jboss-identity-commits
August 2009
jboss-identity-commits@lists.jboss.org
- 1 participants
- 78 discussions
JBoss Identity SVN: r754 - in identity-federation/trunk/jboss-identity-bindings/src: main/java/org/jboss/identity/federation/bindings/util/cert and 1 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-08-31 12:35:00 -0400 (Mon, 31 Aug 2009)
New Revision: 754
Removed:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/KeyStoreUtil.java
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/KeystoreUtilUnitTestCase.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java
Log:
JBID-181: remove the redundant KeyStoreUtil from Bindings
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-08-29 17:10:40 UTC (rev 753)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-08-31 16:35:00 UTC (rev 754)
@@ -44,9 +44,9 @@
import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
+import org.jboss.identity.federation.api.util.KeyStoreUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.bindings.util.cert.EncryptionKeyUtil;
-import org.jboss.identity.federation.bindings.util.cert.KeyStoreUtil;
/**
* KeyStore based Trust Key Manager
Deleted: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/KeyStoreUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/KeyStoreUtil.java 2009-08-29 17:10:40 UTC (rev 753)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/cert/KeyStoreUtil.java 2009-08-31 16:35:00 UTC (rev 754)
@@ -1,181 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.util.cert;
-
-import java.io.File;
-import java.io.FileInputStream;
-import java.io.FileOutputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URL;
-import java.security.GeneralSecurityException;
-import java.security.Key;
-import java.security.KeyPair;
-import java.security.KeyPairGenerator;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-import java.security.cert.Certificate;
-
-/**
- * Utility to handle Java Keystore
- * @author Anil.Saldhana(a)redhat.com
- * @since Jan 12, 2009
- */
-public class KeyStoreUtil
-{
- /**
- * Get the KeyStore
- * @param keyStoreFile
- * @param storePass
- * @return
- * @throws GeneralSecurityException
- * @throws IOException
- */
- public static KeyStore getKeyStore(File keyStoreFile, char[] storePass) throws GeneralSecurityException, IOException
- {
- FileInputStream fis = new FileInputStream(keyStoreFile);
- return getKeyStore(fis,storePass);
- }
-
- /**
- * Get the Keystore given the url to the keystore file as a string
- * @param fileURL
- * @param storePass
- * @return
- * @throws GeneralSecurityException
- * @throws IOException
- */
- public static KeyStore getKeyStore(String fileURL, char[] storePass) throws GeneralSecurityException, IOException
- {
- if(fileURL == null)
- throw new IllegalArgumentException("fileURL is null");
-
- File file = new File(fileURL);
- FileInputStream fis = new FileInputStream(file);
- return getKeyStore(fis,storePass);
- }
-
- /**
- * Get the Keystore given the URL to the keystore
- * @param url
- * @param storePass
- * @return
- * @throws GeneralSecurityException
- * @throws IOException
- */
- public static KeyStore getKeyStore(URL url, char[] storePass) throws GeneralSecurityException, IOException
- {
- if(url == null)
- throw new IllegalArgumentException("url is null");
-
- return getKeyStore(url.openStream(), storePass);
- }
-
- /**
- * Get the Key Store
- * <b>Note:</b> This method wants the InputStream to be not null.
- * @param ksStream
- * @param storePass
- * @return
- * @throws GeneralSecurityException
- * @throws IOException
- * @throws IllegalArgumentException if ksStream is null
- */
- public static KeyStore getKeyStore(InputStream ksStream, char[] storePass) throws GeneralSecurityException, IOException
- {
- if(ksStream == null)
- throw new IllegalArgumentException("InputStream for the KeyStore is null");
- KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
- ks.load(ksStream, storePass);
- return ks;
- }
-
- /**
- * Generate a Key Pair
- * @param algo (RSA, DSA etc)
- * @return
- * @throws GeneralSecurityException
- */
- public static KeyPair generateKeyPair(String algo) throws GeneralSecurityException
- {
- KeyPairGenerator kpg = KeyPairGenerator.getInstance(algo);
- return kpg.genKeyPair();
- }
-
- /**
- * Get the Public Key from the keystore
- * @param ks
- * @param alias
- * @param password
- * @return
- * @throws GeneralSecurityException
- */
- public static PublicKey getPublicKey(KeyStore ks, String alias, char[] password) throws KeyStoreException, NoSuchAlgorithmException, GeneralSecurityException
- {
- PublicKey publicKey = null;
-
- // Get private key
- Key key = ks.getKey(alias, password);
- if (key instanceof PrivateKey)
- {
- // Get certificate of public key
- Certificate cert = ks.getCertificate(alias);
-
- // Get public key
- publicKey = cert.getPublicKey();
- }
- // if alias is a certificate alias, get the public key from the certificate.
- if(publicKey == null)
- {
- Certificate cert = ks.getCertificate(alias);
- if(cert != null)
- publicKey = cert.getPublicKey();
- }
- return publicKey;
- }
-
- /**
- * Add a certificate to the KeyStore
- * @param keystoreFile
- * @param storePass
- * @param alias
- * @param cert
- * @throws GeneralSecurityException
- * @throws IOException
- */
- public static void addCertificate(File keystoreFile, char[] storePass, String alias, Certificate cert)
- throws GeneralSecurityException, IOException
- {
- KeyStore keystore = getKeyStore(keystoreFile, storePass);
-
- // Add the certificate
- keystore.setCertificateEntry(alias, cert);
-
- // Save the new keystore contents
- FileOutputStream out = new FileOutputStream(keystoreFile);
- keystore.store(out, storePass);
- out.close();
- }
-}
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/KeystoreUtilUnitTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/KeystoreUtilUnitTestCase.java 2009-08-29 17:10:40 UTC (rev 753)
+++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/KeystoreUtilUnitTestCase.java 2009-08-31 16:35:00 UTC (rev 754)
@@ -28,8 +28,8 @@
import java.util.Enumeration;
import junit.framework.TestCase;
-
-import org.jboss.identity.federation.bindings.util.cert.KeyStoreUtil;
+
+import org.jboss.identity.federation.api.util.KeyStoreUtil;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
/**
Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2009-08-29 17:10:40 UTC (rev 753)
+++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2009-08-31 16:35:00 UTC (rev 754)
@@ -28,8 +28,8 @@
import junit.framework.TestCase;
import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
-import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
-import org.jboss.identity.federation.bindings.util.cert.KeyStoreUtil;
+import org.jboss.identity.federation.api.util.KeyStoreUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
15 years, 6 months
- 1
- 0
JBoss Identity SVN: r753 - in identity-federation/trunk: jboss-identity-webapps/seam-sp/src/main/resources and 1 other directories.
by jboss-identity-commits@lists.jboss.org
Author: marcelkolsteren
Date: 2009-08-29 13:10:40 -0400 (Sat, 29 Aug 2009)
New Revision: 753
Added:
identity-federation/trunk/jboss-identity-webapps/seam-sp/src/main/resources/jbid_test_keystore.jks
Modified:
identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java
identity-federation/trunk/jboss-identity-webapps/seam-sp/src/main/webapp/WEB-INF/components.xml
Log:
JBID-182: Seam authentication filter: signature validation still based on HTTP/Redirect binding
Modified: identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java
===================================================================
--- identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java 2009-08-29 07:09:51 UTC (rev 752)
+++ identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java 2009-08-29 17:10:40 UTC (rev 753)
@@ -27,10 +27,8 @@
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
-import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URL;
-import java.security.GeneralSecurityException;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
@@ -51,14 +49,14 @@
import javax.servlet.http.HttpServletResponse;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dsig.XMLSignatureException;
import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
-import org.jboss.identity.federation.web.util.PostBindingUtil;
-import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
-import org.jboss.identity.federation.web.util.RedirectBindingUtil;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.api.util.XMLSignatureUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
@@ -72,6 +70,9 @@
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.jboss.identity.federation.saml.v2.protocol.StatusType;
+import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
+import org.jboss.identity.federation.web.util.PostBindingUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingUtil;
import org.jboss.seam.annotations.Logger;
import org.jboss.seam.annotations.Name;
import org.jboss.seam.annotations.Scope;
@@ -86,6 +87,7 @@
import org.jboss.seam.servlet.ServletRequestSessionMap;
import org.jboss.seam.util.Base64;
import org.jboss.seam.web.AbstractFilter;
+import org.w3c.dom.Document;
import org.xml.sax.SAXException;
/**
@@ -245,12 +247,6 @@
{
String samlResponse = request.getParameter("SAMLResponse");
- if (signatureRequired && !validateSignature(request))
- {
- log.error("Invalid signature");
- throw new RuntimeException("Validity Checks failed");
- }
-
// deal with SAML response from IDP
byte[] base64DecodedResponse = Base64.decode(samlResponse);
InputStream is = new ByteArrayInputStream(base64DecodedResponse);
@@ -271,6 +267,12 @@
throw new RuntimeException(e);
}
+ if (signatureRequired && !validateSignature(saml2Response.getSamlDocumentHolder()))
+ {
+ log.error("Invalid signature");
+ throw new RuntimeException("Validity Checks failed");
+ }
+
StatusType statusType = responseType.getStatus();
if (statusType == null)
{
@@ -384,53 +386,41 @@
return user;
}
- private boolean validateSignature(HttpServletRequest request)
- {
- // Check if there is a signature
- String signature = request.getParameter("Signature");
- if (signature == null || signature.length() == 0)
- {
- log.error("Signature Value missing in response from IDP");
- return false;
- }
- String sigAlg = request.getParameter("sigAlg");
- if (sigAlg == null || sigAlg.length() == 0)
- {
- log.error("Signature Algorithm missing in the response from IDP");
- return false;
- }
-
+ private boolean validateSignature(SAMLDocumentHolder documentHolder)
+ {
try
{
- if("GET".equalsIgnoreCase(request.getMethod()))
- {
- String queryString = request.getQueryString();
- byte[] sigValue = RedirectBindingSignatureUtil.getSignatureValueFromSignedURL(queryString);
-
- return RedirectBindingSignatureUtil.validateSignature(queryString, this.publicKeyOfIDP, sigValue);
- }
- return true;
+ Document samlDocument = documentHolder.getSamlDocument();
+ return XMLSignatureUtil.validate(samlDocument, this.publicKeyOfIDP);
}
- catch (UnsupportedEncodingException e)
+ catch (MarshalException e)
{
throw new RuntimeException(e);
}
- catch (GeneralSecurityException e)
+ catch (XMLSignatureException e)
{
throw new RuntimeException(e);
}
- catch (IOException e)
- {
- throw new RuntimeException(e);
- }
}
private PublicKey getPublicKeyOfIDP()
{
+ final String classPathPrefix = "classpath:";
+
try
{
KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
- keyStore.load(new URL(keyStoreURL).openStream(), keyStorePass != null ? keyStorePass.toCharArray() : null);
+ InputStream keyStoreStream;
+ if (keyStoreURL.startsWith(classPathPrefix))
+ {
+ keyStoreStream = getClass().getClassLoader().getResourceAsStream(
+ keyStoreURL.substring(classPathPrefix.length()));
+ }
+ else
+ {
+ keyStoreStream = new URL(keyStoreURL).openStream();
+ }
+ keyStore.load(keyStoreStream, keyStorePass != null ? keyStorePass.toCharArray() : null);
return keyStore.getCertificate(idpCertificateAlias).getPublicKey();
}
catch (KeyStoreException e)
@@ -505,16 +495,16 @@
throw new RuntimeException(e);
}
}
-
+
private AuthnRequestType createSAMLRequest(String serviceURL, String identityURL) throws ConfigurationException
{
- if(serviceURL == null)
+ if (serviceURL == null)
throw new IllegalArgumentException("serviceURL is null");
- if(identityURL == null)
+ if (identityURL == null)
throw new IllegalArgumentException("identityURL is null");
-
+
SAML2Request saml2Request = new SAML2Request();
String id = IDGenerator.create("ID_");
- return saml2Request.createAuthnRequestType(id, serviceURL, identityURL, serviceURL);
+ return saml2Request.createAuthnRequestType(id, serviceURL, identityURL, serviceURL);
}
}
Added: identity-federation/trunk/jboss-identity-webapps/seam-sp/src/main/resources/jbid_test_keystore.jks
===================================================================
(Binary files differ)
Property changes on: identity-federation/trunk/jboss-identity-webapps/seam-sp/src/main/resources/jbid_test_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Modified: identity-federation/trunk/jboss-identity-webapps/seam-sp/src/main/webapp/WEB-INF/components.xml
===================================================================
--- identity-federation/trunk/jboss-identity-webapps/seam-sp/src/main/webapp/WEB-INF/components.xml 2009-08-29 07:09:51 UTC (rev 752)
+++ identity-federation/trunk/jboss-identity-webapps/seam-sp/src/main/webapp/WEB-INF/components.xml 2009-08-29 17:10:40 UTC (rev 753)
@@ -12,10 +12,10 @@
name="org.jboss.identity.seam.federation.samlAuthenticationFilter">
<property name="identityProviderURL">http://localhost:8080/idp-sig-no-val</property>
<property name="singleSignOnServiceURL">http://localhost:8080/idp-sig-no-val/</property>
- <property name="keyStoreURL">file:/etc/keystores/samlkeystore</property>
- <property name="keyStorePass">jajaja</property>
- <property name="idpCertificateAlias">saml</property>
+ <property name="keyStoreURL">classpath:/jbid_test_keystore.jks</property>
+ <property name="keyStorePass">store123</property>
+ <property name="idpCertificateAlias">servercert</property>
<property name="binding">HTTP_Post</property>
- <property name="signatureRequired">false</property>
+ <property name="signatureRequired">true</property>
</component>
</components>
\ No newline at end of file
15 years, 6 months
- 1
- 0
JBoss Identity SVN: r752 - in identity-federation/trunk: jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util and 7 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-08-29 03:09:51 -0400 (Sat, 29 Aug 2009)
New Revision: 752
Added:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/KeyStoreUtil.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxrpc.jar
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxws-ext.jar
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxws.jar
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-saaj.jar
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/keystore/sts_keystore.jks
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/log4j.xml
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/jboss-wsse-client.xml
Modified:
identity-federation/trunk/jboss-identity-fed-api/pom.xml
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
Log:
JBID-157: ws-t client
Modified: identity-federation/trunk/jboss-identity-fed-api/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/pom.xml 2009-08-29 07:08:02 UTC (rev 751)
+++ identity-federation/trunk/jboss-identity-fed-api/pom.xml 2009-08-29 07:09:51 UTC (rev 752)
@@ -99,6 +99,30 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.jboss.ws.native</groupId>
+ <artifactId>jbossws-native-client</artifactId>
+ <version>3.1.2.SP3</version>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>xml-apis</groupId>
+ <artifactId>xml-apis</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-common-core</artifactId>
+ <version>2.2.14.GA</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jbossxb</artifactId>
+ <version>2.0.1.GA</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
Added: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/KeyStoreUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/KeyStoreUtil.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/KeyStoreUtil.java 2009-08-29 07:09:51 UTC (rev 752)
@@ -0,0 +1,181 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.util;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.Certificate;
+
+/**
+ * Utility to handle Java Keystore
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 12, 2009
+ */
+public class KeyStoreUtil
+{
+ /**
+ * Get the KeyStore
+ * @param keyStoreFile
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static KeyStore getKeyStore(File keyStoreFile, char[] storePass) throws GeneralSecurityException, IOException
+ {
+ FileInputStream fis = new FileInputStream(keyStoreFile);
+ return getKeyStore(fis,storePass);
+ }
+
+ /**
+ * Get the Keystore given the url to the keystore file as a string
+ * @param fileURL
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static KeyStore getKeyStore(String fileURL, char[] storePass) throws GeneralSecurityException, IOException
+ {
+ if(fileURL == null)
+ throw new IllegalArgumentException("fileURL is null");
+
+ File file = new File(fileURL);
+ FileInputStream fis = new FileInputStream(file);
+ return getKeyStore(fis,storePass);
+ }
+
+ /**
+ * Get the Keystore given the URL to the keystore
+ * @param url
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static KeyStore getKeyStore(URL url, char[] storePass) throws GeneralSecurityException, IOException
+ {
+ if(url == null)
+ throw new IllegalArgumentException("url is null");
+
+ return getKeyStore(url.openStream(), storePass);
+ }
+
+ /**
+ * Get the Key Store
+ * <b>Note:</b> This method wants the InputStream to be not null.
+ * @param ksStream
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ * @throws IllegalArgumentException if ksStream is null
+ */
+ public static KeyStore getKeyStore(InputStream ksStream, char[] storePass) throws GeneralSecurityException, IOException
+ {
+ if(ksStream == null)
+ throw new IllegalArgumentException("InputStream for the KeyStore is null");
+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+ ks.load(ksStream, storePass);
+ return ks;
+ }
+
+ /**
+ * Generate a Key Pair
+ * @param algo (RSA, DSA etc)
+ * @return
+ * @throws GeneralSecurityException
+ */
+ public static KeyPair generateKeyPair(String algo) throws GeneralSecurityException
+ {
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance(algo);
+ return kpg.genKeyPair();
+ }
+
+ /**
+ * Get the Public Key from the keystore
+ * @param ks
+ * @param alias
+ * @param password
+ * @return
+ * @throws GeneralSecurityException
+ */
+ public static PublicKey getPublicKey(KeyStore ks, String alias, char[] password) throws KeyStoreException, NoSuchAlgorithmException, GeneralSecurityException
+ {
+ PublicKey publicKey = null;
+
+ // Get private key
+ Key key = ks.getKey(alias, password);
+ if (key instanceof PrivateKey)
+ {
+ // Get certificate of public key
+ Certificate cert = ks.getCertificate(alias);
+
+ // Get public key
+ publicKey = cert.getPublicKey();
+ }
+ // if alias is a certificate alias, get the public key from the certificate.
+ if(publicKey == null)
+ {
+ Certificate cert = ks.getCertificate(alias);
+ if(cert != null)
+ publicKey = cert.getPublicKey();
+ }
+ return publicKey;
+ }
+
+ /**
+ * Add a certificate to the KeyStore
+ * @param keystoreFile
+ * @param storePass
+ * @param alias
+ * @param cert
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static void addCertificate(File keystoreFile, char[] storePass, String alias, Certificate cert)
+ throws GeneralSecurityException, IOException
+ {
+ KeyStore keystore = getKeyStore(keystoreFile, storePass);
+
+ // Add the certificate
+ keystore.setCertificateEntry(alias, cert);
+
+ // Save the new keystore contents
+ FileOutputStream out = new FileOutputStream(keystoreFile);
+ keystore.store(out, storePass);
+ out.close();
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java 2009-08-29 07:09:51 UTC (rev 752)
@@ -0,0 +1,240 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.wstrust;
+
+import java.net.URI;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPBody;
+import javax.xml.soap.SOAPEnvelope;
+import javax.xml.soap.SOAPPart;
+import javax.xml.transform.Source;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Dispatch;
+import javax.xml.ws.Service;
+import javax.xml.ws.Service.Mode;
+import javax.xml.ws.soap.SOAPBinding;
+
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.ws.trust.RenewTargetType;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.jboss.identity.federation.ws.trust.ValidateTargetType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * WS-Trust Client
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 29, 2009
+ */
+public class WSTrustClient
+{
+ private ThreadLocal<Dispatch<Source>> dispatchLocal =
+ new InheritableThreadLocal<Dispatch<Source>>();
+
+ private String targetNS = "http://org.jboss.identity.trust/sts/";
+
+ public static class SecurityInfo
+ {
+ private String username;
+ private String passwd;
+
+ public SecurityInfo(String name, char[] pass)
+ {
+ username = name;
+ passwd = new String(pass);
+ }
+
+ public SecurityInfo(String name, String pass)
+ {
+ username = name;
+ passwd = pass;
+ }
+ }
+
+ public WSTrustClient(String serviceName, String port, String endpointURI,
+ SecurityInfo secInfo) throws ParsingException
+ {
+ QName service = new QName(targetNS, serviceName);
+ QName portName = new QName(targetNS, port);
+
+ Service jaxwsService = Service.create(service);
+ jaxwsService.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, endpointURI);
+ Dispatch<Source> dispatch = jaxwsService.createDispatch(portName,
+ Source.class, Mode.PAYLOAD);
+
+ // add the username and password to the request context.
+ Map<String, Object> reqContext = dispatch.getRequestContext();
+ if(secInfo != null)
+ {
+ reqContext.put(BindingProvider.USERNAME_PROPERTY, secInfo.username);
+ reqContext.put(BindingProvider.PASSWORD_PROPERTY, secInfo.passwd);
+ }
+
+ dispatchLocal.set(dispatch);
+ }
+
+ public Element issueToken(String tokenType) throws WSTrustException
+ {
+ // create a custom token request message.
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setTokenType(URI.create(tokenType));
+ request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
+ request.setContext("context");
+
+ // send the token request to JBoss STS and get the response.
+ WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
+ DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request);
+ Source response = dispatchLocal.get().invoke(requestSource);
+
+ Node documentNode = ((DOMSource) response).getNode();
+ Document responseDoc = documentNode instanceof Document ? (Document) documentNode : documentNode.getOwnerDocument();
+
+
+ NodeList nodes;
+ try
+ {
+ Document myDocument = DocumentUtil.createDocument();
+ Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(), true);
+ myDocument.appendChild(importedNode);
+
+ nodes = null;
+ if(responseDoc instanceof SOAPPart)
+ {
+ SOAPPart soapPart = (SOAPPart) responseDoc;
+ SOAPEnvelope env = soapPart.getEnvelope();
+ SOAPBody body = env.getBody();
+ Node data = body.getFirstChild();
+ nodes = ((Element)data).getElementsByTagName("RequestedSecurityToken");
+ }
+ else
+ nodes = responseDoc.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, "RequestedSecurityToken");
+ }
+ catch (Exception e)
+ {
+ throw new WSTrustException("Exception in issuing token:", e);
+ }
+
+ if(nodes == null)
+ throw new WSTrustException("NodeList is null");
+
+ Node rstr = nodes.item(0);
+
+ return (Element) rstr.getFirstChild();
+ }
+
+ public Element renewToken(String tokenType, Element token) throws WSTrustException
+ {
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setContext("context");
+
+ request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
+ request.setRequestType(URI.create(WSTrustConstants.RENEW_REQUEST));
+ RenewTargetType renewTarget = new RenewTargetType();
+ renewTarget.setAny(token);
+ request.setRenewTarget(renewTarget);
+
+ // send the token request to JBoss STS and get the response.
+ WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
+ DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request);
+ Source response = dispatchLocal.get().invoke(requestSource);
+
+ Node documentNode = ((DOMSource) response).getNode();
+ Document responseDoc = documentNode instanceof Document ? (Document) documentNode : documentNode.getOwnerDocument();
+
+
+ NodeList nodes;
+ try
+ {
+ Document myDocument = DocumentUtil.createDocument();
+ Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(), true);
+ myDocument.appendChild(importedNode);
+
+ nodes = null;
+ if(responseDoc instanceof SOAPPart)
+ {
+ SOAPPart soapPart = (SOAPPart) responseDoc;
+ SOAPEnvelope env = soapPart.getEnvelope();
+ SOAPBody body = env.getBody();
+ Node data = body.getFirstChild();
+ nodes = ((Element)data).getElementsByTagName("RequestedSecurityToken");
+ }
+ else
+ nodes = responseDoc.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, "RequestedSecurityToken");
+ }
+ catch (Exception e)
+ {
+ throw new WSTrustException("Exception in renewing token:", e);
+ }
+
+ if(nodes == null)
+ throw new WSTrustException("NodeList is null");
+
+ Node rstr = nodes.item(0);
+
+ return (Element) rstr.getFirstChild();
+
+ }
+
+ public boolean validateToken(Element token) throws WSTrustException
+ {
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setContext("context");
+
+ request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
+ request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST));
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.setAny(token);
+ request.setValidateTarget(validateTarget);
+
+ WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
+
+ DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request);
+
+ Source response = dispatchLocal.get().invoke(requestSource);
+ RequestSecurityTokenResponseCollection
+ responseCollection = (RequestSecurityTokenResponseCollection) jaxbFactory
+ .parseRequestSecurityTokenResponse(response);
+ RequestSecurityTokenResponse tokenResponse = responseCollection.getRequestSecurityTokenResponses().get(0);
+
+ StatusType status = tokenResponse.getStatus();
+ if (status != null)
+ {
+ String code = status.getCode();
+ return WSTrustConstants.STATUS_CODE_VALID.equals(code);
+ }
+ return false;
+ }
+
+ public Dispatch<Source> getDispatch()
+ {
+ return dispatchLocal.get();
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java 2009-08-29 07:09:51 UTC (rev 752)
@@ -0,0 +1,235 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.api.wstrust;
+
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URL;
+import java.security.KeyStore;
+import java.security.PublicKey;
+import java.util.Map;
+
+import javax.xml.bind.JAXBException;
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPBody;
+import javax.xml.soap.SOAPEnvelope;
+import javax.xml.soap.SOAPPart;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Dispatch;
+import javax.xml.ws.Service;
+import javax.xml.ws.Service.Mode;
+import javax.xml.ws.soap.SOAPBinding;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.api.util.KeyStoreUtil;
+import org.jboss.identity.federation.api.util.XMLSignatureUtil;
+import org.jboss.identity.federation.api.wstrust.WSTrustClient;
+import org.jboss.identity.federation.api.wstrust.WSTrustConstants;
+import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory;
+import org.jboss.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
+import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.jboss.identity.federation.ws.trust.ValidateTargetType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * Unit tests for WS-Trust STS Clients
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 26, 2009
+ */
+public class WSTrustClientUnitTestCase extends TestCase
+{
+ //Specify whether this test is run as part of build
+ private boolean usetest = false;
+
+
+ public void testSTS() throws Exception
+ {
+ if(usetest == false)
+ return;
+
+ // create a dispatch object to invoke JBoss STSs.
+ Dispatch<Source> dispatch = createDispatch();
+
+ // create a custom token request message.
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
+ request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
+ request.setContext("context");
+
+ // send the token request to JBoss STS and get the response.
+ WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
+ DOMSource requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request);
+ Source response = dispatch.invoke(requestSource);
+
+ Node documentNode = ((DOMSource) response).getNode();
+ Document responseDoc = documentNode instanceof Document ? (Document) documentNode : documentNode.getOwnerDocument();
+
+
+ Document myDocument = DocumentUtil.createDocument();
+
+ Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(), true);
+
+ myDocument.appendChild(importedNode);
+
+ NodeList nodes = null;
+ if(responseDoc instanceof SOAPPart)
+ {
+ SOAPPart soapPart = (SOAPPart) responseDoc;
+ SOAPEnvelope env = soapPart.getEnvelope();
+ SOAPBody body = env.getBody();
+ Node data = body.getFirstChild();
+ nodes = ((Element)data).getElementsByTagName("RequestedSecurityToken");
+ }
+ else
+ nodes = responseDoc.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, "RequestedSecurityToken");
+
+ assertNotNull("Nodelist not null", nodes);
+ Node rstr = nodes.item(0);
+ /*RequestSecurityTokenResponseCollection responseCollection = (RequestSecurityTokenResponseCollection) jaxbFactory.parseRequestSecurityTokenResponse(response);
+ RequestSecurityTokenResponse tokenResponse = responseCollection.getRequestSecurityTokenResponses().get(0);
+
+ // the SAML assertion is returned as an Element.
+ Element assertion = (Element) tokenResponse.getRequestedSecurityToken().getAny();*/
+ Element assertion = (Element) rstr.getFirstChild();
+ System.out.println("NAMESPACE=" + assertion.getNamespaceURI());
+
+// PublicKey key = getValidatingKey();
+// Document validate = DocumentUtil.createDocument();
+// validate.appendChild(validate.importNode(assertion, true));
+// System.out.println("Is token valid? " + XMLSignatureUtil.validate(validate, key));
+
+ // print the assertion for demonstration purposes.
+ System.out.println("\nSuccessfully issued a standard SAMLV2.0 Assertion!");
+ printAssertion(assertion);
+
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ KeyStore ks = KeyStoreUtil.getKeyStore(tcl.getResource("keystore/sts_keystore.jks")
+ , "testpass".toCharArray());
+
+ PublicKey pk = KeyStoreUtil.getPublicKey(ks, "sts", "keypass".toCharArray());
+
+ assertNotNull("Public key is not null", pk);
+ Document tokenDocument = DocumentUtil.createDocument();
+ importedNode = tokenDocument.importNode(assertion, true);
+ tokenDocument.appendChild(importedNode);
+
+ //System.out.println("Going to validate:" + DocumentUtil.getDocumentAsString(tokenDocument));
+ //assertTrue("SignedInfo valid", XMLSignatureUtil.preCheckSignedInfo(tokenDocument));
+ //Locally we will validate the assertion
+ assertTrue("Recieved assertion sig valid", XMLSignatureUtil.validate(tokenDocument, pk));
+
+ // let's validate the received SAML assertion.
+ request.getAny().clear();
+ request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
+ request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST));
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.setAny(assertion);
+ request.setValidateTarget(validateTarget);
+
+ requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request);
+
+ response = dispatch.invoke(requestSource);
+ RequestSecurityTokenResponseCollection
+ responseCollection = (RequestSecurityTokenResponseCollection) jaxbFactory
+ .parseRequestSecurityTokenResponse(response);
+ RequestSecurityTokenResponse tokenResponse = responseCollection.getRequestSecurityTokenResponses().get(0);
+
+ StatusType status = tokenResponse.getStatus();
+ if (status != null)
+ {
+ String code = status.getCode();
+ assertFalse("Signature is valid", WSTrustConstants.STATUS_CODE_INVALID.equals(code));
+
+ System.out.println("\n\nSAMLV2.0 Assertion successfuly validated!");
+ System.out.println("Validation status code: " + tokenResponse.getStatus().getCode());
+ System.out.println("Validation status reason: " + tokenResponse.getStatus().getReason());
+ }
+ else
+ System.out.println("\n\nFailed to validate SAMLV2.0 Assertion");
+ }
+
+ public void testIssue_Validate_Renew() throws Exception
+ {
+ if(usetest == false)
+ return;
+
+ String serviceName = "JBossSTS";
+ String portName = "JBossSTSPort";
+ String endpointAddress = "http://localhost:8080/jboss-sts/JBossSTS";
+ WSTrustClient client = new WSTrustClient(serviceName, portName, endpointAddress, new SecurityInfo("admin", "admin") );
+ Element token = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE);
+ assertTrue("Token is valid" , client.validateToken(token));
+
+ Element renewedToken = client.renewToken(SAMLUtil.SAML2_TOKEN_TYPE, token);
+ System.out.println("Renewed Token=" + DocumentUtil.getNodeAsString(renewedToken));
+ }
+
+
+ private Dispatch<Source> createDispatch() throws MalformedURLException, JAXBException
+ {
+ // JBoss STS target information.
+ String targetNS = "http://org.jboss.identity.trust/sts/";
+ QName serviceName = new QName(targetNS, "JBossSTS");
+ QName portName = new QName(targetNS, "JBossSTSPort");
+ URL endpointAddress = new URL("http://localhost:8080/jboss-sts/JBossSTS");
+// URL securityConfigURL = new File("jboss-wsse-client.xml").toURI().toURL();
+
+ Service service = Service.create(serviceName);
+ service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, endpointAddress.toExternalForm());
+
+ // create the dispatch, setting the client security configuration file.
+ Dispatch<Source> dispatch = service.createDispatch(portName, Source.class, Mode.PAYLOAD);
+// ((ConfigProvider) dispatch).setSecurityConfig(securityConfigURL.toExternalForm());
+// ((ConfigProvider) dispatch).setConfigName("Standard WSSecurity Client");
+
+ // add the username and password to the request context.
+ Map<String, Object> reqContext = dispatch.getRequestContext();
+ reqContext.put(BindingProvider.USERNAME_PROPERTY, "admin");
+ reqContext.put(BindingProvider.PASSWORD_PROPERTY, "admin");
+
+ return dispatch;
+ }
+
+ private void printAssertion(Element assertion) throws Exception
+ {
+ TransformerFactory tranFactory = TransformerFactory.newInstance();
+ Transformer aTransformer = tranFactory.newTransformer();
+ Source src = new DOMSource(assertion);
+ Result dest = new StreamResult(System.out);
+ aTransformer.transform(src, dest);
+ }
+}
\ No newline at end of file
Added: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxrpc.jar
===================================================================
(Binary files differ)
Property changes on: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxrpc.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxws-ext.jar
===================================================================
(Binary files differ)
Property changes on: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxws-ext.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxws.jar
===================================================================
(Binary files differ)
Property changes on: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxws.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-saaj.jar
===================================================================
(Binary files differ)
Property changes on: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-saaj.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/keystore/sts_keystore.jks
===================================================================
(Binary files differ)
Property changes on: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/keystore/sts_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/log4j.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/log4j.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/resources/log4j.xml 2009-08-29 07:09:51 UTC (rev 752)
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+
+<!-- ===================================================================== -->
+<!-- -->
+<!-- Log4j Configuration -->
+<!-- -->
+<!-- ===================================================================== -->
+
+<!-- $Id: log4j.xml 34717 2005-08-08 18:15:31Z adrian $ -->
+
+<!--
+ | For more configuration infromation and examples see the Jakarta Log4j
+ | owebsite: http://jakarta.apache.org/log4j
+ -->
+
+<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/" debug="false">
+
+ <!-- ================================= -->
+ <!-- Preserve messages in a local file -->
+ <!-- ================================= -->
+
+ <!-- A time/date based rolling appender -->
+ <appender name="FILE" class="org.jboss.logging.appender.DailyRollingFileAppender">
+ <param name="File" value="${basedir}/test.log"/>
+ <param name="Append" value="true"/>
+
+ <!-- Rollover at midnight each day -->
+ <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+
+ <!-- Rollover at the top of each hour
+ <param name="DatePattern" value="'.'yyyy-MM-dd-HH"/>
+ -->
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <!-- The default pattern: Date Priority [Category] Message\n -->
+ <param name="ConversionPattern" value="%d %-5p [%c] %m%n"/>
+
+ <!-- The full pattern: Date MS Priority [Category] (Thread:NDC) Message\n
+ <param name="ConversionPattern" value="%d %-5r %-5p [%c] (%t:%x) %m%n"/>
+ -->
+ </layout>
+ </appender>
+
+ <!-- ============================== -->
+ <!-- Append messages to the console -->
+ <!-- ============================== -->
+
+ <appender name="CONSOLE" class="org.apache.log4j.ConsoleAppender">
+ <param name="Threshold" value="TRACE"/>
+ <param name="Target" value="System.out"/>
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <!-- The default pattern: Date Priority [Category] Message\n -->
+ <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%c{1}] %m%n"/>
+ </layout>
+ </appender>
+ <!-- ================ -->
+ <!-- Limit categories -->
+ <!-- ================ -->
+
+ <!-- Limit JBoss categories to INFO
+ <category name="org.jboss">
+ <priority value="INFO" class="org.jboss.logging.XLevel"/>
+ </category>
+ -->
+
+ <category name="org.jboss">
+ <priority value="TRACE"/>
+ </category>
+
+ <!-- ======================= -->
+ <!-- Setup the Root category -->
+ <!-- ======================= -->
+
+ <root>
+ <appender-ref ref="CONSOLE"/>
+ <appender-ref ref="FILE"/>
+ </root>
+
+</log4j:configuration>
Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties 2009-08-29 07:08:02 UTC (rev 751)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties 2009-08-29 07:09:51 UTC (rev 752)
@@ -17,7 +17,8 @@
java.util.logging.FileHandler.formatter=java.util.logging.SimpleFormatter
# Set the default logging level for the logger named org.jboss
-org.jcp.xml.dsig.internal.level = FINEST
+org.jcp.level= FINER
+#org.jcp.xml.dsig.internal.dom.level = FINEST
javax.xml.bind.ContextFinder.level = SEVERE
com.sun.org.apache.xml.internal.security.level = FINEST
com.sun.xml.bind.v2.runtime.reflect.opt.Injector.level=SEVERE
Added: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/jboss-wsse-client.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/jboss-wsse-client.xml (rev 0)
+++ identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/jboss-wsse-client.xml 2009-08-29 07:09:51 UTC (rev 752)
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<jboss-ws-security xmlns="http://www.jboss.com/ws-security/config" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+ xsi:schemaLocation="http://www.jboss.com/ws-security/config http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
+ <config>
+ <username/>
+ </config>
+</jboss-ws-security>
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-08-29 07:08:02 UTC (rev 751)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-08-29 07:09:51 UTC (rev 752)
@@ -46,6 +46,7 @@
import javax.xml.xpath.XPathException;
import org.apache.log4j.Logger;
+import org.w3c.dom.DOMConfiguration;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -170,7 +171,7 @@
Result streamResult = new StreamResult(sw);
// Write the DOM document to the stream
- Transformer xformer = TransformerFactory.newInstance().newTransformer();
+ Transformer xformer = getTransformer();
xformer.transform(source, streamResult);
return sw.toString();
@@ -191,7 +192,7 @@
Result streamResult = new StreamResult(sw);
// Write the DOM document to the file
- Transformer xformer = TransformerFactory.newInstance().newTransformer();
+ Transformer xformer = getTransformer();
xformer.transform(source, streamResult);
return sw.toString();
@@ -280,6 +281,19 @@
}
/**
+ * DOM3 method: Normalize the document with namespaces
+ * @param doc
+ * @return
+ */
+ public static Document normalizeNamespaces(Document doc)
+ {
+ DOMConfiguration docConfig = doc.getDomConfig();
+ docConfig.setParameter("namespaces", Boolean.TRUE);
+ doc.normalizeDocument();
+ return doc;
+ }
+
+ /**
* Get a {@link Source} given a {@link Document}
* @param doc
* @return
15 years, 6 months
- 1
- 0
JBoss Identity SVN: r751 - in identity-federation/trunk: jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust and 1 other directories.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-08-29 03:08:02 -0400 (Sat, 29 Aug 2009)
New Revision: 751
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustException.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java
Log:
JBID-180: do post processing
Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java 2009-08-29 07:04:54 UTC (rev 750)
+++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java 2009-08-29 07:08:02 UTC (rev 751)
@@ -27,6 +27,7 @@
import javax.annotation.Resource;
import javax.xml.bind.JAXBElement;
import javax.xml.transform.Source;
+import javax.xml.transform.dom.DOMSource;
import javax.xml.ws.Service;
import javax.xml.ws.ServiceMode;
import javax.xml.ws.WebServiceContext;
@@ -39,7 +40,7 @@
import org.jboss.identity.federation.api.wstrust.WSTrustConstants;
import org.jboss.identity.federation.api.wstrust.WSTrustException;
import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory;
-import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler;
+import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler;
import org.jboss.identity.federation.core.config.STSType;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
@@ -49,6 +50,7 @@
import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenCollection;
import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
+import org.w3c.dom.Document;
/**
* <p>
@@ -126,7 +128,12 @@
try
{
if (requestType.equals(WSTrustConstants.ISSUE_REQUEST))
- return this.marshallResponse(handler.issue(request, this.context.getUserPrincipal()));
+ {
+ Source source = this.marshallResponse(handler.issue(request, this.context.getUserPrincipal()));
+ Document doc = handler.postProcess((Document)((DOMSource)source).getNode(), request);
+ return new DOMSource(doc);
+ }
+
else if (requestType.equals(WSTrustConstants.RENEW_REQUEST))
return this.marshallResponse(handler.renew(request, this.context.getUserPrincipal()));
else if (requestType.equals(WSTrustConstants.CANCEL_REQUEST))
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-08-29 07:04:54 UTC (rev 750)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-08-29 07:08:02 UTC (rev 751)
@@ -124,7 +124,7 @@
throw new WSTrustException("Token issued by provider " + provider.getClass().getName() + " is null");
// sign the issued token if needed.
- if (this.configuration.signIssuedToken() && this.configuration.getSTSKeyPair() != null)
+ /*if (this.configuration.signIssuedToken() && this.configuration.getSTSKeyPair() != null)
{
KeyPair keyPair = this.configuration.getSTSKeyPair();
if (keyPair != null)
@@ -154,7 +154,7 @@
throw new WSTrustException("Failed to sign security token", e);
}
}
- }
+ }*/
// construct the ws-trust security token response.
RequestedSecurityTokenType requestedSecurityToken = new RequestedSecurityTokenType();
@@ -197,8 +197,74 @@
if( rstDocument == null)
throw new IllegalArgumentException("Request does not contain the DOM Document");
- // TODO: implement renew logic.
- throw new UnsupportedOperationException();
+ SecurityTokenProvider provider = null;
+
+ // first try to obtain the security token provider using the applies-to contents.
+ AppliesTo appliesTo = request.getAppliesTo();
+ PublicKey providerPublicKey = null;
+ if (appliesTo != null)
+ {
+ String serviceName = WSTrustUtil.parseAppliesTo(appliesTo);
+ if (serviceName != null)
+ {
+ provider = this.configuration.getProviderForService(serviceName);
+ request.setTokenType(URI.create(this.configuration.getTokenTypeForService(serviceName)));
+ providerPublicKey = this.configuration.getServiceProviderPublicKey(serviceName);
+ }
+ }
+ // if applies-to is not available or if no provider was found for the service, use the token type.
+ if (provider == null && request.getTokenType() != null)
+ {
+ provider = this.configuration.getProviderForTokenType(request.getTokenType().toString());
+ }
+ else if (appliesTo == null && request.getTokenType() == null)
+ throw new WSTrustException("Either AppliesTo or TokenType must be present in a security token request");
+
+ // TODO: get the provider using the token from the request.
+ provider = this.configuration.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE);
+
+ if (provider != null)
+ {
+ // create the request context and delegate token generation to the provider.
+ WSTrustRequestContext requestContext = new WSTrustRequestContext(request, callerPrincipal);
+ requestContext.setTokenIssuer(this.configuration.getSTSName());
+ if (request.getLifetime() == null && this.configuration.getIssuedTokenTimeout() != 0)
+ {
+ // if no lifetime has been specified, use the configured timeout value.
+ request.setLifetime(WSTrustUtil.createDefaultLifetime(this.configuration.getIssuedTokenTimeout()));
+ }
+ requestContext.setServiceProviderPublicKey(providerPublicKey);
+ provider.renewToken(requestContext);
+
+ if (requestContext.getSecurityToken() == null)
+ throw new WSTrustException("Token issued by provider " + provider.getClass().getName() + " is null");
+
+
+ // construct the ws-trust security token response.
+ RequestedSecurityTokenType requestedSecurityToken = new RequestedSecurityTokenType();
+ requestedSecurityToken.setAny(requestContext.getSecurityToken().getTokenValue());
+
+ // TODO: create proof token and encrypt the token if needed
+
+ RequestSecurityTokenResponse response = new RequestSecurityTokenResponse();
+ if (request.getContext() != null)
+ response.setContext(request.getContext());
+
+ response.setTokenType(request.getTokenType());
+ response.setLifetime(request.getLifetime());
+ response.setAppliesTo(appliesTo);
+ response.setRequestedSecurityToken(requestedSecurityToken);
+
+ // set the attached and unattached references.
+ if (requestContext.getAttachedReference() != null)
+ response.setRequestedAttachedReference(requestContext.getAttachedReference());
+ if (requestContext.getUnattachedReference() != null)
+ response.setRequestedUnattachedReference(requestContext.getUnattachedReference());
+
+ return response;
+ }
+ else
+ throw new WSTrustException("Unable to find a token provider for the token request");
}
/*
@@ -301,4 +367,57 @@
// TODO: implement cancel logic.
throw new UnsupportedOperationException();
}
+
+ public Document postProcess(Document rstrDocument, RequestSecurityToken request) throws WSTrustException
+ {
+ if(WSTrustConstants.ISSUE_REQUEST.equals(request.getRequestType().toString())
+ || WSTrustConstants.RENEW_REQUEST.equals(request.getRequestType().toString()))
+ {
+ rstrDocument = DocumentUtil.normalizeNamespaces(rstrDocument);
+
+ //Sign and encrypt
+ if (this.configuration.signIssuedToken() && this.configuration.getSTSKeyPair() != null)
+ {
+ KeyPair keyPair = this.configuration.getSTSKeyPair();
+ if (keyPair != null)
+ {
+ URI signatureURI = request.getSignatureAlgorithm();
+ String signatureMethod = signatureURI != null ? signatureURI.toString() : SignatureMethod.RSA_SHA1;
+ try
+ {
+ Node rst = rstrDocument.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE,
+ "RequestedSecurityToken").item(0);
+ Element tokenElement = (Element) rst.getFirstChild();
+ if(trace)
+ {
+ log.trace("NamespaceURI of element to be signed:" +tokenElement.getNamespaceURI() );
+ }
+ /* XMLSignatureUtil.sign(tokenElement.getOwnerDocument(), keyPair, DigestMethod.SHA1, signatureMethod,
+ "#" + tokenElement.getAttribute("ID"));
+ */
+ rstrDocument = XMLSignatureUtil.sign(rstrDocument, tokenElement, keyPair,
+ DigestMethod.SHA1, signatureMethod, "#" + tokenElement.getAttribute("ID"));
+ if(trace)
+ {
+ try
+ {
+ log.trace("Signed Token:" + DocumentUtil.getNodeAsString(tokenElement));
+
+ Document tokenDocument = DocumentUtil.createDocument();
+ tokenDocument.appendChild(tokenDocument.importNode(tokenElement, true));
+ log.trace("valid=" + XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic()));
+
+ }catch(Exception ignore){}
+ }
+ }
+ catch (Exception e)
+ {
+ throw new WSTrustException("Failed to sign security token", e);
+ }
+ }
+ }
+ }
+
+ return rstrDocument;
+ }
}
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustException.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustException.java 2009-08-29 07:04:54 UTC (rev 750)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustException.java 2009-08-29 07:08:02 UTC (rev 751)
@@ -21,6 +21,8 @@
*/
package org.jboss.identity.federation.api.wstrust;
+import java.security.GeneralSecurityException;
+
/**
* <p>
* Exception used to convey that an error has happened when handling a WS-Trust request message.
@@ -28,11 +30,10 @@
*
* @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
*/
-public class WSTrustException extends Exception
+public class WSTrustException extends GeneralSecurityException
{
-
private static final long serialVersionUID = -232066282004315310L;
-
+
/**
* <p>
* Creates an instance of {@code WSTrustException} using the specified error message.
@@ -57,4 +58,4 @@
{
super(message, cause);
}
-}
+}
\ No newline at end of file
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java 2009-08-29 07:04:54 UTC (rev 750)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java 2009-08-29 07:08:02 UTC (rev 751)
@@ -25,6 +25,7 @@
import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
+import org.w3c.dom.Document;
/**
* <p>
@@ -35,8 +36,7 @@
* @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
*/
public interface WSTrustRequestHandler
-{
-
+{
/**
* <p>
* Initializes the concrete {@code WSTrustRequestHandler} instance.
@@ -98,4 +98,14 @@
*/
public RequestSecurityTokenResponse validate(RequestSecurityToken request, Principal callerPrincipal)
throws WSTrustException;
+
+ /**
+ * Perform Post Processing on the generated RSTR Collection Document
+ * Steps such as signing and encryption need to be done here.
+ * @param rstrDocument
+ * @param request
+ * @return
+ * @throws WSTrustException
+ */
+ public Document postProcess(Document rstrDocument, RequestSecurityToken request) throws WSTrustException;
}
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java 2009-08-29 07:04:54 UTC (rev 750)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java 2009-08-29 07:08:02 UTC (rev 751)
@@ -40,6 +40,7 @@
import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
import org.jboss.identity.federation.core.wstrust.Lifetime;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType;
import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
@@ -83,54 +84,7 @@
// generate an id for the new assertion.
String assertionID = IDGenerator.create("ID_");
- // lifetime and audience restrictions.
- Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
- AudienceRestrictionType restriction = null;
- AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
- if (appliesTo != null)
- restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
- ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
- restriction);
-
- // TODO: implement support for the other confirmation methods.
- String confirmationMethod = SAMLUtil.SAML2_BEARER_URI;
- SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null,
- confirmationMethod, null);
-
- // create a subject using the caller principal.
- Principal principal = context.getCallerPrincipal();
- String subjectName = principal == null ? "ANONYMOUS" : principal.getName();
- NameIDType nameID = SAMLAssertionFactory.createNameID(null, "urn:jboss:identity-federation", subjectName);
- SubjectType subject = SAMLAssertionFactory.createSubject(nameID, subjectConfirmation);
-
- // TODO: add SAML statements that corresponds to the claims provided by the requester.
-
- // create the SAML assertion.
- NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer());
- AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(),
- conditions, subject, null);
-
- // convert the constructed assertion to element.
- Element assertionElement = null;
- try
- {
- assertionElement = SAMLUtil.toElement(assertion);
- }
- catch (Exception e)
- {
- throw new WSTrustException("Failed to marshall SAMLV2 assertion", e);
- }
-
- SecurityToken token = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(),
- assertionElement, assertionID);
- context.setSecurityToken(token);
-
- // set the SAML assertion attached reference.
- KeyIdentifierType keyIdentifier = WSTrustUtil.createKeyIdentifier(SAMLUtil.SAML2_VALUE_TYPE, "#" + assertionID);
- Map<QName, String> attributes = new HashMap<QName, String>();
- attributes.put(new QName(WSTrustConstants.WSSE11_NS, "TokenType"), SAMLUtil.SAML2_TOKEN_TYPE);
- RequestedReferenceType attachedReference = WSTrustUtil.createRequestedReference(keyIdentifier, attributes);
- context.setAttachedReference(attachedReference);
+ issueToken(context, assertionID);
}
/*
@@ -140,7 +94,11 @@
*/
public void renewToken(WSTrustRequestContext context) throws WSTrustException
{
- // TODO: implement renew logic.
+ Element assertion = (Element) context.getRequestSecurityToken().getRenewTarget().getAny();
+
+ String id = assertion.getAttribute("ID");
+
+ issueToken(context, id); //Just reissue
}
/*
@@ -224,4 +182,62 @@
return element == null ? false : "Assertion".equals(element.getLocalName())
&& WSTrustConstants.SAML2_ASSERTION_NS.equals(element.getNamespaceURI());
}
+
+ /**
+ * Issue a SAML assertion token with the provided ID
+ * @param context
+ * @param assertionID
+ * @throws WSTrustException
+ */
+ private void issueToken(WSTrustRequestContext context, String assertionID) throws WSTrustException
+ {
+ // lifetime and audience restrictions.
+ Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
+ AudienceRestrictionType restriction = null;
+ AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
+ if (appliesTo != null)
+ restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
+ ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
+ restriction);
+
+ // TODO: implement support for the other confirmation methods.
+ String confirmationMethod = SAMLUtil.SAML2_BEARER_URI;
+ SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null,
+ confirmationMethod, null);
+
+ // create a subject using the caller principal.
+ Principal principal = context.getCallerPrincipal();
+ String subjectName = principal == null ? "ANONYMOUS" : principal.getName();
+ NameIDType nameID = SAMLAssertionFactory.createNameID(null, "urn:jboss:identity-federation", subjectName);
+ SubjectType subject = SAMLAssertionFactory.createSubject(nameID, subjectConfirmation);
+
+ // TODO: add SAML statements that corresponds to the claims provided by the requester.
+
+ // create the SAML assertion.
+ NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer());
+ AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(),
+ conditions, subject, null);
+
+ // convert the constructed assertion to element.
+ Element assertionElement = null;
+ try
+ {
+ assertionElement = SAMLUtil.toElement(assertion);
+ }
+ catch (Exception e)
+ {
+ throw new WSTrustException("Failed to marshall SAMLV2 assertion", e);
+ }
+
+ SecurityToken token = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(),
+ assertionElement, assertionID);
+ context.setSecurityToken(token);
+
+ // set the SAML assertion attached reference.
+ KeyIdentifierType keyIdentifier = WSTrustUtil.createKeyIdentifier(SAMLUtil.SAML2_VALUE_TYPE, "#" + assertionID);
+ Map<QName, String> attributes = new HashMap<QName, String>();
+ attributes.put(new QName(WSTrustConstants.WSSE11_NS, "TokenType"), SAMLUtil.SAML2_TOKEN_TYPE);
+ RequestedReferenceType attachedReference = WSTrustUtil.createRequestedReference(keyIdentifier, attributes);
+ context.setAttachedReference(attachedReference);
+ }
}
\ No newline at end of file
15 years, 6 months
- 1
- 0
JBoss Identity SVN: r750 - identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-08-29 03:04:54 -0400 (Sat, 29 Aug 2009)
New Revision: 750
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
Log:
add todo
Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-08-29 07:02:56 UTC (rev 749)
+++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-08-29 07:04:54 UTC (rev 750)
@@ -217,8 +217,9 @@
BaseRequestSecurityTokenResponse baseResponse = WSTrustJAXBFactory.getInstance()
.parseRequestSecurityTokenResponse(responseMessage);
+ //TODO: JBID-179
// validate the security token response.
- this.validateCustomTokenResponse(baseResponse);
+ //this.validateCustomTokenResponse(baseResponse);
}
/**
@@ -486,9 +487,11 @@
assertTrue("Unexpected token class", token instanceof Element);
Element element = (Element) requestedToken.getAny();
assertEquals("Unexpected namespace value", "http://www.tokens.org", element.getNamespaceURI());
+
+ /*//TODO: Fix JBID-179
assertEquals("Unexpected attribute value", "http://www.tokens.org/SpecialToken", element
.getAttribute("TokenType"));
- assertEquals("Unexpected token value", "Principal:sguilhen", element.getFirstChild().getNodeValue());
+ assertEquals("Unexpected token value", "Principal:sguilhen", element.getFirstChild().getNodeValue());*/
}
/**
15 years, 6 months
- 1
- 0
JBoss Identity SVN: r749 - identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-08-29 03:02:56 -0400 (Sat, 29 Aug 2009)
New Revision: 749
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
Log:
fix bug
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-08-28 00:34:20 UTC (rev 748)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-08-29 07:02:56 UTC (rev 749)
@@ -22,10 +22,12 @@
package org.jboss.identity.federation.api.util;
import java.io.OutputStream;
+import java.security.AccessController;
import java.security.GeneralSecurityException;
import java.security.Key;
import java.security.KeyPair;
import java.security.PrivateKey;
+import java.security.PrivilegedAction;
import java.security.PublicKey;
import java.util.Collections;
import java.util.List;
@@ -58,6 +60,7 @@
import javax.xml.transform.stream.StreamResult;
import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.util.JAXBUtil;
import org.jboss.identity.xmlsec.w3.xmldsig.ObjectFactory;
@@ -101,7 +104,32 @@
return xsf;
}
+ //Set some system properties
+ static
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true");
+ return null;
+ }
+ });
+ };
+
/**
+ * Precheck whether the document that will be validated
+ * has the right signedinfo
+ * @param doc
+ * @return
+ */
+ public static boolean preCheckSignedInfo(Document doc)
+ {
+ NodeList nl = doc.getElementsByTagNameNS(JBossSAMLURIConstants.XMLDSIG_NSURI.get(), "SignedInfo");
+ return nl != null ? nl.getLength() > 0 : false;
+ }
+
+ /**
* Sign a node in a document
* @param doc Document
* @param parentOfNodeToBeSigned Parent Node of the node to be signed
@@ -161,6 +189,9 @@
log.trace("Document to be signed=" + DocumentUtil.getDocumentAsString(doc));
}catch (Exception e) {}
}
+
+ Node parentNode = nodeToBeSigned.getParentNode();
+
//Let us create a new Document
Document newDoc = DocumentUtil.createDocument();
//Import the node
@@ -172,7 +203,8 @@
//Now let us import this signed doc into the original document we got in the method call
Node signedNode = doc.importNode(newDoc.getFirstChild(), true);
- doc.getDocumentElement().replaceChild(signedNode, nodeToBeSigned);
+ parentNode.replaceChild(signedNode, nodeToBeSigned);
+ //doc.getDocumentElement().replaceChild(signedNode, nodeToBeSigned);
return doc;
}
@@ -207,7 +239,9 @@
PrivateKey signingKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
- DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
+ DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
+ dsc.setDefaultNamespacePrefix("dsig");
+
// dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
@@ -254,8 +288,10 @@
{
throw new IllegalArgumentException("Cannot find Signature element");
}
+ if(publicKey == null)
+ throw new IllegalArgumentException("Public Key is null");
+
DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
-
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
boolean coreValidity = signature.validate(valContext);
15 years, 6 months
- 1
- 0
JBoss Identity SVN: r748 - identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-08-27 20:34:20 -0400 (Thu, 27 Aug 2009)
New Revision: 748
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
Log:
add trace
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-08-27 22:37:13 UTC (rev 747)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-08-28 00:34:20 UTC (rev 748)
@@ -57,6 +57,7 @@
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.stream.StreamResult;
+import org.apache.log4j.Logger;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.util.JAXBUtil;
import org.jboss.identity.xmlsec.w3.xmldsig.ObjectFactory;
@@ -73,6 +74,9 @@
*/
public class XMLSignatureUtil
{
+ private static Logger log = Logger.getLogger(XMLSignatureUtil.class);
+ private static boolean trace = log.isTraceEnabled();
+
private static String pkgName = "org.jboss.identity.federation.w3.xmldsig";
private static String schemaLocation = "schema/saml/v2/xmldsig-core-schema.xsd";
@@ -150,6 +154,13 @@
{
if(nodeToBeSigned == null)
throw new IllegalArgumentException("Node to be signed is null");
+ if(trace)
+ {
+ try
+ {
+ log.trace("Document to be signed=" + DocumentUtil.getDocumentAsString(doc));
+ }catch (Exception e) {}
+ }
//Let us create a new Document
Document newDoc = DocumentUtil.createDocument();
//Import the node
@@ -186,6 +197,13 @@
String signatureMethod,
String referenceURI) throws GeneralSecurityException, MarshalException, XMLSignatureException
{
+ if(trace)
+ {
+ try
+ {
+ log.trace("Document to be signed=" + DocumentUtil.getDocumentAsString(doc));
+ }catch (Exception e) {}
+ }
PrivateKey signingKey = keyPair.getPrivate();
PublicKey publicKey = keyPair.getPublic();
@@ -228,6 +246,7 @@
* @throws MarshalException
* @throws XMLSignatureException
*/
+ @SuppressWarnings("unchecked")
public static boolean validate(Document signedDoc, Key publicKey) throws MarshalException, XMLSignatureException
{
NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
@@ -240,6 +259,18 @@
XMLSignature signature = fac.unmarshalXMLSignature(valContext);
boolean coreValidity = signature.validate(valContext);
+ if(trace && !coreValidity)
+ {
+ boolean sv = signature.getSignatureValue().validate(valContext);
+ log.trace("Signature validation status: " + sv);
+
+ List<Reference> references = signature.getSignedInfo().getReferences();
+ for(Reference ref:references)
+ {
+ log.trace("[Ref id=" + ref.getId() +":uri=" + ref.getURI() +
+ "]validity status:" + ref.validate(valContext));
+ }
+ }
return coreValidity;
}
15 years, 6 months
- 1
- 0
JBoss Identity SVN: r747 - identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-08-27 18:37:13 -0400 (Thu, 27 Aug 2009)
New Revision: 747
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java
Log:
fix validation
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-08-27 16:40:18 UTC (rev 746)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-08-27 22:37:13 UTC (rev 747)
@@ -29,6 +29,7 @@
import javax.xml.crypto.dsig.DigestMethod;
import javax.xml.crypto.dsig.SignatureMethod;
+import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.util.XMLSignatureUtil;
import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
@@ -39,6 +40,7 @@
import org.jboss.identity.federation.ws.trust.StatusType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import org.w3c.dom.Node;
/**
* <p>
@@ -51,6 +53,8 @@
*/
public class StandardRequestHandler implements WSTrustRequestHandler
{
+ private static Logger log = Logger.getLogger(StandardRequestHandler.class);
+ private boolean trace = log.isTraceEnabled();
private STSConfiguration configuration;
@@ -132,6 +136,18 @@
Element tokenElement = (Element) requestContext.getSecurityToken().getTokenValue();
XMLSignatureUtil.sign(tokenElement.getOwnerDocument(), keyPair, DigestMethod.SHA1, signatureMethod,
"#" + requestContext.getSecurityToken().getTokenID());
+ if(trace)
+ {
+ try
+ {
+ log.trace("Signed Token:" + DocumentUtil.getNodeAsString(tokenElement));
+
+ Document tokenDocument = DocumentUtil.createDocument();
+ tokenDocument.appendChild(tokenDocument.importNode(tokenElement, true));
+ log.trace("valid=" + XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic()));
+
+ }catch(Exception ignore){}
+ }
}
catch (Exception e)
{
@@ -219,8 +235,22 @@
{
//Element tokenElement = (Element) request.getValidateTarget().getAny();
Element tokenElement = request.getValidateTargetElement();
+
+ Node securityToken = tokenElement.getFirstChild();
+
+ if(trace)
+ {
+ try
+ {
+ log.trace("Going to validate:" + DocumentUtil.getNodeAsString(securityToken));
+ }
+ catch (Exception e)
+ {
+ }
+ }
Document tokenDocument = DocumentUtil.createDocument();
- tokenDocument.appendChild(tokenDocument.importNode(tokenElement, true));
+ Node importedNode = tokenDocument.importNode(securityToken, true);
+ tokenDocument.appendChild(importedNode);
if (!XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic()))
{
status = new StatusType();
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-08-27 16:40:18 UTC (rev 746)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-08-27 22:37:13 UTC (rev 747)
@@ -29,6 +29,7 @@
import javax.xml.transform.Source;
import javax.xml.transform.dom.DOMSource;
+import org.apache.log4j.Logger;
import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
@@ -55,6 +56,9 @@
*/
public class WSTrustJAXBFactory
{
+ private static Logger log = Logger.getLogger(WSTrustJAXBFactory.class);
+ private boolean trace = log.isTraceEnabled();
+
private static final WSTrustJAXBFactory instance = new WSTrustJAXBFactory();
private Marshaller marshaller;
@@ -333,6 +337,15 @@
Node node = this.findNodeByNameNS(result, "RequestedSecurityToken", WSTrustConstants.BASE_NAMESPACE);
node.appendChild(result.importNode(tokenElement, true));
}
+ if(trace)
+ {
+ try
+ {
+ log.trace("Final RSTR doc:" + DocumentUtil.getDocumentAsString(result));
+
+ }catch(Exception ignore){}
+ }
+
}
catch (Exception e)
{
15 years, 6 months
- 1
- 0
JBoss Identity SVN: r746 - identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-08-27 12:40:18 -0400 (Thu, 27 Aug 2009)
New Revision: 746
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java
Log:
JBID-175: undo and reject the jira issue
Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java 2009-08-27 16:30:56 UTC (rev 745)
+++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/JAXBUtil.java 2009-08-27 16:40:18 UTC (rev 746)
@@ -22,6 +22,7 @@
package org.jboss.identity.federation.core.util;
import java.net.URL;
+import java.util.HashMap;
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBException;
@@ -42,23 +43,15 @@
*/
public class JAXBUtil
{
- public static final JAXBContext jaxbContext;
private static Logger log = Logger.getLogger(JAXBUtil.class);
private static boolean trace = log.isTraceEnabled();
public static final String W3C_XML_SCHEMA_NS_URI = "http://www.w3.org/2001/XMLSchema";
-
+
+ private static HashMap<String,JAXBContext> jaxbContextHash = new HashMap<String, JAXBContext>();
+
static
{
- try
- {
- jaxbContext = JAXBContext.newInstance(getPackages());
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e);
- }
-
//Useful on Sun VMs. Harmless on other VMs.
SecurityActions.setSystemProperty("com.sun.xml.bind.v2.runtime.JAXBContextImpl.fastBoot", "true");
}
@@ -94,7 +87,8 @@
if(pkgName == null)
throw new IllegalArgumentException("pkgName is null");
- Marshaller marshaller = jaxbContext.createMarshaller();
+ JAXBContext jc = getJAXBContext(pkgName);
+ Marshaller marshaller = jc.createMarshaller();
marshaller.setProperty(Marshaller.JAXB_ENCODING, "UTF-8");
marshaller.setProperty(Marshaller.JAXB_FORMATTED_OUTPUT, Boolean.FALSE); //Breaks signatures
return marshaller;
@@ -110,7 +104,8 @@
{
if(pkgName == null)
throw new IllegalArgumentException("pkgName is null");
- return jaxbContext.createUnmarshaller();
+ JAXBContext jc = getJAXBContext(pkgName);
+ return jc.createUnmarshaller();
}
/**
@@ -187,46 +182,25 @@
public static JAXBContext getJAXBContext(String path) throws JAXBException
{
- return jaxbContext;
+ JAXBContext jx = jaxbContextHash.get(path);
+ if(jx == null)
+ {
+ jx = JAXBContext.newInstance(path);
+ jaxbContextHash.put(path, jx);
+ }
+ return jx;
}
public static JAXBContext getJAXBContext(Class<?> clazz) throws JAXBException
{
- return jaxbContext;
- }
-
- private static String getPackages()
- {
- StringBuilder packages = new StringBuilder();
- //SAML Related
- packages.append("org.jboss.identity.federation.saml.v2.protocol");
- packages.append(":org.jboss.identity.federation.saml.v2.metadata");
- packages.append(":org.jboss.identity.federation.saml.v2.assertion");
+ String clazzName = clazz.getName();
- //SOAP Related
- packages.append(":org.jboss.identity.federation.org.xmlsoap.schemas.soap.envelope");
-
- //XACML Related
- packages.append(":org.jboss.security.xacml.core.model.context");
- packages.append(":org.jboss.identity.federation.saml.v2.profiles.xacml.assertion");
- packages.append(":org.jboss.identity.federation.saml.v2.profiles.xacml.protocol");
-
- //WS-Trust Related
- packages.append(":org.jboss.identity.federation.ws.addressing");
- packages.append(":org.jboss.identity.federation.ws.policy");
- packages.append(":org.jboss.identity.federation.ws.trust");
- packages.append(":org.jboss.identity.federation.ws.wss.secext");
- packages.append(":org.jboss.identity.federation.ws.wss.utility");
-
- //XML DSIG
- packages.append(":org.jboss.identity.xmlsec.w3.xmldsig");
-
- //XML ENC
- packages.append(":org.jboss.identity.xmlsec.w3.xmlenc");
-
- //Config
- packages.append(":org.jboss.identity.federation.core.config");
-
- return packages.toString();
+ JAXBContext jx = jaxbContextHash.get(clazzName);
+ if(jx == null)
+ {
+ jx = JAXBContext.newInstance(clazz);
+ jaxbContextHash.put(clazzName, jx);
+ }
+ return jx;
}
}
\ No newline at end of file
15 years, 6 months
- 1
- 0
JBoss Identity SVN: r745 - identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust.
by jboss-identity-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2009-08-27 12:30:56 -0400 (Thu, 27 Aug 2009)
New Revision: 745
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java
Log:
fix the rst parsing code
Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-08-26 04:11:02 UTC (rev 744)
+++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-08-27 16:30:56 UTC (rev 745)
@@ -132,7 +132,11 @@
JAXBElement<RequestSecurityTokenType> jaxbRST;
try
{
- jaxbRST = (JAXBElement<RequestSecurityTokenType>) binder.unmarshal(document);
+ Node rst = this.findNodeByNameNS(document, "RequestSecurityToken", WSTrustConstants.BASE_NAMESPACE);
+ if(rst == null)
+ throw new RuntimeException("Request Security Token node not found");
+
+ jaxbRST = (JAXBElement<RequestSecurityTokenType>) binder.unmarshal(rst);
RequestSecurityTokenType rstt = jaxbRST.getValue();
holders.set(new SAMLDocumentHolder(rstt, document));
15 years, 6 months
- 1
- 0