Entropy"))
+ this.entropy = (EntropyType) element.getValue();
+ else if (localName.equalsIgnoreCase("Lifetime"))
+ this.lifetime = new Lifetime((LifetimeType) element.getValue());
+ else if (localName.equalsIgnoreCase("AllowPostdating"))
+ this.allowPostDating = (AllowPostdatingType) element.getValue();
+ else if (localName.equalsIgnoreCase("Renewing"))
+ this.renewing = (RenewingType) element.getValue();
+ else if (localName.equalsIgnoreCase("OnBehalfOf"))
+ this.onBehalfOf = (OnBehalfOfType) element.getValue();
+ else if (localName.equalsIgnoreCase("Issuer"))
+ this.issuer = (EndpointReferenceType) element.getValue();
+ else if (localName.equalsIgnoreCase("AuthenticationType"))
+ this.authenticationType = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("KeyType"))
+ this.keyType = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("KeySize"))
+ this.keySize = (Long) element.getValue();
+ else if (localName.equalsIgnoreCase("SignatureAlgorithm"))
+ this.signatureAlgorithm = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("Encryption"))
+ this.encryption = (EncryptionType) element.getValue();
+ else if (localName.equalsIgnoreCase("EntropyAlgorithm"))
+ this.encryptionAlgorithm = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("CanonicalizationAlgorithm"))
+ this.canonicalizationAlgorithm = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("ProofEncryption"))
+ this.proofEncryption = (ProofEncryptionType) element.getValue();
+ else if (localName.equalsIgnoreCase("UseKey"))
+ this.useKey = (UseKeyType) element.getValue();
+ else if (localName.equalsIgnoreCase("SignWith"))
+ this.signWith = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("EncryptWith"))
+ this.encryptWith = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("DelegateTo"))
+ this.delegateTo = (DelegateToType) element.getValue();
+ else if (localName.equalsIgnoreCase("Forwardable"))
+ this.forwardable = (Boolean) element.getValue();
+ else if (localName.equalsIgnoreCase("Delegatable"))
+ this.delegatable = (Boolean) element.getValue();
+ else if (localName.equalsIgnoreCase("CancelTarget"))
+ this.cancelTarget = (CancelTargetType) element.getValue();
+ else if (localName.equalsIgnoreCase("RenewTarget"))
+ this.renewTarget = (RenewTargetType) element.getValue();
+ else if (localName.equalsIgnoreCase("ValidateTarget"))
+ this.validateTarget = (ValidateTargetType) element.getValue();
else
- {
- this.extensionElements.add(obj);
- }
+ this.extensionElements.add(element.getValue());
}
+ else
+ {
+ this.extensionElements.add(obj);
+ }
}
- catch (URISyntaxException e)
- {
- throw new RuntimeException(e.getMessage(), e);
- }
}
/**
@@ -263,7 +270,7 @@
*/
public URI getTokenType()
{
- return tokenType;
+ return this.tokenType;
}
/**
@@ -289,7 +296,7 @@
*/
public URI getRequestType()
{
- return requestType;
+ return this.requestType;
}
/**
@@ -316,7 +323,7 @@
*/
public AppliesTo getAppliesTo()
{
- return appliesTo;
+ return this.appliesTo;
}
/**
@@ -343,7 +350,7 @@
*/
public ClaimsType getClaims()
{
- return claims;
+ return this.claims;
}
/**
@@ -368,7 +375,7 @@
*/
public EntropyType getEntropy()
{
- return entropy;
+ return this.entropy;
}
/**
@@ -393,7 +400,7 @@
*/
public Lifetime getLifetime()
{
- return lifetime;
+ return this.lifetime;
}
/**
@@ -419,7 +426,7 @@
*/
public AllowPostdatingType getAllowPostDating()
{
- return allowPostDating;
+ return this.allowPostDating;
}
/**
@@ -445,7 +452,7 @@
*/
public RenewingType getRenewing()
{
- return renewing;
+ return this.renewing;
}
/**
@@ -471,7 +478,7 @@
*/
public OnBehalfOfType getOnBehalfOf()
{
- return onBehalfOf;
+ return this.onBehalfOf;
}
/**
@@ -523,7 +530,7 @@
*/
public URI getAuthenticationType()
{
- return authenticationType;
+ return this.authenticationType;
}
/**
@@ -548,7 +555,7 @@
*/
public URI getKeyType()
{
- return keyType;
+ return this.keyType;
}
/**
@@ -573,7 +580,7 @@
*/
public long getKeySize()
{
- return keySize;
+ return this.keySize;
}
/**
@@ -598,7 +605,7 @@
*/
public URI getSignatureAlgorithm()
{
- return signatureAlgorithm;
+ return this.signatureAlgorithm;
}
/**
@@ -624,7 +631,7 @@
*/
public EncryptionType getEncryption()
{
- return encryption;
+ return this.encryption;
}
/**
@@ -650,7 +657,7 @@
*/
public URI getEncryptionAlgorithm()
{
- return encryptionAlgorithm;
+ return this.encryptionAlgorithm;
}
/**
@@ -675,7 +682,7 @@
*/
public URI getCanonicalizationAlgorithm()
{
- return canonicalizationAlgorithm;
+ return this.canonicalizationAlgorithm;
}
/**
@@ -694,19 +701,19 @@
/**
* <p>
* Obtains the {@code ProofEncryption} section of the request. The {@code
ProofEncryption} indicates that the
- * requestor desires any returned secrets in issued security tokens to be encrypted.
+ * requester desires any returned secrets in issued security tokens to be encrypted.
* </p>
*
* @return a reference to the {@code ProofEncryptionType} object.
*/
public ProofEncryptionType getProofEncryption()
{
- return proofEncryption;
+ return this.proofEncryption;
}
/**
* <p>
- * Sets the {@code ProofEncryption} section of the request. The {@code
ProofEncryption} indicates that the requestor
+ * Sets the {@code ProofEncryption} section of the request. The {@code
ProofEncryption} indicates that the requester
* desires any returned secrets in issued security tokens to be encrypted.
* </p>
*
@@ -727,7 +734,7 @@
*/
public UseKeyType getUseKey()
{
- return useKey;
+ return this.useKey;
}
/**
@@ -752,7 +759,7 @@
*/
public URI getSignWith()
{
- return signWith;
+ return this.signWith;
}
/**
@@ -777,7 +784,7 @@
*/
public URI getEncryptWith()
{
- return encryptWith;
+ return this.encryptWith;
}
/**
@@ -802,7 +809,7 @@
*/
public DelegateToType getDelegateTo()
{
- return delegateTo;
+ return this.delegateTo;
}
/**
@@ -829,7 +836,7 @@
*/
public boolean isForwardable()
{
- return forwardable;
+ return this.forwardable;
}
/**
@@ -857,7 +864,7 @@
*/
public boolean isDelegatable()
{
- return delegatable;
+ return this.delegatable;
}
/**
@@ -884,13 +891,13 @@
*/
public Policy getPolicy()
{
- return policy;
+ return this.policy;
}
/**
* <p>
- * Sets the {@code Policy} in the request. The policy specifies defaults that can be
overridden by
- * the previous properties.
+ * Sets the {@code Policy} in the request. The policy specifies defaults that can be
overridden by the previous
+ * properties.
* </p>
*
* @param policy the {@code Policy} instance to be set.
@@ -910,7 +917,7 @@
*/
public PolicyReference getPolicyReference()
{
- return policyReference;
+ return this.policyReference;
}
/**
@@ -964,6 +971,87 @@
/**
* <p>
+ * Obtains the {@code CancelTarget} section of the request. This element identifies
the token that is to be canceled.
+ * </p>
+ *
+ * @return a reference to the {@code CancelTargetType} that represents the {@code
CancelTarget} section of the
+ * WS-Trust cancel request.
+ */
+ public CancelTargetType getCancelTarget()
+ {
+ return this.cancelTarget;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code CancelTarget} section of the request. This element identifies the
token that is to be canceled.
+ * </p>
+ *
+ * @param cancelTarget a reference to the {@code CancelTargetType} that identifies the
token that must be canceled.
+ */
+ public void setCancelTarget(CancelTargetType cancelTarget)
+ {
+ this.cancelTarget = cancelTarget;
+ this.delegate.getAny().add(this.factory.createCancelTarget(cancelTarget));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code RenewTarget} section of the request. This element identifies the
token that is to be renewed.
+ * </p>
+ *
+ * @return a reference to the {@code RenewTargetType} that represents the {@code
RenewTarget} section of the WS-Trust
+ * renew request.
+ */
+ public RenewTargetType getRenewTarget()
+ {
+ return this.renewTarget;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code RenewTarget} section of the request. This element identifies the
token that is to be renewed.
+ * </p>
+ *
+ * @param renewTarget a reference to the {@code RenewTargetType} that identifies the
token that must be renewed.
+ */
+ public void setRenewTarget(RenewTargetType renewTarget)
+ {
+ this.renewTarget = renewTarget;
+ this.delegate.getAny().add(this.factory.createRenewTarget(renewTarget));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code ValidateTarget} section of the request. This element identifies
the token that is to be
+ * validated.
+ * </p>
+ *
+ * @return a reference to the {@code ValidateTargetType} that represents the {@code
ValidateTarget} section of the
+ * WS-Trust validate request.
+ */
+ public ValidateTargetType getValidateTarget()
+ {
+ return this.validateTarget;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code ValidateTarged} section of the request. This elements identifies
the token that is to be
+ * validated.
+ * </p>
+ *
+ * @param validateTarget a reference to the {@code ValidateTargetType} that identifies
the token that must be
+ * validated.
+ */
+ public void setValidateTarget(ValidateTargetType validateTarget)
+ {
+ this.validateTarget = validateTarget;
+ this.delegate.getAny().add(this.factory.createValidateTarget(validateTarget));
+ }
+
+ /**
+ * <p>
* Obtains a map that contains attributes that aren't bound to any typed property
on the request. This is a live
* reference, so attributes can be added/changed/removed directly. For this reason,
there is no setter method.
* </p>
@@ -986,7 +1074,7 @@
{
return this.delegate.getAny();
}
-
+
/**
* <p>
* Obtains a reference to the {@code RequestSecurityTokenType} delegate.