September 2009 - jboss-identity-commits

JBoss Identity SVN: r761 - identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust.

by jboss-identity-commits＠lists.jboss.org

Author: sguilhen(a)redhat.com Date: 2009-09-03 14:32:05 -0400 (Thu, 03 Sep 2009) New Revision: 761 Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java Log: JBID-137: TruststoreAlias is now verified first. Only if it has not been specified we use the mappings defined in the KeyProvider section to obtain the service provider PKC Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-09-03 18:24:08 UTC (rev 760) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-09-03 18:32:05 UTC (rev 761) @@ -242,15 +242,16 @@ { try { - key = this.trustManager.getValidatingKey(serviceName); + // try using the truststore alias from the service provider metadata. + ServiceProviderType provider = this.spMetadata.get(serviceName); + if(provider != null && provider.getTruststoreAlias() != null) + { + key = this.trustManager.getPublicKey(provider.getTruststoreAlias()); + } + // if there was no truststore alias or no PKC under that alias, use the KeyProvider mapping. if(key == null) { - // try using the truststore alias from the service provider metadata. - ServiceProviderType provider = this.spMetadata.get(serviceName); - if(provider != null && provider.getTruststoreAlias() != null) - { - key = this.trustManager.getPublicKey(provider.getTruststoreAlias()); - } + key = this.trustManager.getValidatingKey(serviceName); } } catch (Exception e)

14 years, 8 months

1
0
0 / 0

JBoss Identity SVN: r760 - identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust.

by jboss-identity-commits＠lists.jboss.org

Author: sguilhen(a)redhat.com Date: 2009-09-03 14:24:08 -0400 (Thu, 03 Sep 2009) New Revision: 760 Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java Log: JBID-137: updated JBossSTSConfiguration to use the TruststoreAlias attribute from ServiceProviderType to locate a PKC when a ValidatingAlias has not been configured for the service provider Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-09-03 18:17:00 UTC (rev 759) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-09-03 18:24:08 UTC (rev 760) @@ -243,6 +243,15 @@ try { key = this.trustManager.getValidatingKey(serviceName); + if(key == null) + { + // try using the truststore alias from the service provider metadata. + ServiceProviderType provider = this.spMetadata.get(serviceName); + if(provider != null && provider.getTruststoreAlias() != null) + { + key = this.trustManager.getPublicKey(provider.getTruststoreAlias()); + } + } } catch (Exception e) {

14 years, 8 months

1
0
0 / 0

JBoss Identity SVN: r759 - in identity-federation/trunk: jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/config and 9 other directories.

by jboss-identity-commits＠lists.jboss.org

Author: sguilhen(a)redhat.com Date: 2009-09-03 14:17:00 -0400 (Thu, 03 Sep 2009) New Revision: 759 Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProviderType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProvidersType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/PropertyType.java Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/config/ConfigUnitTestCase.java identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java identity-federation/trunk/jboss-identity-bindings/src/test/resources/config/test-config-4.xml identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml identity-federation/trunk/jboss-identity-fed-api/ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/AuthPropertyType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/EncAlgoType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/EncryptionType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/IDPType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/KeyProviderType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/KeyValueType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/MetadataProviderType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ObjectFactory.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ProviderType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/SPType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/STSType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ServiceProviderType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ServiceProvidersType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TokenProviderType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TokenProvidersType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TrustType.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/package-info.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenProvider.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardSecurityToken.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/MockSTSConfiguration.java identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java identity-federation/trunk/jboss-identity-web/src/main/resources/schema/config/jboss-identity-fed.xsd Log: JBID-137: changed the schema to allow for the specification of general properties for the token providers. Providers must also specify the token element name and namespace so that a token provider can be located when the request contains no token type (example: validate requests) Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java 2009-09-03 18:17:00 UTC (rev 759) @@ -72,7 +72,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenService#invoke(javax.xml.transform.Source) + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenService#invoke(javax.xml.transform.Source) */ public Source invoke(Source request) { Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-09-03 18:17:00 UTC (rev 759) @@ -27,6 +27,7 @@ import java.util.Map; import org.jboss.identity.federation.core.config.KeyProviderType; +import org.jboss.identity.federation.core.config.PropertyType; import org.jboss.identity.federation.core.config.STSType; import org.jboss.identity.federation.core.config.ServiceProviderType; import org.jboss.identity.federation.core.config.ServiceProvidersType; @@ -55,12 +56,10 @@ private final Map<String, ServiceProviderType> spMetadata = new HashMap<String, ServiceProviderType>(); - private final Map<String, Object> options = new HashMap<String, Object>(); - private TrustKeyManager trustManager; private WSTrustRequestHandler handler; - + /** * * Creates an instance of {@code JBossSTSConfiguration} with default configuration values. @@ -69,11 +68,7 @@ public JBossSTSConfiguration() { this.delegate = new STSType(); - // set the default values in the delegate. - this.delegate.setSTSName("JBossSTS"); - this.delegate.setEncryptToken(false); - this.delegate.setTokenTimeout(3600); - this.delegate.setRequestHandler("org.jboss.identity.federation.api.wstrust.StandardRequestHandler"); + this.delegate.setRequestHandler("org.jboss.identity.federation.core.wstrust.StandardRequestHandler"); // TODO: add default token provider classes. } @@ -89,7 +84,7 @@ this.delegate = config; // set the default request handler if one hasn't been specified. if (this.delegate.getRequestHandler() == null) - this.delegate.setRequestHandler("org.jboss.identity.federation.api.wstrust.StandardRequestHandler"); + this.delegate.setRequestHandler("org.jboss.identity.federation.core.wstrust.StandardRequestHandler"); // build the token-provider and service-metadata maps. TokenProvidersType providers = this.delegate.getTokenProviders(); @@ -98,8 +93,16 @@ WSTrustServiceFactory serviceFactory = WSTrustServiceFactory.getInstance(); for (TokenProviderType provider : providers.getTokenProvider()) { - this.tokenProviders.put(provider.getTokenType(), serviceFactory.createTokenProvider(provider - .getProviderClass())); + // create and initialize the token provider. + SecurityTokenProvider tokenProvider = serviceFactory.createTokenProvider(provider.getProviderClass()); + Map<String, String> properties = new HashMap<String, String>(); + for(PropertyType propertyType : provider.getProperty()) + properties.put(propertyType.getName(), propertyType.getValue()); + tokenProvider.initialize(properties); + // token providers can be keyed by the token type and by token element + namespace. + this.tokenProviders.put(provider.getTokenType(), tokenProvider); + String tokenElementAndNS = provider.getTokenElement() + "$" + provider.getTokenElementNS(); + this.tokenProviders.put(tokenElementAndNS, tokenProvider); } } ServiceProvidersType serviceProviders = this.delegate.getServiceProviders(); @@ -129,7 +132,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSName() + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getSTSName() */ public String getSTSName() { @@ -139,7 +142,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getEncryptIssuedToken() + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getEncryptIssuedToken() */ public boolean encryptIssuedToken() { @@ -149,18 +152,17 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#signIssuedToken() + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#signIssuedToken() */ public boolean signIssuedToken() { - //TODO: add the sign-by-default property to the configuration schema. - return true; + return this.delegate.isSignToken(); } - + /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getIssuedTokenTimeout() + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getIssuedTokenTimeout() */ public long getIssuedTokenTimeout() { @@ -171,31 +173,21 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getRequestHandlerClass() + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getRequestHandlerClass() */ public WSTrustRequestHandler getRequestHandler() { if (this.handler == null) - this.handler = WSTrustServiceFactory.getInstance().createRequestHandler( - this.delegate.getRequestHandler(), this); + this.handler = WSTrustServiceFactory.getInstance().createRequestHandler(this.delegate.getRequestHandler(), + this); return this.handler; } /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getOptions() + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getProviderForService(java.lang.String) */ - public Map<String, Object> getOptions() - { - return this.options; - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getProviderForService(java.lang.String) - */ public SecurityTokenProvider getProviderForService(String serviceName) { ServiceProviderType provider = this.spMetadata.get(serviceName); @@ -209,7 +201,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getProviderForTokenType(java.lang.String) + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getProviderForTokenType(java.lang.String) */ public SecurityTokenProvider getProviderForTokenType(String tokenType) { @@ -219,8 +211,18 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getTokenTypeForService(java.lang.String) + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getProviderForTokenElementNS(java.lang.String, java.lang.String) */ + public SecurityTokenProvider getProviderForTokenElementNS(String tokenLocalName, String tokenNamespace) + { + return this.tokenProviders.get(tokenLocalName + "$" + tokenNamespace); + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getTokenTypeForService(java.lang.String) + */ public String getTokenTypeForService(String serviceName) { ServiceProviderType provider = this.spMetadata.get(serviceName); @@ -231,7 +233,7 @@ /* * (non-Javadoc) - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getServiceProviderPublicKey(java.lang.String) + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getServiceProviderPublicKey(java.lang.String) */ public PublicKey getServiceProviderPublicKey(String serviceName) { @@ -252,7 +254,7 @@ /* * (non-Javadoc) - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSKeyPair() + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getSTSKeyPair() */ public KeyPair getSTSKeyPair() { Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/config/ConfigUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/config/ConfigUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/config/ConfigUnitTestCase.java 2009-09-03 18:17:00 UTC (rev 759) @@ -33,6 +33,7 @@ import org.jboss.identity.federation.core.config.IDPType; import org.jboss.identity.federation.core.config.KeyProviderType; import org.jboss.identity.federation.core.config.KeyValueType; +import org.jboss.identity.federation.core.config.PropertyType; import org.jboss.identity.federation.core.config.SPType; import org.jboss.identity.federation.core.config.STSType; import org.jboss.identity.federation.core.config.ServiceProviderType; @@ -155,6 +156,10 @@ assertNotNull("Unexpected null token provider", tokenProvider); assertEquals("Unexpected provider class name", "org.jboss.SpecialTokenProvider", tokenProvider.getProviderClass()); assertEquals("Unexpected token type", "specialToken", tokenProvider.getTokenType()); + assertEquals("Unexpected token element name", "SpecialToken", tokenProvider.getTokenElement()); + assertEquals("Unexpected token namespace", "http://www.tokens.org", tokenProvider.getTokenElementNS()); + List<PropertyType> properties = tokenProvider.getProperty(); + assertEquals("Invalid number of properties", 2, properties.size()); // configuration of the service providers. ServiceProvidersType serviceProviders = stsType.getServiceProviders(); assertNotNull("Unexpected null list of service providers", serviceProviders); Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-09-03 18:17:00 UTC (rev 759) @@ -24,6 +24,7 @@ import java.net.URI; import java.security.Principal; import java.util.List; +import java.util.Map; import javax.xml.bind.JAXBContext; import javax.xml.bind.JAXBElement; @@ -116,11 +117,11 @@ * <ValidatingAlias Key="http://services.testcorp.org/provider1" Value="service1"/> * <ValidatingAlias Key="http://services.testcorp.org/provider2" Value="service2"/> * </KeyProvider> - * <RequestHandler>org.jboss.identity.federation.api.wstrust.StandardRequestHandler</RequestHandler> + * <RequestHandler>org.jboss.identity.federation.core.wstrust.StandardRequestHandler</RequestHandler> * <TokenProviders> * <TokenProvider ProviderClass="org.jboss.test.identity.federation.bindings.trust.SpecialTokenProvider" * TokenType="http://www.tokens.org/SpecialToken"/> - * <TokenProvider ProviderClass="org.jboss.identity.federation.api.wstrust.SAML20TokenProvider" + * <TokenProvider ProviderClass="org.jboss.identity.federation.core.wstrust.SAML20TokenProvider" * TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profi... * </TokenProviders> * <ServiceProviders> @@ -154,18 +155,16 @@ SecurityTokenProvider provider = config.getProviderForTokenType("http://www.tokens.org/SpecialToken"); assertNotNull("Unexpected null token provider", provider); assertTrue("Unexpected token provider type", provider instanceof SpecialTokenProvider); + Map<String, String> properties = ((SpecialTokenProvider) provider).getProperties(); + assertNotNull("Unexpected null properties map", properties); + assertEquals("Unexpected number of properties", 2, properties.size()); + assertEquals("Invalid property found", "Value1", properties.get("Property1")); + assertEquals("Invalid property found", "Value2", properties.get("Property2")); provider = config.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE); assertNotNull("Unexpected null token provider", provider); assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider); assertNull(config.getProviderForTokenType("unexistentType")); - // check the service provider -> token type mapping. - assertEquals("Invalid token type for service provider 1", "http://www.tokens.org/SpecialToken", config - .getTokenTypeForService("http://services.testcorp.org/provider1")); - assertEquals("Invalid token type for service provider 2", SAMLUtil.SAML2_TOKEN_TYPE, config - .getTokenTypeForService("http://services.testcorp.org/provider2")); - assertNull(config.getTokenTypeForService("http://invalid.service/service")); - // check the service provider -> token provider mapping. provider = config.getProviderForService("http://services.testcorp.org/provider1"); assertNotNull("Unexpected null token provider", provider); @@ -175,6 +174,22 @@ assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider); assertNull(config.getProviderForService("http://invalid.service/service")); + // check the token element and namespace -> token provider mapping. + provider = config.getProviderForTokenElementNS("SpecialToken", "http://www.tokens.org"); + assertNotNull("Unexpected null token provider", provider); + assertTrue("Unexpected token provider type", provider instanceof SpecialTokenProvider); + provider = config.getProviderForTokenElementNS("Assertion", "urn:oasis:names:tc:SAML:2.0:assertion"); + assertNotNull("Unexpected null token provider", provider); + assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider); + assertNull(config.getProviderForTokenElementNS("SpecialToken", "InvalidNamespace")); + + // check the service provider -> token type mapping. + assertEquals("Invalid token type for service provider 1", "http://www.tokens.org/SpecialToken", config + .getTokenTypeForService("http://services.testcorp.org/provider1")); + assertEquals("Invalid token type for service provider 2", SAMLUtil.SAML2_TOKEN_TYPE, config + .getTokenTypeForService("http://services.testcorp.org/provider2")); + assertNull(config.getTokenTypeForService("http://invalid.service/service")); + // check the keystore configuration. assertNotNull("Invalid null STS key pair", config.getSTSKeyPair()); assertNotNull("Invalid null STS public key", config.getSTSKeyPair().getPublic()); Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java 2009-09-03 18:17:00 UTC (rev 759) @@ -23,6 +23,7 @@ import java.net.URI; import java.net.URISyntaxException; +import java.util.Map; import javax.xml.parsers.ParserConfigurationException; @@ -45,11 +46,23 @@ */ public class SpecialTokenProvider implements SecurityTokenProvider { + + private Map<String, String> properties; + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#initialize(java.util.Map) + */ + public void initialize(Map<String, String> properties) + { + this.properties = properties; + } /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.core.wstrust.WSTrustRequestContext) */ public void cancelToken(WSTrustRequestContext context) throws WSTrustException { @@ -58,27 +71,27 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.core.wstrust.WSTrustRequestContext) */ public void issueToken(WSTrustRequestContext context) throws WSTrustException { // create a simple sample token using the info from the request. - String caller = context.getCallerPrincipal() == null? "anonymous" : context.getCallerPrincipal().getName(); + String caller = context.getCallerPrincipal() == null ? "anonymous" : context.getCallerPrincipal().getName(); URI tokenType = context.getRequestSecurityToken().getTokenType(); - if(tokenType == null) + if (tokenType == null) { try { tokenType = new URI("http://www.tokens.org/SpecialToken"); } catch (URISyntaxException ignore) - { + { } } - + // we will use DOM to create the token. try - { + { Document doc = DocumentUtil.createDocument(); String namespaceURI = "http://www.tokens.org"; @@ -88,11 +101,11 @@ root.setAttributeNS(namespaceURI, "ID", id); root.setAttributeNS(namespaceURI, "TokenType", tokenType.toString()); doc.appendChild(root); - + SecurityToken token = new StandardSecurityToken(tokenType.toString(), root, id); context.setSecurityToken(token); } - catch(ParserConfigurationException pce) + catch (ParserConfigurationException pce) { pce.printStackTrace(); } @@ -101,7 +114,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.core.wstrust.WSTrustRequestContext) */ public void renewToken(WSTrustRequestContext context) throws WSTrustException { @@ -110,9 +123,21 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.core.wstrust.WSTrustRequestContext) */ public void validateToken(WSTrustRequestContext context) throws WSTrustException { } + + /** + * + * Just returns a reference to the properties that have been configured for testing purposes. + * + * + * @return a reference to the properties map. + */ + public Map<String, String> getProperties() + { + return this.properties; + } } Modified: identity-federation/trunk/jboss-identity-bindings/src/test/resources/config/test-config-4.xml =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/resources/config/test-config-4.xml 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-bindings/src/test/resources/config/test-config-4.xml 2009-09-03 18:17:00 UTC (rev 759) @@ -7,7 +7,11 @@ </KeyProvider> <RequestHandler>org.jboss.identity.federation.wstrust.Handler</RequestHandler> <TokenProviders> - <TokenProvider ProviderClass="org.jboss.SpecialTokenProvider" TokenType="specialToken"/> + <TokenProvider ProviderClass="org.jboss.SpecialTokenProvider" TokenType="specialToken" + TokenElement="SpecialToken" TokenElementNS="http://www.tokens.org"> + <Property Name="Property1" Value="Value1"/> + <Property Name="Property2" Value="Value2"/> + </TokenProvider> </TokenProviders> <ServiceProviders> <ServiceProvider Endpoint="http://provider.endpoint/provider" TokenType="specialToken" Modified: identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml 2009-09-03 18:17:00 UTC (rev 759) @@ -11,9 +11,16 @@ <RequestHandler>org.jboss.identity.federation.core.wstrust.StandardRequestHandler</RequestHandler> <TokenProviders> <TokenProvider ProviderClass="org.jboss.test.identity.federation.bindings.wstrust.SpecialTokenProvider" - TokenType="http://www.tokens.org/SpecialToken"/> + TokenType="http://www.tokens.org/SpecialToken" + TokenElement="SpecialToken" + TokenElementNS="http://www.tokens.org"> + <Property Name="Property1" Value="Value1"/> + <Property Name="Property2" Value="Value2"/> + </TokenProvider> <TokenProvider ProviderClass="org.jboss.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider" - TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/> + TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0" + TokenElement="Assertion" + TokenElementNS="urn:oasis:names:tc:SAML:2.0:assertion"/> </TokenProviders> <ServiceProviders> <ServiceProvider Endpoint="http://services.testcorp.org/provider1" TokenType="http://www.tokens.org/SpecialToken" Property changes on: identity-federation/trunk/jboss-identity-fed-api ___________________________________________________________________ Name: svn:ignore - .metadata target .settings target-eclipse eclipse-target .classpath .project + test.log .classpath .project .settings target Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/AuthPropertyType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/AuthPropertyType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/AuthPropertyType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProviderType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProviderType.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProviderType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -0,0 +1,131 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2009.09.03 at 01:21:42 PM BRT +// + + +package org.jboss.identity.federation.core.config; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * Java class for ClaimProviderType complex type. + * + * The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="ClaimProviderType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="Property" type="{urn:jboss:identity-federation:config:1.0}PropertyType" maxOccurs="unbounded" minOccurs="0"/> + * </sequence> + * <attribute name="ProviderClass" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> + * <attribute name="Dialect" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +(a)XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "ClaimProviderType", propOrder = { + "property" +}) +public class ClaimProviderType { + + @XmlElement(name = "Property") + protected List<PropertyType> property; + @XmlAttribute(name = "ProviderClass", required = true) + protected String providerClass; + @XmlAttribute(name = "Dialect", required = true) + protected String dialect; + + /** + * Gets the value of the property property. + * + * + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the property property. + * + * + * For example, to add a new item, do as follows: + * <pre> + * getProperty().add(newItem); + * </pre> + * + * + * + * Objects of the following type(s) are allowed in the list + * {@link PropertyType } + * + * + */ + public List<PropertyType> getProperty() { + if (property == null) { + property = new ArrayList<PropertyType>(); + } + return this.property; + } + + /** + * Gets the value of the providerClass property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getProviderClass() { + return providerClass; + } + + /** + * Sets the value of the providerClass property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setProviderClass(String value) { + this.providerClass = value; + } + + /** + * Gets the value of the dialect property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getDialect() { + return dialect; + } + + /** + * Sets the value of the dialect property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setDialect(String value) { + this.dialect = value; + } + +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProvidersType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProvidersType.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ClaimProvidersType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -0,0 +1,80 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2009.09.03 at 01:21:42 PM BRT +// + + +package org.jboss.identity.federation.core.config; + +import java.util.ArrayList; +import java.util.List; +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlElement; +import javax.xml.bind.annotation.XmlType; + + +/** + * + * The claim providers specify the classes that are capable of handling specific claims dialects. + * + * + * Java class for ClaimProvidersType complex type. + * + * The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="ClaimProvidersType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="ClaimProvider" type="{urn:jboss:identity-federation:config:1.0}ClaimProviderType" maxOccurs="unbounded"/> + * </sequence> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +(a)XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "ClaimProvidersType", propOrder = { + "claimProvider" +}) +public class ClaimProvidersType { + + @XmlElement(name = "ClaimProvider", required = true) + protected List<ClaimProviderType> claimProvider; + + /** + * Gets the value of the claimProvider property. + * + * + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the claimProvider property. + * + * + * For example, to add a new item, do as follows: + * <pre> + * getClaimProvider().add(newItem); + * </pre> + * + * + * + * Objects of the following type(s) are allowed in the list + * {@link ClaimProviderType } + * + * + */ + public List<ClaimProviderType> getClaimProvider() { + if (claimProvider == null) { + claimProvider = new ArrayList<ClaimProviderType>(); + } + return this.claimProvider; + } + +} Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/EncAlgoType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/EncAlgoType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/EncAlgoType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/EncryptionType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/EncryptionType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/EncryptionType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/IDPType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/IDPType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/IDPType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/KeyProviderType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/KeyProviderType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/KeyProviderType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // @@ -10,7 +10,6 @@ import java.util.ArrayList; import java.util.List; - import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/KeyValueType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/KeyValueType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/KeyValueType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/MetadataProviderType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/MetadataProviderType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/MetadataProviderType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.22 at 01:16:08 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // @@ -10,7 +10,6 @@ import java.util.ArrayList; import java.util.List; - import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ObjectFactory.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ObjectFactory.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ObjectFactory.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // @@ -31,8 +31,8 @@ @XmlRegistry public class ObjectFactory { + private final static QName _JBossIDP_QNAME = new QName("urn:jboss:identity-federation:config:1.0", "JBossIDP"); private final static QName _JBossSTS_QNAME = new QName("urn:jboss:identity-federation:config:1.0", "JBossSTS"); - private final static QName _JBossIDP_QNAME = new QName("urn:jboss:identity-federation:config:1.0", "JBossIDP"); private final static QName _JBossSP_QNAME = new QName("urn:jboss:identity-federation:config:1.0", "JBossSP"); /** @@ -43,127 +43,142 @@ } /** - * Create an instance of {@link STSType } + * Create an instance of {@link KeyProviderType } * */ - public STSType createSTSType() { - return new STSType(); + public KeyProviderType createKeyProviderType() { + return new KeyProviderType(); } /** - * Create an instance of {@link KeyValueType } + * Create an instance of {@link TokenProviderType } * */ - public KeyValueType createKeyValueType() { - return new KeyValueType(); + public TokenProviderType createTokenProviderType() { + return new TokenProviderType(); } /** - * Create an instance of {@link ServiceProviderType } + * Create an instance of {@link SPType } * */ - public ServiceProviderType createServiceProviderType() { - return new ServiceProviderType(); + public SPType createSPType() { + return new SPType(); } /** - * Create an instance of {@link KeyProviderType } + * Create an instance of {@link ServiceProvidersType } * */ - public KeyProviderType createKeyProviderType() { - return new KeyProviderType(); + public ServiceProvidersType createServiceProvidersType() { + return new ServiceProvidersType(); } /** - * Create an instance of {@link TokenProvidersType } + * Create an instance of {@link AuthPropertyType } * */ - public TokenProvidersType createTokenProvidersType() { - return new TokenProvidersType(); + public AuthPropertyType createAuthPropertyType() { + return new AuthPropertyType(); } /** - * Create an instance of {@link TokenProviderType } + * Create an instance of {@link ClaimProvidersType } * */ - public TokenProviderType createTokenProviderType() { - return new TokenProviderType(); + public ClaimProvidersType createClaimProvidersType() { + return new ClaimProvidersType(); } /** - * Create an instance of {@link IDPType } + * Create an instance of {@link ClaimProviderType } * */ - public IDPType createIDPType() { - return new IDPType(); + public ClaimProviderType createClaimProviderType() { + return new ClaimProviderType(); } /** - * Create an instance of {@link ServiceProvidersType } + * Create an instance of {@link STSType } * */ - public ServiceProvidersType createServiceProvidersType() { - return new ServiceProvidersType(); + public STSType createSTSType() { + return new STSType(); } /** - * Create an instance of {@link MetadataProviderType } + * Create an instance of {@link PropertyType } * */ - public MetadataProviderType createMetadataProviderType() { - return new MetadataProviderType(); + public PropertyType createPropertyType() { + return new PropertyType(); } /** - * Create an instance of {@link ProviderType } + * Create an instance of {@link EncryptionType } * */ - public ProviderType createProviderType() { - return new ProviderType(); + public EncryptionType createEncryptionType() { + return new EncryptionType(); } /** - * Create an instance of {@link AuthPropertyType } + * Create an instance of {@link TrustType } * */ - public AuthPropertyType createAuthPropertyType() { - return new AuthPropertyType(); + public TrustType createTrustType() { + return new TrustType(); } /** - * Create an instance of {@link TrustType } + * Create an instance of {@link MetadataProviderType } * */ - public TrustType createTrustType() { - return new TrustType(); + public MetadataProviderType createMetadataProviderType() { + return new MetadataProviderType(); } /** - * Create an instance of {@link SPType } + * Create an instance of {@link KeyValueType } * */ - public SPType createSPType() { - return new SPType(); + public KeyValueType createKeyValueType() { + return new KeyValueType(); } /** - * Create an instance of {@link EncryptionType } + * Create an instance of {@link IDPType } * */ - public EncryptionType createEncryptionType() { - return new EncryptionType(); + public IDPType createIDPType() { + return new IDPType(); } /** - * Create an instance of {@link JAXBElement }{@code <}{@link STSType }{@code >}} + * Create an instance of {@link ProviderType } * */ - @XmlElementDecl(namespace = "urn:jboss:identity-federation:config:1.0", name = "JBossSTS") - public JAXBElement<STSType> createJBossSTS(STSType value) { - return new JAXBElement<STSType>(_JBossSTS_QNAME, STSType.class, null, value); + public ProviderType createProviderType() { + return new ProviderType(); } /** + * Create an instance of {@link ServiceProviderType } + * + */ + public ServiceProviderType createServiceProviderType() { + return new ServiceProviderType(); + } + + /** + * Create an instance of {@link TokenProvidersType } + * + */ + public TokenProvidersType createTokenProvidersType() { + return new TokenProvidersType(); + } + + /** * Create an instance of {@link JAXBElement }{@code <}{@link IDPType }{@code >}} * */ @@ -173,6 +188,15 @@ } /** + * Create an instance of {@link JAXBElement }{@code <}{@link STSType }{@code >}} + * + */ + @XmlElementDecl(namespace = "urn:jboss:identity-federation:config:1.0", name = "JBossSTS") + public JAXBElement<STSType> createJBossSTS(STSType value) { + return new JAXBElement<STSType>(_JBossSTS_QNAME, STSType.class, null, value); + } + + /** * Create an instance of {@link JAXBElement }{@code <}{@link SPType }{@code >}} * */ Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/PropertyType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/PropertyType.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/PropertyType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -0,0 +1,92 @@ +// +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 +// See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> +// Any modifications to this file will be lost upon recompilation of the source schema. +// Generated on: 2009.09.03 at 01:21:42 PM BRT +// + + +package org.jboss.identity.federation.core.config; + +import javax.xml.bind.annotation.XmlAccessType; +import javax.xml.bind.annotation.XmlAccessorType; +import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlType; + + +/** + * Java class for PropertyType complex type. + * + * The following schema fragment specifies the expected content contained within this class. + * + * <pre> + * <complexType name="PropertyType"> + * <complexContent> + * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <attribute name="Name" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> + * <attribute name="Value" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> + * </restriction> + * </complexContent> + * </complexType> + * </pre> + * + * + */ +(a)XmlAccessorType(XmlAccessType.FIELD) +@XmlType(name = "PropertyType") +public class PropertyType { + + @XmlAttribute(name = "Name", required = true) + protected String name; + @XmlAttribute(name = "Value", required = true) + protected String value; + + /** + * Gets the value of the name property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getName() { + return name; + } + + /** + * Sets the value of the name property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setName(String value) { + this.name = value; + } + + /** + * Gets the value of the value property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getValue() { + return value; + } + + /** + * Sets the value of the value property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setValue(String value) { + this.value = value; + } + +} Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ProviderType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ProviderType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ProviderType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // @@ -56,8 +56,8 @@ "metaDataProvider" }) @XmlSeeAlso({ - IDPType.class, - SPType.class + SPType.class, + IDPType.class }) public class ProviderType { Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/SPType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/SPType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/SPType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/STSType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/STSType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/STSType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // @@ -27,11 +27,13 @@ * <sequence> * <element name="KeyProvider" type="{urn:jboss:identity-federation:config:1.0}KeyProviderType" minOccurs="0"/> * <element name="RequestHandler" type="{http://www.w3.org/2001/XMLSchema}string" minOccurs="0"/> + * <element name="ClaimProviders" type="{urn:jboss:identity-federation:config:1.0}ClaimProvidersType" minOccurs="0"/> * <element name="TokenProviders" type="{urn:jboss:identity-federation:config:1.0}TokenProvidersType" minOccurs="0"/> * <element name="ServiceProviders" type="{urn:jboss:identity-federation:config:1.0}ServiceProvidersType" minOccurs="0"/> * </sequence> * <attribute name="STSName" type="{http://www.w3.org/2001/XMLSchema}string" default="JBossSTS" /> * <attribute name="TokenTimeout" type="{http://www.w3.org/2001/XMLSchema}int" default="3600" /> + * <attribute name="SignToken" type="{http://www.w3.org/2001/XMLSchema}boolean" default="true" /> * <attribute name="EncryptToken" type="{http://www.w3.org/2001/XMLSchema}boolean" default="false" /> * </restriction> * </complexContent> @@ -44,6 +46,7 @@ @XmlType(name = "STSType", propOrder = { "keyProvider", "requestHandler", + "claimProviders", "tokenProviders", "serviceProviders" }) @@ -53,6 +56,8 @@ protected KeyProviderType keyProvider; @XmlElement(name = "RequestHandler") protected String requestHandler; + @XmlElement(name = "ClaimProviders") + protected ClaimProvidersType claimProviders; @XmlElement(name = "TokenProviders") protected TokenProvidersType tokenProviders; @XmlElement(name = "ServiceProviders") @@ -61,6 +66,8 @@ protected String stsName; @XmlAttribute(name = "TokenTimeout") protected Integer tokenTimeout; + @XmlAttribute(name = "SignToken") + protected Boolean signToken; @XmlAttribute(name = "EncryptToken") protected Boolean encryptToken; @@ -113,6 +120,30 @@ } /** + * Gets the value of the claimProviders property. + * + * @return + * possible object is + * {@link ClaimProvidersType } + * + */ + public ClaimProvidersType getClaimProviders() { + return claimProviders; + } + + /** + * Sets the value of the claimProviders property. + * + * @param value + * allowed object is + * {@link ClaimProvidersType } + * + */ + public void setClaimProviders(ClaimProvidersType value) { + this.claimProviders = value; + } + + /** * Gets the value of the tokenProviders property. * * @return @@ -217,6 +248,34 @@ } /** + * Gets the value of the signToken property. + * + * @return + * possible object is + * {@link Boolean } + * + */ + public boolean isSignToken() { + if (signToken == null) { + return true; + } else { + return signToken; + } + } + + /** + * Sets the value of the signToken property. + * + * @param value + * allowed object is + * {@link Boolean } + * + */ + public void setSignToken(Boolean value) { + this.signToken = value; + } + + /** * Gets the value of the encryptToken property. * * @return Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ServiceProviderType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ServiceProviderType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ServiceProviderType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // @@ -30,9 +30,9 @@ * <complexType name="ServiceProviderType"> * <complexContent> * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> - * <attribute name="endpoint" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> - * <attribute name="TruststoreAlias" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> + * <attribute name="Endpoint" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> * <attribute name="TokenType" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> + * <attribute name="TruststoreAlias" type="{http://www.w3.org/2001/XMLSchema}string" /> * </restriction> * </complexContent> * </complexType> @@ -46,10 +46,10 @@ @XmlAttribute(name = "Endpoint", required = true) protected String endpoint; - @XmlAttribute(name = "TruststoreAlias", required = true) - protected String truststoreAlias; @XmlAttribute(name = "TokenType", required = true) protected String tokenType; + @XmlAttribute(name = "TruststoreAlias") + protected String truststoreAlias; /** * Gets the value of the endpoint property. @@ -76,51 +76,51 @@ } /** - * Gets the value of the truststoreAlias property. + * Gets the value of the tokenType property. * * @return * possible object is * {@link String } * */ - public String getTruststoreAlias() { - return truststoreAlias; + public String getTokenType() { + return tokenType; } /** - * Sets the value of the truststoreAlias property. + * Sets the value of the tokenType property. * * @param value * allowed object is * {@link String } * */ - public void setTruststoreAlias(String value) { - this.truststoreAlias = value; + public void setTokenType(String value) { + this.tokenType = value; } /** - * Gets the value of the tokenType property. + * Gets the value of the truststoreAlias property. * * @return * possible object is * {@link String } * */ - public String getTokenType() { - return tokenType; + public String getTruststoreAlias() { + return truststoreAlias; } /** - * Sets the value of the tokenType property. + * Sets the value of the truststoreAlias property. * * @param value * allowed object is * {@link String } * */ - public void setTokenType(String value) { - this.tokenType = value; + public void setTruststoreAlias(String value) { + this.truststoreAlias = value; } } Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ServiceProvidersType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ServiceProvidersType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/ServiceProvidersType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // @@ -10,7 +10,6 @@ import java.util.ArrayList; import java.util.List; - import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlElement; Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TokenProviderType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TokenProviderType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TokenProviderType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,16 +1,19 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // package org.jboss.identity.federation.core.config; +import java.util.ArrayList; +import java.util.List; import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlAttribute; +import javax.xml.bind.annotation.XmlElement; import javax.xml.bind.annotation.XmlType; @@ -23,8 +26,13 @@ * <complexType name="TokenProviderType"> * <complexContent> * <restriction base="{http://www.w3.org/2001/XMLSchema}anyType"> + * <sequence> + * <element name="Property" type="{urn:jboss:identity-federation:config:1.0}PropertyType" maxOccurs="unbounded" minOccurs="0"/> + * </sequence> * <attribute name="ProviderClass" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> * <attribute name="TokenType" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> + * <attribute name="TokenElement" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> + * <attribute name="TokenElementNS" use="required" type="{http://www.w3.org/2001/XMLSchema}string" /> * </restriction> * </complexContent> * </complexType> @@ -33,15 +41,52 @@ * */ @XmlAccessorType(XmlAccessType.FIELD) -@XmlType(name = "TokenProviderType") +@XmlType(name = "TokenProviderType", propOrder = { + "property" +}) public class TokenProviderType { + @XmlElement(name = "Property") + protected List<PropertyType> property; @XmlAttribute(name = "ProviderClass", required = true) protected String providerClass; @XmlAttribute(name = "TokenType", required = true) protected String tokenType; + @XmlAttribute(name = "TokenElement", required = true) + protected String tokenElement; + @XmlAttribute(name = "TokenElementNS", required = true) + protected String tokenElementNS; /** + * Gets the value of the property property. + * + * + * This accessor method returns a reference to the live list, + * not a snapshot. Therefore any modification you make to the + * returned list will be present inside the JAXB object. + * This is why there is not a <CODE>set</CODE> method for the property property. + * + * + * For example, to add a new item, do as follows: + * <pre> + * getProperty().add(newItem); + * </pre> + * + * + * + * Objects of the following type(s) are allowed in the list + * {@link PropertyType } + * + * + */ + public List<PropertyType> getProperty() { + if (property == null) { + property = new ArrayList<PropertyType>(); + } + return this.property; + } + + /** * Gets the value of the providerClass property. * * @return @@ -89,4 +134,52 @@ this.tokenType = value; } + /** + * Gets the value of the tokenElement property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getTokenElement() { + return tokenElement; + } + + /** + * Sets the value of the tokenElement property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setTokenElement(String value) { + this.tokenElement = value; + } + + /** + * Gets the value of the tokenElementNS property. + * + * @return + * possible object is + * {@link String } + * + */ + public String getTokenElementNS() { + return tokenElementNS; + } + + /** + * Sets the value of the tokenElementNS property. + * + * @param value + * allowed object is + * {@link String } + * + */ + public void setTokenElementNS(String value) { + this.tokenElementNS = value; + } + } Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TokenProvidersType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TokenProvidersType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TokenProvidersType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // @@ -10,7 +10,6 @@ import java.util.ArrayList; import java.util.List; - import javax.xml.bind.annotation.XmlAccessType; import javax.xml.bind.annotation.XmlAccessorType; import javax.xml.bind.annotation.XmlElement; Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TrustType.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TrustType.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/TrustType.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/package-info.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/package-info.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/config/package-info.java 2009-09-03 18:17:00 UTC (rev 759) @@ -1,8 +1,8 @@ // -// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vhudson-jaxb-ri-2.1-661 +// This file was generated by the JavaTM Architecture for XML Binding(JAXB) Reference Implementation, vJAXB 2.1.10 // See <a href="http://java.sun.com/xml/jaxb">http://java.sun.com/xml/jaxb</a> // Any modifications to this file will be lost upon recompilation of the source schema. -// Generated on: 2009.04.21 at 04:51:39 PM CDT +// Generated on: 2009.09.03 at 01:21:42 PM BRT // @javax.xml.bind.annotation.XmlSchema(namespace = "urn:jboss:identity-federation:config:1.0", elementFormDefault = javax.xml.bind.annotation.XmlNsForm.QUALIFIED) Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java 2009-09-03 18:17:00 UTC (rev 759) @@ -23,7 +23,6 @@ import java.security.KeyPair; import java.security.PublicKey; -import java.util.Map; /** * @@ -61,7 +60,7 @@ * @return {@code true} if the issued token is to be signed; {@code false} otherwise. */ public boolean signIssuedToken(); - + /** * * Obtains the timeout value (in milliseconds) for issued tokens. @@ -121,12 +120,18 @@ /** * - * Obtains a {@code Map} that contains the non-standard configuration options. + * Obtains the token provider that can handle tokens that have the specified local name and namespace. When a + * validate, renew, or cancel request is made, the token type is not set in the WS-Trust request. In these cases + * the {@code SecurityTokenProvider} must be determined using the security token itself. * * - * @return a {@code Map<String, Object>} containing the additional configuration options. + * @param tokenLocalName a {@code String} representing the token element name. (e.g. {@code Assertion}). + * @param tokenNamespace a {@code String} representing the token element namespace. (e.g. + * {@code urn:oasis:names:tc:SAML:2.0:assertion}). + * @return a reference to the {@code SecurityTokenProvider} that must be used to handle the request that contains + * only the security token. */ - public Map<String, Object> getOptions(); + public SecurityTokenProvider getProviderForTokenElementNS(String tokenLocalName, String tokenNamespace); /** * Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenProvider.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenProvider.java 2009-09-03 18:17:00 UTC (rev 759) @@ -21,6 +21,7 @@ */ package org.jboss.identity.federation.core.wstrust; +import java.util.Map; /** * @@ -33,6 +34,16 @@ { /** * + * Initializes the {@code SecurityTokenProvider} using the specified properties map. + * + * + * @param properties a {@code Map<String, String>} that contains the properties that have been configured for + * this {@code SecurityTokenProvider}. + */ + public void initialize(Map<String, String> properties); + + /** + * * Generates a security token using the information contained in the specified request context and stores the * newly-created token in the context itself. * Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java 2009-09-03 18:17:00 UTC (rev 759) @@ -54,16 +54,15 @@ public class StandardRequestHandler implements WSTrustRequestHandler { private static Logger log = Logger.getLogger(StandardRequestHandler.class); + private boolean trace = log.isTraceEnabled(); private STSConfiguration configuration; /* * (non-Javadoc) - * - * @see - * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#initialize(org.jboss.identity.federation.api.wstrust - * .STSConfiguration) + * @see org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler#initialize( + * org.jboss.identity.federation.core.wstrust.STSConfiguration) */ public void initialize(STSConfiguration configuration) { @@ -72,18 +71,16 @@ /* * (non-Javadoc) - * - * @see - * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#issue(org.jboss.identity.federation.api.wstrust - * .protocol.RequestSecurityToken, java.security.Principal) + * @see org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler#issue( + * org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken, java.security.Principal) */ public RequestSecurityTokenResponse issue(RequestSecurityToken request, Principal callerPrincipal) throws WSTrustException { Document rstDocument = request.getRSTDocument(); - if( rstDocument == null) + if (rstDocument == null) throw new IllegalArgumentException("Request does not contain the DOM Document"); - + SecurityTokenProvider provider = null; // first try to obtain the security token provider using the applies-to contents. @@ -95,8 +92,11 @@ if (serviceName != null) { provider = this.configuration.getProviderForService(serviceName); - request.setTokenType(URI.create(this.configuration.getTokenTypeForService(serviceName))); - providerPublicKey = this.configuration.getServiceProviderPublicKey(serviceName); + if (provider != null) + { + request.setTokenType(URI.create(this.configuration.getTokenTypeForService(serviceName))); + providerPublicKey = this.configuration.getServiceProviderPublicKey(serviceName); + } } } // if applies-to is not available or if no provider was found for the service, use the token type. @@ -185,18 +185,16 @@ /* * (non-Javadoc) - * - * @see - * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#renew(org.jboss.identity.federation.api.wstrust - * .protocol.RequestSecurityToken, java.security.Principal) + * @see org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler#renew( + * org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken, java.security.Principal) */ public RequestSecurityTokenResponse renew(RequestSecurityToken request, Principal callerPrincipal) throws WSTrustException { Document rstDocument = request.getRSTDocument(); - if( rstDocument == null) + if (rstDocument == null) throw new IllegalArgumentException("Request does not contain the DOM Document"); - + SecurityTokenProvider provider = null; // first try to obtain the security token provider using the applies-to contents. @@ -220,9 +218,9 @@ else if (appliesTo == null && request.getTokenType() == null) throw new WSTrustException("Either AppliesTo or TokenType must be present in a security token request"); - // TODO: get the provider using the token from the request. - provider = this.configuration.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE); - + // TODO: get the provider using the token from the request. + provider = this.configuration.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE); + if (provider != null) { // create the request context and delegate token generation to the provider. @@ -238,7 +236,6 @@ if (requestContext.getSecurityToken() == null) throw new WSTrustException("Token issued by provider " + provider.getClass().getName() + " is null"); - // construct the ws-trust security token response. RequestedSecurityTokenType requestedSecurityToken = new RequestedSecurityTokenType(); @@ -269,53 +266,47 @@ /* * (non-Javadoc) - * - * @see - * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#validate(org.jboss.identity.federation.api.wstrust - * .protocol.RequestSecurityToken, java.security.Principal) + * @see org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler#validate( + * org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken, java.security.Principal) */ public RequestSecurityTokenResponse validate(RequestSecurityToken request, Principal callerPrincipal) throws WSTrustException { Document rstDocument = request.getRSTDocument(); - if( rstDocument == null) + if (rstDocument == null) throw new IllegalArgumentException("Request does not contain the DOM Document"); - + if (request.getValidateTarget() == null) throw new WSTrustException("Unable to validate token: validate target is null"); - + if (request.getTokenType() == null) request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE)); - // TODO: get the provider using the token from the request. - SecurityTokenProvider provider = this.configuration.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE); + Node securityToken = request.getValidateTargetElement().getFirstChild(); + SecurityTokenProvider provider = this.configuration.getProviderForTokenElementNS( + securityToken.getLocalName(), securityToken.getNamespaceURI()); WSTrustRequestContext context = new WSTrustRequestContext(request, callerPrincipal); StatusType status = null; - + // validate the security token digital signature. if (this.configuration.signIssuedToken() && this.configuration.getSTSKeyPair() != null) { KeyPair keyPair = this.configuration.getSTSKeyPair(); try { - //Element tokenElement = (Element) request.getValidateTarget().getAny(); - Element tokenElement = request.getValidateTargetElement(); - - Node securityToken = tokenElement.getFirstChild(); - - if(trace) + if (trace) { try { log.trace("Going to validate:" + DocumentUtil.getNodeAsString(securityToken)); } catch (Exception e) - { + { } } Document tokenDocument = DocumentUtil.createDocument(); - Node importedNode = tokenDocument.importNode(securityToken, true); + Node importedNode = tokenDocument.importNode(securityToken, true); tokenDocument.appendChild(importedNode); if (!XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic())) { @@ -331,10 +322,10 @@ status.setReason("Validation failure: unable to verify digital signature: " + e.getMessage()); } } - // TODO: add logging statements alerting that signature validation was not perfomed. - + // TODO: add logging statements alerting that signature validation was not performed. + // if the signature is valid, then let the provider handle perform any additional validation checks. - if(status == null) + if (status == null) { provider.validateToken(context); status = context.getStatus(); @@ -352,29 +343,27 @@ /* * (non-Javadoc) - * - * @see - * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#cancel(org.jboss.identity.federation.api.wstrust - * .protocol.RequestSecurityToken, java.security.Principal) + * @see org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler#cancel( + * org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken, java.security.Principal) */ public RequestSecurityTokenResponse cancel(RequestSecurityToken request, Principal callerPrincipal) throws WSTrustException { Document rstDocument = request.getRSTDocument(); - if( rstDocument == null) + if (rstDocument == null) throw new IllegalArgumentException("Request does not contain the DOM Document"); - + // TODO: implement cancel logic. throw new UnsupportedOperationException(); } public Document postProcess(Document rstrDocument, RequestSecurityToken request) throws WSTrustException { - if(WSTrustConstants.ISSUE_REQUEST.equals(request.getRequestType().toString()) + if (WSTrustConstants.ISSUE_REQUEST.equals(request.getRequestType().toString()) || WSTrustConstants.RENEW_REQUEST.equals(request.getRequestType().toString())) { - rstrDocument = DocumentUtil.normalizeNamespaces(rstrDocument); - + rstrDocument = DocumentUtil.normalizeNamespaces(rstrDocument); + //Sign and encrypt if (this.configuration.signIssuedToken() && this.configuration.getSTSKeyPair() != null) { @@ -385,29 +374,32 @@ String signatureMethod = signatureURI != null ? signatureURI.toString() : SignatureMethod.RSA_SHA1; try { - Node rst = rstrDocument.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, + Node rst = rstrDocument.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, "RequestedSecurityToken").item(0); Element tokenElement = (Element) rst.getFirstChild(); - if(trace) + if (trace) { - log.trace("NamespaceURI of element to be signed:" +tokenElement.getNamespaceURI() ); + log.trace("NamespaceURI of element to be signed:" + tokenElement.getNamespaceURI()); } - /* XMLSignatureUtil.sign(tokenElement.getOwnerDocument(), keyPair, DigestMethod.SHA1, signatureMethod, - "#" + tokenElement.getAttribute("ID")); - */ - rstrDocument = XMLSignatureUtil.sign(rstrDocument, tokenElement, keyPair, - DigestMethod.SHA1, signatureMethod, "#" + tokenElement.getAttribute("ID")); - if(trace) + /* XMLSignatureUtil.sign(tokenElement.getOwnerDocument(), keyPair, DigestMethod.SHA1, signatureMethod, + "#" + tokenElement.getAttribute("ID")); + */ + rstrDocument = XMLSignatureUtil.sign(rstrDocument, tokenElement, keyPair, DigestMethod.SHA1, + signatureMethod, "#" + tokenElement.getAttribute("ID")); + if (trace) { try { log.trace("Signed Token:" + DocumentUtil.getNodeAsString(tokenElement)); - + Document tokenDocument = DocumentUtil.createDocument(); tokenDocument.appendChild(tokenDocument.importNode(tokenElement, true)); log.trace("valid=" + XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic())); - - }catch(Exception ignore){} + + } + catch (Exception ignore) + { + } } } catch (Exception e) Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardSecurityToken.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardSecurityToken.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardSecurityToken.java 2009-09-03 18:17:00 UTC (rev 759) @@ -64,7 +64,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenType() + * @see org.jboss.identity.federation.core.wstrust.SecurityToken#getTokenType() */ public String getTokenType() { @@ -74,7 +74,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenValue() + * @see org.jboss.identity.federation.core.wstrust.SecurityToken#getTokenValue() */ public Object getTokenValue() { @@ -84,7 +84,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenID() + * @see org.jboss.identity.federation.core.wstrust.SecurityToken#getTokenID() */ public String getTokenID() { Modified: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2009-09-03 18:17:00 UTC (rev 759) @@ -63,11 +63,23 @@ public class SAML20TokenProvider implements SecurityTokenProvider { + private Map<String, String> properties; + /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#initialize(java.util.Map) */ + public void initialize(Map<String, String> properties) + { + this.properties = properties; + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.core.wstrust.WSTrustRequestContext) + */ public void cancelToken(WSTrustRequestContext context) throws WSTrustException { // TODO: implement cancel logic. @@ -76,7 +88,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.core.wstrust.WSTrustRequestContext) */ public void issueToken(WSTrustRequestContext context) throws WSTrustException { @@ -89,7 +101,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.core.wstrust.WSTrustRequestContext) */ public void renewToken(WSTrustRequestContext context) throws WSTrustException { @@ -103,7 +115,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.core.wstrust.WSTrustRequestContext) */ @SuppressWarnings("unchecked") public void validateToken(WSTrustRequestContext context) throws WSTrustException Modified: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/MockSTSConfiguration.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/MockSTSConfiguration.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/MockSTSConfiguration.java 2009-09-03 18:17:00 UTC (rev 759) @@ -23,7 +23,6 @@ import java.security.KeyPair; import java.security.PublicKey; -import java.util.Map; import org.jboss.identity.federation.core.wstrust.STSConfiguration; import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider; @@ -43,7 +42,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getEncryptIssuedToken() + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getEncryptIssuedToken() */ public boolean encryptIssuedToken() { @@ -52,17 +51,17 @@ /* * (non-Javadoc) - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#signIssuedToken() + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#signIssuedToken() */ - public boolean signIssuedToken() + public boolean signIssuedToken() { - return true; + return true; } - + /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getIssuedTokenTimeout() + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getIssuedTokenTimeout() */ public long getIssuedTokenTimeout() { @@ -72,9 +71,9 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getOptions() + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getProviderForService(java.lang.String) */ - public Map<String, Object> getOptions() + public SecurityTokenProvider getProviderForService(String serviceName) { return null; } @@ -82,9 +81,9 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getProviderForService(java.lang.String) + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getProviderForTokenType(java.lang.String) */ - public SecurityTokenProvider getProviderForService(String serviceName) + public SecurityTokenProvider getProviderForTokenType(String tokenType) { return null; } @@ -92,9 +91,9 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getProviderForTokenType(java.lang.String) + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getProviderForTokenElementNS(java.lang.String, java.lang.String) */ - public SecurityTokenProvider getProviderForTokenType(String tokenType) + public SecurityTokenProvider getProviderForTokenElementNS(String tokenLocalName, String tokenNamespace) { return null; } @@ -102,7 +101,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getTokenTypeForService(java.lang.String) + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getTokenTypeForService(java.lang.String) */ public String getTokenTypeForService(String serviceName) { @@ -112,7 +111,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getRequestHandler() + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getRequestHandler() */ public WSTrustRequestHandler getRequestHandler() { @@ -122,7 +121,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSName() + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getSTSName() */ public String getSTSName() { @@ -132,7 +131,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getServiceProviderPublicKey(java.lang.String) + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getServiceProviderPublicKey(java.lang.String) */ public PublicKey getServiceProviderPublicKey(String serviceName) { @@ -142,7 +141,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSKeyPair() + * @see org.jboss.identity.federation.core.wstrust.STSConfiguration#getSTSKeyPair() */ public KeyPair getSTSKeyPair() { Modified: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2009-09-03 18:17:00 UTC (rev 759) @@ -21,6 +21,8 @@ */ package org.jboss.test.identity.federation.core.wstrust; +import java.util.Map; + import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider; import org.jboss.identity.federation.core.wstrust.WSTrustException; import org.jboss.identity.federation.core.wstrust.WSTrustRequestContext; @@ -38,8 +40,17 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#initialize(java.util.Map) */ + public void initialize(Map<String, String> properties) + { + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.core.wstrust.WSTrustRequestContext) + */ public void cancelToken(WSTrustRequestContext context) throws WSTrustException { } @@ -47,7 +58,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.core.wstrust.WSTrustRequestContext) */ public void issueToken(WSTrustRequestContext context) throws WSTrustException { @@ -56,7 +67,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.core.wstrust.WSTrustRequestContext) */ public void renewToken(WSTrustRequestContext context) throws WSTrustException { @@ -65,7 +76,7 @@ /* * (non-Javadoc) * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + * @see org.jboss.identity.federation.core.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.core.wstrust.WSTrustRequestContext) */ public void validateToken(WSTrustRequestContext context) throws WSTrustException { Modified: identity-federation/trunk/jboss-identity-web/src/main/resources/schema/config/jboss-identity-fed.xsd =================================================================== --- identity-federation/trunk/jboss-identity-web/src/main/resources/schema/config/jboss-identity-fed.xsd 2009-09-03 01:56:21 UTC (rev 758) +++ identity-federation/trunk/jboss-identity-web/src/main/resources/schema/config/jboss-identity-fed.xsd 2009-09-03 18:17:00 UTC (rev 759) @@ -159,17 +159,37 @@ <complexType name="STSType"> <sequence> - <element name="KeyProvider" type="tns:KeyProviderType" - maxOccurs="1" minOccurs="0"/> + <element name="KeyProvider" type="tns:KeyProviderType" minOccurs="0"/> <element name="RequestHandler" type="string" minOccurs="0"/> + <element name="ClaimProviders" type="tns:ClaimProvidersType" minOccurs="0"/> <element name="TokenProviders" type="tns:TokenProvidersType" minOccurs="0"/> <element name="ServiceProviders" type="tns:ServiceProvidersType" minOccurs="0"/> </sequence> <attribute name="STSName" default="JBossSTS" type="string" use="optional"/> <attribute name="TokenTimeout" default="3600" type="int" use="optional"/> + <attribute name="SignToken" default="true" type="boolean" use="optional"/> <attribute name="EncryptToken" default="false" type="boolean" use="optional"/> </complexType> + <complexType name="ClaimProvidersType"> + <annotation> + <documentation> + The claim providers specify the classes that are capable of handling specific claims dialects. + </documentation> + </annotation> + <sequence> + <element name="ClaimProvider" type="tns:ClaimProviderType" minOccurs="1" maxOccurs="unbounded"/> + </sequence> + </complexType> + + <complexType name="ClaimProviderType"> + <sequence> + <element name="Property" type="tns:PropertyType" minOccurs="0" maxOccurs="unbounded"/> + </sequence> + <attribute name="ProviderClass" type="string" use="required"/> + <attribute name="Dialect" type="string" use="required"/> + </complexType> + <complexType name="TokenProvidersType"> <annotation> <documentation> @@ -184,8 +204,13 @@ </complexType> <complexType name="TokenProviderType"> + <sequence> + <element name="Property" type="tns:PropertyType" minOccurs="0" maxOccurs="unbounded"/> + </sequence> <attribute name="ProviderClass" type="string" use="required"/> <attribute name="TokenType" type="string" use="required"/> + <attribute name="TokenElement" type="string" use="required"/> + <attribute name="TokenElementNS" type="string" use="required"/> </complexType> <complexType name="ServiceProvidersType"> @@ -209,12 +234,16 @@ </documentation> </annotation> <attribute name="Endpoint" type="string" use="required"/> - <attribute name="TruststoreAlias" type="string" use="required"/> <attribute name="TokenType" type="string" use="required"/> + <attribute name="TruststoreAlias" type="string" use="optional"/> </complexType> <element name="JBossSTS" type="tns:STSType"/> + <complexType name="PropertyType"> + <attribute name="Name" type="string" use="required"/> + <attribute name="Value" type="string" use="required"/> + </complexType> <complexType name="MetadataProviderType"> <sequence>

14 years, 8 months

1
0
0 / 0

JBoss Identity SVN: r758 - in identity-federation/trunk: jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets and 30 other directories.

by jboss-identity-commits＠lists.jboss.org

Author: sguilhen(a)redhat.com Date: 2009-09-02 21:56:21 -0400 (Wed, 02 Sep 2009) New Revision: 758 Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/IDGenerator.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/SAMLDocumentHolder.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLSignatureUtil.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityActions.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityToken.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenProvider.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenService.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardSecurityToken.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustConstants.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustException.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustJAXBFactory.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestContext.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestHandler.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustServiceFactory.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustUtil.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityToken.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityTokenResponse.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/Lifetime.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityToken.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenCollection.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponse.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponseCollection.java identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/MockSTSConfiguration.java identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustJAXBFactoryUnitTestCase.java identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-request.xml identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-response.xml Removed: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/common/ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityActions.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityToken.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenProvider.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenService.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustException.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustServiceFactory.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SpecialTokenProvider.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-request.xml identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-response.xml identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java Log: JBID-178: moved WS-T code from api to core, leaving only WSTrustClient in api. All other files have been updated accordingly Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java 2009-09-03 01:56:21 UTC (rev 758) @@ -34,22 +34,22 @@ import javax.xml.ws.WebServiceException; import javax.xml.ws.WebServiceProvider; -import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder; -import org.jboss.identity.federation.api.wstrust.STSConfiguration; -import org.jboss.identity.federation.api.wstrust.SecurityTokenService; -import org.jboss.identity.federation.api.wstrust.WSTrustConstants; -import org.jboss.identity.federation.api.wstrust.WSTrustException; -import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory; -import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler; import org.jboss.identity.federation.core.config.STSType; import org.jboss.identity.federation.core.exceptions.ConfigurationException; import org.jboss.identity.federation.core.exceptions.ParsingException; +import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder; import org.jboss.identity.federation.core.util.JAXBUtil; -import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken; -import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenCollection; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection; +import org.jboss.identity.federation.core.wstrust.STSConfiguration; +import org.jboss.identity.federation.core.wstrust.SecurityTokenService; +import org.jboss.identity.federation.core.wstrust.WSTrustConstants; +import org.jboss.identity.federation.core.wstrust.WSTrustException; +import org.jboss.identity.federation.core.wstrust.WSTrustJAXBFactory; +import org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler; +import org.jboss.identity.federation.core.wstrust.wrappers.BaseRequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection; import org.w3c.dom.Document; /** Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-09-03 01:56:21 UTC (rev 758) @@ -26,16 +26,16 @@ import java.util.HashMap; import java.util.Map; -import org.jboss.identity.federation.api.wstrust.STSConfiguration; -import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider; -import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler; -import org.jboss.identity.federation.api.wstrust.WSTrustServiceFactory; import org.jboss.identity.federation.core.config.KeyProviderType; import org.jboss.identity.federation.core.config.STSType; import org.jboss.identity.federation.core.config.ServiceProviderType; import org.jboss.identity.federation.core.config.ServiceProvidersType; import org.jboss.identity.federation.core.config.TokenProviderType; import org.jboss.identity.federation.core.config.TokenProvidersType; +import org.jboss.identity.federation.core.wstrust.STSConfiguration; +import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider; +import org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler; +import org.jboss.identity.federation.core.wstrust.WSTrustServiceFactory; import org.jboss.identity.federation.web.interfaces.TrustKeyManager; /** Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java 2009-09-03 01:56:21 UTC (rev 758) @@ -40,10 +40,10 @@ import javax.xml.bind.helpers.DefaultValidationEventHandler; import org.apache.log4j.Logger; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; import org.jboss.identity.federation.core.factories.SOAPFactory; import org.jboss.identity.federation.core.factories.XACMLContextFactory; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory; import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder; import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-09-03 01:56:21 UTC (rev 758) @@ -42,14 +42,16 @@ import org.apache.catalina.util.LifecycleSupport; import org.apache.catalina.valves.ValveBase; import org.apache.log4j.Logger; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator; import org.jboss.identity.federation.bindings.util.ValveUtil; +import org.jboss.identity.federation.core.config.IDPType; +import org.jboss.identity.federation.core.config.TrustType; import org.jboss.identity.federation.core.exceptions.ConfigurationException; import org.jboss.identity.federation.core.exceptions.ParsingException; import org.jboss.identity.federation.core.exceptions.ProcessingException; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException; import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException; @@ -61,8 +63,6 @@ import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType; import org.jboss.identity.federation.saml.v2.protocol.ResponseType; -import org.jboss.identity.federation.core.config.IDPType; -import org.jboss.identity.federation.core.config.TrustType; import org.jboss.identity.federation.web.interfaces.RoleGenerator; import org.jboss.identity.federation.web.util.ConfigurationUtil; import org.jboss.identity.federation.web.util.HTTPRedirectUtil; Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-09-03 01:56:21 UTC (rev 758) @@ -41,20 +41,20 @@ import org.apache.catalina.deploy.LoginConfig; import org.apache.catalina.realm.GenericPrincipal; import org.apache.log4j.Logger; -import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder; import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; -import org.jboss.identity.federation.core.config.TrustType; import org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext; -import org.jboss.identity.federation.web.util.PostBindingUtil; import org.jboss.identity.federation.bindings.util.ValveUtil; +import org.jboss.identity.federation.core.config.TrustType; import org.jboss.identity.federation.core.exceptions.ConfigurationException; +import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder; import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException; import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException; import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder; import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType; import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; import org.jboss.identity.federation.saml.v2.protocol.ResponseType; +import org.jboss.identity.federation.web.util.PostBindingUtil; import org.xml.sax.SAXException; /** Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2009-09-03 01:56:21 UTC (rev 758) @@ -35,18 +35,18 @@ import org.apache.catalina.LifecycleException; import org.apache.catalina.connector.Response; import org.apache.log4j.Logger; -import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder; import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; -import org.jboss.identity.federation.api.util.XMLSignatureUtil; import org.jboss.identity.federation.core.config.KeyProviderType; +import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder; +import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException; +import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder; +import org.jboss.identity.federation.core.util.XMLSignatureUtil; +import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; +import org.jboss.identity.federation.saml.v2.protocol.ResponseType; import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException; import org.jboss.identity.federation.web.interfaces.TrustKeyManager; import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException; import org.jboss.identity.federation.web.util.PostBindingUtil; -import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException; -import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder; -import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; -import org.jboss.identity.federation.saml.v2.protocol.ResponseType; import org.w3c.dom.Document; import org.xml.sax.SAXException; Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java 2009-09-03 01:56:21 UTC (rev 758) @@ -30,9 +30,9 @@ import org.apache.catalina.Context; import org.apache.catalina.connector.Request; import org.apache.catalina.realm.GenericPrincipal; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; import org.jboss.identity.federation.core.exceptions.ConfigurationException; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException; import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil; Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -27,12 +27,12 @@ import junit.framework.TestCase; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; import org.jboss.identity.federation.api.util.KeyStoreUtil; -import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory; import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil; import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; +import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil; /** * Unit Test the redirect binding sig util Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -27,12 +27,12 @@ import junit.framework.TestCase; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; -import org.jboss.identity.federation.web.util.RedirectBindingUtil; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory; import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType; +import org.jboss.identity.federation.web.util.RedirectBindingUtil; /** * Unit Test the RedirectBindingUtil Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -37,23 +37,23 @@ import junit.framework.TestCase; -import org.jboss.identity.federation.api.wstrust.STSConfiguration; -import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider; -import org.jboss.identity.federation.api.wstrust.StandardRequestHandler; -import org.jboss.identity.federation.api.wstrust.WSTrustConstants; -import org.jboss.identity.federation.api.wstrust.WSTrustException; -import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory; -import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler; -import org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider; -import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil; import org.jboss.identity.federation.bindings.jboss.subject.JBossIdentityPrincipal; import org.jboss.identity.federation.bindings.jboss.wstrust.JBossSTS; import org.jboss.identity.federation.core.exceptions.ConfigurationException; -import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse; -import org.jboss.identity.federation.core.wstrust.Lifetime; -import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection; +import org.jboss.identity.federation.core.wstrust.STSConfiguration; +import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider; +import org.jboss.identity.federation.core.wstrust.StandardRequestHandler; +import org.jboss.identity.federation.core.wstrust.WSTrustConstants; +import org.jboss.identity.federation.core.wstrust.WSTrustException; +import org.jboss.identity.federation.core.wstrust.WSTrustJAXBFactory; +import org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler; +import org.jboss.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider; +import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil; +import org.jboss.identity.federation.core.wstrust.wrappers.BaseRequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.wrappers.Lifetime; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection; import org.jboss.identity.federation.saml.v2.assertion.AssertionType; import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType; import org.jboss.identity.federation.saml.v2.assertion.ConditionAbstractType; Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java 2009-09-03 01:56:21 UTC (rev 758) @@ -26,13 +26,13 @@ import javax.xml.parsers.ParserConfigurationException; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; -import org.jboss.identity.federation.api.wstrust.SecurityToken; -import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider; -import org.jboss.identity.federation.api.wstrust.StandardSecurityToken; -import org.jboss.identity.federation.api.wstrust.WSTrustException; -import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; +import org.jboss.identity.federation.core.wstrust.SecurityToken; +import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider; +import org.jboss.identity.federation.core.wstrust.StandardSecurityToken; +import org.jboss.identity.federation.core.wstrust.WSTrustException; +import org.jboss.identity.federation.core.wstrust.WSTrustRequestContext; import org.w3c.dom.Document; import org.w3c.dom.Element; Modified: identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml 2009-09-03 01:56:21 UTC (rev 758) @@ -8,11 +8,11 @@ <ValidatingAlias Key="http://services.testcorp.org/provider1" Value="service1"/> <ValidatingAlias Key="http://services.testcorp.org/provider2" Value="service2"/> </KeyProvider> - <RequestHandler>org.jboss.identity.federation.api.wstrust.StandardRequestHandler</RequestHandler> + <RequestHandler>org.jboss.identity.federation.core.wstrust.StandardRequestHandler</RequestHandler> <TokenProviders> <TokenProvider ProviderClass="org.jboss.test.identity.federation.bindings.wstrust.SpecialTokenProvider" TokenType="http://www.tokens.org/SpecialToken"/> - <TokenProvider ProviderClass="org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider" + <TokenProvider ProviderClass="org.jboss.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider" TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"/> </TokenProviders> <ServiceProviders> Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-09-03 01:56:21 UTC (rev 758) @@ -34,10 +34,10 @@ import javax.xml.bind.Unmarshaller; import javax.xml.parsers.ParserConfigurationException; -import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder; import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants; import org.jboss.identity.federation.core.exceptions.ConfigurationException; import org.jboss.identity.federation.core.exceptions.ParsingException; +import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder; import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory; import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory; import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-09-03 01:56:21 UTC (rev 758) @@ -37,10 +37,10 @@ import javax.xml.datatype.XMLGregorianCalendar; import javax.xml.parsers.ParserConfigurationException; -import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder; import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants; import org.jboss.identity.federation.core.exceptions.ConfigurationException; import org.jboss.identity.federation.core.exceptions.ParsingException; +import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException; import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory; Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java 2009-09-03 01:56:21 UTC (rev 758) @@ -37,9 +37,9 @@ import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; -import org.jboss.identity.federation.api.util.XMLSignatureUtil; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; +import org.jboss.identity.federation.core.util.XMLSignatureUtil; import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType; import org.jboss.identity.federation.saml.v2.protocol.ResponseType; import org.w3c.dom.Document; Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,340 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2008, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.util; - -import java.io.OutputStream; -import java.security.AccessController; -import java.security.GeneralSecurityException; -import java.security.Key; -import java.security.KeyPair; -import java.security.PrivateKey; -import java.security.PrivilegedAction; -import java.security.PublicKey; -import java.util.Collections; -import java.util.List; - -import javax.security.cert.X509Certificate; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import javax.xml.crypto.MarshalException; -import javax.xml.crypto.dsig.CanonicalizationMethod; -import javax.xml.crypto.dsig.DigestMethod; -import javax.xml.crypto.dsig.Reference; -import javax.xml.crypto.dsig.SignatureMethod; -import javax.xml.crypto.dsig.SignedInfo; -import javax.xml.crypto.dsig.Transform; -import javax.xml.crypto.dsig.XMLSignature; -import javax.xml.crypto.dsig.XMLSignatureException; -import javax.xml.crypto.dsig.XMLSignatureFactory; -import javax.xml.crypto.dsig.dom.DOMSignContext; -import javax.xml.crypto.dsig.dom.DOMValidateContext; -import javax.xml.crypto.dsig.keyinfo.KeyInfo; -import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory; -import javax.xml.crypto.dsig.keyinfo.KeyValue; -import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; -import javax.xml.crypto.dsig.spec.TransformParameterSpec; -import javax.xml.parsers.ParserConfigurationException; -import javax.xml.transform.Transformer; -import javax.xml.transform.TransformerException; -import javax.xml.transform.TransformerFactory; -import javax.xml.transform.stream.StreamResult; - -import org.apache.log4j.Logger; -import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; -import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; -import org.jboss.identity.federation.core.util.JAXBUtil; -import org.jboss.identity.xmlsec.w3.xmldsig.ObjectFactory; -import org.jboss.identity.xmlsec.w3.xmldsig.SignatureType; -import org.w3c.dom.Document; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; -import org.xml.sax.SAXException; - -/** - * Utility for XML Signature - * @author Anil.Saldhana(a)redhat.com - * @since Dec 15, 2008 - */ -public class XMLSignatureUtil -{ - private static Logger log = Logger.getLogger(XMLSignatureUtil.class); - private static boolean trace = log.isTraceEnabled(); - - private static String pkgName = "org.jboss.identity.federation.w3.xmldsig"; - private static String schemaLocation = "schema/saml/v2/xmldsig-core-schema.xsd"; - - private static ObjectFactory objectFactory = new ObjectFactory(); - - private static XMLSignatureFactory fac = getXMLSignatureFactory(); - - private static XMLSignatureFactory getXMLSignatureFactory() - { - XMLSignatureFactory xsf = null; - - try - { - xsf = XMLSignatureFactory.getInstance("DOM"); - } - catch(Exception err) - { - //JDK5 - xsf = XMLSignatureFactory.getInstance("DOM", - new org.jcp.xml.dsig.internal.dom.XMLDSigRI()); - } - return xsf; - } - - //Set some system properties - static - { - AccessController.doPrivileged(new PrivilegedAction<Object>() - { - public Object run() - { - System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true"); - return null; - } - }); - }; - - /** - * Precheck whether the document that will be validated - * has the right signedinfo - * @param doc - * @return - */ - public static boolean preCheckSignedInfo(Document doc) - { - NodeList nl = doc.getElementsByTagNameNS(JBossSAMLURIConstants.XMLDSIG_NSURI.get(), "SignedInfo"); - return nl != null ? nl.getLength() > 0 : false; - } - - /** - * Sign a node in a document - * @param doc Document - * @param parentOfNodeToBeSigned Parent Node of the node to be signed - * @param signingKey Private Key - * @param certificate X509 Certificate holding the public key - * @param digestMethod (Example: DigestMethod.SHA1) - * @param signatureMethod (Example: SignatureMethod.DSA_SHA1) - * @param referenceURI - * @return Document that contains the signed node - * @throws XMLSignatureException - * @throws MarshalException - * @throws GeneralSecurityException - * @throws ParserConfigurationException - */ - public static Document sign(Document doc, - Node parentOfNodeToBeSigned, - PrivateKey signingKey, - X509Certificate certificate, - String digestMethod, - String signatureMethod, - String referenceURI) - throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException - { - KeyPair keyPair = new KeyPair(certificate.getPublicKey(),signingKey); - return sign(doc,parentOfNodeToBeSigned, keyPair, - digestMethod, signatureMethod, referenceURI); - } - - /** - * Sign a node in a document - * @param doc - * @param nodeToBeSigned - * @param keyPair - * @param publicKey - * @param digestMethod - * @param signatureMethod - * @param referenceURI - * @return - * @throws ParserConfigurationException - * @throws XMLSignatureException - * @throws MarshalException - * @throws GeneralSecurityException - */ - public static Document sign(Document doc, - Node nodeToBeSigned, - KeyPair keyPair, - String digestMethod, - String signatureMethod, - String referenceURI) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException - { - if(nodeToBeSigned == null) - throw new IllegalArgumentException("Node to be signed is null"); - if(trace) - { - try - { - log.trace("Document to be signed=" + DocumentUtil.getDocumentAsString(doc)); - }catch (Exception e) {} - } - - Node parentNode = nodeToBeSigned.getParentNode(); - - //Let us create a new Document - Document newDoc = DocumentUtil.createDocument(); - //Import the node - Node signingNode = newDoc.importNode(nodeToBeSigned, true); - newDoc.appendChild(signingNode); - - newDoc = sign(newDoc, keyPair, digestMethod, signatureMethod, referenceURI); - - //Now let us import this signed doc into the original document we got in the method call - Node signedNode = doc.importNode(newDoc.getFirstChild(), true); - - parentNode.replaceChild(signedNode, nodeToBeSigned); - //doc.getDocumentElement().replaceChild(signedNode, nodeToBeSigned); - - return doc; - } - - - /** - * Sign the root element - * @param doc - * @param signingKey - * @param publicKey - * @param digestMethod - * @param signatureMethod - * @param referenceURI - * @return - * @throws GeneralSecurityException - * @throws XMLSignatureException - * @throws MarshalException - */ - public static Document sign(Document doc, - KeyPair keyPair, - String digestMethod, - String signatureMethod, - String referenceURI) throws GeneralSecurityException, MarshalException, XMLSignatureException - { - if(trace) - { - try - { - log.trace("Document to be signed=" + DocumentUtil.getDocumentAsString(doc)); - }catch (Exception e) {} - } - PrivateKey signingKey = keyPair.getPrivate(); - PublicKey publicKey = keyPair.getPublic(); - - DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement()); - dsc.setDefaultNamespacePrefix("dsig"); - -// dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds"); - - DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null); - Transform transform = fac.newTransform(Transform.ENVELOPED, - (TransformParameterSpec) null); - - List<Transform> transformList = Collections.singletonList(transform); - Reference ref = fac.newReference - ( referenceURI, digestMethodObj,transformList,null, null); - - String canonicalizationMethodType = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS; - CanonicalizationMethod canonicalizationMethod - = fac.newCanonicalizationMethod - (canonicalizationMethodType, (C14NMethodParameterSpec) null); - - List<Reference> referenceList = Collections.singletonList(ref); - SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null); - SignedInfo si = fac.newSignedInfo (canonicalizationMethod, signatureMethodObj , - referenceList); - - KeyInfoFactory kif = fac.getKeyInfoFactory(); - KeyValue kv = kif.newKeyValue(publicKey); - KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); - - XMLSignature signature = fac.newXMLSignature(si, ki); - - signature.sign(dsc); - - return doc; - } - /** - * Validate a signed document with the given public key - * @param signedDoc - * @param publicKey - * @return - * @throws MarshalException - * @throws XMLSignatureException - */ - @SuppressWarnings("unchecked") - public static boolean validate(Document signedDoc, Key publicKey) throws MarshalException, XMLSignatureException - { - NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); - if (nl == null || nl.getLength() == 0) - { - throw new IllegalArgumentException("Cannot find Signature element"); - } - if(publicKey == null) - throw new IllegalArgumentException("Public Key is null"); - - DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0)); - XMLSignature signature = fac.unmarshalXMLSignature(valContext); - boolean coreValidity = signature.validate(valContext); - - if(trace && !coreValidity) - { - boolean sv = signature.getSignatureValue().validate(valContext); - log.trace("Signature validation status: " + sv); - - List<Reference> references = signature.getSignedInfo().getReferences(); - for(Reference ref:references) - { - log.trace("[Ref id=" + ref.getId() +":uri=" + ref.getURI() + - "]validity status:" + ref.validate(valContext)); - } - } - return coreValidity; - } - - /** - * Marshall a SignatureType to output stream - * @param signature - * @param os - * @throws SAXException - * @throws JAXBException - */ - public static void marshall(SignatureType signature, OutputStream os) throws JAXBException, SAXException - { - JAXBElement<SignatureType> jsig = objectFactory.createSignature(signature); - Marshaller marshaller = JAXBUtil.getValidatingMarshaller(pkgName, schemaLocation); - marshaller.marshal(jsig, os); - } - - /** - * Marshall the signed document to an output stream - * @param signedDocument - * @param os - * @throws TransformerException - */ - public static void marshall(Document signedDocument, OutputStream os) - throws TransformerException - { - TransformerFactory tf = TransformerFactory.newInstance(); - Transformer trans = tf.newTransformer(); - trans.transform(DocumentUtil.getXMLSource(signedDocument), new StreamResult(os)); - } -} \ No newline at end of file Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,149 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -import java.security.KeyPair; -import java.security.PublicKey; -import java.util.Map; - -/** - * - * The {@code STSConfiguration} interface allows access to the security token service (STS) configuration attributes. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public interface STSConfiguration -{ - - /** - * - * Obtains the unique name of the secure token service. - * - * - * @return a {@code String} representing the STS name. - */ - public String getSTSName(); - - /** - * - * Indicates whether the issued token should be encrypted or not. - * - * - * @return {@code true} if the issued token is to be encrypted; {@code false} otherwise. - */ - public boolean encryptIssuedToken(); - - /** - * - * Indicates whether the issued token should be digitally signed or not. - * - * - * @return {@code true} if the issued token is to be signed; {@code false} otherwise. - */ - public boolean signIssuedToken(); - - /** - * - * Obtains the timeout value (in milliseconds) for issued tokens. - * - * - * @return the token timeout value. - */ - public long getIssuedTokenTimeout(); - - /** - * - * Obtains the WS-Trust request handler class. - * - * - * @return a reference to the configured {@code WSTrustRequestHandler}. - */ - public WSTrustRequestHandler getRequestHandler(); - - /** - * - * Given the name of a service provider, obtains the type of the token that should be used when issuing tokens to - * clients of that service. - * - * - * @param serviceName the name of the service provider that requires a token from its clients. - * @return a {@code String} representing the type of the token that suits the specified service. - */ - public String getTokenTypeForService(String serviceName); - - /** - * - * Given the name of a service provider, obtains the provider that must be used when issuing tokens to clients of - * that service. When requesting a token to the STS, a client can specify the service it needs the token for using - * the {@code AppliesTo} element. Based on the service provider name, the STS identifies the type of the token that - * is to be issued and then selects the appropriate token provider to handle the request. - * - * - * @param serviceName the name of the service provider that requires a token from its clients. - * @return a reference to the {@code SecurityTokenProvider} that must be used in order to issue tokens to clients of - * the specified service. - */ - public SecurityTokenProvider getProviderForService(String serviceName); - - /** - * - * Given a token type, obtains the token provider that should be used to handle token requests of that type. When a - * client doesn't specify the service provider name through the {@code AppliesTo} element, it must specify the token - * type through the {@code TokenType} element. The STS uses the supplied type to select the appropriate token - * provider. - * - * - * @param tokenType a {@code String} representing the type of the token. - * @return a reference to the {@code SecurityTokenProvider} that must be used to handle token requests of the - * specified type. - */ - public SecurityTokenProvider getProviderForTokenType(String tokenType); - - /** - * - * Obtains a {@code Map} that contains the non-standard configuration options. - * - * - * @return a {@code Map<String, Object>} containing the additional configuration options. - */ - public Map<String, Object> getOptions(); - - /** - * - * Obtains a reference to the {@code KeyPair} object that contains the STS {@code PrivateKey} and {@code PublicKey}. - * - * - * @return a reference to the STS {@code KeyPair}. - */ - public KeyPair getSTSKeyPair(); - - /** - * - * Obtains the public key of the specified service provider. The returned key is used to encrypt issued tokens. - * - * - * @param serviceName the name of the service provider (normally the provider URL). - * @return a reference to the provider's {@code PublicKey} - */ - public PublicKey getServiceProviderPublicKey(String serviceName); -} Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityActions.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityActions.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityActions.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,108 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -import java.security.AccessController; -import java.security.PrivilegedAction; -import java.security.PrivilegedActionException; -import java.security.PrivilegedExceptionAction; - -/** - * - * Utility class that executes actions such as creating a class in privileged blocks. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -class SecurityActions -{ - - /** - * - * Gets the thread context class loader using a privileged block. - * - * - * @return a reference to the thread context {@code ClassLoader}. - */ - static ClassLoader getContextClassLoader() - { - return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() - { - public ClassLoader run() - { - return Thread.currentThread().getContextClassLoader(); - } - }); - } - - /** - * - * Loads a class using the thread context class loader in a privileged block. - * - * - * @param name the fully-qualified name of the class to be loaded. - * @return a reference to the loaded {@code Class}. - * @throws PrivilegedActionException if an error occurs while loading the class. This exception wraps the real cause - * of the error, so classes using this method must perform a {@code getCause()} in order to get a - * reference to the root of the error. - */ - static Class<?> loadClass(final String name) throws PrivilegedActionException - { - return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() - { - public Class<?> run() throws PrivilegedActionException - { - try - { - return getContextClassLoader().loadClass(name); - } - catch (Exception e) - { - throw new PrivilegedActionException(e); - } - } - }); - } - - /** - * - * Creates an instance of the specified class in a privileged block. The class must define a default constructor. - * - * - * @param className the fully-qualified name of the class to be instantiated. - * @return a reference to the instantiated {@code Object}. - * @throws PrivilegedActionException if an error occurs while instantiating the class. This exception wraps the real - * cause of the error, so classes using this method must perform a {@code getCause()} in order to get a - * reference to the root of the error. - */ - static Object instantiateClass(final String className) throws PrivilegedActionException - { - return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() - { - public Object run() throws Exception - { - Class<?> objectClass = loadClass(className); - return objectClass.newInstance(); - } - }); - } -} \ No newline at end of file Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityToken.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityToken.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityToken.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,60 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -/** - * - * Interface that represents a security token. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public interface SecurityToken -{ - - /** - * - * Obtains the security token unique identifier. - * - * - * @return a {@code String} representing the token id. - */ - public String getTokenID(); - - /** - * - * Obtains the type of the security token. - * - * - * @return a {@code String} representing the security token type. - */ - public String getTokenType(); - - /** - * - * Obtains the value of the security token. - * - * - * @return an {@code Object} representing the security token value. - */ - public Object getTokenValue(); -} Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenProvider.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenProvider.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,76 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -/** - * - * This interface defines the methods that must be implemented by security token providers. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public interface SecurityTokenProvider -{ - /** - * - * Generates a security token using the information contained in the specified request context and stores the - * newly-created token in the context itself. - * - * - * @param context the {@code WSTrustRequestContext} to be used when generating the token. - * @throws WSTrustException if an error occurs while creating the security token. - */ - public void issueToken(WSTrustRequestContext context) throws WSTrustException; - - /** - * - * Renews the security token contained in the specified request context. This method is used when a previously - * generated token has expired, generating a new version of the same token with different expiration semantics. - * - * - * @param context the {@code WSTrustRequestContext} that contains the token to be renewed. - * @throws WSTrustException if an error occurs while renewing the security token. - */ - public void renewToken(WSTrustRequestContext context) throws WSTrustException; - - /** - * - * Cancels the token contained in the specified request context. A security token is usually canceled when one wants - * to make sure that the token will not be used anymore. A security token can't be renewed once it has been canceled. - * - * - * @param context the {@code WSTrustRequestContext} that contains the token to be canceled. - * @throws WSTrustException if an error occurs while canceling the security token. - */ - public void cancelToken(WSTrustRequestContext context) throws WSTrustException; - - /** - * - * Evaluates the validity of the token contained in the specified request context and sets the result in the context - * itself. The result can be a status, a new token, or both. - * - * - * @param context the {@code WSTrustRequestContext} that contains the token to be validated. - * @throws WSTrustException if an error occurs while validating the security token. - */ - public void validateToken(WSTrustRequestContext context) throws WSTrustException; -} Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenService.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenService.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenService.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,43 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -import javax.xml.transform.Source; -import javax.xml.ws.Provider; - -/** - * - * The {@code SecurityTokenService} (STS) interface. It extends the {@code Provider} interface so that it can be - * dynamically invoked (as opposed to having a service endpoint interface). - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public interface SecurityTokenService extends Provider<Source> -{ - /* - * (non-Javadoc) - * - * @see javax.xml.ws.Provider#invoke(java.lang.Object) - */ - public Source invoke(Source request); -} Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,423 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -import java.net.URI; -import java.security.KeyPair; -import java.security.Principal; -import java.security.PublicKey; - -import javax.xml.crypto.dsig.DigestMethod; -import javax.xml.crypto.dsig.SignatureMethod; - -import org.apache.log4j.Logger; -import org.jboss.identity.federation.api.util.XMLSignatureUtil; -import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil; -import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; -import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse; -import org.jboss.identity.federation.ws.policy.AppliesTo; -import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType; -import org.jboss.identity.federation.ws.trust.StatusType; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; - -/** - * - * Default implementation of the {@code WSTrustRequestHandler} interface. It creates the request context containing the - * original WS-Trust request as well as any information that may be relevant to the token processing, and delegates the - * actual token handling processing to the appropriate {@code SecurityTokenProvider}. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class StandardRequestHandler implements WSTrustRequestHandler -{ - private static Logger log = Logger.getLogger(StandardRequestHandler.class); - private boolean trace = log.isTraceEnabled(); - - private STSConfiguration configuration; - - /* - * (non-Javadoc) - * - * @see - * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#initialize(org.jboss.identity.federation.api.wstrust - * .STSConfiguration) - */ - public void initialize(STSConfiguration configuration) - { - this.configuration = configuration; - } - - /* - * (non-Javadoc) - * - * @see - * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#issue(org.jboss.identity.federation.api.wstrust - * .protocol.RequestSecurityToken, java.security.Principal) - */ - public RequestSecurityTokenResponse issue(RequestSecurityToken request, Principal callerPrincipal) - throws WSTrustException - { - Document rstDocument = request.getRSTDocument(); - if( rstDocument == null) - throw new IllegalArgumentException("Request does not contain the DOM Document"); - - SecurityTokenProvider provider = null; - - // first try to obtain the security token provider using the applies-to contents. - AppliesTo appliesTo = request.getAppliesTo(); - PublicKey providerPublicKey = null; - if (appliesTo != null) - { - String serviceName = WSTrustUtil.parseAppliesTo(appliesTo); - if (serviceName != null) - { - provider = this.configuration.getProviderForService(serviceName); - request.setTokenType(URI.create(this.configuration.getTokenTypeForService(serviceName))); - providerPublicKey = this.configuration.getServiceProviderPublicKey(serviceName); - } - } - // if applies-to is not available or if no provider was found for the service, use the token type. - if (provider == null && request.getTokenType() != null) - { - provider = this.configuration.getProviderForTokenType(request.getTokenType().toString()); - } - else if (appliesTo == null && request.getTokenType() == null) - throw new WSTrustException("Either AppliesTo or TokenType must be present in a security token request"); - - if (provider != null) - { - // create the request context and delegate token generation to the provider. - WSTrustRequestContext requestContext = new WSTrustRequestContext(request, callerPrincipal); - requestContext.setTokenIssuer(this.configuration.getSTSName()); - if (request.getLifetime() == null && this.configuration.getIssuedTokenTimeout() != 0) - { - // if no lifetime has been specified, use the configured timeout value. - request.setLifetime(WSTrustUtil.createDefaultLifetime(this.configuration.getIssuedTokenTimeout())); - } - requestContext.setServiceProviderPublicKey(providerPublicKey); - provider.issueToken(requestContext); - - if (requestContext.getSecurityToken() == null) - throw new WSTrustException("Token issued by provider " + provider.getClass().getName() + " is null"); - - // sign the issued token if needed. - /*if (this.configuration.signIssuedToken() && this.configuration.getSTSKeyPair() != null) - { - KeyPair keyPair = this.configuration.getSTSKeyPair(); - if (keyPair != null) - { - URI signatureURI = request.getSignatureAlgorithm(); - String signatureMethod = signatureURI != null ? signatureURI.toString() : SignatureMethod.RSA_SHA1; - try - { - Element tokenElement = (Element) requestContext.getSecurityToken().getTokenValue(); - XMLSignatureUtil.sign(tokenElement.getOwnerDocument(), keyPair, DigestMethod.SHA1, signatureMethod, - "#" + requestContext.getSecurityToken().getTokenID()); - if(trace) - { - try - { - log.trace("Signed Token:" + DocumentUtil.getNodeAsString(tokenElement)); - - Document tokenDocument = DocumentUtil.createDocument(); - tokenDocument.appendChild(tokenDocument.importNode(tokenElement, true)); - log.trace("valid=" + XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic())); - - }catch(Exception ignore){} - } - } - catch (Exception e) - { - throw new WSTrustException("Failed to sign security token", e); - } - } - }*/ - - // construct the ws-trust security token response. - RequestedSecurityTokenType requestedSecurityToken = new RequestedSecurityTokenType(); - requestedSecurityToken.setAny(requestContext.getSecurityToken().getTokenValue()); - - // TODO: create proof token and encrypt the token if needed - - RequestSecurityTokenResponse response = new RequestSecurityTokenResponse(); - if (request.getContext() != null) - response.setContext(request.getContext()); - - response.setTokenType(request.getTokenType()); - response.setLifetime(request.getLifetime()); - response.setAppliesTo(appliesTo); - response.setRequestedSecurityToken(requestedSecurityToken); - - // set the attached and unattached references. - if (requestContext.getAttachedReference() != null) - response.setRequestedAttachedReference(requestContext.getAttachedReference()); - if (requestContext.getUnattachedReference() != null) - response.setRequestedUnattachedReference(requestContext.getUnattachedReference()); - - return response; - } - else - throw new WSTrustException("Unable to find a token provider for the token request"); - } - - /* - * (non-Javadoc) - * - * @see - * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#renew(org.jboss.identity.federation.api.wstrust - * .protocol.RequestSecurityToken, java.security.Principal) - */ - public RequestSecurityTokenResponse renew(RequestSecurityToken request, Principal callerPrincipal) - throws WSTrustException - { - Document rstDocument = request.getRSTDocument(); - if( rstDocument == null) - throw new IllegalArgumentException("Request does not contain the DOM Document"); - - SecurityTokenProvider provider = null; - - // first try to obtain the security token provider using the applies-to contents. - AppliesTo appliesTo = request.getAppliesTo(); - PublicKey providerPublicKey = null; - if (appliesTo != null) - { - String serviceName = WSTrustUtil.parseAppliesTo(appliesTo); - if (serviceName != null) - { - provider = this.configuration.getProviderForService(serviceName); - request.setTokenType(URI.create(this.configuration.getTokenTypeForService(serviceName))); - providerPublicKey = this.configuration.getServiceProviderPublicKey(serviceName); - } - } - // if applies-to is not available or if no provider was found for the service, use the token type. - if (provider == null && request.getTokenType() != null) - { - provider = this.configuration.getProviderForTokenType(request.getTokenType().toString()); - } - else if (appliesTo == null && request.getTokenType() == null) - throw new WSTrustException("Either AppliesTo or TokenType must be present in a security token request"); - - // TODO: get the provider using the token from the request. - provider = this.configuration.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE); - - if (provider != null) - { - // create the request context and delegate token generation to the provider. - WSTrustRequestContext requestContext = new WSTrustRequestContext(request, callerPrincipal); - requestContext.setTokenIssuer(this.configuration.getSTSName()); - if (request.getLifetime() == null && this.configuration.getIssuedTokenTimeout() != 0) - { - // if no lifetime has been specified, use the configured timeout value. - request.setLifetime(WSTrustUtil.createDefaultLifetime(this.configuration.getIssuedTokenTimeout())); - } - requestContext.setServiceProviderPublicKey(providerPublicKey); - provider.renewToken(requestContext); - - if (requestContext.getSecurityToken() == null) - throw new WSTrustException("Token issued by provider " + provider.getClass().getName() + " is null"); - - - // construct the ws-trust security token response. - RequestedSecurityTokenType requestedSecurityToken = new RequestedSecurityTokenType(); - requestedSecurityToken.setAny(requestContext.getSecurityToken().getTokenValue()); - - // TODO: create proof token and encrypt the token if needed - - RequestSecurityTokenResponse response = new RequestSecurityTokenResponse(); - if (request.getContext() != null) - response.setContext(request.getContext()); - - response.setTokenType(request.getTokenType()); - response.setLifetime(request.getLifetime()); - response.setAppliesTo(appliesTo); - response.setRequestedSecurityToken(requestedSecurityToken); - - // set the attached and unattached references. - if (requestContext.getAttachedReference() != null) - response.setRequestedAttachedReference(requestContext.getAttachedReference()); - if (requestContext.getUnattachedReference() != null) - response.setRequestedUnattachedReference(requestContext.getUnattachedReference()); - - return response; - } - else - throw new WSTrustException("Unable to find a token provider for the token request"); - } - - /* - * (non-Javadoc) - * - * @see - * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#validate(org.jboss.identity.federation.api.wstrust - * .protocol.RequestSecurityToken, java.security.Principal) - */ - public RequestSecurityTokenResponse validate(RequestSecurityToken request, Principal callerPrincipal) - throws WSTrustException - { - Document rstDocument = request.getRSTDocument(); - if( rstDocument == null) - throw new IllegalArgumentException("Request does not contain the DOM Document"); - - if (request.getValidateTarget() == null) - throw new WSTrustException("Unable to validate token: validate target is null"); - - if (request.getTokenType() == null) - request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE)); - - // TODO: get the provider using the token from the request. - SecurityTokenProvider provider = this.configuration.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE); - WSTrustRequestContext context = new WSTrustRequestContext(request, callerPrincipal); - - StatusType status = null; - - // validate the security token digital signature. - if (this.configuration.signIssuedToken() && this.configuration.getSTSKeyPair() != null) - { - KeyPair keyPair = this.configuration.getSTSKeyPair(); - try - { - //Element tokenElement = (Element) request.getValidateTarget().getAny(); - Element tokenElement = request.getValidateTargetElement(); - - Node securityToken = tokenElement.getFirstChild(); - - if(trace) - { - try - { - log.trace("Going to validate:" + DocumentUtil.getNodeAsString(securityToken)); - } - catch (Exception e) - { - } - } - Document tokenDocument = DocumentUtil.createDocument(); - Node importedNode = tokenDocument.importNode(securityToken, true); - tokenDocument.appendChild(importedNode); - if (!XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic())) - { - status = new StatusType(); - status.setCode(WSTrustConstants.STATUS_CODE_INVALID); - status.setReason("Validation failure: digital signature is invalid"); - } - } - catch (Exception e) - { - status = new StatusType(); - status.setCode(WSTrustConstants.STATUS_CODE_INVALID); - status.setReason("Validation failure: unable to verify digital signature: " + e.getMessage()); - } - } - // TODO: add logging statements alerting that signature validation was not perfomed. - - // if the signature is valid, then let the provider handle perform any additional validation checks. - if(status == null) - { - provider.validateToken(context); - status = context.getStatus(); - } - - // construct and return the response. - RequestSecurityTokenResponse response = new RequestSecurityTokenResponse(); - if (request.getContext() != null) - response.setContext(request.getContext()); - response.setTokenType(request.getTokenType()); - response.setStatus(status); - - return response; - } - - /* - * (non-Javadoc) - * - * @see - * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#cancel(org.jboss.identity.federation.api.wstrust - * .protocol.RequestSecurityToken, java.security.Principal) - */ - public RequestSecurityTokenResponse cancel(RequestSecurityToken request, Principal callerPrincipal) - throws WSTrustException - { - Document rstDocument = request.getRSTDocument(); - if( rstDocument == null) - throw new IllegalArgumentException("Request does not contain the DOM Document"); - - // TODO: implement cancel logic. - throw new UnsupportedOperationException(); - } - - public Document postProcess(Document rstrDocument, RequestSecurityToken request) throws WSTrustException - { - if(WSTrustConstants.ISSUE_REQUEST.equals(request.getRequestType().toString()) - || WSTrustConstants.RENEW_REQUEST.equals(request.getRequestType().toString())) - { - rstrDocument = DocumentUtil.normalizeNamespaces(rstrDocument); - - //Sign and encrypt - if (this.configuration.signIssuedToken() && this.configuration.getSTSKeyPair() != null) - { - KeyPair keyPair = this.configuration.getSTSKeyPair(); - if (keyPair != null) - { - URI signatureURI = request.getSignatureAlgorithm(); - String signatureMethod = signatureURI != null ? signatureURI.toString() : SignatureMethod.RSA_SHA1; - try - { - Node rst = rstrDocument.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, - "RequestedSecurityToken").item(0); - Element tokenElement = (Element) rst.getFirstChild(); - if(trace) - { - log.trace("NamespaceURI of element to be signed:" +tokenElement.getNamespaceURI() ); - } - /* XMLSignatureUtil.sign(tokenElement.getOwnerDocument(), keyPair, DigestMethod.SHA1, signatureMethod, - "#" + tokenElement.getAttribute("ID")); - */ - rstrDocument = XMLSignatureUtil.sign(rstrDocument, tokenElement, keyPair, - DigestMethod.SHA1, signatureMethod, "#" + tokenElement.getAttribute("ID")); - if(trace) - { - try - { - log.trace("Signed Token:" + DocumentUtil.getNodeAsString(tokenElement)); - - Document tokenDocument = DocumentUtil.createDocument(); - tokenDocument.appendChild(tokenDocument.importNode(tokenElement, true)); - log.trace("valid=" + XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic())); - - }catch(Exception ignore){} - } - } - catch (Exception e) - { - throw new WSTrustException("Failed to sign security token", e); - } - } - } - } - - return rstrDocument; - } -} \ No newline at end of file Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,93 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -import org.w3c.dom.Element; - -/** - * - * Standard implementation of the {@code SecurityToken} interface. This implementation stores the issued token as an - * {@code Element}. The token providers are responsible for marshaling the security token into an {@code Element} - * instance because the security token marshaling process falls out of the scope of the STS (the STS only deals with - * WS-Trust classes and doesn't know how to marshal each specific token type). - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class StandardSecurityToken implements SecurityToken -{ - private final String tokenType; - - private final String tokenId; - - private final Element token; - - /** - * - * Creates an instance of {@code StandardSecurityToken} with the specified parameters. - * - * - * @param tokenType - * a {@code String} representing the type of the security token. This is usually the same type as specified - * in the WS-Trust request message. - * @param token - * the security token in its {@code Element} form (i.e. the marshaled security token). - * @param tokenID - * a {@code String} representing the id of the security token. - */ - public StandardSecurityToken(String tokenType, Element token, String tokenID) - { - this.tokenType = tokenType; - this.tokenId = tokenID; - this.token = token; - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenType() - */ - public String getTokenType() - { - return this.tokenType; - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenValue() - */ - public Object getTokenValue() - { - return this.token; - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenID() - */ - public String getTokenID() - { - return this.tokenId; - } -} Modified: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java 2009-09-03 01:56:21 UTC (rev 758) @@ -38,9 +38,12 @@ import org.jboss.identity.federation.core.exceptions.ParsingException; import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; -import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection; +import org.jboss.identity.federation.core.wstrust.WSTrustConstants; +import org.jboss.identity.federation.core.wstrust.WSTrustException; +import org.jboss.identity.federation.core.wstrust.WSTrustJAXBFactory; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection; import org.jboss.identity.federation.ws.trust.RenewTargetType; import org.jboss.identity.federation.ws.trust.StatusType; import org.jboss.identity.federation.ws.trust.ValidateTargetType; Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,54 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -/** - * - * This class defines the constants used throughout the WS-Trust implementation code. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class WSTrustConstants -{ - public static final String BASE_NAMESPACE = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; - - // WS-Trust request types. - public static final String ISSUE_REQUEST = BASE_NAMESPACE + "Issue"; - public static final String RENEW_REQUEST = BASE_NAMESPACE + "Renew"; - public static final String CANCEL_REQUEST = BASE_NAMESPACE + "Cancel"; - public static final String VALIDATE_REQUEST = BASE_NAMESPACE + "Validate"; - - // WS-Trust validation constants. - public static final String STATUS_TYPE = BASE_NAMESPACE + "RSTR/Status"; - public static final String STATUS_CODE_VALID = BASE_NAMESPACE + "status/valid"; - public static final String STATUS_CODE_INVALID = BASE_NAMESPACE + "status/invalid"; - - // WSS namespaces values. - public static final String WSA_NS = "http://www.w3.org/2005/08/addressing"; - public static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."; - public static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext..."; - public static final String WSSE11_NS = "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; - public static final String XENC_NS = "http://www.w3.org/2001/04/xmlenc#"; - public static final String DSIG_NS = "http://www.w3.org/2000/09/xmldsig#"; - public static final String SAML2_ASSERTION_NS = "urn:oasis:names:tc:SAML:2.0:assertion"; -} Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustException.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustException.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustException.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,61 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -import java.security.GeneralSecurityException; - -/** - * - * Exception used to convey that an error has happened when handling a WS-Trust request message. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class WSTrustException extends GeneralSecurityException -{ - private static final long serialVersionUID = -232066282004315310L; - - /** - * - * Creates an instance of {@code WSTrustException} using the specified error message. - * - * - * @param message the error message. - */ - public WSTrustException(String message) - { - super(message); - } - - /** - * - * Creates an instance of {@code WSTrustException} using the specified error message and cause. - * - * - * @param message the error message. - * @param cause a {@code Throwable} representing the cause of the error. - */ - public WSTrustException(String message, Throwable cause) - { - super(message, cause); - } -} \ No newline at end of file Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,412 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -import javax.xml.bind.Binder; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.JAXBException; -import javax.xml.bind.Marshaller; -import javax.xml.bind.Unmarshaller; -import javax.xml.transform.Source; -import javax.xml.transform.dom.DOMSource; - -import org.apache.log4j.Logger; -import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder; -import org.jboss.identity.federation.core.exceptions.ParsingException; -import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; -import org.jboss.identity.federation.core.util.JAXBUtil; -import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken; -import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse; -import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection; -import org.jboss.identity.federation.ws.trust.ObjectFactory; -import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseCollectionType; -import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.Node; -import org.w3c.dom.NodeList; - -/** - * - * This factory implements utility methods for converting between JAXB model objects and XML source. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class WSTrustJAXBFactory -{ - private static Logger log = Logger.getLogger(WSTrustJAXBFactory.class); - private boolean trace = log.isTraceEnabled(); - - private static final WSTrustJAXBFactory instance = new WSTrustJAXBFactory(); - - private Marshaller marshaller; - - private Unmarshaller unmarshaller; - - private Binder<Node> binder; - - private final ObjectFactory objectFactory; - - private ThreadLocal<SAMLDocumentHolder> holders = new ThreadLocal<SAMLDocumentHolder>(); - - /** - * - * Creates the {@code WSTrustJAXBFactory} singleton instance. - * - */ - private WSTrustJAXBFactory() - { - try - { - this.marshaller = JAXBUtil.getMarshaller(this.getPackages()); - this.unmarshaller = JAXBUtil.getUnmarshaller(this.getPackages()); - this.binder = JAXBUtil.getJAXBContext(this.getPackages()).createBinder(); - this.objectFactory = new ObjectFactory(); - } - catch (JAXBException e) - { - throw new RuntimeException(e.getMessage(), e); - } - } - - /** - * - * Gets a reference to the singleton instance. - * - * - * @return a reference to the {@code WSTrustJAXBFactory} instance. - */ - public static WSTrustJAXBFactory getInstance() - { - return instance; - } - - private String getPackages() - { - StringBuilder packages = new StringBuilder(); - packages.append("org.jboss.identity.federation.ws.addressing"); - packages.append(":org.jboss.identity.federation.ws.policy"); - packages.append(":org.jboss.identity.federation.ws.trust"); - packages.append(":org.jboss.identity.federation.ws.wss.secext"); - packages.append(":org.jboss.identity.federation.ws.wss.utility"); - return packages.toString(); - } - - /** - * - * Creates a {@code BaseRequestSecurityToken} from the specified XML source. - * - * - * @param request - * the XML source containing the security token request message. - * @return the constructed {@code BaseRequestSecurityToken} instance. It will be an instance of {@code - * RequestSecurityToken} the message contains a single token request, and an instance of {@code - * RequestSecurityTokenCollection} if multiples requests are being made in the same message. - * @throws ParsingException - */ - @SuppressWarnings("unchecked") - public BaseRequestSecurityToken parseRequestSecurityToken(Source request) throws ParsingException - { - // if the request contains a validate, cancel, or renew target, we must preserve it from JAXB unmarshalling. - Node documentNode = ((DOMSource) request).getNode(); - Document document = documentNode instanceof Document ? (Document) documentNode : documentNode.getOwnerDocument(); - - JAXBElement<RequestSecurityTokenType> jaxbRST; - try - { - Node rst = this.findNodeByNameNS(document, "RequestSecurityToken", WSTrustConstants.BASE_NAMESPACE); - if(rst == null) - throw new RuntimeException("Request Security Token node not found"); - - jaxbRST = (JAXBElement<RequestSecurityTokenType>) binder.unmarshal(rst); - - RequestSecurityTokenType rstt = jaxbRST.getValue(); - holders.set(new SAMLDocumentHolder(rstt, document)); - return new RequestSecurityToken(rstt); - } - catch (JAXBException e) - { - throw new ParsingException(e); - } - - - /*Element targetElement = this.getValidateOrRenewOrCancelTarget(document); - - try - { - Object object = this.unmarshaller.unmarshal(request); - if (object instanceof JAXBElement) - { - JAXBElement<?> element = (JAXBElement<?>) object; - if (element.getDeclaredType().equals(RequestSecurityTokenType.class)) - { - RequestSecurityToken parsedRequest = new RequestSecurityToken((RequestSecurityTokenType) element - .getValue()); - // insert the request target in the parsed request. - if (targetElement != null) - { - if (parsedRequest.getValidateTarget() != null) - parsedRequest.getValidateTarget().setAny(targetElement); - else if (parsedRequest.getRenewTarget() != null) - parsedRequest.getRenewTarget().setAny(targetElement); - else if (parsedRequest.getCancelTarget() != null) - parsedRequest.getCancelTarget().setAny(targetElement); - } - return parsedRequest; - } - else - throw new RuntimeException("Invalid request type: " + element.getDeclaredType()); - } - else - throw new RuntimeException("Invalid request type: " + object.getClass().getName()); - } - catch (Exception e) - { - throw new RuntimeException("Failed to unmarshall security token request", e); - }*/ - } - - /** - * - * Creates a {@code BaseRequestSecurityTokenResponse} from the specified XML source. - * - * - * @param response - * the XML source containing the security token response message. - * @return the constructed {@code BaseRequestSecurityTokenResponse} instance. According to the WS-Trust - * specification, the returned object will be an instance of {@code RequestSecurityTokenResponseCollection}. - */ - public BaseRequestSecurityTokenResponse parseRequestSecurityTokenResponse(Source response) - { - // if the response contains an issued token, we must preserve it from the JAXB unmarshalling. - Element tokenElement = null; - Node documentNode = ((DOMSource) response).getNode(); - Document document = documentNode instanceof Document ? (Document) documentNode : documentNode.getOwnerDocument(); - Node requestedTokenNode = this.findNodeByNameNS(document, "RequestedSecurityToken", - WSTrustConstants.BASE_NAMESPACE); - if (requestedTokenNode != null) - tokenElement = (Element) requestedTokenNode.getFirstChild(); - - try - { - Object object = this.unmarshaller.unmarshal(response); - if (object instanceof JAXBElement) - { - JAXBElement<?> element = (JAXBElement<?>) unmarshaller.unmarshal(response); - if (element.getDeclaredType().equals(RequestSecurityTokenResponseCollectionType.class)) - { - RequestSecurityTokenResponseCollection collection = new RequestSecurityTokenResponseCollection( - (RequestSecurityTokenResponseCollectionType) element.getValue()); - // insert the security token in the parsed response. - if (tokenElement != null) - { - RequestSecurityTokenResponse parsedResponse = collection.getRequestSecurityTokenResponses().get(0); - parsedResponse.getRequestedSecurityToken().setAny(tokenElement); - } - return collection; - } - else - throw new RuntimeException("Invalid response type: " + element.getDeclaredType()); - } - else - throw new RuntimeException("Invalid response type: " + object.getClass().getName()); - } - catch (Exception e) - { - throw new RuntimeException("Failed to unmarshall security token response", e); - } - } - - /** - * - * Creates a {@code javax.xml.transform.Source} from the specified request object. - * - * - * @param request - * a {@code RequestSecurityToken} representing the object model of the security token request. - * @return the constructed {@code Source} instance. - */ - public Source marshallRequestSecurityToken(RequestSecurityToken request) - { - Element targetElement = null; - // if the request has a validate, cancel, or renew target, we must preserve it from JAXB marshaling. - String requestType = request.getRequestType().toString(); - if (requestType.equalsIgnoreCase(WSTrustConstants.VALIDATE_REQUEST)) - { - targetElement = (Element) request.getValidateTarget().getAny(); - request.getValidateTarget().setAny(null); - } - else if (requestType.equalsIgnoreCase(WSTrustConstants.RENEW_REQUEST)) - { - targetElement = (Element) request.getRenewTarget().getAny(); - request.getRenewTarget().setAny(null); - } - else if (requestType.equalsIgnoreCase(WSTrustConstants.CANCEL_REQUEST)) - { - targetElement = (Element) request.getCancelTarget().getAny(); - request.getCancelTarget().setAny(null); - } - - Document result = null; - try - { - result = DocumentUtil.createDocument(); - this.marshaller.marshal(this.objectFactory.createRequestSecurityToken(request.getDelegate()), result); - - // insert the original target in the appropriate element. - if (targetElement != null) - { - Node node = null; - if (requestType.equalsIgnoreCase(WSTrustConstants.VALIDATE_REQUEST)) - node = this.findNodeByNameNS(result, "ValidateTarget", WSTrustConstants.BASE_NAMESPACE); - else if (requestType.equalsIgnoreCase(WSTrustConstants.RENEW_REQUEST)) - node = this.findNodeByNameNS(result, "RenewTarget", WSTrustConstants.BASE_NAMESPACE); - else if (requestType.equalsIgnoreCase(WSTrustConstants.CANCEL_REQUEST)) - node = this.findNodeByNameNS(result, "CancelTarget", WSTrustConstants.BASE_NAMESPACE); - if(node == null) - throw new RuntimeException("Unsupported request type:" + requestType); - node.appendChild(result.importNode(targetElement, true)); - } - } - catch (Exception e) - { - throw new RuntimeException("Failed to marshall security token request", e); - } - - return DocumentUtil.getXMLSource(result); - } - - /** - * - * Creates a {@code javax.xml.transform.Source} from the specified response object. - * - * - * @param collection - * a {@code RequestSecurityTokenResponseCollection} representing the object model of the security token - * response. - * @return the constructed {@code Source} instance. - */ - public Source marshallRequestSecurityTokenResponse(RequestSecurityTokenResponseCollection collection) - { - if (collection.getRequestSecurityTokenResponses().size() == 0) - throw new IllegalArgumentException("The response collection must contain at least one response"); - - // if the response contains an issued token, we must preserve it from the JAXB marshaling. - Element tokenElement = null; - RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0); - if (response.getRequestedSecurityToken() != null) - { - tokenElement = (Element) response.getRequestedSecurityToken().getAny(); - // we don't want to marshall any token - it will be inserted in the DOM document later. - response.getRequestedSecurityToken().setAny(null); - } - - Document result = null; - try - { - // marshall the response to a document and insert the issued token directly on the document. - result = DocumentUtil.createDocument(); - this.marshaller.marshal(this.objectFactory.createRequestSecurityTokenResponseCollection(collection - .getDelegate()), result); - - // the document is a ws-trust template - we need to insert the token in the appropriate element. - if (tokenElement != null) - { - Node node = this.findNodeByNameNS(result, "RequestedSecurityToken", WSTrustConstants.BASE_NAMESPACE); - node.appendChild(result.importNode(tokenElement, true)); - } - if(trace) - { - try - { - log.trace("Final RSTR doc:" + DocumentUtil.getDocumentAsString(result)); - - }catch(Exception ignore){} - } - - } - catch (Exception e) - { - throw new RuntimeException("Failed to marshall security token response", e); - } - return DocumentUtil.getXMLSource(result); - } - - /** - * Return the {@code SAMLDocumentHolder} for the thread - * @return - */ - public SAMLDocumentHolder getSAMLDocumentHolderOnThread() - { - return holders.get(); - } - - /** - * - * Finds in the specified document a node that matches the specified name and namespace. - * - * - * @param document - * the {@code Document} instance upon which the search is made. - * @param localName - * a {@code String} containing the local name of the searched node. - * @param namespace - * a {@code String} containing the namespace of the searched node. - * @return a {@code Node} representing the searched node. If more than one node is found in the document, the first - * one will be returned. If no nodes were found according to the search parameters, then {@code null} is - * returned. - */ - private Node findNodeByNameNS(Document document, String localName, String namespace) - { - NodeList list = document.getElementsByTagNameNS(namespace, localName); - if (list == null || list.getLength() == 0) - // log("Unable to locate element " + localName + " with namespace " + namespace); - return null; - return list.item(0); - } - - /** - * - * Searches the specified document for an element that represents a validate, renew, or cancel target. - * - * - * @param document - * the {@code Document} upon which the search is to be made. - * @return an {@code Element} representing the validate, renew, or cancel target. - */ - /*private Element getValidateOrRenewOrCancelTarget(Document document) - { - Node target = this.findNodeByNameNS(document, "ValidateTarget", WSTrustConstants.BASE_NAMESPACE); - if (target != null) - return (Element) target.getFirstChild(); - target = this.findNodeByNameNS(document, "RenewTarget", WSTrustConstants.BASE_NAMESPACE); - if (target != null) - return (Element) target.getFirstChild(); - target = this.findNodeByNameNS(document, "CancelTarget", WSTrustConstants.BASE_NAMESPACE); - if (target != null) - return (Element) target.getFirstChild(); - return null; - }*/ -} \ No newline at end of file Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,247 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -import java.security.Principal; -import java.security.PublicKey; - -import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; -import org.jboss.identity.federation.ws.trust.RequestedReferenceType; -import org.jboss.identity.federation.ws.trust.StatusType; - -/** - * - * The {@code WSTrustRequestContext} contains all the information that is relevant for the security token request - * processing. Its attributes are divided into two groups: attributes set by the request handler before calling a token - * provider, and attributes set by the token provider after processing the token request. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class WSTrustRequestContext -{ - - // information supplied by the request handler. - private String tokenIssuer; - - private PublicKey providerPublicKey; - - private final Principal callerPrincipal; - - private final RequestSecurityToken request; - - // information supplied by the token provider. - private SecurityToken securityToken; - - private StatusType status; - - private RequestedReferenceType attachedReference; - - private RequestedReferenceType unattachedReference; - - /** - * - * Creates an instance of {@code WSTrustRequestContext} using the specified request. - * - * - * @param request a {@code RequestSecurityToken} object that contains the information about the security token - * request. - * @param callerPrincipal the {@code Principal} of the security token requester. - */ - public WSTrustRequestContext(RequestSecurityToken request, Principal callerPrincipal) - { - this.request = request; - this.callerPrincipal = callerPrincipal; - } - - /** - * - * Obtains the name of the token issuer (security token service name). - * - * - * @return a {@code String} representing the token issuer name. - */ - public String getTokenIssuer() - { - return tokenIssuer; - } - - /** - * - * Sets the name of the token issuer. - * - * - * @param tokenIssuer a {@code String} representing the token issuer name. - */ - public void setTokenIssuer(String tokenIssuer) - { - this.tokenIssuer = tokenIssuer; - } - - /** - * - * Obtains the {@code PublicKey} of the service provider that requires a security token. - * - * - * @return the service provider's {@code PublicKey}. - */ - public PublicKey getServiceProviderPublicKey() - { - return this.providerPublicKey; - } - - /** - * - * Sets the {@code PublicKey} of the service provider that requires a security token. - * - * - * @param providerPublicKey the service provider's {@code PublicKey}. - */ - public void setServiceProviderPublicKey(PublicKey providerPublicKey) - { - this.providerPublicKey = providerPublicKey; - } - - /** - * - * Obtains the principal of the WS-Trust token requester. - * - * - * @return a reference to the caller {@code Principal} object. - */ - public Principal getCallerPrincipal() - { - return this.callerPrincipal; - } - - /** - * - * Obtains the object the contains the information about the security token request. - * - * - * @return a reference to the {@code RequestSecurityToken} instance. - */ - public RequestSecurityToken getRequestSecurityToken() - { - return this.request; - } - - /** - * - * Obtains the security token contained in this context. - * - * - * @return a reference to the {@code SecurityToken} instance. - */ - public SecurityToken getSecurityToken() - { - return this.securityToken; - } - - /** - * - * Sets the security token in the context. - * - * - * @param token the {@code SecurityToken} instance to be set. - */ - public void setSecurityToken(SecurityToken token) - { - this.securityToken = token; - } - - /** - * - * Obtains the status of the security token validation. - * - * - * @return a reference to the resulting {@code StatusType}. - */ - public StatusType getStatus() - { - return this.status; - } - - /** - * - * Sets the status of the security token validation. - * - * - * @param status a reference to the {@code StatusType} that represents the validation status. - */ - public void setStatus(StatusType status) - { - this.status = status; - } - - /** - * - * Obtains the security token attached reference. This reference is used to locate the token inside the WS-Trust - * response message when that token doesn't support references using URI fragments. - * - * - * @return a {@code RequestedReferenceType} representing the attached reference. - */ - public RequestedReferenceType getAttachedReference() - { - return this.attachedReference; - } - - /** - * - * Sets the security token attached reference. This reference is used to locate the token inside the WS-Trust - * response message when that token doesn't support references using URI fragments. - * - * - * @param attachedReference a {@code RequestedReferenceType} representing the attached reference. - */ - public void setAttachedReference(RequestedReferenceType attachedReference) - { - this.attachedReference = attachedReference; - } - - /** - * - * Obtains the security token unattached reference. This reference is used to locate the token when it is not placed - * inside the WS-Trust response message. - * - * - * @return a {@code RequestedReferenceType} representing the unattached reference. - */ - public RequestedReferenceType getUnattachedReference() - { - return this.unattachedReference; - } - - /** - * - * Sets the security token unattached reference. This reference is used to locate the token when it is not placed - * inside the WS-Trust response message. - * - * - * @param unattachedReference a {@code RequestedReferenceType} representing the unattached reference. - */ - public void setUnattachedReference(RequestedReferenceType unattachedReference) - { - this.unattachedReference = unattachedReference; - } -} Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,111 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -import java.security.Principal; - -import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse; -import org.w3c.dom.Document; - -/** - * - * The {@code WSTrustRequestHandler} interface defines the methods that will be responsible for handling the different - * types of WS-Trust request messages. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public interface WSTrustRequestHandler -{ - /** - * - * Initializes the concrete {@code WSTrustRequestHandler} instance. - * - * - * @param configuration a reference to object that contains the STS configuration. - */ - public void initialize(STSConfiguration configuration); - - /** - * - * Generates a security token according to the information specified in the request message and returns the created - * token in the response. - * - * - * @param request the security token request message. - * @param callerPrincipal the {@code Principal} of the ws-trust token requester. - * @return a {@code RequestSecurityTokenResponse} containing the generated token. - * @throws WSTrustException if an error occurs while handling the request message. - */ - public RequestSecurityTokenResponse issue(RequestSecurityToken request, Principal callerPrincipal) - throws WSTrustException; - - /** - * - * Renews the security token as specified in the request message, returning the renewed token in the response. - * - * - * @param request the request message that contains the token to be renewed. - * @param callerPrincipal the {@code Principal} of the ws-trust token requester. - * @return a {@code RequestSecurityTokenResponse} containing the renewed token. - * @throws WSTrustException if an error occurs while handling the renewal process. - */ - public RequestSecurityTokenResponse renew(RequestSecurityToken request, Principal callerPrincipal) - throws WSTrustException; - - /** - * - * Cancels the security token as specified in the request message. - * - * - * @param request the request message that contains the token to be canceled. - * @param callerPrincipal the {@code Principal} of the ws-trust token requester. - * @return a {@code RequestSecurityTokenResponse} indicating whether the token has been canceled or not. - * @throws WSTrustException if an error occurs while handling the cancellation process. - */ - public RequestSecurityTokenResponse cancel(RequestSecurityToken request, Principal callerPrincipal) - throws WSTrustException; - - /** - * - * Validates the security token as specified in the request message. - * - * - * @param request the request message that contains the token to be validated. - * @param callerPrincipal the {@code Principal} of the ws-trust token requester. - * @return a {@code RequestSecurityTokenResponse} containing the validation status or a new token. - * @throws WSTrustException if an error occurs while handling the validation process. - */ - public RequestSecurityTokenResponse validate(RequestSecurityToken request, Principal callerPrincipal) - throws WSTrustException; - - /** - * Perform Post Processing on the generated RSTR Collection Document - * Steps such as signing and encryption need to be done here. - * @param rstrDocument - * @param request - * @return - * @throws WSTrustException - */ - public Document postProcess(Document rstrDocument, RequestSecurityToken request) throws WSTrustException; -} Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustServiceFactory.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustServiceFactory.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustServiceFactory.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,102 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -import java.security.PrivilegedActionException; - -/** - * - * Factory class used for instantiating pluggable services, such as the {@code WSTrustRequestHandler} and - * {@code SecurityTokenProvider} implementations. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class WSTrustServiceFactory -{ - - private static final WSTrustServiceFactory factory = new WSTrustServiceFactory(); - - /** - * - * Creates the {@code WSTrustConfigurationFactory} singleton instance. - * - */ - private WSTrustServiceFactory() - { - } - - /** - * - * Obtains a reference to the singleton instance. - * - * - * @return the {@code WSTrustConfigurationFactory} singleton. - */ - public static WSTrustServiceFactory getInstance() - { - return factory; - } - - /** - * - * Constructs and returns the {@code WSTrustRequestHandler} that will be used to handle WS-Trust requests. - * - * - * @param configuration a reference to the {@code STSConfiguration}. - * @return a reference to the constructed {@code WSTrustRequestHandler} object. - */ - public WSTrustRequestHandler createRequestHandler(String handlerClassName, STSConfiguration configuration) - { - try - { - WSTrustRequestHandler handler = (WSTrustRequestHandler) SecurityActions.instantiateClass(handlerClassName); - handler.initialize(configuration); - return handler; - } - catch (Exception e) - { - throw new RuntimeException(e.getMessage(), e); - } - } - - /** - * - * Constructs and returns a {@code SecurityTokenProvider} from the specified class name. - * - * - * @param providerClass the FQN of the {@code SecurityTokenProvider} to be instantiated. - * @return a reference to the constructed {@code SecurityTokenProvider} object. - */ - public SecurityTokenProvider createTokenProvider(String providerClass) - { - try - { - SecurityTokenProvider tokenProvider = (SecurityTokenProvider) SecurityActions.instantiateClass(providerClass); - return tokenProvider; - } - catch (PrivilegedActionException pae) - { - throw new RuntimeException("Unable to instantiate token provider " + providerClass, pae); - } - } -} Deleted: identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,157 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.wstrust; - -import java.util.GregorianCalendar; -import java.util.Map; - -import javax.xml.bind.JAXBElement; -import javax.xml.namespace.QName; - -import org.jboss.identity.federation.core.wstrust.Lifetime; -import org.jboss.identity.federation.ws.addressing.AttributedURIType; -import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; -import org.jboss.identity.federation.ws.addressing.ObjectFactory; -import org.jboss.identity.federation.ws.policy.AppliesTo; -import org.jboss.identity.federation.ws.trust.RequestedReferenceType; -import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType; -import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType; - -/** - * - * Utility class that provides methods for parsing/creating WS-Trust elements. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class WSTrustUtil -{ - - /** - * - * Creates an instance of {@code KeyIdentifierType} with the specified values. - * - * - * @param valueType a {@code String} representing the identifier value type. - * @param value a {@code String} representing the identifier value. - * @return the constructed {@code KeyIdentifierType} instance. - */ - public static KeyIdentifierType createKeyIdentifier(String valueType, String value) - { - KeyIdentifierType keyIdentifier = new KeyIdentifierType(); - keyIdentifier.setValueType(valueType); - keyIdentifier.setValue(value); - return keyIdentifier; - } - - /** - * - * Creates an instance of {@code RequestedReferenceType} with the specified values. This method first creates a - * {@code SecurityTokenReferenceType} with the specified key identifier and attributes and then use this reference - * to construct the {@code RequestedReferenceType} that is returned. - * - * - * @param keyIdentifier the key identifier of the security token reference. - * @param attributes the attributes to be set on the security token reference. - * @return the constructed {@code RequestedReferenceType} instance. - */ - public static RequestedReferenceType createRequestedReference(KeyIdentifierType keyIdentifier, - Map<QName, String> attributes) - { - SecurityTokenReferenceType securityTokenReference = new SecurityTokenReferenceType(); - securityTokenReference.getAny().add( - new org.jboss.identity.federation.ws.wss.secext.ObjectFactory().createKeyIdentifier(keyIdentifier)); - securityTokenReference.getOtherAttributes().putAll(attributes); - RequestedReferenceType reference = new RequestedReferenceType(); - reference.setSecurityTokenReference(securityTokenReference); - - return reference; - } - - /** - * - * Creates an instance of {@code AppliesTo} using the specified endpoint address. - * - * - * @param endpointURI a {@code String} representing the endpoint URI. - * @return the constructed {@code AppliesTo} instance. - */ - public static AppliesTo createAppliesTo(String endpointURI) - { - AttributedURIType attributedURI = new AttributedURIType(); - attributedURI.setValue(endpointURI); - EndpointReferenceType reference = new EndpointReferenceType(); - reference.setAddress(attributedURI); - AppliesTo appliesTo = new AppliesTo(); - appliesTo.getAny().add(new ObjectFactory().createEndpointReference(reference)); - - return appliesTo; - } - - /** - * - * Parses the contents of the {@code AppliesTo} element and returns the address the uniquely identify the service - * provider. - * - * - * @param appliesTo the {@code AppliesTo} instance to be parsed. - * @return the address of the service provider. - */ - public static String parseAppliesTo(AppliesTo appliesTo) - { - EndpointReferenceType reference = null; - for (Object obj : appliesTo.getAny()) - { - if (obj instanceof EndpointReferenceType) - reference = (EndpointReferenceType) obj; - else if (obj instanceof JAXBElement) - { - JAXBElement<?> element = (JAXBElement<?>) obj; - if (element.getName().getLocalPart().equalsIgnoreCase("EndpointReference")) - reference = (EndpointReferenceType) element.getValue(); - } - - if (reference != null && reference.getAddress() != null) - return reference.getAddress().getValue(); - } - return null; - } - - /** - * - * Creates a {@code Lifetime} instance that specifies a range of time that starts at the current GMT time and has - * the specified duration in milliseconds. - * - * - * @param tokenTimeout the token timeout value (in milliseconds). - * @return the constructed {@code Lifetime} instance. - */ - public static Lifetime createDefaultLifetime(long tokenTimeout) - { - GregorianCalendar created = new GregorianCalendar(); - GregorianCalendar expires = new GregorianCalendar(); - expires.setTimeInMillis(created.getTimeInMillis() + tokenTimeout); - - return new Lifetime(created, expires); - } - -} Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -28,10 +28,10 @@ import junit.framework.TestCase; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; import org.jboss.identity.federation.api.util.Base64; import org.jboss.identity.federation.api.util.DeflateUtil; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory; import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -28,8 +28,8 @@ import junit.framework.TestCase; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType; import org.jboss.identity.federation.saml.v2.assertion.ConditionAbstractType; import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -25,8 +25,8 @@ import junit.framework.TestCase; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory; import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder; Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -32,16 +32,16 @@ import javax.xml.bind.JAXBElement; import javax.xml.crypto.dsig.SignatureMethod; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; import org.jboss.identity.federation.api.saml.v2.sig.SAML2Signature; -import org.jboss.identity.federation.api.util.XMLSignatureUtil; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder; import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil; import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil; +import org.jboss.identity.federation.core.util.XMLSignatureUtil; import org.jboss.identity.federation.saml.v2.assertion.AssertionType; import org.jboss.identity.federation.saml.v2.assertion.AuthnStatementType; import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -36,8 +36,8 @@ import junit.framework.TestCase; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder; import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder; Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,152 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.test.identity.federation.api.wstrust; - -import java.security.KeyPair; -import java.security.PublicKey; -import java.util.Map; - -import org.jboss.identity.federation.api.wstrust.STSConfiguration; -import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider; -import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler; - -/** - * - * Mock implementation of {@code STSConfiguration} used in the test scenarios. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - * @version $Revision$ - */ -public class MockSTSConfiguration implements STSConfiguration -{ - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getEncryptIssuedToken() - */ - public boolean encryptIssuedToken() - { - return false; - } - - /* - * (non-Javadoc) - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#signIssuedToken() - */ - public boolean signIssuedToken() - { - return true; - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getIssuedTokenTimeout() - */ - public long getIssuedTokenTimeout() - { - return 0; - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getOptions() - */ - public Map<String, Object> getOptions() - { - return null; - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getProviderForService(java.lang.String) - */ - public SecurityTokenProvider getProviderForService(String serviceName) - { - return null; - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getProviderForTokenType(java.lang.String) - */ - public SecurityTokenProvider getProviderForTokenType(String tokenType) - { - return null; - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getTokenTypeForService(java.lang.String) - */ - public String getTokenTypeForService(String serviceName) - { - return null; - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getRequestHandler() - */ - public WSTrustRequestHandler getRequestHandler() - { - return null; - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSName() - */ - public String getSTSName() - { - return null; - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getServiceProviderPublicKey(java.lang.String) - */ - public PublicKey getServiceProviderPublicKey(String serviceName) - { - return null; - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSKeyPair() - */ - public KeyPair getSTSKeyPair() - { - return null; - } - -} Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,275 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.test.identity.federation.api.wstrust; - -import java.net.URI; -import java.security.Principal; -import java.util.GregorianCalendar; - -import javax.xml.bind.JAXBContext; -import javax.xml.bind.JAXBElement; -import javax.xml.bind.Unmarshaller; -import javax.xml.namespace.QName; - -import junit.framework.TestCase; - -import org.jboss.identity.federation.api.wstrust.StandardSecurityToken; -import org.jboss.identity.federation.api.wstrust.WSTrustConstants; -import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext; -import org.jboss.identity.federation.api.wstrust.WSTrustUtil; -import org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider; -import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil; -import org.jboss.identity.federation.core.wstrust.Lifetime; -import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; -import org.jboss.identity.federation.saml.v2.assertion.AssertionType; -import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType; -import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; -import org.jboss.identity.federation.saml.v2.assertion.NameIDType; -import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType; -import org.jboss.identity.federation.saml.v2.assertion.SubjectType; -import org.jboss.identity.federation.ws.trust.RequestedReferenceType; -import org.jboss.identity.federation.ws.trust.StatusType; -import org.jboss.identity.federation.ws.trust.ValidateTargetType; -import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType; -import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType; -import org.w3c.dom.Element; - -/** - * - * This {@code TestCase} tests the functionalities of the {@code SAML20TokenProvider} class. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class SAML20TokenProviderUnitTestCase extends TestCase -{ - - /** - * - * Tests the issuance of a SAMLV2.0 Assertion. - * - * - * @throws Exception if an error occurs while running the test. - */ - public void testIssueSAMLV20Token() throws Exception - { - // create a WSTrustRequestContext with a simple WS-Trust request. - RequestSecurityToken request = new RequestSecurityToken(); - request.setLifetime(WSTrustUtil.createDefaultLifetime(3600000)); - request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.testcorp.org/provider2")); - request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE)); - - WSTrustRequestContext context = new WSTrustRequestContext(request, new TestPrincipal("sguilhen")); - context.setTokenIssuer("JBossSTS"); - - // call the SAML token provider and check the generated token. - new SAML20TokenProvider().issueToken(context); - assertNotNull("Unexpected null security token", context.getSecurityToken()); - - JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion"); - Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); - JAXBElement<?> parsedElement = (JAXBElement<?>) unmarshaller.unmarshal((Element) context.getSecurityToken() - .getTokenValue()); - assertNotNull("Unexpected null element", parsedElement); - assertEquals("Unexpected element type", AssertionType.class, parsedElement.getDeclaredType()); - - AssertionType assertion = (AssertionType) parsedElement.getValue(); - StandardSecurityToken securityToken = (StandardSecurityToken) context.getSecurityToken(); - assertEquals("Unexpected token id", securityToken.getTokenID(), assertion.getID()); - assertEquals("Unexpected token issuer", "JBossSTS", assertion.getIssuer().getValue()); - - // check the contents of the assertion conditions. - ConditionsType conditions = assertion.getConditions(); - assertNotNull("Unexpected null conditions", conditions); - assertNotNull("Unexpected null value for NotBefore attribute", conditions.getNotBefore()); - assertNotNull("Unexpected null value for NotOnOrAfter attribute", conditions.getNotOnOrAfter()); - assertEquals("Unexpected number of conditions", 1, conditions.getConditionOrAudienceRestrictionOrOneTimeUse() - .size()); - assertTrue("Unexpected condition type", - conditions.getConditionOrAudienceRestrictionOrOneTimeUse().get(0) instanceof AudienceRestrictionType); - AudienceRestrictionType restrictionType = (AudienceRestrictionType) conditions - .getConditionOrAudienceRestrictionOrOneTimeUse().get(0); - assertNotNull("Unexpected null audience list", restrictionType.getAudience()); - assertEquals("Unexpected number of audience elements", 1, restrictionType.getAudience().size()); - assertEquals("Unexpected audience value", "http://services.testcorp.org/provider2", restrictionType.getAudience() - .get(0)); - - // check the contents of the assertion subject. - SubjectType subject = assertion.getSubject(); - assertNotNull("Unexpected null subject", subject); - assertEquals("Unexpected subject content size", 2, subject.getContent().size()); - JAXBElement<?> content = subject.getContent().get(0); - assertEquals("Unexpected content type", NameIDType.class, content.getDeclaredType()); - NameIDType nameID = (NameIDType) content.getValue(); - assertEquals("Unexpected name id qualifier", "urn:jboss:identity-federation", nameID.getNameQualifier()); - assertEquals("Unexpected name id", "sguilhen", nameID.getValue()); - content = subject.getContent().get(1); - assertEquals("Unexpected content type", SubjectConfirmationType.class, content.getDeclaredType()); - SubjectConfirmationType confirmation = (SubjectConfirmationType) content.getValue(); - assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_BEARER_URI, confirmation.getMethod()); - - // validate the attached token reference created by the SAML provider. - RequestedReferenceType reference = context.getAttachedReference(); - assertNotNull("Unexpected null attached reference", reference); - SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference(); - assertNotNull("Unexpected null security reference", securityRef); - String tokenTypeAttr = securityRef.getOtherAttributes().get(new QName(WSTrustConstants.WSSE11_NS, "TokenType")); - assertNotNull("Required attribute TokenType is missing", tokenTypeAttr); - assertEquals("TokenType attribute has an unexpected value", SAMLUtil.SAML2_TOKEN_TYPE, tokenTypeAttr); - JAXBElement<?> keyIdElement = (JAXBElement<?>) securityRef.getAny().get(0); - KeyIdentifierType keyId = (KeyIdentifierType) keyIdElement.getValue(); - assertEquals("Unexpected key value type", SAMLUtil.SAML2_VALUE_TYPE, keyId.getValueType()); - assertNotNull("Unexpected null key identifier value", keyId.getValue()); - assertEquals(assertion.getID(), keyId.getValue().substring(1)); - } - - /** - * - * Tests the validation of a SAMLV2.0 Assertion. - * - * - * @throws Exception if an error occurs while running the test. - */ - public void testValidateSAMLV20Token() throws Exception - { - - // issue a SAMLV2.0 assertion. - WSTrustRequestContext context = this.createIssuingContext(WSTrustUtil.createDefaultLifetime(3600000)); - SAML20TokenProvider provider = new SAML20TokenProvider(); - provider.issueToken(context); - - // get the issued SAMLV2.0 assertion. - Element assertion = (Element) context.getSecurityToken().getTokenValue(); - - // now create a WS-Trust validate context. - context = this.createValidatingContext(assertion); - - // validate the SAMLV2.0 assertion. - provider.validateToken(context); - StatusType status = context.getStatus(); - assertNotNull("Unexpected null status type", status); - assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_VALID, status.getCode()); - assertEquals("Unexpected status reason", "SAMLV2.0 Assertion successfuly validated", status.getReason()); - - // now let's create a new SAMLV2.0 assertion with an expired lifetime. - long currentTimeMillis = System.currentTimeMillis(); - GregorianCalendar created = new GregorianCalendar(); - created.setTimeInMillis(currentTimeMillis - 3600000); - GregorianCalendar expires = new GregorianCalendar(); - expires.setTimeInMillis(currentTimeMillis - 1800000); - context = this.createIssuingContext(new Lifetime(created, expires)); - - provider.issueToken(context); - assertion = (Element) context.getSecurityToken().getTokenValue(); - - // try to validate the expired token. - context = this.createValidatingContext(assertion); - provider.validateToken(context); - status = context.getStatus(); - assertNotNull("Unexpected null status type", status); - assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_INVALID, status.getCode()); - assertEquals("Unexpected status reason", - "Validation failure: assertion expired or used before its lifetime period", status.getReason()); - } - - /** - * - * Creates a {@code WSTrustRequestContext} using the specified lifetime. The created context is used in the issuing - * test scenarios. - * - * - * @param lifetime the {@code Lifetime} of the assertion to be issued. - * @return the constructed {@code WSTrustRequestHandler} instance. - * @throws Exception if an error occurs while creating the context. - */ - private WSTrustRequestContext createIssuingContext(Lifetime lifetime) throws Exception - { - // create a WSTrustRequestContext with a simple WS-Trust issue request. - RequestSecurityToken request = new RequestSecurityToken(); - request.setLifetime(lifetime); - request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.testcorp.org/provider2")); - request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST)); - request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE)); - - WSTrustRequestContext context = new WSTrustRequestContext(request, new TestPrincipal("sguilhen")); - context.setTokenIssuer("JBossSTS"); - - return context; - } - - /** - * - * Creates a {@code WSTrustRequestContext} for validating the specified assertion. - * - * - * @param assertion an {@code Element} representing the SAMLV2.0 assertion to be validated. - * @return the constructed {@code WSTrustRequestContext} instance. - * @throws Exception if an error occurs while creating the validating context. - */ - private WSTrustRequestContext createValidatingContext(Element assertion) throws Exception - { - RequestSecurityToken request = new RequestSecurityToken(); - request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST)); - request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE)); - ValidateTargetType validateTarget = new ValidateTargetType(); - validateTarget.setAny(assertion); - request.setValidateTarget(validateTarget); - - WSTrustRequestContext context = new WSTrustRequestContext(request, new TestPrincipal("sguilhen")); - - return context; - } - - /** - * - * Simple {@code Principal} implementation used in the test scenarios. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ - private class TestPrincipal implements Principal - { - private final String name; - - /** - * - * Creates an instance of {@code TestPrincipal} with the specified name. - * - * - * @param name a {@code String} representing the principal name. - */ - public TestPrincipal(String name) - { - this.name = name; - } - - /* - * (non-Javadoc) - * - * @see java.security.Principal#getName() - */ - public String getName() - { - return this.name; - } - } -} Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SpecialTokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SpecialTokenProvider.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SpecialTokenProvider.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,74 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.test.identity.federation.api.wstrust; - -import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider; -import org.jboss.identity.federation.api.wstrust.WSTrustException; -import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext; - -/** - * - * Mock {@code SecurityTokenProvider} used in the test scenarios. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class SpecialTokenProvider implements SecurityTokenProvider -{ - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void cancelToken(WSTrustRequestContext context) throws WSTrustException - { - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void issueToken(WSTrustRequestContext context) throws WSTrustException - { - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void renewToken(WSTrustRequestContext context) throws WSTrustException - { - } - - /* - * (non-Javadoc) - * - * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) - */ - public void validateToken(WSTrustRequestContext context) throws WSTrustException - { - } - -} Modified: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -48,16 +48,16 @@ import junit.framework.TestCase; import org.jboss.identity.federation.api.util.KeyStoreUtil; -import org.jboss.identity.federation.api.util.XMLSignatureUtil; import org.jboss.identity.federation.api.wstrust.WSTrustClient; -import org.jboss.identity.federation.api.wstrust.WSTrustConstants; -import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory; import org.jboss.identity.federation.api.wstrust.WSTrustClient.SecurityInfo; -import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil; import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; -import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection; +import org.jboss.identity.federation.core.util.XMLSignatureUtil; +import org.jboss.identity.federation.core.wstrust.WSTrustConstants; +import org.jboss.identity.federation.core.wstrust.WSTrustJAXBFactory; +import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection; import org.jboss.identity.federation.ws.trust.StatusType; import org.jboss.identity.federation.ws.trust.ValidateTargetType; import org.w3c.dom.Document; Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,186 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.test.identity.federation.api.wstrust; - -import java.net.URI; - -import javax.xml.transform.Source; -import javax.xml.transform.dom.DOMSource; - -import junit.framework.TestCase; - -import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory; -import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; -import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken; -import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse; -import org.jboss.identity.federation.core.wstrust.RequestSecurityToken; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse; -import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection; -import org.w3c.dom.Document; - -/** - * - * This {@code TestCase} tests the methods of the {@code WSTrustJAXBFactory}. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class WSTrustJAXBFactoryUnitTestCase extends TestCase -{ - - /** - * - * Tests parsing a WS-Trust request message. - * - * - * @throws Exception - * if an error occurs while running the test. - */ - public void testParseRequestSecurityToken() throws Exception - { - // load a sample ws-trust request from a test file. - Document document = DocumentUtil - .getDocument(this.getClass().getResourceAsStream("/wstrust/ws-trust-request.xml")); - - // encapsulate the request in a source object. - Source source = new DOMSource(document); - - // parse the request using the WSTrustJAXBFactory. - WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance(); - BaseRequestSecurityToken baseRequest = factory.parseRequestSecurityToken(source); - assertNotNull("Unexpected null request message", baseRequest); - - // check the contents of the parsed request. - assertTrue("Unexpected request message type", baseRequest instanceof RequestSecurityToken); - RequestSecurityToken parsedRequest = (RequestSecurityToken) baseRequest; - assertEquals("Unexpected context name", "testcontext", parsedRequest.getContext()); - assertEquals("Unexpected token type", "http://www.tokens.org/SpecialToken", parsedRequest.getTokenType().toString()); - assertEquals("Unexpected request type", "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue", parsedRequest - .getRequestType().toString()); - } - - /** - * - * Tests parsing a WS-Trust response message. - * - * - * @throws Exception - * if an error occurs while running the test. - */ - public void testParseRequestSecurityTokenResponse() throws Exception - { - // load a ws-trust response from a file. - Document document = DocumentUtil.getDocument(this.getClass() - .getResourceAsStream("/wstrust/ws-trust-response.xml")); - - // encapsulate the response in a source object. - Source source = new DOMSource(document); - - // parse the response using the WSTrustJAXBFactory. - WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance(); - BaseRequestSecurityTokenResponse baseResponse = factory.parseRequestSecurityTokenResponse(source); - assertNotNull("Unexpected null response message", baseResponse); - - // check the contents of the parsed response. - assertTrue("Unexpected response message type", baseResponse instanceof RequestSecurityTokenResponseCollection); - RequestSecurityTokenResponseCollection parsedCollection = (RequestSecurityTokenResponseCollection) baseResponse; - assertNotNull("Unexpected null response list", parsedCollection.getRequestSecurityTokenResponses()); - assertEquals("Unexpected number of responses", 1, parsedCollection.getRequestSecurityTokenResponses().size()); - - RequestSecurityTokenResponse parsedResponse = parsedCollection.getRequestSecurityTokenResponses().get(0); - assertEquals("Unexpected context name", "testcontext", parsedResponse.getContext()); - assertEquals("Unexpected token type", "http://www.tokens.org/SpecialToken", parsedResponse.getTokenType() - .toString()); - assertFalse(parsedResponse.isForwardable()); - } - - /** - * - * Tests the marshalling of a WS-Trust request. - * - * - * @throws Exception - * if an error occurs while running the test. - */ - public void testMarshallRequestSecurityToken() throws Exception - { - // create a request object. - RequestSecurityToken request = new RequestSecurityToken(); - request.setContext("testcontext"); - request.setTokenType(new URI("http://www.tokens.org/SpecialToken")); - request.setRequestType(new URI("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue")); - - // use the factory to marshall the request. - WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance(); - Source source = factory.marshallRequestSecurityToken(request); - assertNotNull("Unexpected null source", source); - assertTrue("Unexpected source type", source instanceof DOMSource); - - // at this point we know that the parsing works, so parse the generated source and compare to the original request. - BaseRequestSecurityToken baseRequest = factory.parseRequestSecurityToken(source); - assertNotNull("Unexpected null value for the parsed request", baseRequest); - assertTrue("Unexpected parsed request type", baseRequest instanceof RequestSecurityToken); - RequestSecurityToken parsedRequest = (RequestSecurityToken) baseRequest; - assertEquals("Unexpected context value", request.getContext(), parsedRequest.getContext()); - assertTrue("Unexpected token type", request.getTokenType().equals(parsedRequest.getTokenType())); - assertTrue("Unexpected request type", request.getRequestType().equals(parsedRequest.getRequestType())); - } - - /** - * - * Tests the marshalling of a WS-Trust response. - * - * - * @throws Exception - * if an error occurs while running the test. - */ - public void testMarshallRequestSecurityTokenResponse() throws Exception - { - // create a sample ws-trust response message. - RequestSecurityTokenResponse response = new RequestSecurityTokenResponse(); - response.setContext("testcontext"); - response.setTokenType(new URI("http://www.tokens.org/SpecialToken")); - response.setForwardable(false); - - RequestSecurityTokenResponseCollection collection = new RequestSecurityTokenResponseCollection(); - collection.addRequestSecurityTokenResponse(response); - - // use the factory to marshall the response. - WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance(); - Source source = factory.marshallRequestSecurityTokenResponse(collection); - assertNotNull("Unexpected null source", source); - assertTrue("Unexpected source type", source instanceof DOMSource); - - // at this point we know that the parsing works, so parse the generated source and compare to the original response. - BaseRequestSecurityTokenResponse baseResponse = factory.parseRequestSecurityTokenResponse(source); - assertNotNull("Unexpected null value for the parsed response", baseResponse); - assertTrue("Unexpected parsed request type", baseResponse instanceof RequestSecurityTokenResponseCollection); - RequestSecurityTokenResponseCollection parsedCollection = (RequestSecurityTokenResponseCollection) baseResponse; - assertNotNull("Unexpected null response list", parsedCollection.getRequestSecurityTokenResponses()); - assertEquals("Unexpected number of responses", 1, parsedCollection.getRequestSecurityTokenResponses().size()); - - RequestSecurityTokenResponse parsedResponse = parsedCollection.getRequestSecurityTokenResponses().get(0); - assertEquals("Unexpected context value", response.getContext(), parsedResponse.getContext()); - assertTrue("Unexpected token type", response.getTokenType().equals(parsedResponse.getTokenType())); - assertFalse(parsedResponse.isForwardable()); - } -} Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,106 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.test.identity.federation.api.wstrust; - -import java.security.PrivilegedActionException; - -import junit.framework.TestCase; - -import org.jboss.identity.federation.api.wstrust.STSConfiguration; -import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider; -import org.jboss.identity.federation.api.wstrust.StandardRequestHandler; -import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler; -import org.jboss.identity.federation.api.wstrust.WSTrustServiceFactory; -import org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider; - -/** - * - * This {@code TestCase} tests the behavior of the {@code WSTrustServiceFactory} class. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class WSTrustServiceFactoryUnitTestCase extends TestCase -{ - - /** - * - * Tests the creation of a {@code WSTrustRequestHandler} instance. - * - * - * @throws Exception if an error occurs while running the test. - */ - public void testCreateRequestHandler() throws Exception - { - STSConfiguration config = new MockSTSConfiguration(); - WSTrustServiceFactory factory = WSTrustServiceFactory.getInstance(); - - // tests the creation of the request handler. - WSTrustRequestHandler handler = factory.createRequestHandler( - "org.jboss.identity.federation.api.wstrust.StandardRequestHandler", config); - assertNotNull("Unexpected null request handler", handler); - assertTrue("Unexpected request handler type", handler instanceof StandardRequestHandler); - - // try to create an invalid instance of request handler. - try - { - factory.createRequestHandler("InvalidHandler", config); - fail("An exception should have been raised"); - } - catch (RuntimeException re) - { - assertTrue(re.getCause() instanceof PrivilegedActionException); - } - } - - /** - * - * Tests the creation of {@code SecurityTokenProvider}s. - * - * - * @throws Exception if an error occurs while running the test. - */ - public void testCreateTokenProvider() throws Exception - { - WSTrustServiceFactory factory = WSTrustServiceFactory.getInstance(); - SecurityTokenProvider provider = factory - .createTokenProvider("org.jboss.test.identity.federation.api.wstrust.SpecialTokenProvider"); - assertNotNull("Unexpected null token provider", provider); - assertTrue("Unexpected token provider type", provider instanceof SpecialTokenProvider); - provider = factory - .createTokenProvider("org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider"); - assertNotNull("Unexpected null token provider", provider); - assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider); - - // try to create an invalid token provider. - try - { - factory.createTokenProvider("InvalidTokenProvider"); - fail("An exception should have been raised"); - } - catch (RuntimeException re) - { - assertTrue(re.getCause() instanceof PrivilegedActionException); - } - - } -} Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-request.xml =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-request.xml 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-request.xml 2009-09-03 01:56:21 UTC (rev 758) @@ -1,4 +0,0 @@ -<wst:RequestSecurityToken xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" Context="testcontext"> - <wst:TokenType>http://www.tokens.org/SpecialToken</wst:TokenType> - <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> -</wst:RequestSecurityToken> \ No newline at end of file Deleted: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-response.xml =================================================================== --- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-response.xml 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-response.xml 2009-09-03 01:56:21 UTC (rev 758) @@ -1,7 +0,0 @@ -<wst:RequestSecurityTokenResponseCollection - xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"> - <wst:RequestSecurityTokenResponse Context="testcontext"> - <wst:TokenType>http://www.tokens.org/SpecialToken</wst:TokenType> - <wst:Forwardable>false</wst:Forwardable> - </wst:RequestSecurityTokenResponse> -</wst:RequestSecurityTokenResponseCollection> Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/IDGenerator.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/IDGenerator.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/IDGenerator.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,55 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.saml.v2.common; + +import java.util.UUID; + +/** + * Utility class that generates unique IDs + * @author Anil.Saldhana(a)redhat.com + * @since Jan 5, 2009 + */ +public class IDGenerator +{ + /* + * Create a basic unique ID + */ + public static String create() + { + return UUID.randomUUID().toString(); + } + + /** + * Create an id that is prefixed by a string + * @param prefix + * @return an id + * @throws IllegalArgumentException when prefix is null + */ + public static String create(String prefix) + { + if(prefix == null) + throw new IllegalArgumentException("prefix is null"); + StringBuilder sb = new StringBuilder(prefix); + sb.append(IDGenerator.create()); + return sb.toString(); + } +} \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/SAMLDocumentHolder.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/SAMLDocumentHolder.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/SAMLDocumentHolder.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,74 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.saml.v2.common; + +import org.w3c.dom.Document; + +/** + * A Holder class that can store + * the SAML object as well as the corresponding + * DOM object. + * It is thread safe because each thread + * can have only one instance of this class + * @author Anil.Saldhana(a)redhat.com + * @since Aug 13, 2009 + */ +public class SAMLDocumentHolder +{ + private Object samlObject; + private Document samlDocument; + + public SAMLDocumentHolder(Object samlObject) + { + this.samlObject = samlObject; + } + + public SAMLDocumentHolder(Document samlDocument) + { + this.samlDocument = samlDocument; + } + + public SAMLDocumentHolder(Object samlObject, Document samlDocument) + { + this.samlObject = samlObject; + this.samlDocument = samlDocument; + } + public Object getSamlObject() + { + return samlObject; + } + + public void setSamlObject(Object samlObject) + { + this.samlObject = samlObject; + } + + public Document getSamlDocument() + { + return samlDocument; + } + + public void setSamlDocument(Document samlDocument) + { + this.samlDocument = samlDocument; + } +} \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLSignatureUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLSignatureUtil.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLSignatureUtil.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,340 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.util; + +import java.io.OutputStream; +import java.security.AccessController; +import java.security.GeneralSecurityException; +import java.security.Key; +import java.security.KeyPair; +import java.security.PrivateKey; +import java.security.PrivilegedAction; +import java.security.PublicKey; +import java.util.Collections; +import java.util.List; + +import javax.security.cert.X509Certificate; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; +import javax.xml.crypto.MarshalException; +import javax.xml.crypto.dsig.CanonicalizationMethod; +import javax.xml.crypto.dsig.DigestMethod; +import javax.xml.crypto.dsig.Reference; +import javax.xml.crypto.dsig.SignatureMethod; +import javax.xml.crypto.dsig.SignedInfo; +import javax.xml.crypto.dsig.Transform; +import javax.xml.crypto.dsig.XMLSignature; +import javax.xml.crypto.dsig.XMLSignatureException; +import javax.xml.crypto.dsig.XMLSignatureFactory; +import javax.xml.crypto.dsig.dom.DOMSignContext; +import javax.xml.crypto.dsig.dom.DOMValidateContext; +import javax.xml.crypto.dsig.keyinfo.KeyInfo; +import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory; +import javax.xml.crypto.dsig.keyinfo.KeyValue; +import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec; +import javax.xml.crypto.dsig.spec.TransformParameterSpec; +import javax.xml.parsers.ParserConfigurationException; +import javax.xml.transform.Transformer; +import javax.xml.transform.TransformerException; +import javax.xml.transform.TransformerFactory; +import javax.xml.transform.stream.StreamResult; + +import org.apache.log4j.Logger; +import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; +import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; +import org.jboss.identity.federation.core.util.JAXBUtil; +import org.jboss.identity.xmlsec.w3.xmldsig.ObjectFactory; +import org.jboss.identity.xmlsec.w3.xmldsig.SignatureType; +import org.w3c.dom.Document; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; +import org.xml.sax.SAXException; + +/** + * Utility for XML Signature + * @author Anil.Saldhana(a)redhat.com + * @since Dec 15, 2008 + */ +public class XMLSignatureUtil +{ + private static Logger log = Logger.getLogger(XMLSignatureUtil.class); + private static boolean trace = log.isTraceEnabled(); + + private static String pkgName = "org.jboss.identity.federation.w3.xmldsig"; + private static String schemaLocation = "schema/saml/v2/xmldsig-core-schema.xsd"; + + private static ObjectFactory objectFactory = new ObjectFactory(); + + private static XMLSignatureFactory fac = getXMLSignatureFactory(); + + private static XMLSignatureFactory getXMLSignatureFactory() + { + XMLSignatureFactory xsf = null; + + try + { + xsf = XMLSignatureFactory.getInstance("DOM"); + } + catch(Exception err) + { + //JDK5 + xsf = XMLSignatureFactory.getInstance("DOM", + new org.jcp.xml.dsig.internal.dom.XMLDSigRI()); + } + return xsf; + } + + //Set some system properties + static + { + AccessController.doPrivileged(new PrivilegedAction<Object>() + { + public Object run() + { + System.setProperty("org.apache.xml.security.ignoreLineBreaks", "true"); + return null; + } + }); + }; + + /** + * Precheck whether the document that will be validated + * has the right signedinfo + * @param doc + * @return + */ + public static boolean preCheckSignedInfo(Document doc) + { + NodeList nl = doc.getElementsByTagNameNS(JBossSAMLURIConstants.XMLDSIG_NSURI.get(), "SignedInfo"); + return nl != null ? nl.getLength() > 0 : false; + } + + /** + * Sign a node in a document + * @param doc Document + * @param parentOfNodeToBeSigned Parent Node of the node to be signed + * @param signingKey Private Key + * @param certificate X509 Certificate holding the public key + * @param digestMethod (Example: DigestMethod.SHA1) + * @param signatureMethod (Example: SignatureMethod.DSA_SHA1) + * @param referenceURI + * @return Document that contains the signed node + * @throws XMLSignatureException + * @throws MarshalException + * @throws GeneralSecurityException + * @throws ParserConfigurationException + */ + public static Document sign(Document doc, + Node parentOfNodeToBeSigned, + PrivateKey signingKey, + X509Certificate certificate, + String digestMethod, + String signatureMethod, + String referenceURI) + throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException + { + KeyPair keyPair = new KeyPair(certificate.getPublicKey(),signingKey); + return sign(doc,parentOfNodeToBeSigned, keyPair, + digestMethod, signatureMethod, referenceURI); + } + + /** + * Sign a node in a document + * @param doc + * @param nodeToBeSigned + * @param keyPair + * @param publicKey + * @param digestMethod + * @param signatureMethod + * @param referenceURI + * @return + * @throws ParserConfigurationException + * @throws XMLSignatureException + * @throws MarshalException + * @throws GeneralSecurityException + */ + public static Document sign(Document doc, + Node nodeToBeSigned, + KeyPair keyPair, + String digestMethod, + String signatureMethod, + String referenceURI) throws ParserConfigurationException, GeneralSecurityException, MarshalException, XMLSignatureException + { + if(nodeToBeSigned == null) + throw new IllegalArgumentException("Node to be signed is null"); + if(trace) + { + try + { + log.trace("Document to be signed=" + DocumentUtil.getDocumentAsString(doc)); + }catch (Exception e) {} + } + + Node parentNode = nodeToBeSigned.getParentNode(); + + //Let us create a new Document + Document newDoc = DocumentUtil.createDocument(); + //Import the node + Node signingNode = newDoc.importNode(nodeToBeSigned, true); + newDoc.appendChild(signingNode); + + newDoc = sign(newDoc, keyPair, digestMethod, signatureMethod, referenceURI); + + //Now let us import this signed doc into the original document we got in the method call + Node signedNode = doc.importNode(newDoc.getFirstChild(), true); + + parentNode.replaceChild(signedNode, nodeToBeSigned); + //doc.getDocumentElement().replaceChild(signedNode, nodeToBeSigned); + + return doc; + } + + + /** + * Sign the root element + * @param doc + * @param signingKey + * @param publicKey + * @param digestMethod + * @param signatureMethod + * @param referenceURI + * @return + * @throws GeneralSecurityException + * @throws XMLSignatureException + * @throws MarshalException + */ + public static Document sign(Document doc, + KeyPair keyPair, + String digestMethod, + String signatureMethod, + String referenceURI) throws GeneralSecurityException, MarshalException, XMLSignatureException + { + if(trace) + { + try + { + log.trace("Document to be signed=" + DocumentUtil.getDocumentAsString(doc)); + }catch (Exception e) {} + } + PrivateKey signingKey = keyPair.getPrivate(); + PublicKey publicKey = keyPair.getPublic(); + + DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement()); + dsc.setDefaultNamespacePrefix("dsig"); + +// dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds"); + + DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null); + Transform transform = fac.newTransform(Transform.ENVELOPED, + (TransformParameterSpec) null); + + List<Transform> transformList = Collections.singletonList(transform); + Reference ref = fac.newReference + ( referenceURI, digestMethodObj,transformList,null, null); + + String canonicalizationMethodType = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS; + CanonicalizationMethod canonicalizationMethod + = fac.newCanonicalizationMethod + (canonicalizationMethodType, (C14NMethodParameterSpec) null); + + List<Reference> referenceList = Collections.singletonList(ref); + SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null); + SignedInfo si = fac.newSignedInfo (canonicalizationMethod, signatureMethodObj , + referenceList); + + KeyInfoFactory kif = fac.getKeyInfoFactory(); + KeyValue kv = kif.newKeyValue(publicKey); + KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv)); + + XMLSignature signature = fac.newXMLSignature(si, ki); + + signature.sign(dsc); + + return doc; + } + /** + * Validate a signed document with the given public key + * @param signedDoc + * @param publicKey + * @return + * @throws MarshalException + * @throws XMLSignatureException + */ + @SuppressWarnings("unchecked") + public static boolean validate(Document signedDoc, Key publicKey) throws MarshalException, XMLSignatureException + { + NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); + if (nl == null || nl.getLength() == 0) + { + throw new IllegalArgumentException("Cannot find Signature element"); + } + if(publicKey == null) + throw new IllegalArgumentException("Public Key is null"); + + DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0)); + XMLSignature signature = fac.unmarshalXMLSignature(valContext); + boolean coreValidity = signature.validate(valContext); + + if(trace && !coreValidity) + { + boolean sv = signature.getSignatureValue().validate(valContext); + log.trace("Signature validation status: " + sv); + + List<Reference> references = signature.getSignedInfo().getReferences(); + for(Reference ref:references) + { + log.trace("[Ref id=" + ref.getId() +":uri=" + ref.getURI() + + "]validity status:" + ref.validate(valContext)); + } + } + return coreValidity; + } + + /** + * Marshall a SignatureType to output stream + * @param signature + * @param os + * @throws SAXException + * @throws JAXBException + */ + public static void marshall(SignatureType signature, OutputStream os) throws JAXBException, SAXException + { + JAXBElement<SignatureType> jsig = objectFactory.createSignature(signature); + Marshaller marshaller = JAXBUtil.getValidatingMarshaller(pkgName, schemaLocation); + marshaller.marshal(jsig, os); + } + + /** + * Marshall the signed document to an output stream + * @param signedDocument + * @param os + * @throws TransformerException + */ + public static void marshall(Document signedDocument, OutputStream os) + throws TransformerException + { + TransformerFactory tf = TransformerFactory.newInstance(); + Transformer trans = tf.newTransformer(); + trans.transform(DocumentUtil.getXMLSource(signedDocument), new StreamResult(os)); + } +} \ No newline at end of file Deleted: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,33 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.core.wstrust; - -/** - * - * Marker interface for the request security token types. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public interface BaseRequestSecurityToken -{ -} Deleted: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,33 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.core.wstrust; - -/** - * - * Marker interface for the security token response types. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public interface BaseRequestSecurityTokenResponse -{ -} Deleted: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,236 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.core.wstrust; - -import java.util.GregorianCalendar; - -import javax.xml.datatype.DatatypeConfigurationException; -import javax.xml.datatype.DatatypeFactory; -import javax.xml.datatype.XMLGregorianCalendar; - -import org.jboss.identity.federation.ws.trust.LifetimeType; -import org.jboss.identity.federation.ws.wss.utility.AttributedDateTime; - -/** - * - * This class represents a WS-Trust {@code Lifetime}. It wraps the JAXB {@code LifetimeType} and offer methods that - * allows for easy retrieval of the creation and expiration times as {@code XMLGregorianCalendar} and - * {@code GregorianCalendar} objects. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class Lifetime -{ - - private final LifetimeType delegate; - - private XMLGregorianCalendar created; - - private XMLGregorianCalendar expires; - - private DatatypeFactory factory; - - /** - * - * Creates an instance of {@code Lifetime} with the specified parameters. - * - * - * @param created a {@code GregorianCalendar} representing the token creation time. - * @param expires a {@code GregorianCalendar} representing the token expiration time. - */ - public Lifetime(GregorianCalendar created, GregorianCalendar expires) - { - try - { - this.factory = DatatypeFactory.newInstance(); - } - catch (DatatypeConfigurationException dce) - { - throw new RuntimeException("Unable to get DatatypeFactory instance", dce); - } - - // normalize the parameters (convert to UTC). - this.created = factory.newXMLGregorianCalendar(created).normalize(); - this.expires = factory.newXMLGregorianCalendar(expires).normalize(); - - // set the delegate fields. - this.delegate = new LifetimeType(); - AttributedDateTime dateTime = new AttributedDateTime(); - dateTime.setValue(this.created.toXMLFormat()); - this.delegate.setCreated(dateTime); - dateTime = new AttributedDateTime(); - dateTime.setValue(this.expires.toXMLFormat()); - this.delegate.setExpires(dateTime); - - } - - /** - * - * Creates a {@code Lifetime} instance using the specified {@code LifetimeType}. - * - * - * @param lifetime a reference to the {@code LifetimeType} instance that contains the information used in the - * {@code Lifetime} construction. - */ - public Lifetime(LifetimeType lifetime) - { - if (lifetime == null) - throw new IllegalArgumentException("Unable to create a Lifetime object from a null LifetimeType"); - - try - { - this.factory = DatatypeFactory.newInstance(); - } - catch (DatatypeConfigurationException dce) - { - throw new RuntimeException("Unable to get DatatypeFactory instance", dce); - } - this.delegate = lifetime; - - // construct the created and expires instances from the lifetime object. - this.created = factory.newXMLGregorianCalendar(lifetime.getCreated().getValue()); - this.expires = factory.newXMLGregorianCalendar(lifetime.getExpires().getValue()); - - // check if the supplied lifetime needs to be normalized. - if (this.created.getTimezone() != 0) - { - this.created = this.created.normalize(); - this.delegate.getCreated().setValue(this.created.toXMLFormat()); - } - if (this.expires.getTimezone() != 0) - { - this.expires = this.expires.normalize(); - this.delegate.getExpires().setValue(this.expires.toXMLFormat()); - } - } - - /** - * - * Obtains the creation time as a {@code XMLGregorianCalendar}. - * - * - * @return a reference to the {@code XMLGregorianCalendar} that represents the creation time. - */ - public XMLGregorianCalendar getCreated() - { - return this.created; - } - - /** - * - * Sets the creation time. - * - * - * @param created a reference to the {@code XMLGregorianCalendar} that represents the creation time to be set. - */ - public void setCreated(XMLGregorianCalendar created) - { - this.created = created.normalize(); - this.delegate.getCreated().setValue(this.created.toXMLFormat()); - } - - /** - * - * Obtains the creation time as a {@code GregorianCalendar}. - * - * - * @return a reference to the {@code GregorianCalendar} that represents the creation time. - */ - public GregorianCalendar getCreatedCalendar() - { - return this.created.toGregorianCalendar(); - } - - /** - * - * Sets the creation time. - * - * - * @param created a reference to the {@code GregorianCalendar} that represents the creation time to be set. - */ - public void setCreatedCalendar(GregorianCalendar created) - { - this.setCreated(this.factory.newXMLGregorianCalendar(created)); - } - - /** - * - * Obtains the expiration time as a {@code XMLGregorianCalendar}. - * - * - * @return a reference to the {@code XMLGregorianCalendar} that represents the expiration time. - */ - public XMLGregorianCalendar getExpires() - { - return this.expires; - } - - /** - * - * Sets the expiration time. - * - * - * @param expires a reference to the {@code XMLGregorianCalendar} that represents the expiration time. - */ - public void setExpires(XMLGregorianCalendar expires) - { - this.expires = expires.normalize(); - this.delegate.getExpires().setValue(this.expires.toXMLFormat()); - } - - /** - * - * Obtains the expiration time as a {@code GregorianCalendar}. - * - * - * @return a reference to the {@code GregorianCalendar} that represents the expiration time. - */ - public GregorianCalendar getExpiresCalendar() - { - return this.expires.toGregorianCalendar(); - } - - /** - * - * Sets the expiration time. - * - * - * @param expires a reference to the {@code GregorianCalendar} that represents the expiration time. - */ - public void setExpiresCalendar(GregorianCalendar expires) - { - this.setExpires(this.factory.newXMLGregorianCalendar(expires)); - } - - /** - * - * Obtains a reference to the {@code LifetimeType} delegate. - * - * - * @return a reference to the delegate instance. - */ - public LifetimeType getDelegate() - { - return this.delegate; - } -} Deleted: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,1139 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.core.wstrust; - -import java.net.URI; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; -import java.util.Map; - -import javax.xml.bind.JAXBElement; -import javax.xml.namespace.QName; - -import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; -import org.jboss.identity.federation.ws.policy.AppliesTo; -import org.jboss.identity.federation.ws.policy.Policy; -import org.jboss.identity.federation.ws.policy.PolicyReference; -import org.jboss.identity.federation.ws.trust.AllowPostdatingType; -import org.jboss.identity.federation.ws.trust.CancelTargetType; -import org.jboss.identity.federation.ws.trust.ClaimsType; -import org.jboss.identity.federation.ws.trust.DelegateToType; -import org.jboss.identity.federation.ws.trust.EncryptionType; -import org.jboss.identity.federation.ws.trust.EntropyType; -import org.jboss.identity.federation.ws.trust.LifetimeType; -import org.jboss.identity.federation.ws.trust.ObjectFactory; -import org.jboss.identity.federation.ws.trust.OnBehalfOfType; -import org.jboss.identity.federation.ws.trust.ProofEncryptionType; -import org.jboss.identity.federation.ws.trust.RenewTargetType; -import org.jboss.identity.federation.ws.trust.RenewingType; -import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType; -import org.jboss.identity.federation.ws.trust.UseKeyType; -import org.jboss.identity.federation.ws.trust.ValidateTargetType; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.w3c.dom.NodeList; - -/** - * - * This class represents a WS-Trust {@code RequestSecurityToken}. It wraps the JAXB representation of the security - * token request and offers a series of getter/setter methods that make it easy to work with elements that are - * represented by the {@code Any} XML type. - * - * - * The following shows the intended content model of a {@code RequestSecurityToken}: - * - * <pre> - * <xs:element ref='wst:TokenType' minOccurs='0' /> - * <xs:element ref='wst:RequestType' /> - * <xs:element ref='wsp:AppliesTo' minOccurs='0' /> - * <xs:element ref='wst:Claims' minOccurs='0' /> - * <xs:element ref='wst:Entropy' minOccurs='0' /> - * <xs:element ref='wst:Lifetime' minOccurs='0' /> - * <xs:element ref='wst:AllowPostdating' minOccurs='0' /> - * <xs:element ref='wst:Renewing' minOccurs='0' /> - * <xs:element ref='wst:OnBehalfOf' minOccurs='0' /> - * <xs:element ref='wst:Issuer' minOccurs='0' /> - * <xs:element ref='wst:AuthenticationType' minOccurs='0' /> - * <xs:element ref='wst:KeyType' minOccurs='0' /> - * <xs:element ref='wst:KeySize' minOccurs='0' /> - * <xs:element ref='wst:SignatureAlgorithm' minOccurs='0' /> - * <xs:element ref='wst:Encryption' minOccurs='0' /> - * <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' /> - * <xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' /> - * <xs:element ref='wst:ProofEncryption' minOccurs='0' /> - * <xs:element ref='wst:UseKey' minOccurs='0' /> - * <xs:element ref='wst:SignWith' minOccurs='0' /> - * <xs:element ref='wst:EncryptWith' minOccurs='0' /> - * <xs:element ref='wst:DelegateTo' minOccurs='0' /> - * <xs:element ref='wst:Forwardable' minOccurs='0' /> - * <xs:element ref='wst:Delegatable' minOccurs='0' /> - * <xs:element ref='wsp:Policy' minOccurs='0' /> - * <xs:element ref='wsp:PolicyReference' minOccurs='0' /> - * <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' /> - * </pre> - * - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class RequestSecurityToken implements BaseRequestSecurityToken -{ - - private final RequestSecurityTokenType delegate; - - private URI tokenType; - - private URI requestType; - - private AppliesTo appliesTo; - - private ClaimsType claims; - - private EntropyType entropy; - - private Lifetime lifetime; - - private AllowPostdatingType allowPostDating; - - private RenewingType renewing; - - private OnBehalfOfType onBehalfOf; - - private EndpointReferenceType issuer; - - private URI authenticationType; - - private URI keyType; - - private long keySize; - - private URI signatureAlgorithm; - - private EncryptionType encryption; - - private URI encryptionAlgorithm; - - private URI canonicalizationAlgorithm; - - private ProofEncryptionType proofEncryption; - - private UseKeyType useKey; - - private URI signWith; - - private URI encryptWith; - - private DelegateToType delegateTo; - - private boolean forwardable; - - private boolean delegatable; - - private Policy policy; - - private PolicyReference policyReference; - - private ValidateTargetType validateTarget; - - private RenewTargetType renewTarget; - - private CancelTargetType cancelTarget; - - private final List<Object> extensionElements = new ArrayList<Object>(); - - private final ObjectFactory factory = new ObjectFactory(); - - private Document rstDocument; - - /** - * - * Creates an instance of {@code RequestSecurityToken}. - * - */ - public RequestSecurityToken() - { - this.delegate = new RequestSecurityTokenType(); - } - - /** - * - * Creates an instance of {@code RequestSecurityToken} using the specified delegate. - * - * - * @param delegate the JAXB {@code RequestSecurityTokenType} that represents a WS-Trust token request. - */ - public RequestSecurityToken(RequestSecurityTokenType delegate) - { - this.delegate = delegate; - // parse the delegate's Any contents. - for (Object obj : this.delegate.getAny()) - { - if (obj instanceof AppliesTo) - { - this.appliesTo = (AppliesTo) obj; - } - else if (obj instanceof Policy) - { - this.policy = (Policy) obj; - } - else if (obj instanceof PolicyReference) - { - this.policyReference = (PolicyReference) obj; - } - else if (obj instanceof JAXBElement) - { - JAXBElement<?> element = (JAXBElement<?>) obj; - String localName = element.getName().getLocalPart(); - if (localName.equalsIgnoreCase("TokenType")) - this.tokenType = URI.create((String) element.getValue()); - else if (localName.equalsIgnoreCase("RequestType")) - this.requestType = URI.create((String) element.getValue()); - else if (localName.equalsIgnoreCase("Claims")) - this.claims = (ClaimsType) element.getValue(); - else if (localName.equalsIgnoreCase("Entropy")) - this.entropy = (EntropyType) element.getValue(); - else if (localName.equalsIgnoreCase("Lifetime")) - this.lifetime = new Lifetime((LifetimeType) element.getValue()); - else if (localName.equalsIgnoreCase("AllowPostdating")) - this.allowPostDating = (AllowPostdatingType) element.getValue(); - else if (localName.equalsIgnoreCase("Renewing")) - this.renewing = (RenewingType) element.getValue(); - else if (localName.equalsIgnoreCase("OnBehalfOf")) - this.onBehalfOf = (OnBehalfOfType) element.getValue(); - else if (localName.equalsIgnoreCase("Issuer")) - this.issuer = (EndpointReferenceType) element.getValue(); - else if (localName.equalsIgnoreCase("AuthenticationType")) - this.authenticationType = URI.create((String) element.getValue()); - else if (localName.equalsIgnoreCase("KeyType")) - this.keyType = URI.create((String) element.getValue()); - else if (localName.equalsIgnoreCase("KeySize")) - this.keySize = (Long) element.getValue(); - else if (localName.equalsIgnoreCase("SignatureAlgorithm")) - this.signatureAlgorithm = URI.create((String) element.getValue()); - else if (localName.equalsIgnoreCase("Encryption")) - this.encryption = (EncryptionType) element.getValue(); - else if (localName.equalsIgnoreCase("EntropyAlgorithm")) - this.encryptionAlgorithm = URI.create((String) element.getValue()); - else if (localName.equalsIgnoreCase("CanonicalizationAlgorithm")) - this.canonicalizationAlgorithm = URI.create((String) element.getValue()); - else if (localName.equalsIgnoreCase("ProofEncryption")) - this.proofEncryption = (ProofEncryptionType) element.getValue(); - else if (localName.equalsIgnoreCase("UseKey")) - this.useKey = (UseKeyType) element.getValue(); - else if (localName.equalsIgnoreCase("SignWith")) - this.signWith = URI.create((String) element.getValue()); - else if (localName.equalsIgnoreCase("EncryptWith")) - this.encryptWith = URI.create((String) element.getValue()); - else if (localName.equalsIgnoreCase("DelegateTo")) - this.delegateTo = (DelegateToType) element.getValue(); - else if (localName.equalsIgnoreCase("Forwardable")) - this.forwardable = (Boolean) element.getValue(); - else if (localName.equalsIgnoreCase("Delegatable")) - this.delegatable = (Boolean) element.getValue(); - else if (localName.equalsIgnoreCase("CancelTarget")) - this.cancelTarget = (CancelTargetType) element.getValue(); - else if (localName.equalsIgnoreCase("RenewTarget")) - this.renewTarget = (RenewTargetType) element.getValue(); - else if (localName.equalsIgnoreCase("ValidateTarget")) - this.validateTarget = (ValidateTargetType) element.getValue(); - else - this.extensionElements.add(element.getValue()); - } - else - { - this.extensionElements.add(obj); - } - } - } - - /** - * Creates an instance of {@code RequestSecurityTokenType} and {@code Document} - * @param delegate - * @param rstDocument - */ - public RequestSecurityToken(RequestSecurityTokenType delegate, Document rstDocument) - { - this(delegate); - this.rstDocument = rstDocument; - } - - /** - * - * Obtains the {@code URI} that identifies the token type. - * - * - * @return a {@code URI} that represents the token type. - */ - public URI getTokenType() - { - return this.tokenType; - } - - /** - * - * Sets the token type. - * - * - * @param tokenType a {@code URI} that identifies the token type. - */ - public void setTokenType(URI tokenType) - { - this.tokenType = tokenType; - this.delegate.getAny().add(this.factory.createTokenType(tokenType.toString())); - - } - - /** - * - * Obtains the request type. - * - * - * @return a {@code URI} that identifies the request type. - */ - public URI getRequestType() - { - return this.requestType; - } - - /** - * - * Sets the request type. The type must be one of the request types described in the WS-Trust specification. - * - * - * @param requestType a {@code URI} that identifies the request type. - */ - public void setRequestType(URI requestType) - { - this.requestType = requestType; - this.delegate.getAny().add(this.factory.createRequestType(requestType.toString())); - } - - /** - * - * Obtains the {@code AppliesTo} value of this request. The {@code AppliesTo} object identifies the service provider - * (web service) that requires a token to be presented by clients. A STS uses this object to find the type of the - * token that is accepted by the service provider so that it can issue appropriate tokens to clients. - * - * - * @return the reference to the {@code AppliesTo} object. - */ - public AppliesTo getAppliesTo() - { - return this.appliesTo; - } - - /** - * - * Sets the {@code AppliesTo} value of this request. The {@code AppliesTo} object identifies the service provider - * (web service) that requires a token to be presented by clients. A STS uses this object to find the type of the - * token that is accepted by the service provider so that it can issue appropriate tokens to clients. - * - * - * @param appliesTo a reference to the {@code AppliesTo} object that identifies the service provider. - */ - public void setAppliesTo(AppliesTo appliesTo) - { - this.appliesTo = appliesTo; - this.delegate.getAny().add(appliesTo); - } - - /** - * - * Obtains the set of claims of this request. - * - * - * @return a reference to the {@code ClaimsType} object that represents the request's claims. - */ - public ClaimsType getClaims() - { - return this.claims; - } - - /** - * - * Sets the claims of this request. - * - * - * @param claims the {@code ClaimsType} object that represents the claims to be set. - */ - public void setClaims(ClaimsType claims) - { - this.claims = claims; - this.delegate.getAny().add(this.factory.createClaims(claims)); - } - - /** - * - * Obtains the entropy that will be used in creating the key. - * - * - * @return a reference to the {@code EntropyType} that represents the entropy. - */ - public EntropyType getEntropy() - { - return this.entropy; - } - - /** - * - * Sets the entropy that must be used when creating the key. - * - * - * @param entropy the {@code EntropyType} representing the entropy to be set. - */ - public void setEntropy(EntropyType entropy) - { - this.entropy = entropy; - this.delegate.getAny().add(this.factory.createEntropy(entropy)); - } - - /** - * - * Obtains the desired lifetime of the requested token. - * - * - * @return a reference to the {@code Lifetime} that represents the lifetime. - */ - public Lifetime getLifetime() - { - return this.lifetime; - } - - /** - * - * Sets the desired lifetime of the requested token. - * - * - * @param lifetime the {@code Lifetime} object representing the lifetime to be set. - */ - public void setLifetime(Lifetime lifetime) - { - this.lifetime = lifetime; - this.delegate.getAny().add(this.factory.createLifetime(lifetime.getDelegate())); - } - - /** - * - * Checks whether a request for a postdated token should be allowed or not. - * - * - * @return {@code null} if the token can't have a future lifetime (e.g. a token to be used the next day); a - * {@code AllowPostdatingType} otherwise. - */ - public AllowPostdatingType getAllowPostDating() - { - return this.allowPostDating; - } - - /** - * - * Specifies whether a request for a postdated token should be allowed or not. - * - * - * @param allowPostDating {@code null} if the token can't have a future lifetime (e.g. a token to be used the next - * day); a {@code AllowPostdatingType} otherwise. - */ - public void setAllowPostDating(AllowPostdatingType allowPostDating) - { - this.allowPostDating = allowPostDating; - this.delegate.getAny().add(this.factory.createAllowPostdating(allowPostDating)); - } - - /** - * - * Obtains the renew semantics for this request. - * - * - * @return a reference to the {@code RenewingType} that represents the renew semantics for this request. - */ - public RenewingType getRenewing() - { - return this.renewing; - } - - /** - * - * Sets the renew semantics for this request. - * - * - * @param renewing the {@code RenewingType} object representing the semantics to be set. - */ - public void setRenewing(RenewingType renewing) - { - this.renewing = renewing; - this.delegate.getAny().add(this.factory.createRenewing(renewing)); - } - - /** - * - * Obtains the identity on whose behalf this request was made. - * - * - * @return a reference to the {@code OnBehalfOfType} that represents the identity on whose behalf this request was - * made. - */ - public OnBehalfOfType getOnBehalfOf() - { - return this.onBehalfOf; - } - - /** - * - * Specifies the identity on whose behalf this request is being made. - * - * - * @param onBehalfOf the {@code OnBehalfOfType} object representing the identity to be set. - */ - public void setOnBehalfOf(OnBehalfOfType onBehalfOf) - { - this.onBehalfOf = onBehalfOf; - this.delegate.getAny().add(this.factory.createOnBehalfOf(onBehalfOf)); - } - - /** - * - * Obtains the issuer of the token included in the request in the scenarios where the requestor is obtaining a token - * on behalf of another party. - * - * - * @return a reference to the {@code EndpointReferenceType} that represents the issuer. - */ - public EndpointReferenceType getIssuer() - { - return this.issuer; - } - - /** - * - * Sets the issuer of the token included in the request in scenarios where the requestor is obtaining a token on - * behalf of another party. - * - * - * @param issuer the {@code EndpointReferenceType} object representing the issuer to be set. - */ - public void setIssuer(EndpointReferenceType issuer) - { - this.issuer = issuer; - this.delegate.getAny().add(this.factory.createIssuer(issuer)); - } - - /** - * - * Obtains the type of authentication that has been set as part of the request. - * - * - * @return a {@code URI} that identifies the desired authentication type. - */ - public URI getAuthenticationType() - { - return this.authenticationType; - } - - /** - * - * Sets the authentication type in the request. - * - * - * @param authenticationType a {@code URI} that identifies the authentication type to be set. - */ - public void setAuthenticationType(URI authenticationType) - { - this.authenticationType = authenticationType; - this.delegate.getAny().add(this.factory.createAuthenticationType(authenticationType.toString())); - } - - /** - * - * Obtains the type of the key that has been set in the request. - * - * - * @return a {@code URI} that identifies the key type. - */ - public URI getKeyType() - { - return this.keyType; - } - - /** - * - * Sets the key type in the request. - * - * - * @param keyType a {@code URI} that specifies the key type. - */ - public void setKeyType(URI keyType) - { - this.keyType = keyType; - this.delegate.getAny().add(this.factory.createKeyType(keyType.toString())); - } - - /** - * - * Obtains the size of they key that has been set in the request. - * - * - * @return a {@code long} representing the key size in bytes. - */ - public long getKeySize() - { - return this.keySize; - } - - /** - * - * Sets the size of the key in the request. - * - * - * @param keySize a {@code long} representing the key size in bytes. - */ - public void setKeySize(long keySize) - { - this.keySize = keySize; - this.delegate.getAny().add(this.factory.createKeySize(keySize)); - } - - /** - * - * Obtains the signature algorithm that has been set in the request. - * - * - * @return a {@code URI} that represents the signature algorithm. - */ - public URI getSignatureAlgorithm() - { - return this.signatureAlgorithm; - } - - /** - * - * Sets the signature algorithm in the request. - * - * - * @param signatureAlgorithm a {@code URI} that represents the algorithm to be set. - */ - public void setSignatureAlgorithm(URI signatureAlgorithm) - { - this.signatureAlgorithm = signatureAlgorithm; - this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signatureAlgorithm.toString())); - } - - /** - * - * Obtains the {@code Encryption} section of the request. The {@code Encryption} element indicates that the requestor - * desires any returned secrets in issued security tokens to be encrypted. - * - * - * @return a reference to the {@code EncryptionType} object. - */ - public EncryptionType getEncryption() - { - return this.encryption; - } - - /** - * - * Sets the {@code Encryption} section of the request. The {@code Encryption} element indicates that the requestor - * desires any returned secrets in issued security tokens to be encrypted. - * - * - * @param encryption the {@code EncryptionType} to be set. - */ - public void setEncryption(EncryptionType encryption) - { - this.encryption = encryption; - this.delegate.getAny().add(this.factory.createEncryption(encryption)); - } - - /** - * - * Obtains the encryption algorithm that has been set in the request. - * - * - * @return a {@code URI} that represents the encryption algorithm. - */ - public URI getEncryptionAlgorithm() - { - return this.encryptionAlgorithm; - } - - /** - * - * Sets the encryption algorithm in the request. - * - * - * @param encryptionAlgorithm a {@code URI} that represents the encryption algorithm to be set. - */ - public void setEncryptionAlgorithm(URI encryptionAlgorithm) - { - this.encryptionAlgorithm = encryptionAlgorithm; - this.delegate.getAny().add(this.factory.createEncryptionAlgorithm(encryptionAlgorithm.toString())); - } - - /** - * - * Obtains the canonicalization algorithm that has been set in the request. - * - * - * @return a {@code URI} that represents the canonicalization algorithm. - */ - public URI getCanonicalizationAlgorithm() - { - return this.canonicalizationAlgorithm; - } - - /** - * - * Sets the canonicalization algorithm in the request. - * - * - * @param canonicalizationAlgorithm a {@code URI} that represents the algorithm to be set. - */ - public void setCanonicalizationAlgorithm(URI canonicalizationAlgorithm) - { - this.canonicalizationAlgorithm = canonicalizationAlgorithm; - this.delegate.getAny().add(this.factory.createCanonicalizationAlgorithm(canonicalizationAlgorithm.toString())); - } - - /** - * - * Obtains the {@code ProofEncryption} section of the request. The {@code ProofEncryption} indicates that the - * requester desires any returned secrets in issued security tokens to be encrypted. - * - * - * @return a reference to the {@code ProofEncryptionType} object. - */ - public ProofEncryptionType getProofEncryption() - { - return this.proofEncryption; - } - - /** - * - * Sets the {@code ProofEncryption} section of the request. The {@code ProofEncryption} indicates that the requester - * desires any returned secrets in issued security tokens to be encrypted. - * - * - * @param proofEncryption the {@code ProofEncryptionType} to be set. - */ - public void setProofEncryption(ProofEncryptionType proofEncryption) - { - this.proofEncryption = proofEncryption; - this.delegate.getAny().add(this.factory.createProofEncryption(proofEncryption)); - } - - /** - * - * Obtains the key that should be used in the returned token. - * - * - * @return a reference to the {@code UseKeyType} instance that represents the key to be used. - */ - public UseKeyType getUseKey() - { - return this.useKey; - } - - /** - * - * Sets the key that should be used in the returned token. - * - * - * @param useKey the {@code UseKeyType} instance to be set. - */ - public void setUseKey(UseKeyType useKey) - { - this.useKey = useKey; - this.delegate.getAny().add(this.factory.createUseKey(useKey)); - } - - /** - * - * Obtains the signature algorithm that should be used with the issued security token. - * - * - * @return a {@code URI} representing the algorithm that should be used. - */ - public URI getSignWith() - { - return this.signWith; - } - - /** - * - * Sets the signature algorithm that should be used with the issued security token. - * - * - * @param signWith a {@code URI} representing the algorithm to be used. - */ - public void setSignWith(URI signWith) - { - this.signWith = signWith; - this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signWith.toString())); - } - - /** - * - * Obtains the encryption algorithm that should be used with the issued security token. - * - * - * @return a {@code URI} representing the encryption algorithm that should be used. - */ - public URI getEncryptWith() - { - return this.encryptWith; - } - - /** - * - * Sets the encryption algorithm that should be used with the issued security token. - * - * - * @param encryptWith a {@code URI} representing the algorithm to be used. - */ - public void setEncryptWith(URI encryptWith) - { - this.encryptWith = encryptWith; - this.delegate.getAny().add(this.factory.createEncryptWith(encryptWith.toString())); - } - - /** - * - * Obtains the identity to which the requested token should be delegated. - * - * - * @return a reference to the {@code DelegateToType} instance that represents the identity. - */ - public DelegateToType getDelegateTo() - { - return this.delegateTo; - } - - /** - * - * Sets the identity to which the requested token should be delegated. - * - * - * @param delegateTo the {@code DelegateToType} object representing the identity to be set. - */ - public void setDelegateTo(DelegateToType delegateTo) - { - this.delegateTo = delegateTo; - this.delegate.getAny().add(this.factory.createDelegateTo(delegateTo)); - } - - /** - * - * Indicates whether the requested token should be marked as "forwardable" or not. In general, this flag is used when - * a token is normally bound to the requestor's machine or service. Using this flag, the returned token MAY be used - * from any source machine so long as the key is correctly proven. - * - * - * @return {@code true} if the requested token should be marked as "forwardable"; {@code false} otherwise. - */ - public boolean isForwardable() - { - return this.forwardable; - } - - /** - * - * Specifies whether the requested token should be marked as "forwardable" or not. In general, this flag is used when - * a token is normally bound to the requestor's machine or service. Using this flag, the returned token MAY be used - * from any source machine so long as the key is correctly proven. - * - * - * @param forwardable {@code true} if the requested token should be marked as "forwardable"; {@code false} otherwise. - */ - public void setForwardable(boolean forwardable) - { - this.forwardable = forwardable; - this.delegate.getAny().add(this.factory.createForwardable(forwardable)); - } - - /** - * - * Indicates whether the requested token should be marked as "delegatable" or not. Using this flag, the returned - * token MAY be delegated to another party. - * - * - * @return {@code true} if the requested token should be marked as "delegatable"; {@code false} otherwise. - */ - public boolean isDelegatable() - { - return this.delegatable; - } - - /** - * - * Specifies whether the requested token should be marked as "delegatable" or not. Using this flag, the returned - * token MAY be delegated to another party. - * - * - * @param delegatable {@code true} if the requested token should be marked as "delegatable"; {@code false} otherwise. - */ - public void setDelegatable(boolean delegatable) - { - this.delegatable = delegatable; - this.delegate.getAny().add(this.factory.createDelegatable(delegatable)); - } - - /** - * - * Obtains the {@code Policy} associated with the request. The policy specifies defaults that can be overridden by - * the previous properties. - * - * - * @return a reference to the {@code Policy} that has been set in the request. - */ - public Policy getPolicy() - { - return this.policy; - } - - /** - * - * Sets the {@code Policy} in the request. The policy specifies defaults that can be overridden by the previous - * properties. - * - * - * @param policy the {@code Policy} instance to be set. - */ - public void setPolicy(Policy policy) - { - this.policy = policy; - this.delegate.getAny().add(policy); - } - - /** - * - * Obtains the reference to the {@code Policy} that should be used. - * - * - * @return a {@code PolicyReference} that specifies where the {@code Policy} can be found. - */ - public PolicyReference getPolicyReference() - { - return this.policyReference; - } - - /** - * - * Sets the reference to the {@code Policy} that should be used. - * - * - * @param policyReference the {@code PolicyReference} object to be set. - */ - public void setPolicyReference(PolicyReference policyReference) - { - this.policyReference = policyReference; - this.delegate.getAny().add(policyReference); - } - - /** - * - * Obtains the list of request elements that are not part of the standard content model. - * - * - * @return a {@code List<Object>} containing the extension elements. - */ - public List<Object> getExtensionElements() - { - return Collections.unmodifiableList(this.extensionElements); - } - - /** - * - * Obtains the request context. - * - * - * @return a {@code String} that identifies the request. - */ - public String getContext() - { - return this.delegate.getContext(); - } - - /** - * - * Sets the request context. - * - * - * @param context a {@code String} that identifies the request. - */ - public void setContext(String context) - { - this.delegate.setContext(context); - } - - /** - * - * Obtains the {@code CancelTarget} section of the request. This element identifies the token that is to be canceled. - * - * - * @return a reference to the {@code CancelTargetType} that represents the {@code CancelTarget} section of the - * WS-Trust cancel request. - */ - public CancelTargetType getCancelTarget() - { - return this.cancelTarget; - } - - /** - * - * Sets the {@code CancelTarget} section of the request. This element identifies the token that is to be canceled. - * - * - * @param cancelTarget a reference to the {@code CancelTargetType} that identifies the token that must be canceled. - */ - public void setCancelTarget(CancelTargetType cancelTarget) - { - this.cancelTarget = cancelTarget; - this.delegate.getAny().add(this.factory.createCancelTarget(cancelTarget)); - } - - /** - * - * Obtains the {@code RenewTarget} section of the request. This element identifies the token that is to be renewed. - * - * - * @return a reference to the {@code RenewTargetType} that represents the {@code RenewTarget} section of the WS-Trust - * renew request. - */ - public RenewTargetType getRenewTarget() - { - return this.renewTarget; - } - - /** - * - * Sets the {@code RenewTarget} section of the request. This element identifies the token that is to be renewed. - * - * - * @param renewTarget a reference to the {@code RenewTargetType} that identifies the token that must be renewed. - */ - public void setRenewTarget(RenewTargetType renewTarget) - { - this.renewTarget = renewTarget; - this.delegate.getAny().add(this.factory.createRenewTarget(renewTarget)); - } - - /** - * - * Obtains the {@code ValidateTarget} section of the request. This element identifies the token that is to be - * validated. - * - * - * @return a reference to the {@code ValidateTargetType} that represents the {@code ValidateTarget} section of the - * WS-Trust validate request. - */ - public ValidateTargetType getValidateTarget() - { - return this.validateTarget; - } - - /** - * Return the element in the document that represents - * the validate type - * @return - */ - public Element getValidateTargetElement() - { - if(rstDocument == null) - throw new IllegalStateException("RST Document is null"); - - String ns = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; - String localPart = "ValidateTarget"; - - NodeList nodeList = rstDocument.getElementsByTagNameNS(ns,localPart); - if(nodeList != null && nodeList.getLength() > 0) - return (Element) nodeList.item(0); - else - return null; - } - - /** - * - * Sets the {@code ValidateTarged} section of the request. This elements identifies the token that is to be - * validated. - * - * - * @param validateTarget a reference to the {@code ValidateTargetType} that identifies the token that must be - * validated. - */ - public void setValidateTarget(ValidateTargetType validateTarget) - { - this.validateTarget = validateTarget; - this.delegate.getAny().add(this.factory.createValidateTarget(validateTarget)); - } - - /** - * - * Obtains a map that contains attributes that aren't bound to any typed property on the request. This is a live - * reference, so attributes can be added/changed/removed directly. For this reason, there is no setter method. - * - * - * @return a {@code Map<QName, String>} that contains the attributes. - */ - public Map<QName, String> getOtherAttributes() - { - return this.delegate.getOtherAttributes(); - } - - /** - * - * Gets a reference to the list that holds all request element values. - * - * - * @return a {@code List<Object>} containing all values specified in the request. - */ - public List<Object> getAny() - { - return this.delegate.getAny(); - } - - /** - * - * Obtains a reference to the {@code RequestSecurityTokenType} delegate. - * - * - * @return a reference to the delegate instance. - */ - public RequestSecurityTokenType getDelegate() - { - return this.delegate; - } - - /** - * Get the {@code Document} document representing the request - * @return - */ - public Document getRSTDocument() - { - return this.rstDocument; - } - - public void setRSTDocument(Document rstDocument) - { - this.rstDocument = rstDocument; - } -} \ No newline at end of file Deleted: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,122 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.core.wstrust; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import org.jboss.identity.federation.ws.trust.RequestSecurityTokenCollectionType; -import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType; - -/** - * - * This class represents a WS-Trust {@code RequestSecurityTokenCollection}. It wraps the JAXB representation of the - * security token collection request. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class RequestSecurityTokenCollection implements BaseRequestSecurityToken -{ - - private final RequestSecurityTokenCollectionType delegate; - - private final List<RequestSecurityToken> requestSecurityTokens; - - /** - * - * Creates an instance of {@code RequestSecurityTokenCollection}. - * - */ - public RequestSecurityTokenCollection() - { - this.requestSecurityTokens = new ArrayList<RequestSecurityToken>(); - this.delegate = new RequestSecurityTokenCollectionType(); - } - - /** - * - * Creates an instance of {@code RequestSecurityTokenCollection} using the specified delegate. - * - * - * @param delegate the JAXB {@code RequestSecurityTokenCollectionType} that represents a WS-Trust request collection. - */ - public RequestSecurityTokenCollection(RequestSecurityTokenCollectionType delegate) - { - this.delegate = delegate; - this.requestSecurityTokens = new ArrayList<RequestSecurityToken>(); - for (RequestSecurityTokenType request : delegate.getRequestSecurityToken()) - this.requestSecurityTokens.add(new RequestSecurityToken(request)); - } - - /** - * - * Obtains the collection of {@code RequestSecurityToken} objects. The returned collection is immutable, so addition - * or removal of requests must be carried by the appropriate add/remove methods. - * - * - * @return a {@code List<RequestSecurityToken>} containing the token requests. - */ - public List<RequestSecurityToken> getRequestSecurityTokens() - { - return Collections.unmodifiableList(this.requestSecurityTokens); - } - - /** - * - * Adds the specified {@code RequestSecurityToken} object to the collection of token requests. - * - * - * @param request the {@code RequestSecurityToken} to be added. - */ - public void addRequestSecurityToken(RequestSecurityToken request) - { - this.delegate.getRequestSecurityToken().add(request.getDelegate()); - this.requestSecurityTokens.add(request); - } - - /** - * - * Removes the specified {@code RequestSecurityToken} object from the collection of token requests. - * - * - * @param request the {@code RequestSecurityToken} to be removed. - */ - public void removeRequestSecurityToken(RequestSecurityToken request) - { - this.delegate.getRequestSecurityToken().remove(request.getDelegate()); - this.requestSecurityTokens.remove(request); - } - - /** - * - * Obtains a reference to the {@code RequestSecurityTokenCollectionType} delegate. - * - * - * @return a reference to the delegate instance. - */ - public RequestSecurityTokenCollectionType getDelegate() - { - return this.delegate; - } -} Deleted: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,1159 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.core.wstrust; - -import java.net.URI; -import java.net.URISyntaxException; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; -import java.util.Map; - -import javax.xml.bind.JAXBElement; -import javax.xml.namespace.QName; - -import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; -import org.jboss.identity.federation.ws.policy.AppliesTo; -import org.jboss.identity.federation.ws.policy.Policy; -import org.jboss.identity.federation.ws.policy.PolicyReference; -import org.jboss.identity.federation.ws.trust.AllowPostdatingType; -import org.jboss.identity.federation.ws.trust.AuthenticatorType; -import org.jboss.identity.federation.ws.trust.DelegateToType; -import org.jboss.identity.federation.ws.trust.EncryptionType; -import org.jboss.identity.federation.ws.trust.EntropyType; -import org.jboss.identity.federation.ws.trust.LifetimeType; -import org.jboss.identity.federation.ws.trust.ObjectFactory; -import org.jboss.identity.federation.ws.trust.OnBehalfOfType; -import org.jboss.identity.federation.ws.trust.ProofEncryptionType; -import org.jboss.identity.federation.ws.trust.RenewingType; -import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseType; -import org.jboss.identity.federation.ws.trust.RequestedProofTokenType; -import org.jboss.identity.federation.ws.trust.RequestedReferenceType; -import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType; -import org.jboss.identity.federation.ws.trust.StatusType; -import org.jboss.identity.federation.ws.trust.UseKeyType; - -/** - * - * This class represents a WS-Trust {@code RequestSecurityTokenResponse}. It wraps the JAXB representation of the - * security token response and offers a series of getter/setter methods that make it easy to work with elements that are - * represented by the {@code Any} XML type. - * - * - * The following shows the intended content model of a {@code RequestSecurityTokenResponse}: - * - * <pre> - * <xs:element ref='wst:TokenType' minOccurs='0' /> - * <xs:element ref='wst:RequestType' /> - * <xs:element ref='wst:RequestedSecurityToken' minOccurs='0' /> - * <xs:element ref='wsp:AppliesTo' minOccurs='0' /> - * <xs:element ref='wst:RequestedAttachedReference' minOccurs='0' /> - * <xs:element ref='wst:RequestedUnattachedReference' minOccurs='0' /> - * <xs:element ref='wst:RequestedProofToken' minOccurs='0' /> - * <xs:element ref='wst:Entropy' minOccurs='0' /> - * <xs:element ref='wst:Lifetime' minOccurs='0' /> - * <xs:element ref='wst:Status' minOccurs='0' /> - * <xs:element ref='wst:AllowPostdating' minOccurs='0' /> - * <xs:element ref='wst:Renewing' minOccurs='0' /> - * <xs:element ref='wst:OnBehalfOf' minOccurs='0' /> - * <xs:element ref='wst:Issuer' minOccurs='0' /> - * <xs:element ref='wst:AuthenticationType' minOccurs='0' /> - * <xs:element ref='wst:Authenticator' minOccurs='0' /> - * <xs:element ref='wst:KeyType' minOccurs='0' /> - * <xs:element ref='wst:KeySize' minOccurs='0' /> - * <xs:element ref='wst:SignatureAlgorithm' minOccurs='0' /> - * <xs:element ref='wst:Encryption' minOccurs='0' /> - * <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' /> - * <xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' /> - * <xs:element ref='wst:ProofEncryption' minOccurs='0' /> - * <xs:element ref='wst:UseKey' minOccurs='0' /> - * <xs:element ref='wst:SignWith' minOccurs='0' /> - * <xs:element ref='wst:EncryptWith' minOccurs='0' /> - * <xs:element ref='wst:DelegateTo' minOccurs='0' /> - * <xs:element ref='wst:Forwardable' minOccurs='0' /> - * <xs:element ref='wst:Delegatable' minOccurs='0' /> - * <xs:element ref='wsp:Policy' minOccurs='0' /> - * <xs:element ref='wsp:PolicyReference' minOccurs='0' /> - * <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' /> - * </pre> - * - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -/** - * - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class RequestSecurityTokenResponse implements BaseRequestSecurityTokenResponse -{ - - private final RequestSecurityTokenResponseType delegate; - - private URI tokenType; - - private URI requestType; - - private RequestedSecurityTokenType requestedSecurityToken; - - private AppliesTo appliesTo; - - private RequestedReferenceType requestedAttachedReference; - - private RequestedReferenceType requestedUnattachedReference; - - private RequestedProofTokenType requestedProofToken; - - private EntropyType entropy; - - private Lifetime lifetime; - - private StatusType status; - - private AllowPostdatingType allowPostDating; - - private RenewingType renewing; - - private OnBehalfOfType onBehalfOf; - - private EndpointReferenceType issuer; - - private URI authenticationType; - - private AuthenticatorType authenticator; - - private URI keyType; - - private long keySize; - - private URI signatureAlgorithm; - - private EncryptionType encryption; - - private URI encryptionAlgorithm; - - private URI canonicalizationAlgorithm; - - private ProofEncryptionType proofEncryption; - - private UseKeyType useKey; - - private URI signWith; - - private URI encryptWith; - - private DelegateToType delegateTo; - - private boolean forwardable; - - private boolean delegatable; - - private Policy policy; - - private PolicyReference policyReference; - - private final List<Object> extensionElements = new ArrayList<Object>(); - - private final ObjectFactory factory = new ObjectFactory(); - - /** - * - * Creates an instance of {@code RequestSecurityTokenResponse}. - * - */ - public RequestSecurityTokenResponse() - { - this.delegate = new RequestSecurityTokenResponseType(); - } - - /** - * - * Creates an instance of {@code RequestSecurityTokenResponse} using the specified delegate. - * - * - * @param delegate the JAXB {@code RequestSecurityTokenResponseType} that represents a WS-Trust response. - */ - public RequestSecurityTokenResponse(RequestSecurityTokenResponseType delegate) - { - this.delegate = delegate; - // parse the delegate's Any contents. - try - { - for (Object obj : this.delegate.getAny()) - { - if (obj instanceof AppliesTo) - { - this.appliesTo = (AppliesTo) obj; - } - else if (obj instanceof Policy) - { - this.policy = (Policy) obj; - } - else if (obj instanceof PolicyReference) - { - this.policyReference = (PolicyReference) obj; - } - else if (obj instanceof JAXBElement) - { - JAXBElement<?> element = (JAXBElement<?>) obj; - String localName = element.getName().getLocalPart(); - if (localName.equalsIgnoreCase("TokenType")) - this.tokenType = new URI((String) element.getValue()); - else if (localName.equalsIgnoreCase("RequestType")) - this.requestType = new URI((String) element.getValue()); - else if (localName.equalsIgnoreCase("RequestedSecurityToken")) - this.requestedSecurityToken = (RequestedSecurityTokenType) element.getValue(); - else if (localName.equalsIgnoreCase("RequestedAttachedReference")) - this.requestedAttachedReference = (RequestedReferenceType) element.getValue(); - else if (localName.equalsIgnoreCase("RequestedUnattachedReference")) - this.requestedUnattachedReference = (RequestedReferenceType) element.getValue(); - else if (localName.equalsIgnoreCase("RequestedProofToken")) - this.requestedProofToken = (RequestedProofTokenType) element.getValue(); - else if (localName.equalsIgnoreCase("Entropy")) - this.entropy = (EntropyType) element.getValue(); - else if (localName.equalsIgnoreCase("Lifetime")) - this.lifetime = new Lifetime((LifetimeType) element.getValue()); - else if (localName.equalsIgnoreCase("Status")) - this.status = (StatusType) element.getValue(); - else if (localName.equalsIgnoreCase("AllowPostdating")) - this.allowPostDating = (AllowPostdatingType) element.getValue(); - else if (localName.equalsIgnoreCase("Renewing")) - this.renewing = (RenewingType) element.getValue(); - else if (localName.equalsIgnoreCase("OnBehalfOf")) - this.onBehalfOf = (OnBehalfOfType) element.getValue(); - else if (localName.equalsIgnoreCase("Issuer")) - this.issuer = (EndpointReferenceType) element.getValue(); - else if (localName.equalsIgnoreCase("AuthenticationType")) - this.authenticationType = new URI((String) element.getValue()); - else if (localName.equalsIgnoreCase("Authenticator")) - this.authenticator = (AuthenticatorType) element.getValue(); - else if (localName.equalsIgnoreCase("KeyType")) - this.keyType = new URI((String) element.getValue()); - else if (localName.equalsIgnoreCase("KeySize")) - this.keySize = (Long) element.getValue(); - else if (localName.equalsIgnoreCase("SignatureAlgorithm")) - this.signatureAlgorithm = new URI((String) element.getValue()); - else if (localName.equalsIgnoreCase("Encryption")) - this.encryption = (EncryptionType) element.getValue(); - else if (localName.equalsIgnoreCase("EntropyAlgorithm")) - this.encryptionAlgorithm = new URI((String) element.getValue()); - else if (localName.equalsIgnoreCase("CanonicalizationAlgorithm")) - this.canonicalizationAlgorithm = new URI((String) element.getValue()); - else if (localName.equalsIgnoreCase("ProofEncryption")) - this.proofEncryption = (ProofEncryptionType) element.getValue(); - else if (localName.equalsIgnoreCase("UseKey")) - this.useKey = (UseKeyType) element.getValue(); - else if (localName.equalsIgnoreCase("SignWith")) - this.signWith = new URI((String) element.getValue()); - else if (localName.equalsIgnoreCase("EncryptWith")) - this.encryptWith = new URI((String) element.getValue()); - else if (localName.equalsIgnoreCase("DelegateTo")) - this.delegateTo = (DelegateToType) element.getValue(); - else if (localName.equalsIgnoreCase("Forwardable")) - this.forwardable = (Boolean) element.getValue(); - else if (localName.equalsIgnoreCase("Delegatable")) - this.delegatable = (Boolean) element.getValue(); - else - this.extensionElements.add(element.getValue()); - } - else - { - this.extensionElements.add(obj); - } - } - } - catch (URISyntaxException e) - { - throw new RuntimeException(e.getMessage(), e); - } - } - - /** - * - * Obtains the {@code URI} that identifies the token type. - * - * - * @return a {@code URI} that represents the token type. - */ - public URI getTokenType() - { - return tokenType; - } - - /** - * - * Sets the token type. - * - * - * @param tokenType a {@code URI} that identifies the token type. - */ - public void setTokenType(URI tokenType) - { - this.tokenType = tokenType; - this.delegate.getAny().add(this.factory.createTokenType(tokenType.toString())); - - } - - /** - * - * Obtains the request type. - * - * - * @return a {@code URI} that identifies the request type. - */ - public URI getRequestType() - { - return requestType; - } - - /** - * - * Sets the request type. The type must be one of the request types described in the WS-Trust specification. - * - * - * @param requestType a {@code URI} that identifies the request type. - */ - public void setRequestType(URI requestType) - { - this.requestType = requestType; - this.delegate.getAny().add(this.factory.createRequestType(requestType.toString())); - } - - /** - * - * Obtains the requested security token that has been set in the response. - * - * - * @return a reference to the {@code RequestedSecurityTokenType} that contains the token. - */ - public RequestedSecurityTokenType getRequestedSecurityToken() - { - return requestedSecurityToken; - } - - /** - * - * Sets the requested security token in the response. - * - * - * @param requestedSecurityToken the {@code RequestedSecurityTokenType} instance to be set. - */ - public void setRequestedSecurityToken(RequestedSecurityTokenType requestedSecurityToken) - { - this.requestedSecurityToken = requestedSecurityToken; - this.delegate.getAny().add(this.factory.createRequestedSecurityToken(requestedSecurityToken)); - } - - /** - * - * Obtains the scope to which the security token applies. - * - * - * @return a reference to the {@code AppliesTo} instance that represents the token scope. - */ - public AppliesTo getAppliesTo() - { - return appliesTo; - } - - /** - * - * Sets the scope to which the security token applies. - * - * - * @param appliesTo a reference to the {@code AppliesTo} object that represents the scope to be set. - */ - public void setAppliesTo(AppliesTo appliesTo) - { - this.appliesTo = appliesTo; - this.delegate.getAny().add(appliesTo); - } - - /** - * - * Obtains the {@code RequestedAttachedReference} that indicate how to reference the returned token when that token - * doesn't support references using URI fragments (XML ID). - * - * - * @return a {@code RequestedReferenceType} that represents the token reference. - */ - public RequestedReferenceType getRequestedAttachedReference() - { - return requestedAttachedReference; - } - - /** - * - * Sets the {@code RequestedAttachedReference} that indicate how to reference the returned token when that token - * doesn't support references using URI fragments (XML ID). - * - * - * @param requestedAttachedReference the {@code RequestedReferenceType} instance to be set. - */ - public void setRequestedAttachedReference(RequestedReferenceType requestedAttachedReference) - { - this.requestedAttachedReference = requestedAttachedReference; - this.delegate.getAny().add(this.factory.createRequestedAttachedReference(requestedAttachedReference)); - } - - /** - * - * Obtains the {@code RequestedUnattachedReference} that specifies to indicate how to reference the token when it is - * not placed inside the message. - * - * - * @return a {@code RequestedReferenceType} that represents the unattached reference. - */ - public RequestedReferenceType getRequestedUnattachedReference() - { - return requestedUnattachedReference; - } - - /** - * - * Sets the {@code RequestedUnattachedReference} that specifies to indicate how to reference the token when it is not - * placed inside the message. - * - * - * @param requestedUnattachedReference the {@code RequestedReferenceType} instance to be set. - */ - public void setRequestedUnattachedReference(RequestedReferenceType requestedUnattachedReference) - { - this.requestedUnattachedReference = requestedUnattachedReference; - this.delegate.getAny().add(this.factory.createRequestedUnattachedReference(requestedUnattachedReference)); - } - - /** - * - * Obtains the proof of possession token that has been set in the response. - * - * - * @return a reference to the {@code RequestedProofTokenType} that contains the token. - */ - public RequestedProofTokenType getRequestedProofToken() - { - return requestedProofToken; - } - - /** - * - * Sets the proof of possesion token in the response. - * - * - * @param requestedProofToken the {@code RequestedProofTokenType} instance to be set. - */ - public void setRequestedProofToken(RequestedProofTokenType requestedProofToken) - { - this.requestedProofToken = requestedProofToken; - this.delegate.getAny().add(this.factory.createRequestedProofToken(requestedProofToken)); - } - - /** - * - * Obtains the entropy that has been used in creating the key. - * - * - * @return a reference to the {@code EntropyType} that represents the entropy. - */ - public EntropyType getEntropy() - { - return entropy; - } - - /** - * - * Sets the entropy that has been used in creating the key. - * - * - * @param entropy the {@code EntropyType} representing the entropy to be set. - */ - public void setEntropy(EntropyType entropy) - { - this.entropy = entropy; - this.delegate.getAny().add(this.factory.createEntropy(entropy)); - } - - /** - * - * Obtains the lifetime of the security token. - * - * - * @return a reference to the {@code Lifetime} that represents the lifetime of the security token. - */ - public Lifetime getLifetime() - { - return lifetime; - } - - /** - * - * Sets the lifetime of the security token. - * - * - * @param lifetime the {@code Lifetime} object representing the lifetime to be set. - */ - public void setLifetime(Lifetime lifetime) - { - this.lifetime = lifetime; - this.delegate.getAny().add(this.factory.createLifetime(lifetime.getDelegate())); - } - - /** - * - * Obtains the result of a security token validation. - * - * - * @return a referece to the {@code StatusType} instance that represents the status of the validation. - */ - public StatusType getStatus() - { - return status; - } - - /** - * - * Sets the result of a security token validation. - * - * - * @param status the {@code StatusType} instance to be set. - */ - public void setStatus(StatusType status) - { - this.status = status; - this.delegate.getAny().add(this.factory.createStatus(status)); - } - - /** - * - * Checks whether the returned token is a postdated token or not. - * - * - * @return {@code null} if the token is not postdated; a {@code AllowPostdatingType} otherwise. - */ - public AllowPostdatingType getAllowPostDating() - { - return allowPostDating; - } - - /** - * - * Specifies whether the returned token is a postdated token or not. - * - * - * @param allowPostDating {@code null} if the token is not postdated; a {@code AllowPostdatingType} otherwise. - */ - public void setAllowPostDating(AllowPostdatingType allowPostDating) - { - this.allowPostDating = allowPostDating; - this.delegate.getAny().add(this.factory.createAllowPostdating(allowPostDating)); - } - - /** - * - * Obtains the renew semantics for the token request. - * - * - * @return a reference to the {@code RenewingType} that represents the renew semantics for the request. - */ - public RenewingType getRenewing() - { - return renewing; - } - - /** - * - * Sets the renew semantics for the token request. - * - * - * @param renewing the {@code RenewingType} object representing the semantics to be set. - */ - public void setRenewing(RenewingType renewing) - { - this.renewing = renewing; - this.delegate.getAny().add(this.factory.createRenewing(renewing)); - } - - /** - * - * Obtains the identity on whose behalf the token request was made. - * - * - * @return a reference to the {@code OnBehalfOfType} that represents the identity on whose behalf the token request - * was made. - */ - public OnBehalfOfType getOnBehalfOf() - { - return onBehalfOf; - } - - /** - * - * Specifies the identity on whose behalf the token request was made. - * - * - * @param onBehalfOf the {@code OnBehalfOfType} object representing the identity to be set. - */ - public void setOnBehalfOf(OnBehalfOfType onBehalfOf) - { - this.onBehalfOf = onBehalfOf; - this.delegate.getAny().add(this.factory.createOnBehalfOf(onBehalfOf)); - } - - /** - * - * Obtains the issuer of the token included in the request in the scenarios where the requestor is obtaining a token - * on behalf of another party. - * - * - * @return a reference to the {@code EndpointReferenceType} that represents the issuer. - */ - public EndpointReferenceType getIssuer() - { - return this.issuer; - } - - /** - * - * Sets the issuer of the token included in the request in scenarios where the requestor is obtaining a token on - * behalf of another party. - * - * - * @param issuer the {@code EndpointReferenceType} object representing the issuer to be set. - */ - public void setIssuer(EndpointReferenceType issuer) - { - this.issuer = issuer; - this.delegate.getAny().add(this.factory.createIssuer(issuer)); - } - - /** - * - * Obtains the type of authentication that is to be conducted. - * - * - * @return a {@code URI} that identifies the authentication type. - */ - public URI getAuthenticationType() - { - return authenticationType; - } - - /** - * - * Sets the authentication type in the response. - * - * - * @param authenticationType a {@code URI} that identifies the authentication type to be set. - */ - public void setAuthenticationType(URI authenticationType) - { - this.authenticationType = authenticationType; - this.delegate.getAny().add(this.factory.createAuthenticationType(authenticationType.toString())); - } - - /** - * - * Obtains the authenticator that must be used in authenticating exchanges. - * - * - * @return a reference to the {@code AuthenticatorType} that represents the authenticator. - */ - public AuthenticatorType getAuthenticator() - { - return authenticator; - } - - /** - * - * Sets the authenticator that must be used in authenticating exchanges. - * - * - * @param authenticator the {@code AuthenticatorType} instance to be set. - */ - public void setAuthenticator(AuthenticatorType authenticator) - { - this.authenticator = authenticator; - this.delegate.getAny().add(this.factory.createAuthenticator(authenticator)); - } - - /** - * - * Obtains the type of the key that has been set in the response. - * - * - * @return a {@code URI} that identifies the key type. - */ - public URI getKeyType() - { - return keyType; - } - - /** - * - * Sets the key type in the response. - * - * - * @param keyType a {@code URI} that specifies the key type. - */ - public void setKeyType(URI keyType) - { - this.keyType = keyType; - this.delegate.getAny().add(this.factory.createKeyType(keyType.toString())); - } - - /** - * - * Obtains the size of they key that has been set in the response. - * - * - * @return a {@code long} representing the key size in bytes. - */ - public long getKeySize() - { - return keySize; - } - - /** - * - * Sets the size of the key in the response. - * - * - * @param keySize a {@code long} representing the key size in bytes. - */ - public void setKeySize(long keySize) - { - this.keySize = keySize; - this.delegate.getAny().add(this.factory.createKeySize(keySize)); - } - - /** - * - * Obtains the signature algorithm that has been set in the response. - * - * - * @return a {@code URI} that represents the signature algorithm. - */ - public URI getSignatureAlgorithm() - { - return signatureAlgorithm; - } - - /** - * - * Sets the signature algorithm in the response. - * - * - * @param signatureAlgorithm a {@code URI} that represents the algorithm to be set. - */ - public void setSignatureAlgorithm(URI signatureAlgorithm) - { - this.signatureAlgorithm = signatureAlgorithm; - this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signatureAlgorithm.toString())); - } - - /** - * - * Obtains the {@code Encryption} section of the response. The {@code Encryption} element indicates that the - * requestor desires any returned secrets in issued security tokens to be encrypted. - * - * - * @return a reference to the {@code EncryptionType} object. - */ - public EncryptionType getEncryption() - { - return encryption; - } - - /** - * - * Sets the {@code Encryption} section of the response. The {@code Encryption} element indicates that the requestor - * desires any returned secrets in issued security tokens to be encrypted. - * - * - * @param encryption the {@code EncryptionType} to be set. - */ - public void setEncryption(EncryptionType encryption) - { - this.encryption = encryption; - this.delegate.getAny().add(this.factory.createEncryption(encryption)); - } - - /** - * - * Obtains the encryption algorithm that has been set in the response. - * - * - * @return a {@code URI} that represents the encryption algorithm. - */ - public URI getEncryptionAlgorithm() - { - return encryptionAlgorithm; - } - - /** - * - * Sets the encryption algorithm in the response. - * - * - * @param encryptionAlgorithm a {@code URI} that represents the encryption algorithm to be set. - */ - public void setEncryptionAlgorithm(URI encryptionAlgorithm) - { - this.encryptionAlgorithm = encryptionAlgorithm; - this.delegate.getAny().add(this.factory.createEncryptionAlgorithm(encryptionAlgorithm.toString())); - } - - /** - * - * Obtains the canonicalization algorithm that has been set in the response. - * - * - * @return a {@code URI} that represents the canonicalization algorithm. - */ - public URI getCanonicalizationAlgorithm() - { - return canonicalizationAlgorithm; - } - - /** - * - * Sets the canonicalization algorithm in the response. - * - * - * @param canonicalizationAlgorithm a {@code URI} that represents the algorithm to be set. - */ - public void setCanonicalizationAlgorithm(URI canonicalizationAlgorithm) - { - this.canonicalizationAlgorithm = canonicalizationAlgorithm; - this.delegate.getAny().add(this.factory.createCanonicalizationAlgorithm(canonicalizationAlgorithm.toString())); - } - - /** - * - * Obtains the {@code ProofEncryption} section of the response. The {@code ProofEncryption} indicates that the - * requestor desires any returned secrets in issued security tokens to be encrypted. - * - * - * @return a reference to the {@code ProofEncryptionType} object. - */ - public ProofEncryptionType getProofEncryption() - { - return proofEncryption; - } - - /** - * - * Sets the {@code ProofEncryption} section of the response. The {@code ProofEncryption} indicates that the requestor - * desires any returned secrets in issued security tokens to be encrypted. - * - * - * @param proofEncryption the {@code ProofEncryptionType} to be set. - */ - public void setProofEncryption(ProofEncryptionType proofEncryption) - { - this.proofEncryption = proofEncryption; - this.delegate.getAny().add(this.factory.createProofEncryption(proofEncryption)); - } - - /** - * - * Obtains the key that used in the returned token. - * - * - * @return a reference to the {@code UseKeyType} instance that represents the key used. - */ - public UseKeyType getUseKey() - { - return useKey; - } - - /** - * - * Sets the key that used in the returned token. - * - * - * @param useKey the {@code UseKeyType} instance to be set. - */ - public void setUseKey(UseKeyType useKey) - { - this.useKey = useKey; - this.delegate.getAny().add(this.factory.createUseKey(useKey)); - } - - /** - * - * Obtains the signature algorithm used with the issued security token. - * - * - * @return a {@code URI} representing the algorithm used. - */ - public URI getSignWith() - { - return signWith; - } - - /** - * - * Sets the signature algorithm used with the issued security token. - * - * - * @param signWith a {@code URI} representing the algorithm used. - */ - public void setSignWith(URI signWith) - { - this.signWith = signWith; - this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signWith.toString())); - } - - /** - * - * Obtains the encryption algorithm used with the issued security token. - * - * - * @return a {@code URI} representing the encryption algorithm used. - */ - public URI getEncryptWith() - { - return encryptWith; - } - - /** - * - * Sets the encryption algorithm used with the issued security token. - * - * - * @param encryptWith a {@code URI} representing the algorithm used. - */ - public void setEncryptWith(URI encryptWith) - { - this.encryptWith = encryptWith; - this.delegate.getAny().add(this.factory.createEncryptWith(encryptWith.toString())); - } - - /** - * - * Obtains the identity to which the requested token should be delegated. - * - * - * @return a reference to the {@code DelegateToType} instance that represents the identity. - */ - public DelegateToType getDelegateTo() - { - return delegateTo; - } - - /** - * - * Sets the identity to which the requested token should be delegated. - * - * - * @param delegateTo the {@code DelegateToType} object representing the identity to be set. - */ - public void setDelegateTo(DelegateToType delegateTo) - { - this.delegateTo = delegateTo; - this.delegate.getAny().add(this.factory.createDelegateTo(delegateTo)); - } - - /** - * - * Indicates whether the requested token has been marked as "forwardable" or not. In general, this flag is used when - * a token is normally bound to the requestor's machine or service. Using this flag, the returned token MAY be used - * from any source machine so long as the key is correctly proven. - * - * - * @return {@code true} if the requested token has been marked as "forwardable"; {@code false} otherwise. - */ - public boolean isForwardable() - { - return forwardable; - } - - /** - * - * Specifies whether the requested token has been marked as "forwardable" or not. In general, this flag is used when - * a token is normally bound to the requestor's machine or service. Using this flag, the returned token MAY be used - * from any source machine so long as the key is correctly proven. - * - * - * @param forwardable {@code true} if the requested token has been marked as "forwardable"; {@code false} otherwise. - */ - public void setForwardable(boolean forwardable) - { - this.forwardable = forwardable; - this.delegate.getAny().add(this.factory.createForwardable(forwardable)); - } - - /** - * - * Indicates whether the requested token has been marked as "delegatable" or not. Using this flag, the returned token - * MAY be delegated to another party. - * - * - * @return {@code true} if the requested token has been marked as "delegatable"; {@code false} otherwise. - */ - public boolean isDelegatable() - { - return delegatable; - } - - /** - * - * Specifies whether the requested token has been marked as "delegatable" or not. Using this flag, the returned token - * MAY be delegated to another party. - * - * - * @param delegatable {@code true} if the requested token has been marked as "delegatable"; {@code false} otherwise. - */ - public void setDelegatable(boolean delegatable) - { - this.delegatable = delegatable; - this.delegate.getAny().add(this.factory.createDelegatable(delegatable)); - } - - /** - * - * Obtains the {@code Policy} that was associated with the request. The policy specifies defaults that can be - * overridden by the previous properties. - * - * - * @return a reference to the {@code Policy} that was associated with the request. - */ - public Policy getPolicy() - { - return policy; - } - - /** - * - * Sets the {@code Policy} in the response. The policy specifies defaults that can be overridden by the previous - * properties. - * - * - * @param policy the {@code Policy} instance to be set. - */ - public void setPolicy(Policy policy) - { - this.policy = policy; - this.delegate.getAny().add(policy); - } - - /** - * - * Obtains the reference to the {@code Policy} that was associated with the request. - * - * - * @return a {@code PolicyReference} that specifies where the {@code Policy} can be found. - */ - public PolicyReference getPolicyReference() - { - return policyReference; - } - - /** - * - * Sets the reference to the {@code Policy} that was associated with the request. - * - * - * @param policyReference the {@code PolicyReference} object to be set. - */ - public void setPolicyReference(PolicyReference policyReference) - { - this.policyReference = policyReference; - this.delegate.getAny().add(policyReference); - } - - /** - * - * Obtains the list of request elements that are not part of the standard content model. - * - * - * @return a {@code List<Object>} containing the extension elements. - */ - public List<Object> getExtensionElements() - { - return Collections.unmodifiableList(this.extensionElements); - } - - /** - * - * Obtains the response context. - * - * - * @return a {@code String} that identifies the original request. - */ - public String getContext() - { - return this.delegate.getContext(); - } - - /** - * - * Sets the response context. - * - * - * @param context a {@code String} that identifies the original request. - */ - public void setContext(String context) - { - this.delegate.setContext(context); - } - - /** - * - * Obtains a map that contains attributes that aren't bound to any typed property on the response. This is a live - * reference, so attributes can be added/changed/removed directly. For this reason, there is no setter method. - * - * - * @return a {@code Map<QName, String>} that contains the attributes. - */ - public Map<QName, String> getOtherAttributes() - { - return this.delegate.getOtherAttributes(); - } - - /** - * - * Gets a reference to the list that holds all response element values. - * - * - * @return a {@code List<Object>} containing all values specified in the response. - */ - public List<Object> getAny() - { - return this.delegate.getAny(); - } - - /** - * - * Obtains a reference to the {@code RequestSecurityTokenResponseType} delegate. - * - * - * @return a reference to the delegate instance. - */ - public RequestSecurityTokenResponseType getDelegate() - { - return this.delegate; - } -} Deleted: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java 2009-09-03 01:56:21 UTC (rev 758) @@ -1,124 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2009, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.core.wstrust; - -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; - -import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseCollectionType; -import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseType; - -/** - * - * This class represents a WS-Trust {@code RequestSecurityTokenResponseCollection}. It wraps the JAXB representation of - * the security token collection response. - * - * - * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> - */ -public class RequestSecurityTokenResponseCollection implements BaseRequestSecurityTokenResponse -{ - - private final RequestSecurityTokenResponseCollectionType delegate; - - private final List<RequestSecurityTokenResponse> requestSecurityTokenResponses; - - /** - * - * Creates an instance of {@code RequestSecurityTokenResponseCollection}. - * - */ - public RequestSecurityTokenResponseCollection() - { - this.requestSecurityTokenResponses = new ArrayList<RequestSecurityTokenResponse>(); - this.delegate = new RequestSecurityTokenResponseCollectionType(); - } - - /** - * - * Creates an instance of {@code RequestSecurityTokenResponseCollection} using the specified delegate. - * - * - * @param delegate the JAXB {@code RequestSecurityTokenResponseCollectionType} that represents a WS-Trust request - * collection. - */ - public RequestSecurityTokenResponseCollection(RequestSecurityTokenResponseCollectionType delegate) - { - this.delegate = delegate; - this.requestSecurityTokenResponses = new ArrayList<RequestSecurityTokenResponse>(); - for (RequestSecurityTokenResponseType response : delegate.getRequestSecurityTokenResponse()) - this.requestSecurityTokenResponses.add(new RequestSecurityTokenResponse(response)); - } - - /** - * - * Obtains the collection of {@code RequestSecurityTokenResponse} objects. The returned collection is immutable, so - * addition or removal of requests must be carried by the appropriate add/remove methods. - * - * - * @return a {@code List<RequestSecurityToken>} containing the token requests. - */ - public List<RequestSecurityTokenResponse> getRequestSecurityTokenResponses() - { - return Collections.unmodifiableList(this.requestSecurityTokenResponses); - } - - /** - * - * Adds the specified {@code RequestSecurityTokenResponse} object to the collection of token requests. - * - * - * @param request the {@code RequestSecurityTokenResponse} to be added. - */ - public void addRequestSecurityTokenResponse(RequestSecurityTokenResponse response) - { - this.delegate.getRequestSecurityTokenResponse().add(response.getDelegate()); - this.requestSecurityTokenResponses.add(response); - } - - /** - * - * Removes the specified {@code RequestSecurityTokenResponse} object from the collection of token requests. - * - * - * @param request the {@code RequestSecurityTokenResponse} to be removed. - */ - public void removeRequestSecurityTokenResponse(RequestSecurityTokenResponse response) - { - this.delegate.getRequestSecurityTokenResponse().remove(response.getDelegate()); - this.requestSecurityTokenResponses.remove(response); - } - - /** - * - * Obtains a reference to the {@code RequestSecurityTokenResponseCollectionType} delegate. - * - * - * @return a reference to the delegate instance. - */ - public RequestSecurityTokenResponseCollectionType getDelegate() - { - return this.delegate; - } - -} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,149 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import java.security.KeyPair; +import java.security.PublicKey; +import java.util.Map; + +/** + * + * The {@code STSConfiguration} interface allows access to the security token service (STS) configuration attributes. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public interface STSConfiguration +{ + + /** + * + * Obtains the unique name of the secure token service. + * + * + * @return a {@code String} representing the STS name. + */ + public String getSTSName(); + + /** + * + * Indicates whether the issued token should be encrypted or not. + * + * + * @return {@code true} if the issued token is to be encrypted; {@code false} otherwise. + */ + public boolean encryptIssuedToken(); + + /** + * + * Indicates whether the issued token should be digitally signed or not. + * + * + * @return {@code true} if the issued token is to be signed; {@code false} otherwise. + */ + public boolean signIssuedToken(); + + /** + * + * Obtains the timeout value (in milliseconds) for issued tokens. + * + * + * @return the token timeout value. + */ + public long getIssuedTokenTimeout(); + + /** + * + * Obtains the WS-Trust request handler class. + * + * + * @return a reference to the configured {@code WSTrustRequestHandler}. + */ + public WSTrustRequestHandler getRequestHandler(); + + /** + * + * Given the name of a service provider, obtains the type of the token that should be used when issuing tokens to + * clients of that service. + * + * + * @param serviceName the name of the service provider that requires a token from its clients. + * @return a {@code String} representing the type of the token that suits the specified service. + */ + public String getTokenTypeForService(String serviceName); + + /** + * + * Given the name of a service provider, obtains the provider that must be used when issuing tokens to clients of + * that service. When requesting a token to the STS, a client can specify the service it needs the token for using + * the {@code AppliesTo} element. Based on the service provider name, the STS identifies the type of the token that + * is to be issued and then selects the appropriate token provider to handle the request. + * + * + * @param serviceName the name of the service provider that requires a token from its clients. + * @return a reference to the {@code SecurityTokenProvider} that must be used in order to issue tokens to clients of + * the specified service. + */ + public SecurityTokenProvider getProviderForService(String serviceName); + + /** + * + * Given a token type, obtains the token provider that should be used to handle token requests of that type. When a + * client doesn't specify the service provider name through the {@code AppliesTo} element, it must specify the token + * type through the {@code TokenType} element. The STS uses the supplied type to select the appropriate token + * provider. + * + * + * @param tokenType a {@code String} representing the type of the token. + * @return a reference to the {@code SecurityTokenProvider} that must be used to handle token requests of the + * specified type. + */ + public SecurityTokenProvider getProviderForTokenType(String tokenType); + + /** + * + * Obtains a {@code Map} that contains the non-standard configuration options. + * + * + * @return a {@code Map<String, Object>} containing the additional configuration options. + */ + public Map<String, Object> getOptions(); + + /** + * + * Obtains a reference to the {@code KeyPair} object that contains the STS {@code PrivateKey} and {@code PublicKey}. + * + * + * @return a reference to the STS {@code KeyPair}. + */ + public KeyPair getSTSKeyPair(); + + /** + * + * Obtains the public key of the specified service provider. The returned key is used to encrypt issued tokens. + * + * + * @param serviceName the name of the service provider (normally the provider URL). + * @return a reference to the provider's {@code PublicKey} + */ + public PublicKey getServiceProviderPublicKey(String serviceName); +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityActions.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityActions.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityActions.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,108 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; + +/** + * + * Utility class that executes actions such as creating a class in privileged blocks. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +class SecurityActions +{ + + /** + * + * Gets the thread context class loader using a privileged block. + * + * + * @return a reference to the thread context {@code ClassLoader}. + */ + static ClassLoader getContextClassLoader() + { + return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + { + public ClassLoader run() + { + return Thread.currentThread().getContextClassLoader(); + } + }); + } + + /** + * + * Loads a class using the thread context class loader in a privileged block. + * + * + * @param name the fully-qualified name of the class to be loaded. + * @return a reference to the loaded {@code Class}. + * @throws PrivilegedActionException if an error occurs while loading the class. This exception wraps the real cause + * of the error, so classes using this method must perform a {@code getCause()} in order to get a + * reference to the root of the error. + */ + static Class<?> loadClass(final String name) throws PrivilegedActionException + { + return AccessController.doPrivileged(new PrivilegedExceptionAction<Class<?>>() + { + public Class<?> run() throws PrivilegedActionException + { + try + { + return getContextClassLoader().loadClass(name); + } + catch (Exception e) + { + throw new PrivilegedActionException(e); + } + } + }); + } + + /** + * + * Creates an instance of the specified class in a privileged block. The class must define a default constructor. + * + * + * @param className the fully-qualified name of the class to be instantiated. + * @return a reference to the instantiated {@code Object}. + * @throws PrivilegedActionException if an error occurs while instantiating the class. This exception wraps the real + * cause of the error, so classes using this method must perform a {@code getCause()} in order to get a + * reference to the root of the error. + */ + static Object instantiateClass(final String className) throws PrivilegedActionException + { + return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>() + { + public Object run() throws Exception + { + Class<?> objectClass = loadClass(className); + return objectClass.newInstance(); + } + }); + } +} \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityToken.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityToken.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityToken.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,60 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +/** + * + * Interface that represents a security token. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public interface SecurityToken +{ + + /** + * + * Obtains the security token unique identifier. + * + * + * @return a {@code String} representing the token id. + */ + public String getTokenID(); + + /** + * + * Obtains the type of the security token. + * + * + * @return a {@code String} representing the security token type. + */ + public String getTokenType(); + + /** + * + * Obtains the value of the security token. + * + * + * @return an {@code Object} representing the security token value. + */ + public Object getTokenValue(); +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenProvider.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenProvider.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,77 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + + +/** + * + * This interface defines the methods that must be implemented by security token providers. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public interface SecurityTokenProvider +{ + /** + * + * Generates a security token using the information contained in the specified request context and stores the + * newly-created token in the context itself. + * + * + * @param context the {@code WSTrustRequestContext} to be used when generating the token. + * @throws WSTrustException if an error occurs while creating the security token. + */ + public void issueToken(WSTrustRequestContext context) throws WSTrustException; + + /** + * + * Renews the security token contained in the specified request context. This method is used when a previously + * generated token has expired, generating a new version of the same token with different expiration semantics. + * + * + * @param context the {@code WSTrustRequestContext} that contains the token to be renewed. + * @throws WSTrustException if an error occurs while renewing the security token. + */ + public void renewToken(WSTrustRequestContext context) throws WSTrustException; + + /** + * + * Cancels the token contained in the specified request context. A security token is usually canceled when one wants + * to make sure that the token will not be used anymore. A security token can't be renewed once it has been canceled. + * + * + * @param context the {@code WSTrustRequestContext} that contains the token to be canceled. + * @throws WSTrustException if an error occurs while canceling the security token. + */ + public void cancelToken(WSTrustRequestContext context) throws WSTrustException; + + /** + * + * Evaluates the validity of the token contained in the specified request context and sets the result in the context + * itself. The result can be a status, a new token, or both. + * + * + * @param context the {@code WSTrustRequestContext} that contains the token to be validated. + * @throws WSTrustException if an error occurs while validating the security token. + */ + public void validateToken(WSTrustRequestContext context) throws WSTrustException; +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenService.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenService.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenService.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,43 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import javax.xml.transform.Source; +import javax.xml.ws.Provider; + +/** + * + * The {@code SecurityTokenService} (STS) interface. It extends the {@code Provider} interface so that it can be + * dynamically invoked (as opposed to having a service endpoint interface). + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public interface SecurityTokenService extends Provider<Source> +{ + /* + * (non-Javadoc) + * + * @see javax.xml.ws.Provider#invoke(java.lang.Object) + */ + public Source invoke(Source request); +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,423 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import java.net.URI; +import java.security.KeyPair; +import java.security.Principal; +import java.security.PublicKey; + +import javax.xml.crypto.dsig.DigestMethod; +import javax.xml.crypto.dsig.SignatureMethod; + +import org.apache.log4j.Logger; +import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; +import org.jboss.identity.federation.core.util.XMLSignatureUtil; +import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse; +import org.jboss.identity.federation.ws.policy.AppliesTo; +import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType; +import org.jboss.identity.federation.ws.trust.StatusType; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +/** + * + * Default implementation of the {@code WSTrustRequestHandler} interface. It creates the request context containing the + * original WS-Trust request as well as any information that may be relevant to the token processing, and delegates the + * actual token handling processing to the appropriate {@code SecurityTokenProvider}. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class StandardRequestHandler implements WSTrustRequestHandler +{ + private static Logger log = Logger.getLogger(StandardRequestHandler.class); + private boolean trace = log.isTraceEnabled(); + + private STSConfiguration configuration; + + /* + * (non-Javadoc) + * + * @see + * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#initialize(org.jboss.identity.federation.api.wstrust + * .STSConfiguration) + */ + public void initialize(STSConfiguration configuration) + { + this.configuration = configuration; + } + + /* + * (non-Javadoc) + * + * @see + * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#issue(org.jboss.identity.federation.api.wstrust + * .protocol.RequestSecurityToken, java.security.Principal) + */ + public RequestSecurityTokenResponse issue(RequestSecurityToken request, Principal callerPrincipal) + throws WSTrustException + { + Document rstDocument = request.getRSTDocument(); + if( rstDocument == null) + throw new IllegalArgumentException("Request does not contain the DOM Document"); + + SecurityTokenProvider provider = null; + + // first try to obtain the security token provider using the applies-to contents. + AppliesTo appliesTo = request.getAppliesTo(); + PublicKey providerPublicKey = null; + if (appliesTo != null) + { + String serviceName = WSTrustUtil.parseAppliesTo(appliesTo); + if (serviceName != null) + { + provider = this.configuration.getProviderForService(serviceName); + request.setTokenType(URI.create(this.configuration.getTokenTypeForService(serviceName))); + providerPublicKey = this.configuration.getServiceProviderPublicKey(serviceName); + } + } + // if applies-to is not available or if no provider was found for the service, use the token type. + if (provider == null && request.getTokenType() != null) + { + provider = this.configuration.getProviderForTokenType(request.getTokenType().toString()); + } + else if (appliesTo == null && request.getTokenType() == null) + throw new WSTrustException("Either AppliesTo or TokenType must be present in a security token request"); + + if (provider != null) + { + // create the request context and delegate token generation to the provider. + WSTrustRequestContext requestContext = new WSTrustRequestContext(request, callerPrincipal); + requestContext.setTokenIssuer(this.configuration.getSTSName()); + if (request.getLifetime() == null && this.configuration.getIssuedTokenTimeout() != 0) + { + // if no lifetime has been specified, use the configured timeout value. + request.setLifetime(WSTrustUtil.createDefaultLifetime(this.configuration.getIssuedTokenTimeout())); + } + requestContext.setServiceProviderPublicKey(providerPublicKey); + provider.issueToken(requestContext); + + if (requestContext.getSecurityToken() == null) + throw new WSTrustException("Token issued by provider " + provider.getClass().getName() + " is null"); + + // sign the issued token if needed. + /*if (this.configuration.signIssuedToken() && this.configuration.getSTSKeyPair() != null) + { + KeyPair keyPair = this.configuration.getSTSKeyPair(); + if (keyPair != null) + { + URI signatureURI = request.getSignatureAlgorithm(); + String signatureMethod = signatureURI != null ? signatureURI.toString() : SignatureMethod.RSA_SHA1; + try + { + Element tokenElement = (Element) requestContext.getSecurityToken().getTokenValue(); + XMLSignatureUtil.sign(tokenElement.getOwnerDocument(), keyPair, DigestMethod.SHA1, signatureMethod, + "#" + requestContext.getSecurityToken().getTokenID()); + if(trace) + { + try + { + log.trace("Signed Token:" + DocumentUtil.getNodeAsString(tokenElement)); + + Document tokenDocument = DocumentUtil.createDocument(); + tokenDocument.appendChild(tokenDocument.importNode(tokenElement, true)); + log.trace("valid=" + XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic())); + + }catch(Exception ignore){} + } + } + catch (Exception e) + { + throw new WSTrustException("Failed to sign security token", e); + } + } + }*/ + + // construct the ws-trust security token response. + RequestedSecurityTokenType requestedSecurityToken = new RequestedSecurityTokenType(); + requestedSecurityToken.setAny(requestContext.getSecurityToken().getTokenValue()); + + // TODO: create proof token and encrypt the token if needed + + RequestSecurityTokenResponse response = new RequestSecurityTokenResponse(); + if (request.getContext() != null) + response.setContext(request.getContext()); + + response.setTokenType(request.getTokenType()); + response.setLifetime(request.getLifetime()); + response.setAppliesTo(appliesTo); + response.setRequestedSecurityToken(requestedSecurityToken); + + // set the attached and unattached references. + if (requestContext.getAttachedReference() != null) + response.setRequestedAttachedReference(requestContext.getAttachedReference()); + if (requestContext.getUnattachedReference() != null) + response.setRequestedUnattachedReference(requestContext.getUnattachedReference()); + + return response; + } + else + throw new WSTrustException("Unable to find a token provider for the token request"); + } + + /* + * (non-Javadoc) + * + * @see + * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#renew(org.jboss.identity.federation.api.wstrust + * .protocol.RequestSecurityToken, java.security.Principal) + */ + public RequestSecurityTokenResponse renew(RequestSecurityToken request, Principal callerPrincipal) + throws WSTrustException + { + Document rstDocument = request.getRSTDocument(); + if( rstDocument == null) + throw new IllegalArgumentException("Request does not contain the DOM Document"); + + SecurityTokenProvider provider = null; + + // first try to obtain the security token provider using the applies-to contents. + AppliesTo appliesTo = request.getAppliesTo(); + PublicKey providerPublicKey = null; + if (appliesTo != null) + { + String serviceName = WSTrustUtil.parseAppliesTo(appliesTo); + if (serviceName != null) + { + provider = this.configuration.getProviderForService(serviceName); + request.setTokenType(URI.create(this.configuration.getTokenTypeForService(serviceName))); + providerPublicKey = this.configuration.getServiceProviderPublicKey(serviceName); + } + } + // if applies-to is not available or if no provider was found for the service, use the token type. + if (provider == null && request.getTokenType() != null) + { + provider = this.configuration.getProviderForTokenType(request.getTokenType().toString()); + } + else if (appliesTo == null && request.getTokenType() == null) + throw new WSTrustException("Either AppliesTo or TokenType must be present in a security token request"); + + // TODO: get the provider using the token from the request. + provider = this.configuration.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE); + + if (provider != null) + { + // create the request context and delegate token generation to the provider. + WSTrustRequestContext requestContext = new WSTrustRequestContext(request, callerPrincipal); + requestContext.setTokenIssuer(this.configuration.getSTSName()); + if (request.getLifetime() == null && this.configuration.getIssuedTokenTimeout() != 0) + { + // if no lifetime has been specified, use the configured timeout value. + request.setLifetime(WSTrustUtil.createDefaultLifetime(this.configuration.getIssuedTokenTimeout())); + } + requestContext.setServiceProviderPublicKey(providerPublicKey); + provider.renewToken(requestContext); + + if (requestContext.getSecurityToken() == null) + throw new WSTrustException("Token issued by provider " + provider.getClass().getName() + " is null"); + + + // construct the ws-trust security token response. + RequestedSecurityTokenType requestedSecurityToken = new RequestedSecurityTokenType(); + requestedSecurityToken.setAny(requestContext.getSecurityToken().getTokenValue()); + + // TODO: create proof token and encrypt the token if needed + + RequestSecurityTokenResponse response = new RequestSecurityTokenResponse(); + if (request.getContext() != null) + response.setContext(request.getContext()); + + response.setTokenType(request.getTokenType()); + response.setLifetime(request.getLifetime()); + response.setAppliesTo(appliesTo); + response.setRequestedSecurityToken(requestedSecurityToken); + + // set the attached and unattached references. + if (requestContext.getAttachedReference() != null) + response.setRequestedAttachedReference(requestContext.getAttachedReference()); + if (requestContext.getUnattachedReference() != null) + response.setRequestedUnattachedReference(requestContext.getUnattachedReference()); + + return response; + } + else + throw new WSTrustException("Unable to find a token provider for the token request"); + } + + /* + * (non-Javadoc) + * + * @see + * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#validate(org.jboss.identity.federation.api.wstrust + * .protocol.RequestSecurityToken, java.security.Principal) + */ + public RequestSecurityTokenResponse validate(RequestSecurityToken request, Principal callerPrincipal) + throws WSTrustException + { + Document rstDocument = request.getRSTDocument(); + if( rstDocument == null) + throw new IllegalArgumentException("Request does not contain the DOM Document"); + + if (request.getValidateTarget() == null) + throw new WSTrustException("Unable to validate token: validate target is null"); + + if (request.getTokenType() == null) + request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE)); + + // TODO: get the provider using the token from the request. + SecurityTokenProvider provider = this.configuration.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE); + WSTrustRequestContext context = new WSTrustRequestContext(request, callerPrincipal); + + StatusType status = null; + + // validate the security token digital signature. + if (this.configuration.signIssuedToken() && this.configuration.getSTSKeyPair() != null) + { + KeyPair keyPair = this.configuration.getSTSKeyPair(); + try + { + //Element tokenElement = (Element) request.getValidateTarget().getAny(); + Element tokenElement = request.getValidateTargetElement(); + + Node securityToken = tokenElement.getFirstChild(); + + if(trace) + { + try + { + log.trace("Going to validate:" + DocumentUtil.getNodeAsString(securityToken)); + } + catch (Exception e) + { + } + } + Document tokenDocument = DocumentUtil.createDocument(); + Node importedNode = tokenDocument.importNode(securityToken, true); + tokenDocument.appendChild(importedNode); + if (!XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic())) + { + status = new StatusType(); + status.setCode(WSTrustConstants.STATUS_CODE_INVALID); + status.setReason("Validation failure: digital signature is invalid"); + } + } + catch (Exception e) + { + status = new StatusType(); + status.setCode(WSTrustConstants.STATUS_CODE_INVALID); + status.setReason("Validation failure: unable to verify digital signature: " + e.getMessage()); + } + } + // TODO: add logging statements alerting that signature validation was not perfomed. + + // if the signature is valid, then let the provider handle perform any additional validation checks. + if(status == null) + { + provider.validateToken(context); + status = context.getStatus(); + } + + // construct and return the response. + RequestSecurityTokenResponse response = new RequestSecurityTokenResponse(); + if (request.getContext() != null) + response.setContext(request.getContext()); + response.setTokenType(request.getTokenType()); + response.setStatus(status); + + return response; + } + + /* + * (non-Javadoc) + * + * @see + * org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#cancel(org.jboss.identity.federation.api.wstrust + * .protocol.RequestSecurityToken, java.security.Principal) + */ + public RequestSecurityTokenResponse cancel(RequestSecurityToken request, Principal callerPrincipal) + throws WSTrustException + { + Document rstDocument = request.getRSTDocument(); + if( rstDocument == null) + throw new IllegalArgumentException("Request does not contain the DOM Document"); + + // TODO: implement cancel logic. + throw new UnsupportedOperationException(); + } + + public Document postProcess(Document rstrDocument, RequestSecurityToken request) throws WSTrustException + { + if(WSTrustConstants.ISSUE_REQUEST.equals(request.getRequestType().toString()) + || WSTrustConstants.RENEW_REQUEST.equals(request.getRequestType().toString())) + { + rstrDocument = DocumentUtil.normalizeNamespaces(rstrDocument); + + //Sign and encrypt + if (this.configuration.signIssuedToken() && this.configuration.getSTSKeyPair() != null) + { + KeyPair keyPair = this.configuration.getSTSKeyPair(); + if (keyPair != null) + { + URI signatureURI = request.getSignatureAlgorithm(); + String signatureMethod = signatureURI != null ? signatureURI.toString() : SignatureMethod.RSA_SHA1; + try + { + Node rst = rstrDocument.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE, + "RequestedSecurityToken").item(0); + Element tokenElement = (Element) rst.getFirstChild(); + if(trace) + { + log.trace("NamespaceURI of element to be signed:" +tokenElement.getNamespaceURI() ); + } + /* XMLSignatureUtil.sign(tokenElement.getOwnerDocument(), keyPair, DigestMethod.SHA1, signatureMethod, + "#" + tokenElement.getAttribute("ID")); + */ + rstrDocument = XMLSignatureUtil.sign(rstrDocument, tokenElement, keyPair, + DigestMethod.SHA1, signatureMethod, "#" + tokenElement.getAttribute("ID")); + if(trace) + { + try + { + log.trace("Signed Token:" + DocumentUtil.getNodeAsString(tokenElement)); + + Document tokenDocument = DocumentUtil.createDocument(); + tokenDocument.appendChild(tokenDocument.importNode(tokenElement, true)); + log.trace("valid=" + XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic())); + + }catch(Exception ignore){} + } + } + catch (Exception e) + { + throw new WSTrustException("Failed to sign security token", e); + } + } + } + } + + return rstrDocument; + } +} \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardSecurityToken.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardSecurityToken.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardSecurityToken.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,93 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import org.w3c.dom.Element; + +/** + * + * Standard implementation of the {@code SecurityToken} interface. This implementation stores the issued token as an + * {@code Element}. The token providers are responsible for marshaling the security token into an {@code Element} + * instance because the security token marshaling process falls out of the scope of the STS (the STS only deals with + * WS-Trust classes and doesn't know how to marshal each specific token type). + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class StandardSecurityToken implements SecurityToken +{ + private final String tokenType; + + private final String tokenId; + + private final Element token; + + /** + * + * Creates an instance of {@code StandardSecurityToken} with the specified parameters. + * + * + * @param tokenType + * a {@code String} representing the type of the security token. This is usually the same type as specified + * in the WS-Trust request message. + * @param token + * the security token in its {@code Element} form (i.e. the marshaled security token). + * @param tokenID + * a {@code String} representing the id of the security token. + */ + public StandardSecurityToken(String tokenType, Element token, String tokenID) + { + this.tokenType = tokenType; + this.tokenId = tokenID; + this.token = token; + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenType() + */ + public String getTokenType() + { + return this.tokenType; + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenValue() + */ + public Object getTokenValue() + { + return this.token; + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenID() + */ + public String getTokenID() + { + return this.tokenId; + } +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustConstants.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustConstants.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustConstants.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,54 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +/** + * + * This class defines the constants used throughout the WS-Trust implementation code. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class WSTrustConstants +{ + public static final String BASE_NAMESPACE = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; + + // WS-Trust request types. + public static final String ISSUE_REQUEST = BASE_NAMESPACE + "Issue"; + public static final String RENEW_REQUEST = BASE_NAMESPACE + "Renew"; + public static final String CANCEL_REQUEST = BASE_NAMESPACE + "Cancel"; + public static final String VALIDATE_REQUEST = BASE_NAMESPACE + "Validate"; + + // WS-Trust validation constants. + public static final String STATUS_TYPE = BASE_NAMESPACE + "RSTR/Status"; + public static final String STATUS_CODE_VALID = BASE_NAMESPACE + "status/valid"; + public static final String STATUS_CODE_INVALID = BASE_NAMESPACE + "status/invalid"; + + // WSS namespaces values. + public static final String WSA_NS = "http://www.w3.org/2005/08/addressing"; + public static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."; + public static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext..."; + public static final String WSSE11_NS = "http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd"; + public static final String XENC_NS = "http://www.w3.org/2001/04/xmlenc#"; + public static final String DSIG_NS = "http://www.w3.org/2000/09/xmldsig#"; + public static final String SAML2_ASSERTION_NS = "urn:oasis:names:tc:SAML:2.0:assertion"; +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustException.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustException.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustException.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,61 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import java.security.GeneralSecurityException; + +/** + * + * Exception used to convey that an error has happened when handling a WS-Trust request message. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class WSTrustException extends GeneralSecurityException +{ + private static final long serialVersionUID = -232066282004315310L; + + /** + * + * Creates an instance of {@code WSTrustException} using the specified error message. + * + * + * @param message the error message. + */ + public WSTrustException(String message) + { + super(message); + } + + /** + * + * Creates an instance of {@code WSTrustException} using the specified error message and cause. + * + * + * @param message the error message. + * @param cause a {@code Throwable} representing the cause of the error. + */ + public WSTrustException(String message, Throwable cause) + { + super(message, cause); + } +} \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustJAXBFactory.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustJAXBFactory.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustJAXBFactory.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,412 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import javax.xml.bind.Binder; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; +import javax.xml.transform.Source; +import javax.xml.transform.dom.DOMSource; + +import org.apache.log4j.Logger; +import org.jboss.identity.federation.core.exceptions.ParsingException; +import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder; +import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; +import org.jboss.identity.federation.core.util.JAXBUtil; +import org.jboss.identity.federation.core.wstrust.wrappers.BaseRequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.wrappers.BaseRequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection; +import org.jboss.identity.federation.ws.trust.ObjectFactory; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseCollectionType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.Node; +import org.w3c.dom.NodeList; + +/** + * + * This factory implements utility methods for converting between JAXB model objects and XML source. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class WSTrustJAXBFactory +{ + private static Logger log = Logger.getLogger(WSTrustJAXBFactory.class); + private boolean trace = log.isTraceEnabled(); + + private static final WSTrustJAXBFactory instance = new WSTrustJAXBFactory(); + + private Marshaller marshaller; + + private Unmarshaller unmarshaller; + + private Binder<Node> binder; + + private final ObjectFactory objectFactory; + + private ThreadLocal<SAMLDocumentHolder> holders = new ThreadLocal<SAMLDocumentHolder>(); + + /** + * + * Creates the {@code WSTrustJAXBFactory} singleton instance. + * + */ + private WSTrustJAXBFactory() + { + try + { + this.marshaller = JAXBUtil.getMarshaller(this.getPackages()); + this.unmarshaller = JAXBUtil.getUnmarshaller(this.getPackages()); + this.binder = JAXBUtil.getJAXBContext(this.getPackages()).createBinder(); + this.objectFactory = new ObjectFactory(); + } + catch (JAXBException e) + { + throw new RuntimeException(e.getMessage(), e); + } + } + + /** + * + * Gets a reference to the singleton instance. + * + * + * @return a reference to the {@code WSTrustJAXBFactory} instance. + */ + public static WSTrustJAXBFactory getInstance() + { + return instance; + } + + private String getPackages() + { + StringBuilder packages = new StringBuilder(); + packages.append("org.jboss.identity.federation.ws.addressing"); + packages.append(":org.jboss.identity.federation.ws.policy"); + packages.append(":org.jboss.identity.federation.ws.trust"); + packages.append(":org.jboss.identity.federation.ws.wss.secext"); + packages.append(":org.jboss.identity.federation.ws.wss.utility"); + return packages.toString(); + } + + /** + * + * Creates a {@code BaseRequestSecurityToken} from the specified XML source. + * + * + * @param request + * the XML source containing the security token request message. + * @return the constructed {@code BaseRequestSecurityToken} instance. It will be an instance of {@code + * RequestSecurityToken} the message contains a single token request, and an instance of {@code + * RequestSecurityTokenCollection} if multiples requests are being made in the same message. + * @throws ParsingException + */ + @SuppressWarnings("unchecked") + public BaseRequestSecurityToken parseRequestSecurityToken(Source request) throws ParsingException + { + // if the request contains a validate, cancel, or renew target, we must preserve it from JAXB unmarshalling. + Node documentNode = ((DOMSource) request).getNode(); + Document document = documentNode instanceof Document ? (Document) documentNode : documentNode.getOwnerDocument(); + + JAXBElement<RequestSecurityTokenType> jaxbRST; + try + { + Node rst = this.findNodeByNameNS(document, "RequestSecurityToken", WSTrustConstants.BASE_NAMESPACE); + if(rst == null) + throw new RuntimeException("Request Security Token node not found"); + + jaxbRST = (JAXBElement<RequestSecurityTokenType>) binder.unmarshal(rst); + + RequestSecurityTokenType rstt = jaxbRST.getValue(); + holders.set(new SAMLDocumentHolder(rstt, document)); + return new RequestSecurityToken(rstt); + } + catch (JAXBException e) + { + throw new ParsingException(e); + } + + + /*Element targetElement = this.getValidateOrRenewOrCancelTarget(document); + + try + { + Object object = this.unmarshaller.unmarshal(request); + if (object instanceof JAXBElement) + { + JAXBElement<?> element = (JAXBElement<?>) object; + if (element.getDeclaredType().equals(RequestSecurityTokenType.class)) + { + RequestSecurityToken parsedRequest = new RequestSecurityToken((RequestSecurityTokenType) element + .getValue()); + // insert the request target in the parsed request. + if (targetElement != null) + { + if (parsedRequest.getValidateTarget() != null) + parsedRequest.getValidateTarget().setAny(targetElement); + else if (parsedRequest.getRenewTarget() != null) + parsedRequest.getRenewTarget().setAny(targetElement); + else if (parsedRequest.getCancelTarget() != null) + parsedRequest.getCancelTarget().setAny(targetElement); + } + return parsedRequest; + } + else + throw new RuntimeException("Invalid request type: " + element.getDeclaredType()); + } + else + throw new RuntimeException("Invalid request type: " + object.getClass().getName()); + } + catch (Exception e) + { + throw new RuntimeException("Failed to unmarshall security token request", e); + }*/ + } + + /** + * + * Creates a {@code BaseRequestSecurityTokenResponse} from the specified XML source. + * + * + * @param response + * the XML source containing the security token response message. + * @return the constructed {@code BaseRequestSecurityTokenResponse} instance. According to the WS-Trust + * specification, the returned object will be an instance of {@code RequestSecurityTokenResponseCollection}. + */ + public BaseRequestSecurityTokenResponse parseRequestSecurityTokenResponse(Source response) + { + // if the response contains an issued token, we must preserve it from the JAXB unmarshalling. + Element tokenElement = null; + Node documentNode = ((DOMSource) response).getNode(); + Document document = documentNode instanceof Document ? (Document) documentNode : documentNode.getOwnerDocument(); + Node requestedTokenNode = this.findNodeByNameNS(document, "RequestedSecurityToken", + WSTrustConstants.BASE_NAMESPACE); + if (requestedTokenNode != null) + tokenElement = (Element) requestedTokenNode.getFirstChild(); + + try + { + Object object = this.unmarshaller.unmarshal(response); + if (object instanceof JAXBElement) + { + JAXBElement<?> element = (JAXBElement<?>) unmarshaller.unmarshal(response); + if (element.getDeclaredType().equals(RequestSecurityTokenResponseCollectionType.class)) + { + RequestSecurityTokenResponseCollection collection = new RequestSecurityTokenResponseCollection( + (RequestSecurityTokenResponseCollectionType) element.getValue()); + // insert the security token in the parsed response. + if (tokenElement != null) + { + RequestSecurityTokenResponse parsedResponse = collection.getRequestSecurityTokenResponses().get(0); + parsedResponse.getRequestedSecurityToken().setAny(tokenElement); + } + return collection; + } + else + throw new RuntimeException("Invalid response type: " + element.getDeclaredType()); + } + else + throw new RuntimeException("Invalid response type: " + object.getClass().getName()); + } + catch (Exception e) + { + throw new RuntimeException("Failed to unmarshall security token response", e); + } + } + + /** + * + * Creates a {@code javax.xml.transform.Source} from the specified request object. + * + * + * @param request + * a {@code RequestSecurityToken} representing the object model of the security token request. + * @return the constructed {@code Source} instance. + */ + public Source marshallRequestSecurityToken(RequestSecurityToken request) + { + Element targetElement = null; + // if the request has a validate, cancel, or renew target, we must preserve it from JAXB marshaling. + String requestType = request.getRequestType().toString(); + if (requestType.equalsIgnoreCase(WSTrustConstants.VALIDATE_REQUEST)) + { + targetElement = (Element) request.getValidateTarget().getAny(); + request.getValidateTarget().setAny(null); + } + else if (requestType.equalsIgnoreCase(WSTrustConstants.RENEW_REQUEST)) + { + targetElement = (Element) request.getRenewTarget().getAny(); + request.getRenewTarget().setAny(null); + } + else if (requestType.equalsIgnoreCase(WSTrustConstants.CANCEL_REQUEST)) + { + targetElement = (Element) request.getCancelTarget().getAny(); + request.getCancelTarget().setAny(null); + } + + Document result = null; + try + { + result = DocumentUtil.createDocument(); + this.marshaller.marshal(this.objectFactory.createRequestSecurityToken(request.getDelegate()), result); + + // insert the original target in the appropriate element. + if (targetElement != null) + { + Node node = null; + if (requestType.equalsIgnoreCase(WSTrustConstants.VALIDATE_REQUEST)) + node = this.findNodeByNameNS(result, "ValidateTarget", WSTrustConstants.BASE_NAMESPACE); + else if (requestType.equalsIgnoreCase(WSTrustConstants.RENEW_REQUEST)) + node = this.findNodeByNameNS(result, "RenewTarget", WSTrustConstants.BASE_NAMESPACE); + else if (requestType.equalsIgnoreCase(WSTrustConstants.CANCEL_REQUEST)) + node = this.findNodeByNameNS(result, "CancelTarget", WSTrustConstants.BASE_NAMESPACE); + if(node == null) + throw new RuntimeException("Unsupported request type:" + requestType); + node.appendChild(result.importNode(targetElement, true)); + } + } + catch (Exception e) + { + throw new RuntimeException("Failed to marshall security token request", e); + } + + return DocumentUtil.getXMLSource(result); + } + + /** + * + * Creates a {@code javax.xml.transform.Source} from the specified response object. + * + * + * @param collection + * a {@code RequestSecurityTokenResponseCollection} representing the object model of the security token + * response. + * @return the constructed {@code Source} instance. + */ + public Source marshallRequestSecurityTokenResponse(RequestSecurityTokenResponseCollection collection) + { + if (collection.getRequestSecurityTokenResponses().size() == 0) + throw new IllegalArgumentException("The response collection must contain at least one response"); + + // if the response contains an issued token, we must preserve it from the JAXB marshaling. + Element tokenElement = null; + RequestSecurityTokenResponse response = collection.getRequestSecurityTokenResponses().get(0); + if (response.getRequestedSecurityToken() != null) + { + tokenElement = (Element) response.getRequestedSecurityToken().getAny(); + // we don't want to marshall any token - it will be inserted in the DOM document later. + response.getRequestedSecurityToken().setAny(null); + } + + Document result = null; + try + { + // marshall the response to a document and insert the issued token directly on the document. + result = DocumentUtil.createDocument(); + this.marshaller.marshal(this.objectFactory.createRequestSecurityTokenResponseCollection(collection + .getDelegate()), result); + + // the document is a ws-trust template - we need to insert the token in the appropriate element. + if (tokenElement != null) + { + Node node = this.findNodeByNameNS(result, "RequestedSecurityToken", WSTrustConstants.BASE_NAMESPACE); + node.appendChild(result.importNode(tokenElement, true)); + } + if(trace) + { + try + { + log.trace("Final RSTR doc:" + DocumentUtil.getDocumentAsString(result)); + + }catch(Exception ignore){} + } + + } + catch (Exception e) + { + throw new RuntimeException("Failed to marshall security token response", e); + } + return DocumentUtil.getXMLSource(result); + } + + /** + * Return the {@code SAMLDocumentHolder} for the thread + * @return + */ + public SAMLDocumentHolder getSAMLDocumentHolderOnThread() + { + return holders.get(); + } + + /** + * + * Finds in the specified document a node that matches the specified name and namespace. + * + * + * @param document + * the {@code Document} instance upon which the search is made. + * @param localName + * a {@code String} containing the local name of the searched node. + * @param namespace + * a {@code String} containing the namespace of the searched node. + * @return a {@code Node} representing the searched node. If more than one node is found in the document, the first + * one will be returned. If no nodes were found according to the search parameters, then {@code null} is + * returned. + */ + private Node findNodeByNameNS(Document document, String localName, String namespace) + { + NodeList list = document.getElementsByTagNameNS(namespace, localName); + if (list == null || list.getLength() == 0) + // log("Unable to locate element " + localName + " with namespace " + namespace); + return null; + return list.item(0); + } + + /** + * + * Searches the specified document for an element that represents a validate, renew, or cancel target. + * + * + * @param document + * the {@code Document} upon which the search is to be made. + * @return an {@code Element} representing the validate, renew, or cancel target. + */ + /*private Element getValidateOrRenewOrCancelTarget(Document document) + { + Node target = this.findNodeByNameNS(document, "ValidateTarget", WSTrustConstants.BASE_NAMESPACE); + if (target != null) + return (Element) target.getFirstChild(); + target = this.findNodeByNameNS(document, "RenewTarget", WSTrustConstants.BASE_NAMESPACE); + if (target != null) + return (Element) target.getFirstChild(); + target = this.findNodeByNameNS(document, "CancelTarget", WSTrustConstants.BASE_NAMESPACE); + if (target != null) + return (Element) target.getFirstChild(); + return null; + }*/ +} \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestContext.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestContext.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestContext.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,247 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import java.security.Principal; +import java.security.PublicKey; + +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.jboss.identity.federation.ws.trust.RequestedReferenceType; +import org.jboss.identity.federation.ws.trust.StatusType; + +/** + * + * The {@code WSTrustRequestContext} contains all the information that is relevant for the security token request + * processing. Its attributes are divided into two groups: attributes set by the request handler before calling a token + * provider, and attributes set by the token provider after processing the token request. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class WSTrustRequestContext +{ + + // information supplied by the request handler. + private String tokenIssuer; + + private PublicKey providerPublicKey; + + private final Principal callerPrincipal; + + private final RequestSecurityToken request; + + // information supplied by the token provider. + private SecurityToken securityToken; + + private StatusType status; + + private RequestedReferenceType attachedReference; + + private RequestedReferenceType unattachedReference; + + /** + * + * Creates an instance of {@code WSTrustRequestContext} using the specified request. + * + * + * @param request a {@code RequestSecurityToken} object that contains the information about the security token + * request. + * @param callerPrincipal the {@code Principal} of the security token requester. + */ + public WSTrustRequestContext(RequestSecurityToken request, Principal callerPrincipal) + { + this.request = request; + this.callerPrincipal = callerPrincipal; + } + + /** + * + * Obtains the name of the token issuer (security token service name). + * + * + * @return a {@code String} representing the token issuer name. + */ + public String getTokenIssuer() + { + return tokenIssuer; + } + + /** + * + * Sets the name of the token issuer. + * + * + * @param tokenIssuer a {@code String} representing the token issuer name. + */ + public void setTokenIssuer(String tokenIssuer) + { + this.tokenIssuer = tokenIssuer; + } + + /** + * + * Obtains the {@code PublicKey} of the service provider that requires a security token. + * + * + * @return the service provider's {@code PublicKey}. + */ + public PublicKey getServiceProviderPublicKey() + { + return this.providerPublicKey; + } + + /** + * + * Sets the {@code PublicKey} of the service provider that requires a security token. + * + * + * @param providerPublicKey the service provider's {@code PublicKey}. + */ + public void setServiceProviderPublicKey(PublicKey providerPublicKey) + { + this.providerPublicKey = providerPublicKey; + } + + /** + * + * Obtains the principal of the WS-Trust token requester. + * + * + * @return a reference to the caller {@code Principal} object. + */ + public Principal getCallerPrincipal() + { + return this.callerPrincipal; + } + + /** + * + * Obtains the object the contains the information about the security token request. + * + * + * @return a reference to the {@code RequestSecurityToken} instance. + */ + public RequestSecurityToken getRequestSecurityToken() + { + return this.request; + } + + /** + * + * Obtains the security token contained in this context. + * + * + * @return a reference to the {@code SecurityToken} instance. + */ + public SecurityToken getSecurityToken() + { + return this.securityToken; + } + + /** + * + * Sets the security token in the context. + * + * + * @param token the {@code SecurityToken} instance to be set. + */ + public void setSecurityToken(SecurityToken token) + { + this.securityToken = token; + } + + /** + * + * Obtains the status of the security token validation. + * + * + * @return a reference to the resulting {@code StatusType}. + */ + public StatusType getStatus() + { + return this.status; + } + + /** + * + * Sets the status of the security token validation. + * + * + * @param status a reference to the {@code StatusType} that represents the validation status. + */ + public void setStatus(StatusType status) + { + this.status = status; + } + + /** + * + * Obtains the security token attached reference. This reference is used to locate the token inside the WS-Trust + * response message when that token doesn't support references using URI fragments. + * + * + * @return a {@code RequestedReferenceType} representing the attached reference. + */ + public RequestedReferenceType getAttachedReference() + { + return this.attachedReference; + } + + /** + * + * Sets the security token attached reference. This reference is used to locate the token inside the WS-Trust + * response message when that token doesn't support references using URI fragments. + * + * + * @param attachedReference a {@code RequestedReferenceType} representing the attached reference. + */ + public void setAttachedReference(RequestedReferenceType attachedReference) + { + this.attachedReference = attachedReference; + } + + /** + * + * Obtains the security token unattached reference. This reference is used to locate the token when it is not placed + * inside the WS-Trust response message. + * + * + * @return a {@code RequestedReferenceType} representing the unattached reference. + */ + public RequestedReferenceType getUnattachedReference() + { + return this.unattachedReference; + } + + /** + * + * Sets the security token unattached reference. This reference is used to locate the token when it is not placed + * inside the WS-Trust response message. + * + * + * @param unattachedReference a {@code RequestedReferenceType} representing the unattached reference. + */ + public void setUnattachedReference(RequestedReferenceType unattachedReference) + { + this.unattachedReference = unattachedReference; + } +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestHandler.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestHandler.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestHandler.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,111 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import java.security.Principal; + +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse; +import org.w3c.dom.Document; + +/** + * + * The {@code WSTrustRequestHandler} interface defines the methods that will be responsible for handling the different + * types of WS-Trust request messages. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public interface WSTrustRequestHandler +{ + /** + * + * Initializes the concrete {@code WSTrustRequestHandler} instance. + * + * + * @param configuration a reference to object that contains the STS configuration. + */ + public void initialize(STSConfiguration configuration); + + /** + * + * Generates a security token according to the information specified in the request message and returns the created + * token in the response. + * + * + * @param request the security token request message. + * @param callerPrincipal the {@code Principal} of the ws-trust token requester. + * @return a {@code RequestSecurityTokenResponse} containing the generated token. + * @throws WSTrustException if an error occurs while handling the request message. + */ + public RequestSecurityTokenResponse issue(RequestSecurityToken request, Principal callerPrincipal) + throws WSTrustException; + + /** + * + * Renews the security token as specified in the request message, returning the renewed token in the response. + * + * + * @param request the request message that contains the token to be renewed. + * @param callerPrincipal the {@code Principal} of the ws-trust token requester. + * @return a {@code RequestSecurityTokenResponse} containing the renewed token. + * @throws WSTrustException if an error occurs while handling the renewal process. + */ + public RequestSecurityTokenResponse renew(RequestSecurityToken request, Principal callerPrincipal) + throws WSTrustException; + + /** + * + * Cancels the security token as specified in the request message. + * + * + * @param request the request message that contains the token to be canceled. + * @param callerPrincipal the {@code Principal} of the ws-trust token requester. + * @return a {@code RequestSecurityTokenResponse} indicating whether the token has been canceled or not. + * @throws WSTrustException if an error occurs while handling the cancellation process. + */ + public RequestSecurityTokenResponse cancel(RequestSecurityToken request, Principal callerPrincipal) + throws WSTrustException; + + /** + * + * Validates the security token as specified in the request message. + * + * + * @param request the request message that contains the token to be validated. + * @param callerPrincipal the {@code Principal} of the ws-trust token requester. + * @return a {@code RequestSecurityTokenResponse} containing the validation status or a new token. + * @throws WSTrustException if an error occurs while handling the validation process. + */ + public RequestSecurityTokenResponse validate(RequestSecurityToken request, Principal callerPrincipal) + throws WSTrustException; + + /** + * Perform Post Processing on the generated RSTR Collection Document + * Steps such as signing and encryption need to be done here. + * @param rstrDocument + * @param request + * @return + * @throws WSTrustException + */ + public Document postProcess(Document rstrDocument, RequestSecurityToken request) throws WSTrustException; +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustServiceFactory.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustServiceFactory.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustServiceFactory.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,102 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import java.security.PrivilegedActionException; + +/** + * + * Factory class used for instantiating pluggable services, such as the {@code WSTrustRequestHandler} and + * {@code SecurityTokenProvider} implementations. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class WSTrustServiceFactory +{ + + private static final WSTrustServiceFactory factory = new WSTrustServiceFactory(); + + /** + * + * Creates the {@code WSTrustConfigurationFactory} singleton instance. + * + */ + private WSTrustServiceFactory() + { + } + + /** + * + * Obtains a reference to the singleton instance. + * + * + * @return the {@code WSTrustConfigurationFactory} singleton. + */ + public static WSTrustServiceFactory getInstance() + { + return factory; + } + + /** + * + * Constructs and returns the {@code WSTrustRequestHandler} that will be used to handle WS-Trust requests. + * + * + * @param configuration a reference to the {@code STSConfiguration}. + * @return a reference to the constructed {@code WSTrustRequestHandler} object. + */ + public WSTrustRequestHandler createRequestHandler(String handlerClassName, STSConfiguration configuration) + { + try + { + WSTrustRequestHandler handler = (WSTrustRequestHandler) SecurityActions.instantiateClass(handlerClassName); + handler.initialize(configuration); + return handler; + } + catch (Exception e) + { + throw new RuntimeException(e.getMessage(), e); + } + } + + /** + * + * Constructs and returns a {@code SecurityTokenProvider} from the specified class name. + * + * + * @param providerClass the FQN of the {@code SecurityTokenProvider} to be instantiated. + * @return a reference to the constructed {@code SecurityTokenProvider} object. + */ + public SecurityTokenProvider createTokenProvider(String providerClass) + { + try + { + SecurityTokenProvider tokenProvider = (SecurityTokenProvider) SecurityActions.instantiateClass(providerClass); + return tokenProvider; + } + catch (PrivilegedActionException pae) + { + throw new RuntimeException("Unable to instantiate token provider " + providerClass, pae); + } + } +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustUtil.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustUtil.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,157 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust; + +import java.util.GregorianCalendar; +import java.util.Map; + +import javax.xml.bind.JAXBElement; +import javax.xml.namespace.QName; + +import org.jboss.identity.federation.core.wstrust.wrappers.Lifetime; +import org.jboss.identity.federation.ws.addressing.AttributedURIType; +import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; +import org.jboss.identity.federation.ws.addressing.ObjectFactory; +import org.jboss.identity.federation.ws.policy.AppliesTo; +import org.jboss.identity.federation.ws.trust.RequestedReferenceType; +import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType; +import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType; + +/** + * + * Utility class that provides methods for parsing/creating WS-Trust elements. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class WSTrustUtil +{ + + /** + * + * Creates an instance of {@code KeyIdentifierType} with the specified values. + * + * + * @param valueType a {@code String} representing the identifier value type. + * @param value a {@code String} representing the identifier value. + * @return the constructed {@code KeyIdentifierType} instance. + */ + public static KeyIdentifierType createKeyIdentifier(String valueType, String value) + { + KeyIdentifierType keyIdentifier = new KeyIdentifierType(); + keyIdentifier.setValueType(valueType); + keyIdentifier.setValue(value); + return keyIdentifier; + } + + /** + * + * Creates an instance of {@code RequestedReferenceType} with the specified values. This method first creates a + * {@code SecurityTokenReferenceType} with the specified key identifier and attributes and then use this reference + * to construct the {@code RequestedReferenceType} that is returned. + * + * + * @param keyIdentifier the key identifier of the security token reference. + * @param attributes the attributes to be set on the security token reference. + * @return the constructed {@code RequestedReferenceType} instance. + */ + public static RequestedReferenceType createRequestedReference(KeyIdentifierType keyIdentifier, + Map<QName, String> attributes) + { + SecurityTokenReferenceType securityTokenReference = new SecurityTokenReferenceType(); + securityTokenReference.getAny().add( + new org.jboss.identity.federation.ws.wss.secext.ObjectFactory().createKeyIdentifier(keyIdentifier)); + securityTokenReference.getOtherAttributes().putAll(attributes); + RequestedReferenceType reference = new RequestedReferenceType(); + reference.setSecurityTokenReference(securityTokenReference); + + return reference; + } + + /** + * + * Creates an instance of {@code AppliesTo} using the specified endpoint address. + * + * + * @param endpointURI a {@code String} representing the endpoint URI. + * @return the constructed {@code AppliesTo} instance. + */ + public static AppliesTo createAppliesTo(String endpointURI) + { + AttributedURIType attributedURI = new AttributedURIType(); + attributedURI.setValue(endpointURI); + EndpointReferenceType reference = new EndpointReferenceType(); + reference.setAddress(attributedURI); + AppliesTo appliesTo = new AppliesTo(); + appliesTo.getAny().add(new ObjectFactory().createEndpointReference(reference)); + + return appliesTo; + } + + /** + * + * Parses the contents of the {@code AppliesTo} element and returns the address the uniquely identify the service + * provider. + * + * + * @param appliesTo the {@code AppliesTo} instance to be parsed. + * @return the address of the service provider. + */ + public static String parseAppliesTo(AppliesTo appliesTo) + { + EndpointReferenceType reference = null; + for (Object obj : appliesTo.getAny()) + { + if (obj instanceof EndpointReferenceType) + reference = (EndpointReferenceType) obj; + else if (obj instanceof JAXBElement) + { + JAXBElement<?> element = (JAXBElement<?>) obj; + if (element.getName().getLocalPart().equalsIgnoreCase("EndpointReference")) + reference = (EndpointReferenceType) element.getValue(); + } + + if (reference != null && reference.getAddress() != null) + return reference.getAddress().getValue(); + } + return null; + } + + /** + * + * Creates a {@code Lifetime} instance that specifies a range of time that starts at the current GMT time and has + * the specified duration in milliseconds. + * + * + * @param tokenTimeout the token timeout value (in milliseconds). + * @return the constructed {@code Lifetime} instance. + */ + public static Lifetime createDefaultLifetime(long tokenTimeout) + { + GregorianCalendar created = new GregorianCalendar(); + GregorianCalendar expires = new GregorianCalendar(); + expires.setTimeInMillis(created.getTimeInMillis() + tokenTimeout); + + return new Lifetime(created, expires); + } + +} Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,242 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust.plugins.saml; + +import java.security.Principal; +import java.util.HashMap; +import java.util.Map; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.namespace.QName; + +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; +import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory; +import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil; +import org.jboss.identity.federation.core.wstrust.SecurityToken; +import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider; +import org.jboss.identity.federation.core.wstrust.StandardSecurityToken; +import org.jboss.identity.federation.core.wstrust.WSTrustConstants; +import org.jboss.identity.federation.core.wstrust.WSTrustException; +import org.jboss.identity.federation.core.wstrust.WSTrustRequestContext; +import org.jboss.identity.federation.core.wstrust.WSTrustUtil; +import org.jboss.identity.federation.core.wstrust.wrappers.Lifetime; +import org.jboss.identity.federation.saml.v2.assertion.AssertionType; +import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType; +import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; +import org.jboss.identity.federation.saml.v2.assertion.NameIDType; +import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType; +import org.jboss.identity.federation.saml.v2.assertion.SubjectType; +import org.jboss.identity.federation.ws.policy.AppliesTo; +import org.jboss.identity.federation.ws.trust.RequestedReferenceType; +import org.jboss.identity.federation.ws.trust.StatusType; +import org.jboss.identity.federation.ws.trust.ValidateTargetType; +import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType; +import org.w3c.dom.Element; + +/** + * + * A {@code SecurityTokenProvider} implementation that handles WS-Trust SAML 2.0 token requests. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class SAML20TokenProvider implements SecurityTokenProvider +{ + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void cancelToken(WSTrustRequestContext context) throws WSTrustException + { + // TODO: implement cancel logic. + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void issueToken(WSTrustRequestContext context) throws WSTrustException + { + // generate an id for the new assertion. + String assertionID = IDGenerator.create("ID_"); + + issueToken(context, assertionID); + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void renewToken(WSTrustRequestContext context) throws WSTrustException + { + Element assertion = (Element) context.getRequestSecurityToken().getRenewTarget().getAny(); + + String id = assertion.getAttribute("ID"); + + issueToken(context, id); //Just reissue + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + @SuppressWarnings("unchecked") + public void validateToken(WSTrustRequestContext context) throws WSTrustException + { + // get the SAML assertion that must be validated. + ValidateTargetType validateTarget = context.getRequestSecurityToken().getValidateTarget(); + if(validateTarget == null) + throw new WSTrustException("Invalid validate message: missing required ValidateTarget"); + + String code = WSTrustConstants.STATUS_CODE_VALID; + String reason = "SAMLV2.0 Assertion successfuly validated"; + + AssertionType assertion = null; + + Object assertionObj = validateTarget.getAny(); + if(assertionObj instanceof JAXBElement) + { + JAXBElement<AssertionType> assertionType = (JAXBElement<AssertionType>) validateTarget.getAny(); + assertion = assertionType.getValue(); + } + else if(assertionObj instanceof Element) + { + Element assertionElement = (Element) assertionObj; + + if(!this.isAssertion(assertionElement)) + { + code = WSTrustConstants.STATUS_CODE_INVALID; + reason = "Validation failure: supplied token is not a SAMLV2.0 Assertion"; + } + else + { + try + { + assertion = SAMLUtil.fromElement((Element) assertionObj); + } + catch (JAXBException e) + { + throw new WSTrustException("Unmarshalling error:",e); + } + } + } + + // check the assertion lifetime. + try + { + if(AssertionUtil.hasExpired(assertion)) + { + code = WSTrustConstants.STATUS_CODE_INVALID; + reason = "Validation failure: assertion expired or used before its lifetime period"; + } + } + catch(Exception ce) + { + code = WSTrustConstants.STATUS_CODE_INVALID; + reason = "Validation failure: unable to verify assertion lifetime: " + ce.getMessage(); + } + + // construct the status and set it on the request context. + StatusType status = new StatusType(); + status.setCode(code); + status.setReason(reason); + context.setStatus(status); + } + + /** + * + * Checks whether the specified element is a SAMLV2.0 assertion or not. + * + * + * @param element the {@code Element} being verified. + * @return {@code true} if the element is a SAMLV2.0 assertion; {@code false} otherwise. + */ + private boolean isAssertion(Element element) + { + return element == null ? false : "Assertion".equals(element.getLocalName()) + && WSTrustConstants.SAML2_ASSERTION_NS.equals(element.getNamespaceURI()); + } + + /** + * Issue a SAML assertion token with the provided ID + * @param context + * @param assertionID + * @throws WSTrustException + */ + private void issueToken(WSTrustRequestContext context, String assertionID) throws WSTrustException + { + // lifetime and audience restrictions. + Lifetime lifetime = context.getRequestSecurityToken().getLifetime(); + AudienceRestrictionType restriction = null; + AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo(); + if (appliesTo != null) + restriction = SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo)); + ConditionsType conditions = SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(), + restriction); + + // TODO: implement support for the other confirmation methods. + String confirmationMethod = SAMLUtil.SAML2_BEARER_URI; + SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null, + confirmationMethod, null); + + // create a subject using the caller principal. + Principal principal = context.getCallerPrincipal(); + String subjectName = principal == null ? "ANONYMOUS" : principal.getName(); + NameIDType nameID = SAMLAssertionFactory.createNameID(null, "urn:jboss:identity-federation", subjectName); + SubjectType subject = SAMLAssertionFactory.createSubject(nameID, subjectConfirmation); + + // TODO: add SAML statements that corresponds to the claims provided by the requester. + + // create the SAML assertion. + NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer()); + AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(), + conditions, subject, null); + + // convert the constructed assertion to element. + Element assertionElement = null; + try + { + assertionElement = SAMLUtil.toElement(assertion); + } + catch (Exception e) + { + throw new WSTrustException("Failed to marshall SAMLV2 assertion", e); + } + + SecurityToken token = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(), + assertionElement, assertionID); + context.setSecurityToken(token); + + // set the SAML assertion attached reference. + KeyIdentifierType keyIdentifier = WSTrustUtil.createKeyIdentifier(SAMLUtil.SAML2_VALUE_TYPE, "#" + assertionID); + Map<QName, String> attributes = new HashMap<QName, String>(); + attributes.put(new QName(WSTrustConstants.WSSE11_NS, "TokenType"), SAMLUtil.SAML2_TOKEN_TYPE); + RequestedReferenceType attachedReference = WSTrustUtil.createRequestedReference(keyIdentifier, attributes); + context.setAttachedReference(attachedReference); + } +} \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,105 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust.plugins.saml; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; +import javax.xml.transform.dom.DOMResult; + +import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; +import org.jboss.identity.federation.core.util.JAXBUtil; +import org.jboss.identity.federation.saml.v2.assertion.AssertionType; +import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory; +import org.w3c.dom.DOMConfiguration; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +/** + * + * This class contains utility methods and constants that are used by the SAML token providers. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class SAMLUtil +{ + + public static final String SAML2_BEARER_URI = "urn:oasis:names:tc:SAML:2.0:cm:bearer"; + + public static final String SAML2_TOKEN_TYPE = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; + + public static final String SAML2_VALUE_TYPE = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID"; + + /** + * + * Utility method that marshals the specified {@code AssertionType} object into an {@code Element} instance. + * + * + * @param assertion + * an {@code AssertionType} object representing the SAML assertion to be marshaled. + * @return a reference to the {@code Element} that contains the marshaled SAML assertion. + * @throws Exception + * if an error occurs while marshaling the assertion. + */ + public static Element toElement(AssertionType assertion) throws Exception + { + Document document = DocumentUtil.createDocument(); + DOMResult result = new DOMResult(document); + Marshaller marshaller = JAXBUtil.getMarshaller("org.jboss.identity.federation.saml.v2.assertion"); + marshaller.marshal(new ObjectFactory().createAssertion(assertion), result); + + // normalize the document to remove unused namespaces. + DOMConfiguration docConfig = document.getDomConfig(); + docConfig.setParameter("namespaces", Boolean.TRUE); + docConfig.setParameter("namespace-declarations", Boolean.FALSE); + document.normalizeDocument(); + + return document.getDocumentElement(); + } + + /** + * + * Utility method that unmarshals the specified {@code Element} into an {@code AssertionType} instance. + * + * + * @param assertionElement + * the {@code Element} that contains the marshaled SAMLV2.0 assertion. + * @return a reference to the unmarshaled {@code AssertionType} instance. + * @throws JAXBException if an error occurs while unmarshalling the document. + */ + public static AssertionType fromElement(Element assertionElement) throws JAXBException + { + Unmarshaller unmarshaller = JAXBUtil.getUnmarshaller("org.jboss.identity.federation.saml.v2.assertion"); + Object object = unmarshaller.unmarshal(assertionElement); + if (object instanceof AssertionType) + return (AssertionType) object; + else if (object instanceof JAXBElement) + { + JAXBElement<?> element = (JAXBElement<?>) object; + if (element.getDeclaredType().equals(AssertionType.class)) + return (AssertionType) element.getValue(); + } + throw new IllegalArgumentException("Supplied document does not contain a SAMLV2.0 Assertion"); + } +} Copied: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityToken.java (from rev 757, identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java) =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityToken.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityToken.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,33 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust.wrappers; + +/** + * + * Marker interface for the request security token types. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public interface BaseRequestSecurityToken +{ +} Copied: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityTokenResponse.java (from rev 757, identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java) =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityTokenResponse.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityTokenResponse.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,33 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust.wrappers; + +/** + * + * Marker interface for the security token response types. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public interface BaseRequestSecurityTokenResponse +{ +} Copied: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/Lifetime.java (from rev 757, identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java) =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/Lifetime.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/Lifetime.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,236 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust.wrappers; + +import java.util.GregorianCalendar; + +import javax.xml.datatype.DatatypeConfigurationException; +import javax.xml.datatype.DatatypeFactory; +import javax.xml.datatype.XMLGregorianCalendar; + +import org.jboss.identity.federation.ws.trust.LifetimeType; +import org.jboss.identity.federation.ws.wss.utility.AttributedDateTime; + +/** + * + * This class represents a WS-Trust {@code Lifetime}. It wraps the JAXB {@code LifetimeType} and offer methods that + * allows for easy retrieval of the creation and expiration times as {@code XMLGregorianCalendar} and + * {@code GregorianCalendar} objects. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class Lifetime +{ + + private final LifetimeType delegate; + + private XMLGregorianCalendar created; + + private XMLGregorianCalendar expires; + + private DatatypeFactory factory; + + /** + * + * Creates an instance of {@code Lifetime} with the specified parameters. + * + * + * @param created a {@code GregorianCalendar} representing the token creation time. + * @param expires a {@code GregorianCalendar} representing the token expiration time. + */ + public Lifetime(GregorianCalendar created, GregorianCalendar expires) + { + try + { + this.factory = DatatypeFactory.newInstance(); + } + catch (DatatypeConfigurationException dce) + { + throw new RuntimeException("Unable to get DatatypeFactory instance", dce); + } + + // normalize the parameters (convert to UTC). + this.created = factory.newXMLGregorianCalendar(created).normalize(); + this.expires = factory.newXMLGregorianCalendar(expires).normalize(); + + // set the delegate fields. + this.delegate = new LifetimeType(); + AttributedDateTime dateTime = new AttributedDateTime(); + dateTime.setValue(this.created.toXMLFormat()); + this.delegate.setCreated(dateTime); + dateTime = new AttributedDateTime(); + dateTime.setValue(this.expires.toXMLFormat()); + this.delegate.setExpires(dateTime); + + } + + /** + * + * Creates a {@code Lifetime} instance using the specified {@code LifetimeType}. + * + * + * @param lifetime a reference to the {@code LifetimeType} instance that contains the information used in the + * {@code Lifetime} construction. + */ + public Lifetime(LifetimeType lifetime) + { + if (lifetime == null) + throw new IllegalArgumentException("Unable to create a Lifetime object from a null LifetimeType"); + + try + { + this.factory = DatatypeFactory.newInstance(); + } + catch (DatatypeConfigurationException dce) + { + throw new RuntimeException("Unable to get DatatypeFactory instance", dce); + } + this.delegate = lifetime; + + // construct the created and expires instances from the lifetime object. + this.created = factory.newXMLGregorianCalendar(lifetime.getCreated().getValue()); + this.expires = factory.newXMLGregorianCalendar(lifetime.getExpires().getValue()); + + // check if the supplied lifetime needs to be normalized. + if (this.created.getTimezone() != 0) + { + this.created = this.created.normalize(); + this.delegate.getCreated().setValue(this.created.toXMLFormat()); + } + if (this.expires.getTimezone() != 0) + { + this.expires = this.expires.normalize(); + this.delegate.getExpires().setValue(this.expires.toXMLFormat()); + } + } + + /** + * + * Obtains the creation time as a {@code XMLGregorianCalendar}. + * + * + * @return a reference to the {@code XMLGregorianCalendar} that represents the creation time. + */ + public XMLGregorianCalendar getCreated() + { + return this.created; + } + + /** + * + * Sets the creation time. + * + * + * @param created a reference to the {@code XMLGregorianCalendar} that represents the creation time to be set. + */ + public void setCreated(XMLGregorianCalendar created) + { + this.created = created.normalize(); + this.delegate.getCreated().setValue(this.created.toXMLFormat()); + } + + /** + * + * Obtains the creation time as a {@code GregorianCalendar}. + * + * + * @return a reference to the {@code GregorianCalendar} that represents the creation time. + */ + public GregorianCalendar getCreatedCalendar() + { + return this.created.toGregorianCalendar(); + } + + /** + * + * Sets the creation time. + * + * + * @param created a reference to the {@code GregorianCalendar} that represents the creation time to be set. + */ + public void setCreatedCalendar(GregorianCalendar created) + { + this.setCreated(this.factory.newXMLGregorianCalendar(created)); + } + + /** + * + * Obtains the expiration time as a {@code XMLGregorianCalendar}. + * + * + * @return a reference to the {@code XMLGregorianCalendar} that represents the expiration time. + */ + public XMLGregorianCalendar getExpires() + { + return this.expires; + } + + /** + * + * Sets the expiration time. + * + * + * @param expires a reference to the {@code XMLGregorianCalendar} that represents the expiration time. + */ + public void setExpires(XMLGregorianCalendar expires) + { + this.expires = expires.normalize(); + this.delegate.getExpires().setValue(this.expires.toXMLFormat()); + } + + /** + * + * Obtains the expiration time as a {@code GregorianCalendar}. + * + * + * @return a reference to the {@code GregorianCalendar} that represents the expiration time. + */ + public GregorianCalendar getExpiresCalendar() + { + return this.expires.toGregorianCalendar(); + } + + /** + * + * Sets the expiration time. + * + * + * @param expires a reference to the {@code GregorianCalendar} that represents the expiration time. + */ + public void setExpiresCalendar(GregorianCalendar expires) + { + this.setExpires(this.factory.newXMLGregorianCalendar(expires)); + } + + /** + * + * Obtains a reference to the {@code LifetimeType} delegate. + * + * + * @return a reference to the delegate instance. + */ + public LifetimeType getDelegate() + { + return this.delegate; + } +} Copied: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityToken.java (from rev 757, identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java) =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityToken.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityToken.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,1139 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust.wrappers; + +import java.net.URI; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import javax.xml.bind.JAXBElement; +import javax.xml.namespace.QName; + +import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; +import org.jboss.identity.federation.ws.policy.AppliesTo; +import org.jboss.identity.federation.ws.policy.Policy; +import org.jboss.identity.federation.ws.policy.PolicyReference; +import org.jboss.identity.federation.ws.trust.AllowPostdatingType; +import org.jboss.identity.federation.ws.trust.CancelTargetType; +import org.jboss.identity.federation.ws.trust.ClaimsType; +import org.jboss.identity.federation.ws.trust.DelegateToType; +import org.jboss.identity.federation.ws.trust.EncryptionType; +import org.jboss.identity.federation.ws.trust.EntropyType; +import org.jboss.identity.federation.ws.trust.LifetimeType; +import org.jboss.identity.federation.ws.trust.ObjectFactory; +import org.jboss.identity.federation.ws.trust.OnBehalfOfType; +import org.jboss.identity.federation.ws.trust.ProofEncryptionType; +import org.jboss.identity.federation.ws.trust.RenewTargetType; +import org.jboss.identity.federation.ws.trust.RenewingType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType; +import org.jboss.identity.federation.ws.trust.UseKeyType; +import org.jboss.identity.federation.ws.trust.ValidateTargetType; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.w3c.dom.NodeList; + +/** + * + * This class represents a WS-Trust {@code RequestSecurityToken}. It wraps the JAXB representation of the security + * token request and offers a series of getter/setter methods that make it easy to work with elements that are + * represented by the {@code Any} XML type. + * + * + * The following shows the intended content model of a {@code RequestSecurityToken}: + * + * <pre> + * <xs:element ref='wst:TokenType' minOccurs='0' /> + * <xs:element ref='wst:RequestType' /> + * <xs:element ref='wsp:AppliesTo' minOccurs='0' /> + * <xs:element ref='wst:Claims' minOccurs='0' /> + * <xs:element ref='wst:Entropy' minOccurs='0' /> + * <xs:element ref='wst:Lifetime' minOccurs='0' /> + * <xs:element ref='wst:AllowPostdating' minOccurs='0' /> + * <xs:element ref='wst:Renewing' minOccurs='0' /> + * <xs:element ref='wst:OnBehalfOf' minOccurs='0' /> + * <xs:element ref='wst:Issuer' minOccurs='0' /> + * <xs:element ref='wst:AuthenticationType' minOccurs='0' /> + * <xs:element ref='wst:KeyType' minOccurs='0' /> + * <xs:element ref='wst:KeySize' minOccurs='0' /> + * <xs:element ref='wst:SignatureAlgorithm' minOccurs='0' /> + * <xs:element ref='wst:Encryption' minOccurs='0' /> + * <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' /> + * <xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' /> + * <xs:element ref='wst:ProofEncryption' minOccurs='0' /> + * <xs:element ref='wst:UseKey' minOccurs='0' /> + * <xs:element ref='wst:SignWith' minOccurs='0' /> + * <xs:element ref='wst:EncryptWith' minOccurs='0' /> + * <xs:element ref='wst:DelegateTo' minOccurs='0' /> + * <xs:element ref='wst:Forwardable' minOccurs='0' /> + * <xs:element ref='wst:Delegatable' minOccurs='0' /> + * <xs:element ref='wsp:Policy' minOccurs='0' /> + * <xs:element ref='wsp:PolicyReference' minOccurs='0' /> + * <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' /> + * </pre> + * + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class RequestSecurityToken implements BaseRequestSecurityToken +{ + + private final RequestSecurityTokenType delegate; + + private URI tokenType; + + private URI requestType; + + private AppliesTo appliesTo; + + private ClaimsType claims; + + private EntropyType entropy; + + private Lifetime lifetime; + + private AllowPostdatingType allowPostDating; + + private RenewingType renewing; + + private OnBehalfOfType onBehalfOf; + + private EndpointReferenceType issuer; + + private URI authenticationType; + + private URI keyType; + + private long keySize; + + private URI signatureAlgorithm; + + private EncryptionType encryption; + + private URI encryptionAlgorithm; + + private URI canonicalizationAlgorithm; + + private ProofEncryptionType proofEncryption; + + private UseKeyType useKey; + + private URI signWith; + + private URI encryptWith; + + private DelegateToType delegateTo; + + private boolean forwardable; + + private boolean delegatable; + + private Policy policy; + + private PolicyReference policyReference; + + private ValidateTargetType validateTarget; + + private RenewTargetType renewTarget; + + private CancelTargetType cancelTarget; + + private final List<Object> extensionElements = new ArrayList<Object>(); + + private final ObjectFactory factory = new ObjectFactory(); + + private Document rstDocument; + + /** + * + * Creates an instance of {@code RequestSecurityToken}. + * + */ + public RequestSecurityToken() + { + this.delegate = new RequestSecurityTokenType(); + } + + /** + * + * Creates an instance of {@code RequestSecurityToken} using the specified delegate. + * + * + * @param delegate the JAXB {@code RequestSecurityTokenType} that represents a WS-Trust token request. + */ + public RequestSecurityToken(RequestSecurityTokenType delegate) + { + this.delegate = delegate; + // parse the delegate's Any contents. + for (Object obj : this.delegate.getAny()) + { + if (obj instanceof AppliesTo) + { + this.appliesTo = (AppliesTo) obj; + } + else if (obj instanceof Policy) + { + this.policy = (Policy) obj; + } + else if (obj instanceof PolicyReference) + { + this.policyReference = (PolicyReference) obj; + } + else if (obj instanceof JAXBElement) + { + JAXBElement<?> element = (JAXBElement<?>) obj; + String localName = element.getName().getLocalPart(); + if (localName.equalsIgnoreCase("TokenType")) + this.tokenType = URI.create((String) element.getValue()); + else if (localName.equalsIgnoreCase("RequestType")) + this.requestType = URI.create((String) element.getValue()); + else if (localName.equalsIgnoreCase("Claims")) + this.claims = (ClaimsType) element.getValue(); + else if (localName.equalsIgnoreCase("Entropy")) + this.entropy = (EntropyType) element.getValue(); + else if (localName.equalsIgnoreCase("Lifetime")) + this.lifetime = new Lifetime((LifetimeType) element.getValue()); + else if (localName.equalsIgnoreCase("AllowPostdating")) + this.allowPostDating = (AllowPostdatingType) element.getValue(); + else if (localName.equalsIgnoreCase("Renewing")) + this.renewing = (RenewingType) element.getValue(); + else if (localName.equalsIgnoreCase("OnBehalfOf")) + this.onBehalfOf = (OnBehalfOfType) element.getValue(); + else if (localName.equalsIgnoreCase("Issuer")) + this.issuer = (EndpointReferenceType) element.getValue(); + else if (localName.equalsIgnoreCase("AuthenticationType")) + this.authenticationType = URI.create((String) element.getValue()); + else if (localName.equalsIgnoreCase("KeyType")) + this.keyType = URI.create((String) element.getValue()); + else if (localName.equalsIgnoreCase("KeySize")) + this.keySize = (Long) element.getValue(); + else if (localName.equalsIgnoreCase("SignatureAlgorithm")) + this.signatureAlgorithm = URI.create((String) element.getValue()); + else if (localName.equalsIgnoreCase("Encryption")) + this.encryption = (EncryptionType) element.getValue(); + else if (localName.equalsIgnoreCase("EntropyAlgorithm")) + this.encryptionAlgorithm = URI.create((String) element.getValue()); + else if (localName.equalsIgnoreCase("CanonicalizationAlgorithm")) + this.canonicalizationAlgorithm = URI.create((String) element.getValue()); + else if (localName.equalsIgnoreCase("ProofEncryption")) + this.proofEncryption = (ProofEncryptionType) element.getValue(); + else if (localName.equalsIgnoreCase("UseKey")) + this.useKey = (UseKeyType) element.getValue(); + else if (localName.equalsIgnoreCase("SignWith")) + this.signWith = URI.create((String) element.getValue()); + else if (localName.equalsIgnoreCase("EncryptWith")) + this.encryptWith = URI.create((String) element.getValue()); + else if (localName.equalsIgnoreCase("DelegateTo")) + this.delegateTo = (DelegateToType) element.getValue(); + else if (localName.equalsIgnoreCase("Forwardable")) + this.forwardable = (Boolean) element.getValue(); + else if (localName.equalsIgnoreCase("Delegatable")) + this.delegatable = (Boolean) element.getValue(); + else if (localName.equalsIgnoreCase("CancelTarget")) + this.cancelTarget = (CancelTargetType) element.getValue(); + else if (localName.equalsIgnoreCase("RenewTarget")) + this.renewTarget = (RenewTargetType) element.getValue(); + else if (localName.equalsIgnoreCase("ValidateTarget")) + this.validateTarget = (ValidateTargetType) element.getValue(); + else + this.extensionElements.add(element.getValue()); + } + else + { + this.extensionElements.add(obj); + } + } + } + + /** + * Creates an instance of {@code RequestSecurityTokenType} and {@code Document} + * @param delegate + * @param rstDocument + */ + public RequestSecurityToken(RequestSecurityTokenType delegate, Document rstDocument) + { + this(delegate); + this.rstDocument = rstDocument; + } + + /** + * + * Obtains the {@code URI} that identifies the token type. + * + * + * @return a {@code URI} that represents the token type. + */ + public URI getTokenType() + { + return this.tokenType; + } + + /** + * + * Sets the token type. + * + * + * @param tokenType a {@code URI} that identifies the token type. + */ + public void setTokenType(URI tokenType) + { + this.tokenType = tokenType; + this.delegate.getAny().add(this.factory.createTokenType(tokenType.toString())); + + } + + /** + * + * Obtains the request type. + * + * + * @return a {@code URI} that identifies the request type. + */ + public URI getRequestType() + { + return this.requestType; + } + + /** + * + * Sets the request type. The type must be one of the request types described in the WS-Trust specification. + * + * + * @param requestType a {@code URI} that identifies the request type. + */ + public void setRequestType(URI requestType) + { + this.requestType = requestType; + this.delegate.getAny().add(this.factory.createRequestType(requestType.toString())); + } + + /** + * + * Obtains the {@code AppliesTo} value of this request. The {@code AppliesTo} object identifies the service provider + * (web service) that requires a token to be presented by clients. A STS uses this object to find the type of the + * token that is accepted by the service provider so that it can issue appropriate tokens to clients. + * + * + * @return the reference to the {@code AppliesTo} object. + */ + public AppliesTo getAppliesTo() + { + return this.appliesTo; + } + + /** + * + * Sets the {@code AppliesTo} value of this request. The {@code AppliesTo} object identifies the service provider + * (web service) that requires a token to be presented by clients. A STS uses this object to find the type of the + * token that is accepted by the service provider so that it can issue appropriate tokens to clients. + * + * + * @param appliesTo a reference to the {@code AppliesTo} object that identifies the service provider. + */ + public void setAppliesTo(AppliesTo appliesTo) + { + this.appliesTo = appliesTo; + this.delegate.getAny().add(appliesTo); + } + + /** + * + * Obtains the set of claims of this request. + * + * + * @return a reference to the {@code ClaimsType} object that represents the request's claims. + */ + public ClaimsType getClaims() + { + return this.claims; + } + + /** + * + * Sets the claims of this request. + * + * + * @param claims the {@code ClaimsType} object that represents the claims to be set. + */ + public void setClaims(ClaimsType claims) + { + this.claims = claims; + this.delegate.getAny().add(this.factory.createClaims(claims)); + } + + /** + * + * Obtains the entropy that will be used in creating the key. + * + * + * @return a reference to the {@code EntropyType} that represents the entropy. + */ + public EntropyType getEntropy() + { + return this.entropy; + } + + /** + * + * Sets the entropy that must be used when creating the key. + * + * + * @param entropy the {@code EntropyType} representing the entropy to be set. + */ + public void setEntropy(EntropyType entropy) + { + this.entropy = entropy; + this.delegate.getAny().add(this.factory.createEntropy(entropy)); + } + + /** + * + * Obtains the desired lifetime of the requested token. + * + * + * @return a reference to the {@code Lifetime} that represents the lifetime. + */ + public Lifetime getLifetime() + { + return this.lifetime; + } + + /** + * + * Sets the desired lifetime of the requested token. + * + * + * @param lifetime the {@code Lifetime} object representing the lifetime to be set. + */ + public void setLifetime(Lifetime lifetime) + { + this.lifetime = lifetime; + this.delegate.getAny().add(this.factory.createLifetime(lifetime.getDelegate())); + } + + /** + * + * Checks whether a request for a postdated token should be allowed or not. + * + * + * @return {@code null} if the token can't have a future lifetime (e.g. a token to be used the next day); a + * {@code AllowPostdatingType} otherwise. + */ + public AllowPostdatingType getAllowPostDating() + { + return this.allowPostDating; + } + + /** + * + * Specifies whether a request for a postdated token should be allowed or not. + * + * + * @param allowPostDating {@code null} if the token can't have a future lifetime (e.g. a token to be used the next + * day); a {@code AllowPostdatingType} otherwise. + */ + public void setAllowPostDating(AllowPostdatingType allowPostDating) + { + this.allowPostDating = allowPostDating; + this.delegate.getAny().add(this.factory.createAllowPostdating(allowPostDating)); + } + + /** + * + * Obtains the renew semantics for this request. + * + * + * @return a reference to the {@code RenewingType} that represents the renew semantics for this request. + */ + public RenewingType getRenewing() + { + return this.renewing; + } + + /** + * + * Sets the renew semantics for this request. + * + * + * @param renewing the {@code RenewingType} object representing the semantics to be set. + */ + public void setRenewing(RenewingType renewing) + { + this.renewing = renewing; + this.delegate.getAny().add(this.factory.createRenewing(renewing)); + } + + /** + * + * Obtains the identity on whose behalf this request was made. + * + * + * @return a reference to the {@code OnBehalfOfType} that represents the identity on whose behalf this request was + * made. + */ + public OnBehalfOfType getOnBehalfOf() + { + return this.onBehalfOf; + } + + /** + * + * Specifies the identity on whose behalf this request is being made. + * + * + * @param onBehalfOf the {@code OnBehalfOfType} object representing the identity to be set. + */ + public void setOnBehalfOf(OnBehalfOfType onBehalfOf) + { + this.onBehalfOf = onBehalfOf; + this.delegate.getAny().add(this.factory.createOnBehalfOf(onBehalfOf)); + } + + /** + * + * Obtains the issuer of the token included in the request in the scenarios where the requestor is obtaining a token + * on behalf of another party. + * + * + * @return a reference to the {@code EndpointReferenceType} that represents the issuer. + */ + public EndpointReferenceType getIssuer() + { + return this.issuer; + } + + /** + * + * Sets the issuer of the token included in the request in scenarios where the requestor is obtaining a token on + * behalf of another party. + * + * + * @param issuer the {@code EndpointReferenceType} object representing the issuer to be set. + */ + public void setIssuer(EndpointReferenceType issuer) + { + this.issuer = issuer; + this.delegate.getAny().add(this.factory.createIssuer(issuer)); + } + + /** + * + * Obtains the type of authentication that has been set as part of the request. + * + * + * @return a {@code URI} that identifies the desired authentication type. + */ + public URI getAuthenticationType() + { + return this.authenticationType; + } + + /** + * + * Sets the authentication type in the request. + * + * + * @param authenticationType a {@code URI} that identifies the authentication type to be set. + */ + public void setAuthenticationType(URI authenticationType) + { + this.authenticationType = authenticationType; + this.delegate.getAny().add(this.factory.createAuthenticationType(authenticationType.toString())); + } + + /** + * + * Obtains the type of the key that has been set in the request. + * + * + * @return a {@code URI} that identifies the key type. + */ + public URI getKeyType() + { + return this.keyType; + } + + /** + * + * Sets the key type in the request. + * + * + * @param keyType a {@code URI} that specifies the key type. + */ + public void setKeyType(URI keyType) + { + this.keyType = keyType; + this.delegate.getAny().add(this.factory.createKeyType(keyType.toString())); + } + + /** + * + * Obtains the size of they key that has been set in the request. + * + * + * @return a {@code long} representing the key size in bytes. + */ + public long getKeySize() + { + return this.keySize; + } + + /** + * + * Sets the size of the key in the request. + * + * + * @param keySize a {@code long} representing the key size in bytes. + */ + public void setKeySize(long keySize) + { + this.keySize = keySize; + this.delegate.getAny().add(this.factory.createKeySize(keySize)); + } + + /** + * + * Obtains the signature algorithm that has been set in the request. + * + * + * @return a {@code URI} that represents the signature algorithm. + */ + public URI getSignatureAlgorithm() + { + return this.signatureAlgorithm; + } + + /** + * + * Sets the signature algorithm in the request. + * + * + * @param signatureAlgorithm a {@code URI} that represents the algorithm to be set. + */ + public void setSignatureAlgorithm(URI signatureAlgorithm) + { + this.signatureAlgorithm = signatureAlgorithm; + this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signatureAlgorithm.toString())); + } + + /** + * + * Obtains the {@code Encryption} section of the request. The {@code Encryption} element indicates that the requestor + * desires any returned secrets in issued security tokens to be encrypted. + * + * + * @return a reference to the {@code EncryptionType} object. + */ + public EncryptionType getEncryption() + { + return this.encryption; + } + + /** + * + * Sets the {@code Encryption} section of the request. The {@code Encryption} element indicates that the requestor + * desires any returned secrets in issued security tokens to be encrypted. + * + * + * @param encryption the {@code EncryptionType} to be set. + */ + public void setEncryption(EncryptionType encryption) + { + this.encryption = encryption; + this.delegate.getAny().add(this.factory.createEncryption(encryption)); + } + + /** + * + * Obtains the encryption algorithm that has been set in the request. + * + * + * @return a {@code URI} that represents the encryption algorithm. + */ + public URI getEncryptionAlgorithm() + { + return this.encryptionAlgorithm; + } + + /** + * + * Sets the encryption algorithm in the request. + * + * + * @param encryptionAlgorithm a {@code URI} that represents the encryption algorithm to be set. + */ + public void setEncryptionAlgorithm(URI encryptionAlgorithm) + { + this.encryptionAlgorithm = encryptionAlgorithm; + this.delegate.getAny().add(this.factory.createEncryptionAlgorithm(encryptionAlgorithm.toString())); + } + + /** + * + * Obtains the canonicalization algorithm that has been set in the request. + * + * + * @return a {@code URI} that represents the canonicalization algorithm. + */ + public URI getCanonicalizationAlgorithm() + { + return this.canonicalizationAlgorithm; + } + + /** + * + * Sets the canonicalization algorithm in the request. + * + * + * @param canonicalizationAlgorithm a {@code URI} that represents the algorithm to be set. + */ + public void setCanonicalizationAlgorithm(URI canonicalizationAlgorithm) + { + this.canonicalizationAlgorithm = canonicalizationAlgorithm; + this.delegate.getAny().add(this.factory.createCanonicalizationAlgorithm(canonicalizationAlgorithm.toString())); + } + + /** + * + * Obtains the {@code ProofEncryption} section of the request. The {@code ProofEncryption} indicates that the + * requester desires any returned secrets in issued security tokens to be encrypted. + * + * + * @return a reference to the {@code ProofEncryptionType} object. + */ + public ProofEncryptionType getProofEncryption() + { + return this.proofEncryption; + } + + /** + * + * Sets the {@code ProofEncryption} section of the request. The {@code ProofEncryption} indicates that the requester + * desires any returned secrets in issued security tokens to be encrypted. + * + * + * @param proofEncryption the {@code ProofEncryptionType} to be set. + */ + public void setProofEncryption(ProofEncryptionType proofEncryption) + { + this.proofEncryption = proofEncryption; + this.delegate.getAny().add(this.factory.createProofEncryption(proofEncryption)); + } + + /** + * + * Obtains the key that should be used in the returned token. + * + * + * @return a reference to the {@code UseKeyType} instance that represents the key to be used. + */ + public UseKeyType getUseKey() + { + return this.useKey; + } + + /** + * + * Sets the key that should be used in the returned token. + * + * + * @param useKey the {@code UseKeyType} instance to be set. + */ + public void setUseKey(UseKeyType useKey) + { + this.useKey = useKey; + this.delegate.getAny().add(this.factory.createUseKey(useKey)); + } + + /** + * + * Obtains the signature algorithm that should be used with the issued security token. + * + * + * @return a {@code URI} representing the algorithm that should be used. + */ + public URI getSignWith() + { + return this.signWith; + } + + /** + * + * Sets the signature algorithm that should be used with the issued security token. + * + * + * @param signWith a {@code URI} representing the algorithm to be used. + */ + public void setSignWith(URI signWith) + { + this.signWith = signWith; + this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signWith.toString())); + } + + /** + * + * Obtains the encryption algorithm that should be used with the issued security token. + * + * + * @return a {@code URI} representing the encryption algorithm that should be used. + */ + public URI getEncryptWith() + { + return this.encryptWith; + } + + /** + * + * Sets the encryption algorithm that should be used with the issued security token. + * + * + * @param encryptWith a {@code URI} representing the algorithm to be used. + */ + public void setEncryptWith(URI encryptWith) + { + this.encryptWith = encryptWith; + this.delegate.getAny().add(this.factory.createEncryptWith(encryptWith.toString())); + } + + /** + * + * Obtains the identity to which the requested token should be delegated. + * + * + * @return a reference to the {@code DelegateToType} instance that represents the identity. + */ + public DelegateToType getDelegateTo() + { + return this.delegateTo; + } + + /** + * + * Sets the identity to which the requested token should be delegated. + * + * + * @param delegateTo the {@code DelegateToType} object representing the identity to be set. + */ + public void setDelegateTo(DelegateToType delegateTo) + { + this.delegateTo = delegateTo; + this.delegate.getAny().add(this.factory.createDelegateTo(delegateTo)); + } + + /** + * + * Indicates whether the requested token should be marked as "forwardable" or not. In general, this flag is used when + * a token is normally bound to the requestor's machine or service. Using this flag, the returned token MAY be used + * from any source machine so long as the key is correctly proven. + * + * + * @return {@code true} if the requested token should be marked as "forwardable"; {@code false} otherwise. + */ + public boolean isForwardable() + { + return this.forwardable; + } + + /** + * + * Specifies whether the requested token should be marked as "forwardable" or not. In general, this flag is used when + * a token is normally bound to the requestor's machine or service. Using this flag, the returned token MAY be used + * from any source machine so long as the key is correctly proven. + * + * + * @param forwardable {@code true} if the requested token should be marked as "forwardable"; {@code false} otherwise. + */ + public void setForwardable(boolean forwardable) + { + this.forwardable = forwardable; + this.delegate.getAny().add(this.factory.createForwardable(forwardable)); + } + + /** + * + * Indicates whether the requested token should be marked as "delegatable" or not. Using this flag, the returned + * token MAY be delegated to another party. + * + * + * @return {@code true} if the requested token should be marked as "delegatable"; {@code false} otherwise. + */ + public boolean isDelegatable() + { + return this.delegatable; + } + + /** + * + * Specifies whether the requested token should be marked as "delegatable" or not. Using this flag, the returned + * token MAY be delegated to another party. + * + * + * @param delegatable {@code true} if the requested token should be marked as "delegatable"; {@code false} otherwise. + */ + public void setDelegatable(boolean delegatable) + { + this.delegatable = delegatable; + this.delegate.getAny().add(this.factory.createDelegatable(delegatable)); + } + + /** + * + * Obtains the {@code Policy} associated with the request. The policy specifies defaults that can be overridden by + * the previous properties. + * + * + * @return a reference to the {@code Policy} that has been set in the request. + */ + public Policy getPolicy() + { + return this.policy; + } + + /** + * + * Sets the {@code Policy} in the request. The policy specifies defaults that can be overridden by the previous + * properties. + * + * + * @param policy the {@code Policy} instance to be set. + */ + public void setPolicy(Policy policy) + { + this.policy = policy; + this.delegate.getAny().add(policy); + } + + /** + * + * Obtains the reference to the {@code Policy} that should be used. + * + * + * @return a {@code PolicyReference} that specifies where the {@code Policy} can be found. + */ + public PolicyReference getPolicyReference() + { + return this.policyReference; + } + + /** + * + * Sets the reference to the {@code Policy} that should be used. + * + * + * @param policyReference the {@code PolicyReference} object to be set. + */ + public void setPolicyReference(PolicyReference policyReference) + { + this.policyReference = policyReference; + this.delegate.getAny().add(policyReference); + } + + /** + * + * Obtains the list of request elements that are not part of the standard content model. + * + * + * @return a {@code List<Object>} containing the extension elements. + */ + public List<Object> getExtensionElements() + { + return Collections.unmodifiableList(this.extensionElements); + } + + /** + * + * Obtains the request context. + * + * + * @return a {@code String} that identifies the request. + */ + public String getContext() + { + return this.delegate.getContext(); + } + + /** + * + * Sets the request context. + * + * + * @param context a {@code String} that identifies the request. + */ + public void setContext(String context) + { + this.delegate.setContext(context); + } + + /** + * + * Obtains the {@code CancelTarget} section of the request. This element identifies the token that is to be canceled. + * + * + * @return a reference to the {@code CancelTargetType} that represents the {@code CancelTarget} section of the + * WS-Trust cancel request. + */ + public CancelTargetType getCancelTarget() + { + return this.cancelTarget; + } + + /** + * + * Sets the {@code CancelTarget} section of the request. This element identifies the token that is to be canceled. + * + * + * @param cancelTarget a reference to the {@code CancelTargetType} that identifies the token that must be canceled. + */ + public void setCancelTarget(CancelTargetType cancelTarget) + { + this.cancelTarget = cancelTarget; + this.delegate.getAny().add(this.factory.createCancelTarget(cancelTarget)); + } + + /** + * + * Obtains the {@code RenewTarget} section of the request. This element identifies the token that is to be renewed. + * + * + * @return a reference to the {@code RenewTargetType} that represents the {@code RenewTarget} section of the WS-Trust + * renew request. + */ + public RenewTargetType getRenewTarget() + { + return this.renewTarget; + } + + /** + * + * Sets the {@code RenewTarget} section of the request. This element identifies the token that is to be renewed. + * + * + * @param renewTarget a reference to the {@code RenewTargetType} that identifies the token that must be renewed. + */ + public void setRenewTarget(RenewTargetType renewTarget) + { + this.renewTarget = renewTarget; + this.delegate.getAny().add(this.factory.createRenewTarget(renewTarget)); + } + + /** + * + * Obtains the {@code ValidateTarget} section of the request. This element identifies the token that is to be + * validated. + * + * + * @return a reference to the {@code ValidateTargetType} that represents the {@code ValidateTarget} section of the + * WS-Trust validate request. + */ + public ValidateTargetType getValidateTarget() + { + return this.validateTarget; + } + + /** + * Return the element in the document that represents + * the validate type + * @return + */ + public Element getValidateTargetElement() + { + if(rstDocument == null) + throw new IllegalStateException("RST Document is null"); + + String ns = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/"; + String localPart = "ValidateTarget"; + + NodeList nodeList = rstDocument.getElementsByTagNameNS(ns,localPart); + if(nodeList != null && nodeList.getLength() > 0) + return (Element) nodeList.item(0); + else + return null; + } + + /** + * + * Sets the {@code ValidateTarged} section of the request. This elements identifies the token that is to be + * validated. + * + * + * @param validateTarget a reference to the {@code ValidateTargetType} that identifies the token that must be + * validated. + */ + public void setValidateTarget(ValidateTargetType validateTarget) + { + this.validateTarget = validateTarget; + this.delegate.getAny().add(this.factory.createValidateTarget(validateTarget)); + } + + /** + * + * Obtains a map that contains attributes that aren't bound to any typed property on the request. This is a live + * reference, so attributes can be added/changed/removed directly. For this reason, there is no setter method. + * + * + * @return a {@code Map<QName, String>} that contains the attributes. + */ + public Map<QName, String> getOtherAttributes() + { + return this.delegate.getOtherAttributes(); + } + + /** + * + * Gets a reference to the list that holds all request element values. + * + * + * @return a {@code List<Object>} containing all values specified in the request. + */ + public List<Object> getAny() + { + return this.delegate.getAny(); + } + + /** + * + * Obtains a reference to the {@code RequestSecurityTokenType} delegate. + * + * + * @return a reference to the delegate instance. + */ + public RequestSecurityTokenType getDelegate() + { + return this.delegate; + } + + /** + * Get the {@code Document} document representing the request + * @return + */ + public Document getRSTDocument() + { + return this.rstDocument; + } + + public void setRSTDocument(Document rstDocument) + { + this.rstDocument = rstDocument; + } +} \ No newline at end of file Copied: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenCollection.java (from rev 757, identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java) =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenCollection.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenCollection.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,122 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust.wrappers; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenCollectionType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType; + +/** + * + * This class represents a WS-Trust {@code RequestSecurityTokenCollection}. It wraps the JAXB representation of the + * security token collection request. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class RequestSecurityTokenCollection implements BaseRequestSecurityToken +{ + + private final RequestSecurityTokenCollectionType delegate; + + private final List<RequestSecurityToken> requestSecurityTokens; + + /** + * + * Creates an instance of {@code RequestSecurityTokenCollection}. + * + */ + public RequestSecurityTokenCollection() + { + this.requestSecurityTokens = new ArrayList<RequestSecurityToken>(); + this.delegate = new RequestSecurityTokenCollectionType(); + } + + /** + * + * Creates an instance of {@code RequestSecurityTokenCollection} using the specified delegate. + * + * + * @param delegate the JAXB {@code RequestSecurityTokenCollectionType} that represents a WS-Trust request collection. + */ + public RequestSecurityTokenCollection(RequestSecurityTokenCollectionType delegate) + { + this.delegate = delegate; + this.requestSecurityTokens = new ArrayList<RequestSecurityToken>(); + for (RequestSecurityTokenType request : delegate.getRequestSecurityToken()) + this.requestSecurityTokens.add(new RequestSecurityToken(request)); + } + + /** + * + * Obtains the collection of {@code RequestSecurityToken} objects. The returned collection is immutable, so addition + * or removal of requests must be carried by the appropriate add/remove methods. + * + * + * @return a {@code List<RequestSecurityToken>} containing the token requests. + */ + public List<RequestSecurityToken> getRequestSecurityTokens() + { + return Collections.unmodifiableList(this.requestSecurityTokens); + } + + /** + * + * Adds the specified {@code RequestSecurityToken} object to the collection of token requests. + * + * + * @param request the {@code RequestSecurityToken} to be added. + */ + public void addRequestSecurityToken(RequestSecurityToken request) + { + this.delegate.getRequestSecurityToken().add(request.getDelegate()); + this.requestSecurityTokens.add(request); + } + + /** + * + * Removes the specified {@code RequestSecurityToken} object from the collection of token requests. + * + * + * @param request the {@code RequestSecurityToken} to be removed. + */ + public void removeRequestSecurityToken(RequestSecurityToken request) + { + this.delegate.getRequestSecurityToken().remove(request.getDelegate()); + this.requestSecurityTokens.remove(request); + } + + /** + * + * Obtains a reference to the {@code RequestSecurityTokenCollectionType} delegate. + * + * + * @return a reference to the delegate instance. + */ + public RequestSecurityTokenCollectionType getDelegate() + { + return this.delegate; + } +} Copied: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponse.java (from rev 757, identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java) =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponse.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponse.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,1159 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust.wrappers; + +import java.net.URI; +import java.net.URISyntaxException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import javax.xml.bind.JAXBElement; +import javax.xml.namespace.QName; + +import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; +import org.jboss.identity.federation.ws.policy.AppliesTo; +import org.jboss.identity.federation.ws.policy.Policy; +import org.jboss.identity.federation.ws.policy.PolicyReference; +import org.jboss.identity.federation.ws.trust.AllowPostdatingType; +import org.jboss.identity.federation.ws.trust.AuthenticatorType; +import org.jboss.identity.federation.ws.trust.DelegateToType; +import org.jboss.identity.federation.ws.trust.EncryptionType; +import org.jboss.identity.federation.ws.trust.EntropyType; +import org.jboss.identity.federation.ws.trust.LifetimeType; +import org.jboss.identity.federation.ws.trust.ObjectFactory; +import org.jboss.identity.federation.ws.trust.OnBehalfOfType; +import org.jboss.identity.federation.ws.trust.ProofEncryptionType; +import org.jboss.identity.federation.ws.trust.RenewingType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseType; +import org.jboss.identity.federation.ws.trust.RequestedProofTokenType; +import org.jboss.identity.federation.ws.trust.RequestedReferenceType; +import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType; +import org.jboss.identity.federation.ws.trust.StatusType; +import org.jboss.identity.federation.ws.trust.UseKeyType; + +/** + * + * This class represents a WS-Trust {@code RequestSecurityTokenResponse}. It wraps the JAXB representation of the + * security token response and offers a series of getter/setter methods that make it easy to work with elements that are + * represented by the {@code Any} XML type. + * + * + * The following shows the intended content model of a {@code RequestSecurityTokenResponse}: + * + * <pre> + * <xs:element ref='wst:TokenType' minOccurs='0' /> + * <xs:element ref='wst:RequestType' /> + * <xs:element ref='wst:RequestedSecurityToken' minOccurs='0' /> + * <xs:element ref='wsp:AppliesTo' minOccurs='0' /> + * <xs:element ref='wst:RequestedAttachedReference' minOccurs='0' /> + * <xs:element ref='wst:RequestedUnattachedReference' minOccurs='0' /> + * <xs:element ref='wst:RequestedProofToken' minOccurs='0' /> + * <xs:element ref='wst:Entropy' minOccurs='0' /> + * <xs:element ref='wst:Lifetime' minOccurs='0' /> + * <xs:element ref='wst:Status' minOccurs='0' /> + * <xs:element ref='wst:AllowPostdating' minOccurs='0' /> + * <xs:element ref='wst:Renewing' minOccurs='0' /> + * <xs:element ref='wst:OnBehalfOf' minOccurs='0' /> + * <xs:element ref='wst:Issuer' minOccurs='0' /> + * <xs:element ref='wst:AuthenticationType' minOccurs='0' /> + * <xs:element ref='wst:Authenticator' minOccurs='0' /> + * <xs:element ref='wst:KeyType' minOccurs='0' /> + * <xs:element ref='wst:KeySize' minOccurs='0' /> + * <xs:element ref='wst:SignatureAlgorithm' minOccurs='0' /> + * <xs:element ref='wst:Encryption' minOccurs='0' /> + * <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0' /> + * <xs:element ref='wst:CanonicalizationAlgorithm' minOccurs='0' /> + * <xs:element ref='wst:ProofEncryption' minOccurs='0' /> + * <xs:element ref='wst:UseKey' minOccurs='0' /> + * <xs:element ref='wst:SignWith' minOccurs='0' /> + * <xs:element ref='wst:EncryptWith' minOccurs='0' /> + * <xs:element ref='wst:DelegateTo' minOccurs='0' /> + * <xs:element ref='wst:Forwardable' minOccurs='0' /> + * <xs:element ref='wst:Delegatable' minOccurs='0' /> + * <xs:element ref='wsp:Policy' minOccurs='0' /> + * <xs:element ref='wsp:PolicyReference' minOccurs='0' /> + * <xs:any namespace='##other' processContents='lax' minOccurs='0' maxOccurs='unbounded' /> + * </pre> + * + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +/** + * + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class RequestSecurityTokenResponse implements BaseRequestSecurityTokenResponse +{ + + private final RequestSecurityTokenResponseType delegate; + + private URI tokenType; + + private URI requestType; + + private RequestedSecurityTokenType requestedSecurityToken; + + private AppliesTo appliesTo; + + private RequestedReferenceType requestedAttachedReference; + + private RequestedReferenceType requestedUnattachedReference; + + private RequestedProofTokenType requestedProofToken; + + private EntropyType entropy; + + private Lifetime lifetime; + + private StatusType status; + + private AllowPostdatingType allowPostDating; + + private RenewingType renewing; + + private OnBehalfOfType onBehalfOf; + + private EndpointReferenceType issuer; + + private URI authenticationType; + + private AuthenticatorType authenticator; + + private URI keyType; + + private long keySize; + + private URI signatureAlgorithm; + + private EncryptionType encryption; + + private URI encryptionAlgorithm; + + private URI canonicalizationAlgorithm; + + private ProofEncryptionType proofEncryption; + + private UseKeyType useKey; + + private URI signWith; + + private URI encryptWith; + + private DelegateToType delegateTo; + + private boolean forwardable; + + private boolean delegatable; + + private Policy policy; + + private PolicyReference policyReference; + + private final List<Object> extensionElements = new ArrayList<Object>(); + + private final ObjectFactory factory = new ObjectFactory(); + + /** + * + * Creates an instance of {@code RequestSecurityTokenResponse}. + * + */ + public RequestSecurityTokenResponse() + { + this.delegate = new RequestSecurityTokenResponseType(); + } + + /** + * + * Creates an instance of {@code RequestSecurityTokenResponse} using the specified delegate. + * + * + * @param delegate the JAXB {@code RequestSecurityTokenResponseType} that represents a WS-Trust response. + */ + public RequestSecurityTokenResponse(RequestSecurityTokenResponseType delegate) + { + this.delegate = delegate; + // parse the delegate's Any contents. + try + { + for (Object obj : this.delegate.getAny()) + { + if (obj instanceof AppliesTo) + { + this.appliesTo = (AppliesTo) obj; + } + else if (obj instanceof Policy) + { + this.policy = (Policy) obj; + } + else if (obj instanceof PolicyReference) + { + this.policyReference = (PolicyReference) obj; + } + else if (obj instanceof JAXBElement) + { + JAXBElement<?> element = (JAXBElement<?>) obj; + String localName = element.getName().getLocalPart(); + if (localName.equalsIgnoreCase("TokenType")) + this.tokenType = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("RequestType")) + this.requestType = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("RequestedSecurityToken")) + this.requestedSecurityToken = (RequestedSecurityTokenType) element.getValue(); + else if (localName.equalsIgnoreCase("RequestedAttachedReference")) + this.requestedAttachedReference = (RequestedReferenceType) element.getValue(); + else if (localName.equalsIgnoreCase("RequestedUnattachedReference")) + this.requestedUnattachedReference = (RequestedReferenceType) element.getValue(); + else if (localName.equalsIgnoreCase("RequestedProofToken")) + this.requestedProofToken = (RequestedProofTokenType) element.getValue(); + else if (localName.equalsIgnoreCase("Entropy")) + this.entropy = (EntropyType) element.getValue(); + else if (localName.equalsIgnoreCase("Lifetime")) + this.lifetime = new Lifetime((LifetimeType) element.getValue()); + else if (localName.equalsIgnoreCase("Status")) + this.status = (StatusType) element.getValue(); + else if (localName.equalsIgnoreCase("AllowPostdating")) + this.allowPostDating = (AllowPostdatingType) element.getValue(); + else if (localName.equalsIgnoreCase("Renewing")) + this.renewing = (RenewingType) element.getValue(); + else if (localName.equalsIgnoreCase("OnBehalfOf")) + this.onBehalfOf = (OnBehalfOfType) element.getValue(); + else if (localName.equalsIgnoreCase("Issuer")) + this.issuer = (EndpointReferenceType) element.getValue(); + else if (localName.equalsIgnoreCase("AuthenticationType")) + this.authenticationType = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("Authenticator")) + this.authenticator = (AuthenticatorType) element.getValue(); + else if (localName.equalsIgnoreCase("KeyType")) + this.keyType = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("KeySize")) + this.keySize = (Long) element.getValue(); + else if (localName.equalsIgnoreCase("SignatureAlgorithm")) + this.signatureAlgorithm = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("Encryption")) + this.encryption = (EncryptionType) element.getValue(); + else if (localName.equalsIgnoreCase("EntropyAlgorithm")) + this.encryptionAlgorithm = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("CanonicalizationAlgorithm")) + this.canonicalizationAlgorithm = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("ProofEncryption")) + this.proofEncryption = (ProofEncryptionType) element.getValue(); + else if (localName.equalsIgnoreCase("UseKey")) + this.useKey = (UseKeyType) element.getValue(); + else if (localName.equalsIgnoreCase("SignWith")) + this.signWith = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("EncryptWith")) + this.encryptWith = new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("DelegateTo")) + this.delegateTo = (DelegateToType) element.getValue(); + else if (localName.equalsIgnoreCase("Forwardable")) + this.forwardable = (Boolean) element.getValue(); + else if (localName.equalsIgnoreCase("Delegatable")) + this.delegatable = (Boolean) element.getValue(); + else + this.extensionElements.add(element.getValue()); + } + else + { + this.extensionElements.add(obj); + } + } + } + catch (URISyntaxException e) + { + throw new RuntimeException(e.getMessage(), e); + } + } + + /** + * + * Obtains the {@code URI} that identifies the token type. + * + * + * @return a {@code URI} that represents the token type. + */ + public URI getTokenType() + { + return tokenType; + } + + /** + * + * Sets the token type. + * + * + * @param tokenType a {@code URI} that identifies the token type. + */ + public void setTokenType(URI tokenType) + { + this.tokenType = tokenType; + this.delegate.getAny().add(this.factory.createTokenType(tokenType.toString())); + + } + + /** + * + * Obtains the request type. + * + * + * @return a {@code URI} that identifies the request type. + */ + public URI getRequestType() + { + return requestType; + } + + /** + * + * Sets the request type. The type must be one of the request types described in the WS-Trust specification. + * + * + * @param requestType a {@code URI} that identifies the request type. + */ + public void setRequestType(URI requestType) + { + this.requestType = requestType; + this.delegate.getAny().add(this.factory.createRequestType(requestType.toString())); + } + + /** + * + * Obtains the requested security token that has been set in the response. + * + * + * @return a reference to the {@code RequestedSecurityTokenType} that contains the token. + */ + public RequestedSecurityTokenType getRequestedSecurityToken() + { + return requestedSecurityToken; + } + + /** + * + * Sets the requested security token in the response. + * + * + * @param requestedSecurityToken the {@code RequestedSecurityTokenType} instance to be set. + */ + public void setRequestedSecurityToken(RequestedSecurityTokenType requestedSecurityToken) + { + this.requestedSecurityToken = requestedSecurityToken; + this.delegate.getAny().add(this.factory.createRequestedSecurityToken(requestedSecurityToken)); + } + + /** + * + * Obtains the scope to which the security token applies. + * + * + * @return a reference to the {@code AppliesTo} instance that represents the token scope. + */ + public AppliesTo getAppliesTo() + { + return appliesTo; + } + + /** + * + * Sets the scope to which the security token applies. + * + * + * @param appliesTo a reference to the {@code AppliesTo} object that represents the scope to be set. + */ + public void setAppliesTo(AppliesTo appliesTo) + { + this.appliesTo = appliesTo; + this.delegate.getAny().add(appliesTo); + } + + /** + * + * Obtains the {@code RequestedAttachedReference} that indicate how to reference the returned token when that token + * doesn't support references using URI fragments (XML ID). + * + * + * @return a {@code RequestedReferenceType} that represents the token reference. + */ + public RequestedReferenceType getRequestedAttachedReference() + { + return requestedAttachedReference; + } + + /** + * + * Sets the {@code RequestedAttachedReference} that indicate how to reference the returned token when that token + * doesn't support references using URI fragments (XML ID). + * + * + * @param requestedAttachedReference the {@code RequestedReferenceType} instance to be set. + */ + public void setRequestedAttachedReference(RequestedReferenceType requestedAttachedReference) + { + this.requestedAttachedReference = requestedAttachedReference; + this.delegate.getAny().add(this.factory.createRequestedAttachedReference(requestedAttachedReference)); + } + + /** + * + * Obtains the {@code RequestedUnattachedReference} that specifies to indicate how to reference the token when it is + * not placed inside the message. + * + * + * @return a {@code RequestedReferenceType} that represents the unattached reference. + */ + public RequestedReferenceType getRequestedUnattachedReference() + { + return requestedUnattachedReference; + } + + /** + * + * Sets the {@code RequestedUnattachedReference} that specifies to indicate how to reference the token when it is not + * placed inside the message. + * + * + * @param requestedUnattachedReference the {@code RequestedReferenceType} instance to be set. + */ + public void setRequestedUnattachedReference(RequestedReferenceType requestedUnattachedReference) + { + this.requestedUnattachedReference = requestedUnattachedReference; + this.delegate.getAny().add(this.factory.createRequestedUnattachedReference(requestedUnattachedReference)); + } + + /** + * + * Obtains the proof of possession token that has been set in the response. + * + * + * @return a reference to the {@code RequestedProofTokenType} that contains the token. + */ + public RequestedProofTokenType getRequestedProofToken() + { + return requestedProofToken; + } + + /** + * + * Sets the proof of possesion token in the response. + * + * + * @param requestedProofToken the {@code RequestedProofTokenType} instance to be set. + */ + public void setRequestedProofToken(RequestedProofTokenType requestedProofToken) + { + this.requestedProofToken = requestedProofToken; + this.delegate.getAny().add(this.factory.createRequestedProofToken(requestedProofToken)); + } + + /** + * + * Obtains the entropy that has been used in creating the key. + * + * + * @return a reference to the {@code EntropyType} that represents the entropy. + */ + public EntropyType getEntropy() + { + return entropy; + } + + /** + * + * Sets the entropy that has been used in creating the key. + * + * + * @param entropy the {@code EntropyType} representing the entropy to be set. + */ + public void setEntropy(EntropyType entropy) + { + this.entropy = entropy; + this.delegate.getAny().add(this.factory.createEntropy(entropy)); + } + + /** + * + * Obtains the lifetime of the security token. + * + * + * @return a reference to the {@code Lifetime} that represents the lifetime of the security token. + */ + public Lifetime getLifetime() + { + return lifetime; + } + + /** + * + * Sets the lifetime of the security token. + * + * + * @param lifetime the {@code Lifetime} object representing the lifetime to be set. + */ + public void setLifetime(Lifetime lifetime) + { + this.lifetime = lifetime; + this.delegate.getAny().add(this.factory.createLifetime(lifetime.getDelegate())); + } + + /** + * + * Obtains the result of a security token validation. + * + * + * @return a referece to the {@code StatusType} instance that represents the status of the validation. + */ + public StatusType getStatus() + { + return status; + } + + /** + * + * Sets the result of a security token validation. + * + * + * @param status the {@code StatusType} instance to be set. + */ + public void setStatus(StatusType status) + { + this.status = status; + this.delegate.getAny().add(this.factory.createStatus(status)); + } + + /** + * + * Checks whether the returned token is a postdated token or not. + * + * + * @return {@code null} if the token is not postdated; a {@code AllowPostdatingType} otherwise. + */ + public AllowPostdatingType getAllowPostDating() + { + return allowPostDating; + } + + /** + * + * Specifies whether the returned token is a postdated token or not. + * + * + * @param allowPostDating {@code null} if the token is not postdated; a {@code AllowPostdatingType} otherwise. + */ + public void setAllowPostDating(AllowPostdatingType allowPostDating) + { + this.allowPostDating = allowPostDating; + this.delegate.getAny().add(this.factory.createAllowPostdating(allowPostDating)); + } + + /** + * + * Obtains the renew semantics for the token request. + * + * + * @return a reference to the {@code RenewingType} that represents the renew semantics for the request. + */ + public RenewingType getRenewing() + { + return renewing; + } + + /** + * + * Sets the renew semantics for the token request. + * + * + * @param renewing the {@code RenewingType} object representing the semantics to be set. + */ + public void setRenewing(RenewingType renewing) + { + this.renewing = renewing; + this.delegate.getAny().add(this.factory.createRenewing(renewing)); + } + + /** + * + * Obtains the identity on whose behalf the token request was made. + * + * + * @return a reference to the {@code OnBehalfOfType} that represents the identity on whose behalf the token request + * was made. + */ + public OnBehalfOfType getOnBehalfOf() + { + return onBehalfOf; + } + + /** + * + * Specifies the identity on whose behalf the token request was made. + * + * + * @param onBehalfOf the {@code OnBehalfOfType} object representing the identity to be set. + */ + public void setOnBehalfOf(OnBehalfOfType onBehalfOf) + { + this.onBehalfOf = onBehalfOf; + this.delegate.getAny().add(this.factory.createOnBehalfOf(onBehalfOf)); + } + + /** + * + * Obtains the issuer of the token included in the request in the scenarios where the requestor is obtaining a token + * on behalf of another party. + * + * + * @return a reference to the {@code EndpointReferenceType} that represents the issuer. + */ + public EndpointReferenceType getIssuer() + { + return this.issuer; + } + + /** + * + * Sets the issuer of the token included in the request in scenarios where the requestor is obtaining a token on + * behalf of another party. + * + * + * @param issuer the {@code EndpointReferenceType} object representing the issuer to be set. + */ + public void setIssuer(EndpointReferenceType issuer) + { + this.issuer = issuer; + this.delegate.getAny().add(this.factory.createIssuer(issuer)); + } + + /** + * + * Obtains the type of authentication that is to be conducted. + * + * + * @return a {@code URI} that identifies the authentication type. + */ + public URI getAuthenticationType() + { + return authenticationType; + } + + /** + * + * Sets the authentication type in the response. + * + * + * @param authenticationType a {@code URI} that identifies the authentication type to be set. + */ + public void setAuthenticationType(URI authenticationType) + { + this.authenticationType = authenticationType; + this.delegate.getAny().add(this.factory.createAuthenticationType(authenticationType.toString())); + } + + /** + * + * Obtains the authenticator that must be used in authenticating exchanges. + * + * + * @return a reference to the {@code AuthenticatorType} that represents the authenticator. + */ + public AuthenticatorType getAuthenticator() + { + return authenticator; + } + + /** + * + * Sets the authenticator that must be used in authenticating exchanges. + * + * + * @param authenticator the {@code AuthenticatorType} instance to be set. + */ + public void setAuthenticator(AuthenticatorType authenticator) + { + this.authenticator = authenticator; + this.delegate.getAny().add(this.factory.createAuthenticator(authenticator)); + } + + /** + * + * Obtains the type of the key that has been set in the response. + * + * + * @return a {@code URI} that identifies the key type. + */ + public URI getKeyType() + { + return keyType; + } + + /** + * + * Sets the key type in the response. + * + * + * @param keyType a {@code URI} that specifies the key type. + */ + public void setKeyType(URI keyType) + { + this.keyType = keyType; + this.delegate.getAny().add(this.factory.createKeyType(keyType.toString())); + } + + /** + * + * Obtains the size of they key that has been set in the response. + * + * + * @return a {@code long} representing the key size in bytes. + */ + public long getKeySize() + { + return keySize; + } + + /** + * + * Sets the size of the key in the response. + * + * + * @param keySize a {@code long} representing the key size in bytes. + */ + public void setKeySize(long keySize) + { + this.keySize = keySize; + this.delegate.getAny().add(this.factory.createKeySize(keySize)); + } + + /** + * + * Obtains the signature algorithm that has been set in the response. + * + * + * @return a {@code URI} that represents the signature algorithm. + */ + public URI getSignatureAlgorithm() + { + return signatureAlgorithm; + } + + /** + * + * Sets the signature algorithm in the response. + * + * + * @param signatureAlgorithm a {@code URI} that represents the algorithm to be set. + */ + public void setSignatureAlgorithm(URI signatureAlgorithm) + { + this.signatureAlgorithm = signatureAlgorithm; + this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signatureAlgorithm.toString())); + } + + /** + * + * Obtains the {@code Encryption} section of the response. The {@code Encryption} element indicates that the + * requestor desires any returned secrets in issued security tokens to be encrypted. + * + * + * @return a reference to the {@code EncryptionType} object. + */ + public EncryptionType getEncryption() + { + return encryption; + } + + /** + * + * Sets the {@code Encryption} section of the response. The {@code Encryption} element indicates that the requestor + * desires any returned secrets in issued security tokens to be encrypted. + * + * + * @param encryption the {@code EncryptionType} to be set. + */ + public void setEncryption(EncryptionType encryption) + { + this.encryption = encryption; + this.delegate.getAny().add(this.factory.createEncryption(encryption)); + } + + /** + * + * Obtains the encryption algorithm that has been set in the response. + * + * + * @return a {@code URI} that represents the encryption algorithm. + */ + public URI getEncryptionAlgorithm() + { + return encryptionAlgorithm; + } + + /** + * + * Sets the encryption algorithm in the response. + * + * + * @param encryptionAlgorithm a {@code URI} that represents the encryption algorithm to be set. + */ + public void setEncryptionAlgorithm(URI encryptionAlgorithm) + { + this.encryptionAlgorithm = encryptionAlgorithm; + this.delegate.getAny().add(this.factory.createEncryptionAlgorithm(encryptionAlgorithm.toString())); + } + + /** + * + * Obtains the canonicalization algorithm that has been set in the response. + * + * + * @return a {@code URI} that represents the canonicalization algorithm. + */ + public URI getCanonicalizationAlgorithm() + { + return canonicalizationAlgorithm; + } + + /** + * + * Sets the canonicalization algorithm in the response. + * + * + * @param canonicalizationAlgorithm a {@code URI} that represents the algorithm to be set. + */ + public void setCanonicalizationAlgorithm(URI canonicalizationAlgorithm) + { + this.canonicalizationAlgorithm = canonicalizationAlgorithm; + this.delegate.getAny().add(this.factory.createCanonicalizationAlgorithm(canonicalizationAlgorithm.toString())); + } + + /** + * + * Obtains the {@code ProofEncryption} section of the response. The {@code ProofEncryption} indicates that the + * requestor desires any returned secrets in issued security tokens to be encrypted. + * + * + * @return a reference to the {@code ProofEncryptionType} object. + */ + public ProofEncryptionType getProofEncryption() + { + return proofEncryption; + } + + /** + * + * Sets the {@code ProofEncryption} section of the response. The {@code ProofEncryption} indicates that the requestor + * desires any returned secrets in issued security tokens to be encrypted. + * + * + * @param proofEncryption the {@code ProofEncryptionType} to be set. + */ + public void setProofEncryption(ProofEncryptionType proofEncryption) + { + this.proofEncryption = proofEncryption; + this.delegate.getAny().add(this.factory.createProofEncryption(proofEncryption)); + } + + /** + * + * Obtains the key that used in the returned token. + * + * + * @return a reference to the {@code UseKeyType} instance that represents the key used. + */ + public UseKeyType getUseKey() + { + return useKey; + } + + /** + * + * Sets the key that used in the returned token. + * + * + * @param useKey the {@code UseKeyType} instance to be set. + */ + public void setUseKey(UseKeyType useKey) + { + this.useKey = useKey; + this.delegate.getAny().add(this.factory.createUseKey(useKey)); + } + + /** + * + * Obtains the signature algorithm used with the issued security token. + * + * + * @return a {@code URI} representing the algorithm used. + */ + public URI getSignWith() + { + return signWith; + } + + /** + * + * Sets the signature algorithm used with the issued security token. + * + * + * @param signWith a {@code URI} representing the algorithm used. + */ + public void setSignWith(URI signWith) + { + this.signWith = signWith; + this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signWith.toString())); + } + + /** + * + * Obtains the encryption algorithm used with the issued security token. + * + * + * @return a {@code URI} representing the encryption algorithm used. + */ + public URI getEncryptWith() + { + return encryptWith; + } + + /** + * + * Sets the encryption algorithm used with the issued security token. + * + * + * @param encryptWith a {@code URI} representing the algorithm used. + */ + public void setEncryptWith(URI encryptWith) + { + this.encryptWith = encryptWith; + this.delegate.getAny().add(this.factory.createEncryptWith(encryptWith.toString())); + } + + /** + * + * Obtains the identity to which the requested token should be delegated. + * + * + * @return a reference to the {@code DelegateToType} instance that represents the identity. + */ + public DelegateToType getDelegateTo() + { + return delegateTo; + } + + /** + * + * Sets the identity to which the requested token should be delegated. + * + * + * @param delegateTo the {@code DelegateToType} object representing the identity to be set. + */ + public void setDelegateTo(DelegateToType delegateTo) + { + this.delegateTo = delegateTo; + this.delegate.getAny().add(this.factory.createDelegateTo(delegateTo)); + } + + /** + * + * Indicates whether the requested token has been marked as "forwardable" or not. In general, this flag is used when + * a token is normally bound to the requestor's machine or service. Using this flag, the returned token MAY be used + * from any source machine so long as the key is correctly proven. + * + * + * @return {@code true} if the requested token has been marked as "forwardable"; {@code false} otherwise. + */ + public boolean isForwardable() + { + return forwardable; + } + + /** + * + * Specifies whether the requested token has been marked as "forwardable" or not. In general, this flag is used when + * a token is normally bound to the requestor's machine or service. Using this flag, the returned token MAY be used + * from any source machine so long as the key is correctly proven. + * + * + * @param forwardable {@code true} if the requested token has been marked as "forwardable"; {@code false} otherwise. + */ + public void setForwardable(boolean forwardable) + { + this.forwardable = forwardable; + this.delegate.getAny().add(this.factory.createForwardable(forwardable)); + } + + /** + * + * Indicates whether the requested token has been marked as "delegatable" or not. Using this flag, the returned token + * MAY be delegated to another party. + * + * + * @return {@code true} if the requested token has been marked as "delegatable"; {@code false} otherwise. + */ + public boolean isDelegatable() + { + return delegatable; + } + + /** + * + * Specifies whether the requested token has been marked as "delegatable" or not. Using this flag, the returned token + * MAY be delegated to another party. + * + * + * @param delegatable {@code true} if the requested token has been marked as "delegatable"; {@code false} otherwise. + */ + public void setDelegatable(boolean delegatable) + { + this.delegatable = delegatable; + this.delegate.getAny().add(this.factory.createDelegatable(delegatable)); + } + + /** + * + * Obtains the {@code Policy} that was associated with the request. The policy specifies defaults that can be + * overridden by the previous properties. + * + * + * @return a reference to the {@code Policy} that was associated with the request. + */ + public Policy getPolicy() + { + return policy; + } + + /** + * + * Sets the {@code Policy} in the response. The policy specifies defaults that can be overridden by the previous + * properties. + * + * + * @param policy the {@code Policy} instance to be set. + */ + public void setPolicy(Policy policy) + { + this.policy = policy; + this.delegate.getAny().add(policy); + } + + /** + * + * Obtains the reference to the {@code Policy} that was associated with the request. + * + * + * @return a {@code PolicyReference} that specifies where the {@code Policy} can be found. + */ + public PolicyReference getPolicyReference() + { + return policyReference; + } + + /** + * + * Sets the reference to the {@code Policy} that was associated with the request. + * + * + * @param policyReference the {@code PolicyReference} object to be set. + */ + public void setPolicyReference(PolicyReference policyReference) + { + this.policyReference = policyReference; + this.delegate.getAny().add(policyReference); + } + + /** + * + * Obtains the list of request elements that are not part of the standard content model. + * + * + * @return a {@code List<Object>} containing the extension elements. + */ + public List<Object> getExtensionElements() + { + return Collections.unmodifiableList(this.extensionElements); + } + + /** + * + * Obtains the response context. + * + * + * @return a {@code String} that identifies the original request. + */ + public String getContext() + { + return this.delegate.getContext(); + } + + /** + * + * Sets the response context. + * + * + * @param context a {@code String} that identifies the original request. + */ + public void setContext(String context) + { + this.delegate.setContext(context); + } + + /** + * + * Obtains a map that contains attributes that aren't bound to any typed property on the response. This is a live + * reference, so attributes can be added/changed/removed directly. For this reason, there is no setter method. + * + * + * @return a {@code Map<QName, String>} that contains the attributes. + */ + public Map<QName, String> getOtherAttributes() + { + return this.delegate.getOtherAttributes(); + } + + /** + * + * Gets a reference to the list that holds all response element values. + * + * + * @return a {@code List<Object>} containing all values specified in the response. + */ + public List<Object> getAny() + { + return this.delegate.getAny(); + } + + /** + * + * Obtains a reference to the {@code RequestSecurityTokenResponseType} delegate. + * + * + * @return a reference to the delegate instance. + */ + public RequestSecurityTokenResponseType getDelegate() + { + return this.delegate; + } +} Copied: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponseCollection.java (from rev 757, identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java) =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponseCollection.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponseCollection.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,124 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.wstrust.wrappers; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseCollectionType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseType; + +/** + * + * This class represents a WS-Trust {@code RequestSecurityTokenResponseCollection}. It wraps the JAXB representation of + * the security token collection response. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class RequestSecurityTokenResponseCollection implements BaseRequestSecurityTokenResponse +{ + + private final RequestSecurityTokenResponseCollectionType delegate; + + private final List<RequestSecurityTokenResponse> requestSecurityTokenResponses; + + /** + * + * Creates an instance of {@code RequestSecurityTokenResponseCollection}. + * + */ + public RequestSecurityTokenResponseCollection() + { + this.requestSecurityTokenResponses = new ArrayList<RequestSecurityTokenResponse>(); + this.delegate = new RequestSecurityTokenResponseCollectionType(); + } + + /** + * + * Creates an instance of {@code RequestSecurityTokenResponseCollection} using the specified delegate. + * + * + * @param delegate the JAXB {@code RequestSecurityTokenResponseCollectionType} that represents a WS-Trust request + * collection. + */ + public RequestSecurityTokenResponseCollection(RequestSecurityTokenResponseCollectionType delegate) + { + this.delegate = delegate; + this.requestSecurityTokenResponses = new ArrayList<RequestSecurityTokenResponse>(); + for (RequestSecurityTokenResponseType response : delegate.getRequestSecurityTokenResponse()) + this.requestSecurityTokenResponses.add(new RequestSecurityTokenResponse(response)); + } + + /** + * + * Obtains the collection of {@code RequestSecurityTokenResponse} objects. The returned collection is immutable, so + * addition or removal of requests must be carried by the appropriate add/remove methods. + * + * + * @return a {@code List<RequestSecurityToken>} containing the token requests. + */ + public List<RequestSecurityTokenResponse> getRequestSecurityTokenResponses() + { + return Collections.unmodifiableList(this.requestSecurityTokenResponses); + } + + /** + * + * Adds the specified {@code RequestSecurityTokenResponse} object to the collection of token requests. + * + * + * @param request the {@code RequestSecurityTokenResponse} to be added. + */ + public void addRequestSecurityTokenResponse(RequestSecurityTokenResponse response) + { + this.delegate.getRequestSecurityTokenResponse().add(response.getDelegate()); + this.requestSecurityTokenResponses.add(response); + } + + /** + * + * Removes the specified {@code RequestSecurityTokenResponse} object from the collection of token requests. + * + * + * @param request the {@code RequestSecurityTokenResponse} to be removed. + */ + public void removeRequestSecurityTokenResponse(RequestSecurityTokenResponse response) + { + this.delegate.getRequestSecurityTokenResponse().remove(response.getDelegate()); + this.requestSecurityTokenResponses.remove(response); + } + + /** + * + * Obtains a reference to the {@code RequestSecurityTokenResponseCollectionType} delegate. + * + * + * @return a reference to the delegate instance. + */ + public RequestSecurityTokenResponseCollectionType getDelegate() + { + return this.delegate; + } + +} Added: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/MockSTSConfiguration.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/MockSTSConfiguration.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/MockSTSConfiguration.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,152 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.identity.federation.core.wstrust; + +import java.security.KeyPair; +import java.security.PublicKey; +import java.util.Map; + +import org.jboss.identity.federation.core.wstrust.STSConfiguration; +import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider; +import org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler; + +/** + * + * Mock implementation of {@code STSConfiguration} used in the test scenarios. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + * @version $Revision: 631 $ + */ +public class MockSTSConfiguration implements STSConfiguration +{ + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getEncryptIssuedToken() + */ + public boolean encryptIssuedToken() + { + return false; + } + + /* + * (non-Javadoc) + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#signIssuedToken() + */ + public boolean signIssuedToken() + { + return true; + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getIssuedTokenTimeout() + */ + public long getIssuedTokenTimeout() + { + return 0; + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getOptions() + */ + public Map<String, Object> getOptions() + { + return null; + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getProviderForService(java.lang.String) + */ + public SecurityTokenProvider getProviderForService(String serviceName) + { + return null; + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getProviderForTokenType(java.lang.String) + */ + public SecurityTokenProvider getProviderForTokenType(String tokenType) + { + return null; + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getTokenTypeForService(java.lang.String) + */ + public String getTokenTypeForService(String serviceName) + { + return null; + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getRequestHandler() + */ + public WSTrustRequestHandler getRequestHandler() + { + return null; + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSName() + */ + public String getSTSName() + { + return null; + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getServiceProviderPublicKey(java.lang.String) + */ + public PublicKey getServiceProviderPublicKey(String serviceName) + { + return null; + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSKeyPair() + */ + public KeyPair getSTSKeyPair() + { + return null; + } + +} Added: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,275 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.identity.federation.core.wstrust; + +import java.net.URI; +import java.security.Principal; +import java.util.GregorianCalendar; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.Unmarshaller; +import javax.xml.namespace.QName; + +import junit.framework.TestCase; + +import org.jboss.identity.federation.core.wstrust.StandardSecurityToken; +import org.jboss.identity.federation.core.wstrust.WSTrustConstants; +import org.jboss.identity.federation.core.wstrust.WSTrustRequestContext; +import org.jboss.identity.federation.core.wstrust.WSTrustUtil; +import org.jboss.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider; +import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil; +import org.jboss.identity.federation.core.wstrust.wrappers.Lifetime; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.jboss.identity.federation.saml.v2.assertion.AssertionType; +import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType; +import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; +import org.jboss.identity.federation.saml.v2.assertion.NameIDType; +import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType; +import org.jboss.identity.federation.saml.v2.assertion.SubjectType; +import org.jboss.identity.federation.ws.trust.RequestedReferenceType; +import org.jboss.identity.federation.ws.trust.StatusType; +import org.jboss.identity.federation.ws.trust.ValidateTargetType; +import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType; +import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType; +import org.w3c.dom.Element; + +/** + * + * This {@code TestCase} tests the functionalities of the {@code SAML20TokenProvider} class. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class SAML20TokenProviderUnitTestCase extends TestCase +{ + + /** + * + * Tests the issuance of a SAMLV2.0 Assertion. + * + * + * @throws Exception if an error occurs while running the test. + */ + public void testIssueSAMLV20Token() throws Exception + { + // create a WSTrustRequestContext with a simple WS-Trust request. + RequestSecurityToken request = new RequestSecurityToken(); + request.setLifetime(WSTrustUtil.createDefaultLifetime(3600000)); + request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.testcorp.org/provider2")); + request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE)); + + WSTrustRequestContext context = new WSTrustRequestContext(request, new TestPrincipal("sguilhen")); + context.setTokenIssuer("JBossSTS"); + + // call the SAML token provider and check the generated token. + new SAML20TokenProvider().issueToken(context); + assertNotNull("Unexpected null security token", context.getSecurityToken()); + + JAXBContext jaxbContext = JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion"); + Unmarshaller unmarshaller = jaxbContext.createUnmarshaller(); + JAXBElement<?> parsedElement = (JAXBElement<?>) unmarshaller.unmarshal((Element) context.getSecurityToken() + .getTokenValue()); + assertNotNull("Unexpected null element", parsedElement); + assertEquals("Unexpected element type", AssertionType.class, parsedElement.getDeclaredType()); + + AssertionType assertion = (AssertionType) parsedElement.getValue(); + StandardSecurityToken securityToken = (StandardSecurityToken) context.getSecurityToken(); + assertEquals("Unexpected token id", securityToken.getTokenID(), assertion.getID()); + assertEquals("Unexpected token issuer", "JBossSTS", assertion.getIssuer().getValue()); + + // check the contents of the assertion conditions. + ConditionsType conditions = assertion.getConditions(); + assertNotNull("Unexpected null conditions", conditions); + assertNotNull("Unexpected null value for NotBefore attribute", conditions.getNotBefore()); + assertNotNull("Unexpected null value for NotOnOrAfter attribute", conditions.getNotOnOrAfter()); + assertEquals("Unexpected number of conditions", 1, conditions.getConditionOrAudienceRestrictionOrOneTimeUse() + .size()); + assertTrue("Unexpected condition type", + conditions.getConditionOrAudienceRestrictionOrOneTimeUse().get(0) instanceof AudienceRestrictionType); + AudienceRestrictionType restrictionType = (AudienceRestrictionType) conditions + .getConditionOrAudienceRestrictionOrOneTimeUse().get(0); + assertNotNull("Unexpected null audience list", restrictionType.getAudience()); + assertEquals("Unexpected number of audience elements", 1, restrictionType.getAudience().size()); + assertEquals("Unexpected audience value", "http://services.testcorp.org/provider2", restrictionType.getAudience() + .get(0)); + + // check the contents of the assertion subject. + SubjectType subject = assertion.getSubject(); + assertNotNull("Unexpected null subject", subject); + assertEquals("Unexpected subject content size", 2, subject.getContent().size()); + JAXBElement<?> content = subject.getContent().get(0); + assertEquals("Unexpected content type", NameIDType.class, content.getDeclaredType()); + NameIDType nameID = (NameIDType) content.getValue(); + assertEquals("Unexpected name id qualifier", "urn:jboss:identity-federation", nameID.getNameQualifier()); + assertEquals("Unexpected name id", "sguilhen", nameID.getValue()); + content = subject.getContent().get(1); + assertEquals("Unexpected content type", SubjectConfirmationType.class, content.getDeclaredType()); + SubjectConfirmationType confirmation = (SubjectConfirmationType) content.getValue(); + assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_BEARER_URI, confirmation.getMethod()); + + // validate the attached token reference created by the SAML provider. + RequestedReferenceType reference = context.getAttachedReference(); + assertNotNull("Unexpected null attached reference", reference); + SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference(); + assertNotNull("Unexpected null security reference", securityRef); + String tokenTypeAttr = securityRef.getOtherAttributes().get(new QName(WSTrustConstants.WSSE11_NS, "TokenType")); + assertNotNull("Required attribute TokenType is missing", tokenTypeAttr); + assertEquals("TokenType attribute has an unexpected value", SAMLUtil.SAML2_TOKEN_TYPE, tokenTypeAttr); + JAXBElement<?> keyIdElement = (JAXBElement<?>) securityRef.getAny().get(0); + KeyIdentifierType keyId = (KeyIdentifierType) keyIdElement.getValue(); + assertEquals("Unexpected key value type", SAMLUtil.SAML2_VALUE_TYPE, keyId.getValueType()); + assertNotNull("Unexpected null key identifier value", keyId.getValue()); + assertEquals(assertion.getID(), keyId.getValue().substring(1)); + } + + /** + * + * Tests the validation of a SAMLV2.0 Assertion. + * + * + * @throws Exception if an error occurs while running the test. + */ + public void testValidateSAMLV20Token() throws Exception + { + + // issue a SAMLV2.0 assertion. + WSTrustRequestContext context = this.createIssuingContext(WSTrustUtil.createDefaultLifetime(3600000)); + SAML20TokenProvider provider = new SAML20TokenProvider(); + provider.issueToken(context); + + // get the issued SAMLV2.0 assertion. + Element assertion = (Element) context.getSecurityToken().getTokenValue(); + + // now create a WS-Trust validate context. + context = this.createValidatingContext(assertion); + + // validate the SAMLV2.0 assertion. + provider.validateToken(context); + StatusType status = context.getStatus(); + assertNotNull("Unexpected null status type", status); + assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_VALID, status.getCode()); + assertEquals("Unexpected status reason", "SAMLV2.0 Assertion successfuly validated", status.getReason()); + + // now let's create a new SAMLV2.0 assertion with an expired lifetime. + long currentTimeMillis = System.currentTimeMillis(); + GregorianCalendar created = new GregorianCalendar(); + created.setTimeInMillis(currentTimeMillis - 3600000); + GregorianCalendar expires = new GregorianCalendar(); + expires.setTimeInMillis(currentTimeMillis - 1800000); + context = this.createIssuingContext(new Lifetime(created, expires)); + + provider.issueToken(context); + assertion = (Element) context.getSecurityToken().getTokenValue(); + + // try to validate the expired token. + context = this.createValidatingContext(assertion); + provider.validateToken(context); + status = context.getStatus(); + assertNotNull("Unexpected null status type", status); + assertEquals("Unexpected status code", WSTrustConstants.STATUS_CODE_INVALID, status.getCode()); + assertEquals("Unexpected status reason", + "Validation failure: assertion expired or used before its lifetime period", status.getReason()); + } + + /** + * + * Creates a {@code WSTrustRequestContext} using the specified lifetime. The created context is used in the issuing + * test scenarios. + * + * + * @param lifetime the {@code Lifetime} of the assertion to be issued. + * @return the constructed {@code WSTrustRequestHandler} instance. + * @throws Exception if an error occurs while creating the context. + */ + private WSTrustRequestContext createIssuingContext(Lifetime lifetime) throws Exception + { + // create a WSTrustRequestContext with a simple WS-Trust issue request. + RequestSecurityToken request = new RequestSecurityToken(); + request.setLifetime(lifetime); + request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.testcorp.org/provider2")); + request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST)); + request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE)); + + WSTrustRequestContext context = new WSTrustRequestContext(request, new TestPrincipal("sguilhen")); + context.setTokenIssuer("JBossSTS"); + + return context; + } + + /** + * + * Creates a {@code WSTrustRequestContext} for validating the specified assertion. + * + * + * @param assertion an {@code Element} representing the SAMLV2.0 assertion to be validated. + * @return the constructed {@code WSTrustRequestContext} instance. + * @throws Exception if an error occurs while creating the validating context. + */ + private WSTrustRequestContext createValidatingContext(Element assertion) throws Exception + { + RequestSecurityToken request = new RequestSecurityToken(); + request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST)); + request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE)); + ValidateTargetType validateTarget = new ValidateTargetType(); + validateTarget.setAny(assertion); + request.setValidateTarget(validateTarget); + + WSTrustRequestContext context = new WSTrustRequestContext(request, new TestPrincipal("sguilhen")); + + return context; + } + + /** + * + * Simple {@code Principal} implementation used in the test scenarios. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ + private class TestPrincipal implements Principal + { + private final String name; + + /** + * + * Creates an instance of {@code TestPrincipal} with the specified name. + * + * + * @param name a {@code String} representing the principal name. + */ + public TestPrincipal(String name) + { + this.name = name; + } + + /* + * (non-Javadoc) + * + * @see java.security.Principal#getName() + */ + public String getName() + { + return this.name; + } + } +} Added: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,74 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.identity.federation.core.wstrust; + +import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider; +import org.jboss.identity.federation.core.wstrust.WSTrustException; +import org.jboss.identity.federation.core.wstrust.WSTrustRequestContext; + +/** + * + * Mock {@code SecurityTokenProvider} used in the test scenarios. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class SpecialTokenProvider implements SecurityTokenProvider +{ + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void cancelToken(WSTrustRequestContext context) throws WSTrustException + { + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void issueToken(WSTrustRequestContext context) throws WSTrustException + { + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void renewToken(WSTrustRequestContext context) throws WSTrustException + { + } + + /* + * (non-Javadoc) + * + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext) + */ + public void validateToken(WSTrustRequestContext context) throws WSTrustException + { + } + +} Added: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustJAXBFactoryUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustJAXBFactoryUnitTestCase.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustJAXBFactoryUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,186 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.identity.federation.core.wstrust; + +import java.net.URI; + +import javax.xml.transform.Source; +import javax.xml.transform.dom.DOMSource; + +import junit.framework.TestCase; + +import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; +import org.jboss.identity.federation.core.wstrust.WSTrustJAXBFactory; +import org.jboss.identity.federation.core.wstrust.wrappers.BaseRequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.wrappers.BaseRequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse; +import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection; +import org.w3c.dom.Document; + +/** + * + * This {@code TestCase} tests the methods of the {@code WSTrustJAXBFactory}. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class WSTrustJAXBFactoryUnitTestCase extends TestCase +{ + + /** + * + * Tests parsing a WS-Trust request message. + * + * + * @throws Exception + * if an error occurs while running the test. + */ + public void testParseRequestSecurityToken() throws Exception + { + // load a sample ws-trust request from a test file. + Document document = DocumentUtil + .getDocument(this.getClass().getResourceAsStream("/wstrust/ws-trust-request.xml")); + + // encapsulate the request in a source object. + Source source = new DOMSource(document); + + // parse the request using the WSTrustJAXBFactory. + WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance(); + BaseRequestSecurityToken baseRequest = factory.parseRequestSecurityToken(source); + assertNotNull("Unexpected null request message", baseRequest); + + // check the contents of the parsed request. + assertTrue("Unexpected request message type", baseRequest instanceof RequestSecurityToken); + RequestSecurityToken parsedRequest = (RequestSecurityToken) baseRequest; + assertEquals("Unexpected context name", "testcontext", parsedRequest.getContext()); + assertEquals("Unexpected token type", "http://www.tokens.org/SpecialToken", parsedRequest.getTokenType().toString()); + assertEquals("Unexpected request type", "http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue", parsedRequest + .getRequestType().toString()); + } + + /** + * + * Tests parsing a WS-Trust response message. + * + * + * @throws Exception + * if an error occurs while running the test. + */ + public void testParseRequestSecurityTokenResponse() throws Exception + { + // load a ws-trust response from a file. + Document document = DocumentUtil.getDocument(this.getClass() + .getResourceAsStream("/wstrust/ws-trust-response.xml")); + + // encapsulate the response in a source object. + Source source = new DOMSource(document); + + // parse the response using the WSTrustJAXBFactory. + WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance(); + BaseRequestSecurityTokenResponse baseResponse = factory.parseRequestSecurityTokenResponse(source); + assertNotNull("Unexpected null response message", baseResponse); + + // check the contents of the parsed response. + assertTrue("Unexpected response message type", baseResponse instanceof RequestSecurityTokenResponseCollection); + RequestSecurityTokenResponseCollection parsedCollection = (RequestSecurityTokenResponseCollection) baseResponse; + assertNotNull("Unexpected null response list", parsedCollection.getRequestSecurityTokenResponses()); + assertEquals("Unexpected number of responses", 1, parsedCollection.getRequestSecurityTokenResponses().size()); + + RequestSecurityTokenResponse parsedResponse = parsedCollection.getRequestSecurityTokenResponses().get(0); + assertEquals("Unexpected context name", "testcontext", parsedResponse.getContext()); + assertEquals("Unexpected token type", "http://www.tokens.org/SpecialToken", parsedResponse.getTokenType() + .toString()); + assertFalse(parsedResponse.isForwardable()); + } + + /** + * + * Tests the marshalling of a WS-Trust request. + * + * + * @throws Exception + * if an error occurs while running the test. + */ + public void testMarshallRequestSecurityToken() throws Exception + { + // create a request object. + RequestSecurityToken request = new RequestSecurityToken(); + request.setContext("testcontext"); + request.setTokenType(new URI("http://www.tokens.org/SpecialToken")); + request.setRequestType(new URI("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue")); + + // use the factory to marshall the request. + WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance(); + Source source = factory.marshallRequestSecurityToken(request); + assertNotNull("Unexpected null source", source); + assertTrue("Unexpected source type", source instanceof DOMSource); + + // at this point we know that the parsing works, so parse the generated source and compare to the original request. + BaseRequestSecurityToken baseRequest = factory.parseRequestSecurityToken(source); + assertNotNull("Unexpected null value for the parsed request", baseRequest); + assertTrue("Unexpected parsed request type", baseRequest instanceof RequestSecurityToken); + RequestSecurityToken parsedRequest = (RequestSecurityToken) baseRequest; + assertEquals("Unexpected context value", request.getContext(), parsedRequest.getContext()); + assertTrue("Unexpected token type", request.getTokenType().equals(parsedRequest.getTokenType())); + assertTrue("Unexpected request type", request.getRequestType().equals(parsedRequest.getRequestType())); + } + + /** + * + * Tests the marshalling of a WS-Trust response. + * + * + * @throws Exception + * if an error occurs while running the test. + */ + public void testMarshallRequestSecurityTokenResponse() throws Exception + { + // create a sample ws-trust response message. + RequestSecurityTokenResponse response = new RequestSecurityTokenResponse(); + response.setContext("testcontext"); + response.setTokenType(new URI("http://www.tokens.org/SpecialToken")); + response.setForwardable(false); + + RequestSecurityTokenResponseCollection collection = new RequestSecurityTokenResponseCollection(); + collection.addRequestSecurityTokenResponse(response); + + // use the factory to marshall the response. + WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance(); + Source source = factory.marshallRequestSecurityTokenResponse(collection); + assertNotNull("Unexpected null source", source); + assertTrue("Unexpected source type", source instanceof DOMSource); + + // at this point we know that the parsing works, so parse the generated source and compare to the original response. + BaseRequestSecurityTokenResponse baseResponse = factory.parseRequestSecurityTokenResponse(source); + assertNotNull("Unexpected null value for the parsed response", baseResponse); + assertTrue("Unexpected parsed request type", baseResponse instanceof RequestSecurityTokenResponseCollection); + RequestSecurityTokenResponseCollection parsedCollection = (RequestSecurityTokenResponseCollection) baseResponse; + assertNotNull("Unexpected null response list", parsedCollection.getRequestSecurityTokenResponses()); + assertEquals("Unexpected number of responses", 1, parsedCollection.getRequestSecurityTokenResponses().size()); + + RequestSecurityTokenResponse parsedResponse = parsedCollection.getRequestSecurityTokenResponses().get(0); + assertEquals("Unexpected context value", response.getContext(), parsedResponse.getContext()); + assertTrue("Unexpected token type", response.getTokenType().equals(parsedResponse.getTokenType())); + assertFalse(parsedResponse.isForwardable()); + } +} Added: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,106 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.identity.federation.core.wstrust; + +import java.security.PrivilegedActionException; + +import junit.framework.TestCase; + +import org.jboss.identity.federation.core.wstrust.STSConfiguration; +import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider; +import org.jboss.identity.federation.core.wstrust.StandardRequestHandler; +import org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler; +import org.jboss.identity.federation.core.wstrust.WSTrustServiceFactory; +import org.jboss.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider; + +/** + * + * This {@code TestCase} tests the behavior of the {@code WSTrustServiceFactory} class. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class WSTrustServiceFactoryUnitTestCase extends TestCase +{ + + /** + * + * Tests the creation of a {@code WSTrustRequestHandler} instance. + * + * + * @throws Exception if an error occurs while running the test. + */ + public void testCreateRequestHandler() throws Exception + { + STSConfiguration config = new MockSTSConfiguration(); + WSTrustServiceFactory factory = WSTrustServiceFactory.getInstance(); + + // tests the creation of the request handler. + WSTrustRequestHandler handler = factory.createRequestHandler( + "org.jboss.identity.federation.core.wstrust.StandardRequestHandler", config); + assertNotNull("Unexpected null request handler", handler); + assertTrue("Unexpected request handler type", handler instanceof StandardRequestHandler); + + // try to create an invalid instance of request handler. + try + { + factory.createRequestHandler("InvalidHandler", config); + fail("An exception should have been raised"); + } + catch (RuntimeException re) + { + assertTrue(re.getCause() instanceof PrivilegedActionException); + } + } + + /** + * + * Tests the creation of {@code SecurityTokenProvider}s. + * + * + * @throws Exception if an error occurs while running the test. + */ + public void testCreateTokenProvider() throws Exception + { + WSTrustServiceFactory factory = WSTrustServiceFactory.getInstance(); + SecurityTokenProvider provider = factory + .createTokenProvider("org.jboss.test.identity.federation.core.wstrust.SpecialTokenProvider"); + assertNotNull("Unexpected null token provider", provider); + assertTrue("Unexpected token provider type", provider instanceof SpecialTokenProvider); + provider = factory + .createTokenProvider("org.jboss.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"); + assertNotNull("Unexpected null token provider", provider); + assertTrue("Unexpected token provider type", provider instanceof SAML20TokenProvider); + + // try to create an invalid token provider. + try + { + factory.createTokenProvider("InvalidTokenProvider"); + fail("An exception should have been raised"); + } + catch (RuntimeException re) + { + assertTrue(re.getCause() instanceof PrivilegedActionException); + } + + } +} Added: identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-request.xml =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-request.xml (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-request.xml 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,4 @@ +<wst:RequestSecurityToken xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/" Context="testcontext"> + <wst:TokenType>http://www.tokens.org/SpecialToken</wst:TokenType> + <wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue</wst:RequestType> +</wst:RequestSecurityToken> \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-response.xml =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-response.xml (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-response.xml 2009-09-03 01:56:21 UTC (rev 758) @@ -0,0 +1,7 @@ +<wst:RequestSecurityTokenResponseCollection + xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"> + <wst:RequestSecurityTokenResponse Context="testcontext"> + <wst:TokenType>http://www.tokens.org/SpecialToken</wst:TokenType> + <wst:Forwardable>false</wst:Forwardable> + </wst:RequestSecurityTokenResponse> +</wst:RequestSecurityTokenResponseCollection> Modified: identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java =================================================================== --- identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java 2009-09-03 01:56:21 UTC (rev 758) @@ -52,16 +52,16 @@ import javax.xml.crypto.MarshalException; import javax.xml.crypto.dsig.XMLSignatureException; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; -import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder; import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; -import org.jboss.identity.federation.api.util.XMLSignatureUtil; import org.jboss.identity.federation.core.exceptions.ConfigurationException; import org.jboss.identity.federation.core.exceptions.ParsingException; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; +import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder; import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil; +import org.jboss.identity.federation.core.util.XMLSignatureUtil; import org.jboss.identity.federation.saml.v2.assertion.AssertionType; import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType; import org.jboss.identity.federation.saml.v2.assertion.AttributeType; Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java =================================================================== --- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java 2009-09-03 01:56:21 UTC (rev 758) @@ -51,18 +51,21 @@ import javax.xml.crypto.dsig.XMLSignatureException; import org.apache.log4j.Logger; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; -import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder; import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; -import org.jboss.identity.federation.api.util.XMLSignatureUtil; +import org.jboss.identity.federation.core.config.KeyProviderType; +import org.jboss.identity.federation.core.config.SPType; +import org.jboss.identity.federation.core.config.TrustType; import org.jboss.identity.federation.core.exceptions.ConfigurationException; import org.jboss.identity.federation.core.exceptions.ParsingException; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; +import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException; import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException; import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder; import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil; +import org.jboss.identity.federation.core.util.XMLSignatureUtil; import org.jboss.identity.federation.saml.v2.assertion.AssertionType; import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType; import org.jboss.identity.federation.saml.v2.assertion.AttributeType; @@ -72,9 +75,6 @@ import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; import org.jboss.identity.federation.saml.v2.protocol.ResponseType; import org.jboss.identity.federation.saml.v2.protocol.StatusType; -import org.jboss.identity.federation.core.config.KeyProviderType; -import org.jboss.identity.federation.core.config.SPType; -import org.jboss.identity.federation.core.config.TrustType; import org.jboss.identity.federation.web.interfaces.IRoleValidator; import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException; import org.jboss.identity.federation.web.interfaces.TrustKeyManager; Modified: identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java =================================================================== --- identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-09-02 17:50:36 UTC (rev 757) +++ identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-09-03 01:56:21 UTC (rev 758) @@ -26,7 +26,6 @@ import java.io.InputStream; import java.io.StringWriter; import java.net.URL; -import java.net.URLEncoder; import java.security.GeneralSecurityException; import java.security.Principal; import java.security.PrivateKey; @@ -38,21 +37,16 @@ import javax.xml.bind.JAXBException; import javax.xml.transform.TransformerException; import javax.xml.transform.TransformerFactoryConfigurationError; - + import org.apache.log4j.Logger; -import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; import org.jboss.identity.federation.api.saml.v2.sig.SAML2Signature; import org.jboss.identity.federation.core.config.IDPType; import org.jboss.identity.federation.core.config.TrustType; -import org.jboss.identity.federation.web.interfaces.TrustKeyManager; -import org.jboss.identity.federation.web.util.HTTPRedirectUtil; -import org.jboss.identity.federation.web.util.PostBindingUtil; -import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil; -import org.jboss.identity.federation.web.util.RedirectBindingUtil; import org.jboss.identity.federation.core.exceptions.ConfigurationException; import org.jboss.identity.federation.core.exceptions.ParsingException; +import org.jboss.identity.federation.core.saml.v2.common.IDGenerator; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException; import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException; @@ -61,11 +55,11 @@ import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder; import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder; import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil; -import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil; import org.jboss.identity.federation.saml.v2.assertion.AssertionType; import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType; import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType; import org.jboss.identity.federation.saml.v2.protocol.ResponseType; +import org.jboss.identity.federation.web.interfaces.TrustKeyManager; import org.w3c.dom.Document; import org.xml.sax.SAXException;

14 years, 8 months

1
0
0 / 0

JBoss Identity SVN: r757 - idm/tags.

by jboss-identity-commits＠lists.jboss.org

Author: bdaw Date: 2009-09-02 13:50:36 -0400 (Wed, 02 Sep 2009) New Revision: 757 Added: idm/tags/1.0.0.Beta2/ Log: tag IDM 1.0.0.Beta2 Copied: idm/tags/1.0.0.Beta2 (from rev 756, idm/trunk)

14 years, 8 months

1
0
0 / 0

JBoss Identity SVN: r756 - in idm/trunk: assembly and 16 other directories.

by jboss-identity-commits＠lists.jboss.org

Author: bdaw Date: 2009-09-02 13:48:49 -0400 (Wed, 02 Sep 2009) New Revision: 756 Modified: idm/trunk/assembly/pom.xml idm/trunk/example/auth-simple/pom.xml idm/trunk/example/auth/pom.xml idm/trunk/example/simple/pom.xml idm/trunk/idm-api/pom.xml idm/trunk/idm-auth/pom.xml idm/trunk/idm-cache/pom.xml idm/trunk/idm-common/pom.xml idm/trunk/idm-core/pom.xml idm/trunk/idm-hibernate/pom.xml idm/trunk/idm-ldap/pom.xml idm/trunk/idm-spi/pom.xml idm/trunk/idm-testsuite/pom.xml idm/trunk/integration/deployer/pom.xml idm/trunk/integration/jboss5/pom.xml idm/trunk/integration/pom.xml idm/trunk/parent/pom.xml idm/trunk/pom.xml Log: prepare for 1.0.0.Beta2 Modified: idm/trunk/assembly/pom.xml =================================================================== --- idm/trunk/assembly/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/assembly/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -4,14 +4,14 @@ <modelVersion>4.0.0</modelVersion> <groupId>org.jboss.identity.idm</groupId> <artifactId>jbossidm</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <packaging>pom</packaging> <name>JBoss Identity IDM Assembly </name> <parent> <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-parent</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <relativePath>../parent</relativePath> </parent> Modified: idm/trunk/example/auth/pom.xml =================================================================== --- idm/trunk/example/auth/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/example/auth/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -1,7 +1,7 @@ <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.jboss.identity.idm.example</groupId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <artifactId>example-auth</artifactId> <packaging>jar</packaging> <name>Example - JEE authentication</name> Modified: idm/trunk/example/auth-simple/pom.xml =================================================================== --- idm/trunk/example/auth-simple/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/example/auth-simple/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -1,7 +1,7 @@ <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.jboss.identity.idm.example</groupId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <artifactId>example-auth-simple</artifactId> <packaging>jar</packaging> <name>Example - JEE authentication (using deployer)</name> Modified: idm/trunk/example/simple/pom.xml =================================================================== --- idm/trunk/example/simple/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/example/simple/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -1,7 +1,7 @@ <project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> <modelVersion>4.0.0</modelVersion> <groupId>org.jboss.identity.idm.example</groupId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <artifactId>example-simple</artifactId> <packaging>jar</packaging> <name>Example - Simple JBoss Identity IDM Maven2 project</name> Modified: idm/trunk/idm-api/pom.xml =================================================================== --- idm/trunk/idm-api/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/idm-api/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-parent</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: idm/trunk/idm-auth/pom.xml =================================================================== --- idm/trunk/idm-auth/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/idm-auth/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-parent</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: idm/trunk/idm-cache/pom.xml =================================================================== --- idm/trunk/idm-cache/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/idm-cache/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-parent</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: idm/trunk/idm-common/pom.xml =================================================================== --- idm/trunk/idm-common/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/idm-common/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-parent</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: idm/trunk/idm-core/pom.xml =================================================================== --- idm/trunk/idm-core/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/idm-core/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-parent</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: idm/trunk/idm-hibernate/pom.xml =================================================================== --- idm/trunk/idm-hibernate/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/idm-hibernate/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-parent</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: idm/trunk/idm-ldap/pom.xml =================================================================== --- idm/trunk/idm-ldap/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/idm-ldap/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-parent</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: idm/trunk/idm-spi/pom.xml =================================================================== --- idm/trunk/idm-spi/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/idm-spi/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-parent</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: idm/trunk/idm-testsuite/pom.xml =================================================================== --- idm/trunk/idm-testsuite/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/idm-testsuite/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -2,7 +2,7 @@ <parent> <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-parent</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <relativePath>../parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion> Modified: idm/trunk/integration/deployer/pom.xml =================================================================== --- idm/trunk/integration/deployer/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/integration/deployer/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -8,12 +8,12 @@ <groupId>org.jboss.identity.idm.integration</groupId> <artifactId>idm-jboss5-deployer</artifactId> <packaging>jar</packaging> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <parent> <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-integration</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> </parent> <properties> Modified: idm/trunk/integration/jboss5/pom.xml =================================================================== --- idm/trunk/integration/jboss5/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/integration/jboss5/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -8,12 +8,12 @@ <groupId>org.jboss.identity.idm.integration</groupId> <artifactId>idm-jboss5</artifactId> <packaging>jar</packaging> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <parent> <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-integration</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> </parent> <dependencies> Modified: idm/trunk/integration/pom.xml =================================================================== --- idm/trunk/integration/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/integration/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -13,7 +13,7 @@ <parent> <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-parent</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <relativePath>../parent/pom.xml</relativePath> </parent> Modified: idm/trunk/parent/pom.xml =================================================================== --- idm/trunk/parent/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/parent/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -8,7 +8,7 @@ <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-parent</artifactId> <packaging>pom</packaging> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <name>JBoss Identity IDM- Parent</name> <url>http://labs.jboss.org/portal/jbosssecurity/</url> <description>JBoss Identity is a cross-cutting project that handles identity needs for the JEMS projects</description> Modified: idm/trunk/pom.xml =================================================================== --- idm/trunk/pom.xml 2009-09-02 16:59:50 UTC (rev 755) +++ idm/trunk/pom.xml 2009-09-02 17:48:49 UTC (rev 756) @@ -3,7 +3,7 @@ <parent> <groupId>org.jboss.identity.idm</groupId> <artifactId>idm-parent</artifactId> - <version>1.0.0-SNAPSHOT</version> + <version>1.0.0.Beta2</version> <relativePath>parent</relativePath> </parent> <modelVersion>4.0.0</modelVersion>

14 years, 8 months

1
0
0 / 0

JBoss Identity SVN: r755 - identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust.

by jboss-identity-commits＠lists.jboss.org

Author: sguilhen(a)redhat.com Date: 2009-09-02 12:59:50 -0400 (Wed, 02 Sep 2009) New Revision: 755 Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java Log: JBID-179: Fixed JBossSTSUnitTestCase Modified: identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-08-31 16:35:00 UTC (rev 754) +++ identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-09-02 16:59:50 UTC (rev 755) @@ -217,9 +217,8 @@ BaseRequestSecurityTokenResponse baseResponse = WSTrustJAXBFactory.getInstance() .parseRequestSecurityTokenResponse(responseMessage); - //TODO: JBID-179 // validate the security token response. - //this.validateCustomTokenResponse(baseResponse); + this.validateCustomTokenResponse(baseResponse); } /** @@ -488,10 +487,9 @@ Element element = (Element) requestedToken.getAny(); assertEquals("Unexpected namespace value", "http://www.tokens.org", element.getNamespaceURI()); - /*//TODO: Fix JBID-179 assertEquals("Unexpected attribute value", "http://www.tokens.org/SpecialToken", element - .getAttribute("TokenType")); - assertEquals("Unexpected token value", "Principal:sguilhen", element.getFirstChild().getNodeValue());*/ + .getAttributeNS("http://www.tokens.org", "TokenType")); + assertEquals("Unexpected token value", "Principal:sguilhen", element.getFirstChild().getNodeValue()); } /**

14 years, 8 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

jboss-identity-commits September 2009