From jboss-identity-commits at lists.jboss.org Mon Feb 2 01:07:38 2009
Content-Type: multipart/mixed; boundary="===============8364794611691600826=="
MIME-Version: 1.0
From: jboss-identity-commits at lists.jboss.org
To: jboss-identity-commits at lists.jboss.org
Subject: [jboss-identity-commits] JBoss Identity SVN: r270 -
identity-federation/trunk/doc/DeveloperGuide/src/main/docbook.
Date: Mon, 02 Feb 2009 01:07:33 -0500
Message-ID:
+ * Encrypt the Key to be transported + *
+ *+ * Data is encrypted with a SecretKey. Then the key needs to be + * transported to the other end where it is needed for decryption. + * For the Key transport, the SecretKey is encrypted with the + * recipient's public key. At the receiving end, the receiver + * can decrypt the Secret Key using his private key.s + *
+ * @param document + * @param keyToBeEncrypted Symmetric Key (SecretKey) + * @param keyUsedToEncrypt Asymmetric Key (Public Key) + * @return + * @throws Exception + */ + public static EncryptedKey encryptKey(Document document, + Key keyToBeEncrypted, Key keyUsedToEncrypt) throws Exception + { + XMLCipher keyCipher =3D null; + String keyAlgo =3D keyUsedToEncrypt.getAlgorithm(); + if("RSA".equals(keyAlgo)) + keyCipher =3D XMLCipher.getInstance(XMLEncryptionUtil.RSA_v1dot5); + else = + keyCipher =3D XMLCipher.getInstance(XMLEncryptionUtil.TRIPLEDES_K= eyWrap); + = + keyCipher.init(XMLCipher.WRAP_MODE, keyUsedToEncrypt); + return keyCipher.encryptKey(document, keyToBeEncrypted); = + } + + /** + * Encrypt either the entire document or an element within provided by = the tag + * @param document The Document to encrypt + * @param elementTag An element in the document that you want encrypted= (or null indicating entire document) + * @param encryptingKey + * @param algo + * @return document that is encrypted or contains the encrypted element + * @throws Exception + */ + public static Document encrypt(Document document, String elementTag, = + SecretKey encryptingKey, Key publicKey, String algo) throws Excep= tion + { + XMLCipher xmlCipher =3D XMLCipher.getInstance(algo); + if(xmlCipher =3D=3D null) + throw new IllegalStateException("Cipher is null for algorithm:" += algo); + xmlCipher.init(XMLCipher.ENCRYPT_MODE, encryptingKey); + + if(elementTag !=3D null) + { + //Lets check if we need an element + NodeList nl =3D document.getElementsByTagName(elementTag); + if(nl.getLength() < 1) + throw new IllegalArgumentException(elementTag + " was not foun= d in document"); + = + Element elementToEncrypt =3D (Element) nl.item(0); = + boolean encryptContentsOnly =3D true; + xmlCipher.doFinal(document, + elementToEncrypt, encryptContentsOnly); + } = + else + { + xmlCipher.doFinal(document, document); + } + EncryptedKey ekey =3D encryptKey(document, encryptingKey, publicKey); + = + EncryptedData encryptedDataElement =3D + xmlCipher.getEncryptedData(); + KeyInfo keyInfo =3D new KeyInfo(document); + keyInfo.add(ekey); + encryptedDataElement.setKeyInfo(keyInfo); + + return document; = + } = + = + /** + * Decrypt the document given two keys + *The SecretKey needs to be obtained out of band or + * needs to be obtained from the KeyInfo using the private key. + *
+ * @see #encryptKey(Document, Key, Key) + * = + * @param encryptedDocument + * @param encryptingKey + * @param signingKey + * @return + * @throws Exception + */ + public static Document decrypt(Document encryptedDocument, + SecretKey encryptingKey, PrivateKey signingKey) throws Exception + { + = + XMLCipher xmlCipher =3D XMLCipher.getInstance(); + xmlCipher.init(XMLCipher.DECRYPT_MODE, encryptingKey); //Symmetric K= ey + xmlCipher.setKEK(signingKey); //Asymmetric Key for Key Transport + = + //Get the encrypted element + String namespaceURI =3D EncryptionConstants.EncryptionSpecNS; + String localName =3D EncryptionConstants._TAG_ENCRYPTEDDATA; = + + NodeList nl =3D encryptedDocument.getElementsByTagNameNS(namespaceUR= I, localName); + if(nl =3D=3D null || nl.getLength() < 1) + throw new IllegalStateException("Cannot find encrypted element"); + Element encryptedDataElement =3D (Element) nl.item(0); + return xmlCipher.doFinal(encryptedDocument, encryptedDataElement); + } = +} \ No newline at end of file Added: identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/t= est/identity/federation/api/saml/v2/XMLEncryptionUnitTestCase.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test= /identity/federation/api/saml/v2/XMLEncryptionUnitTestCase.java = (rev 0) +++ identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test= /identity/federation/api/saml/v2/XMLEncryptionUnitTestCase.java 2009-02-04 = 23:04:06 UTC (rev 306) @@ -0,0 +1,112 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.identity.federation.api.saml.v2; + +import java.io.StringReader; +import java.security.KeyPair; +import java.security.KeyPairGenerator; + +import javax.crypto.KeyGenerator; +import javax.crypto.SecretKey; +import javax.xml.parsers.DocumentBuilder; +import javax.xml.parsers.DocumentBuilderFactory; + +import junit.framework.TestCase; + +import org.jboss.identity.federation.api.util.XMLEncryptionUtil; +import org.w3c.dom.Document; +import org.w3c.dom.Element; +import org.xml.sax.InputSource; + +/** + * Unit Test the XML Encryption Util + * @author Anil.Saldhana(a)redhat.com + * @since Feb 4, 2009 + */ +public class XMLEncryptionUnitTestCase extends TestCase +{ + private String docString =3D "Note: JAXB marshaller by default picks up arbitrary names= pace Modified: identity-federation/trunk/identity-fed-api/src/main/java/org/jbos= s/identity/federation/api/util/XMLEncryptionUtil.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/util/XMLEncryptionUtil.java 2009-02-04 23:04:06 UTC (re= v 306) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/util/XMLEncryptionUtil.java 2009-02-09 03:41:50 UTC (re= v 307) @@ -23,16 +23,18 @@ = import java.security.Key; import java.security.PrivateKey; +import java.security.PublicKey; = import javax.crypto.SecretKey; +import javax.xml.namespace.QName; = import org.apache.xml.security.encryption.EncryptedData; import org.apache.xml.security.encryption.EncryptedKey; import org.apache.xml.security.encryption.XMLCipher; -import org.apache.xml.security.keys.KeyInfo; -import org.apache.xml.security.utils.EncryptionConstants; +import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURICo= nstants; import org.w3c.dom.Document; import org.w3c.dom.Element; +import org.w3c.dom.Node; import org.w3c.dom.NodeList; = /** @@ -46,51 +48,12 @@ */ public class XMLEncryptionUtil { = - public static final String TRIPLEDES =3D "http://www.w3.org/2001/04/xml= enc#tripledes-cbc"; + private static String XMLSIG_NS =3D JBossSAMLURIConstants.XMLDSIG_NSURI= .get(); + private static String XMLENC_NS =3D JBossSAMLURIConstants.XMLENC_NSURI.= get(); = - public static final String AES_128 =3D "http://www.w3.org/2001/04/xmlen= c#aes128-cbc"; - = - public static final String AES_256 =3D "http://www.w3.org/2001/04/xmlen= c#aes256-cbc"; - = - public static final String AES_192 =3D "http://www.w3.org/2001/04/xmlen= c#aes192-cbc"; - = - public static final String RSA_v1dot5 =3D "http://www.w3.org/2001/04/xm= lenc#rsa-1_5"; - = - public static final String RSA_OAEP =3D "http://www.w3.org/2001/04/xmle= nc#rsa-oaep-mgf1p"; - = - public static final String DIFFIE_HELLMAN =3D "http://www.w3.org/2001/0= 4/xmlenc#dh"; - = - public static final String TRIPLEDES_KeyWrap =3D "http://www.w3.org/200= 1/04/xmlenc#kw-tripledes"; - = - public static final String AES_128_KeyWrap =3D "http://www.w3.org/2001/= 04/xmlenc#kw-aes128"; - = - public static final String AES_256_KeyWrap =3D "http://www.w3.org/2001/= 04/xmlenc#kw-aes256"; - = - public static final String AES_192_KeyWrap =3D "http://www.w3.org/2001/= 04/xmlenc#kw-aes192"; - = - public static final String SHA1 =3D "http://www.w3.org/2000/09/xmldsig#= sha1"; - = - public static final String SHA256 =3D "http://www.w3.org/2001/04/xmlenc= #sha256"; - = - public static final String SHA512 =3D "http://www.w3.org/2001/04/xmlenc= #sha512"; - = - public static final String RIPEMD_160 =3D "http://www.w3.org/2001/04/xm= lenc#ripemd160"; - = - public static final String XML_DSIG =3D "http://www.w3.org/2000/09/xmld= sig#"; - = - public static final String N14C_XML =3D "http://www.w3.org/TR/2001/REC-= xml-c14n-20010315"; - = - public static final String N14C_XML_WITH_COMMENTS =3D "http://www.w3.or= g/TR/2001/REC-xml-c14n-20010315#WithComments"; - = - public static final String EXCL_XML_N14C =3D "http://www.w3.org/2001/10= /xml-exc-c14n#"; - = - public static final String EXCL_XML_N14C_WITH_COMMENTS =3D "http://www.= w3.org/2001/10/xml-exc-c14n#WithComments"; - = - public static final String BASE64_ENCODING =3D "http://www.w3.org/2000/= 09/xmldsig#base64"; - = static { - //Initialize the XML Security Library + //Initialize the Apache XML Security Library org.apache.xml.security.Init.init(); } = @@ -107,97 +70,215 @@ *
* @param document * @param keyToBeEncrypted Symmetric Key (SecretKey) - * @param keyUsedToEncrypt Asymmetric Key (Public Key) + * @param keyUsedToEncryptSecretKey Asymmetric Key (Public Key) + * @param keySize Length of the key * @return * @throws Exception */ public static EncryptedKey encryptKey(Document document, - Key keyToBeEncrypted, Key keyUsedToEncrypt) throws Exception + SecretKey keyToBeEncrypted, PublicKey keyUsedToEncryptSecretKey, + int keySize) throws Exception { XMLCipher keyCipher =3D null; - String keyAlgo =3D keyUsedToEncrypt.getAlgorithm(); - if("RSA".equals(keyAlgo)) - keyCipher =3D XMLCipher.getInstance(XMLEncryptionUtil.RSA_v1dot5); - else = - keyCipher =3D XMLCipher.getInstance(XMLEncryptionUtil.TRIPLEDES_K= eyWrap); + String pubKeyAlg =3D keyUsedToEncryptSecretKey.getAlgorithm(); + = + String keyWrapAlgo =3D getXMLEncryptionURLForKeyUnwrap(pubKeyAlg, ke= ySize); + keyCipher =3D XMLCipher.getInstance(keyWrapAlgo); = - keyCipher.init(XMLCipher.WRAP_MODE, keyUsedToEncrypt); + keyCipher.init(XMLCipher.WRAP_MODE, keyUsedToEncryptSecretKey); return keyCipher.encryptKey(document, keyToBeEncrypted); = } - + = /** - * Encrypt either the entire document or an element within provided by = the tag - * @param document The Document to encrypt - * @param elementTag An element in the document that you want encrypted= (or null indicating entire document) - * @param encryptingKey - * @param algo - * @return document that is encrypted or contains the encrypted element + * Encrypt an element inside a Document. + * @param document Document that contains an element to encrypt + * @param publicKey The Public Key used to encrypt the secret encryptio= n key + * @param secretKey The secret encryption key + * @param keySize Length of key + * @param wrappingElementQName QName of the element to be used to wrap = around + * the cipher data. + * @param addEncryptedKeyInKeyInfo Should the encrypted key be inside a= KeyInfo + * or added as a peer of Cipher Data + * @return An element that has the wrappingElementQName * @throws Exception */ - public static Document encrypt(Document document, String elementTag, = - SecretKey encryptingKey, Key publicKey, String algo) throws Excep= tion + public static Element encryptElementInDocument(Document document, Publi= cKey publicKey, + SecretKey secretKey, int keySize, QName wrappingElementQName, + boolean addEncryptedKeyInKeyInfo) throws Exception { - XMLCipher xmlCipher =3D XMLCipher.getInstance(algo); - if(xmlCipher =3D=3D null) - throw new IllegalStateException("Cipher is null for algorithm:" += algo); - xmlCipher.init(XMLCipher.ENCRYPT_MODE, encryptingKey); + XMLCipher cipher =3D null; = + EncryptedKey encryptedKey =3D encryptKey(document, secretKey, public= Key, keySize); = + = + String encryptionAlgorithm =3D getXMLEncryptionURL(secretKey.getAlgo= rithm(), keySize); + //Encrypt the Document = + cipher =3D XMLCipher.getInstance(encryptionAlgorithm); + cipher.init(XMLCipher.ENCRYPT_MODE, secretKey); = - if(elementTag !=3D null) + Document encryptedDoc =3D cipher.doFinal(document, document.getDocu= mentElement()); = + = + // The EncryptedKey element is added + Element encryptedKeyElement =3D cipher.martial(document, encryptedK= ey); = + + //Create the wrapping element and set its attribute NS + Element wrappingElement =3D encryptedDoc.createElementNS(wrappingEle= mentQName.getNamespaceURI(), + wrappingElementQName.getPrefix() + ":" + wrappingElementQName.= getLocalPart()); + = + wrappingElement.setAttributeNS("http://www.w3.org/2000/xmlns/", + "xmlns:" + wrappingElementQName.getPrefix(), wrappingElementQN= ame.getNamespaceURI()); = + = + Element encryptedDocRootElement =3D encryptedDoc.getDocumentElement(= ); = + //Bring in the encrypted wrapping element to wrap the root node + encryptedDoc.replaceChild(wrappingElement, encryptedDocRootElement); + = + wrappingElement.appendChild(encryptedDocRootElement); + = + if (addEncryptedKeyInKeyInfo) = { - //Lets check if we need an element - NodeList nl =3D document.getElementsByTagName(elementTag); - if(nl.getLength() < 1) - throw new IllegalArgumentException(elementTag + " was not foun= d in document"); + // Outer ds:KeyInfo Element to hold the EncryptionKey + Element sigElement =3D encryptedDoc.createElementNS(XMLSIG_NS, "d= s:KeyInfo"); + sigElement.setAttributeNS("http://www.w3.org/2000/xmlns/", "xmlns= :ds", XMLSIG_NS); + sigElement.appendChild(encryptedKeyElement); = - Element elementToEncrypt =3D (Element) nl.item(0); = - boolean encryptContentsOnly =3D true; - xmlCipher.doFinal(document, - elementToEncrypt, encryptContentsOnly); + //Insert the Encrypted key before the CipherData element = + NodeList nodeList =3D encryptedDocRootElement.getElementsByTagNam= eNS(XMLENC_NS, "CipherData"); + if ((nodeList =3D=3D null) || (nodeList.getLength() =3D=3D 0)) = + throw new IllegalStateException("xenc:CipherData Element Missi= ng"); = + + Element cipherDataElement =3D (Element) nodeList.item(0); = + encryptedDocRootElement.insertBefore(sigElement, cipherDataElemen= t); } = - else + else = { - xmlCipher.doFinal(document, document); + //Add the encrypted key as a child of the wrapping element + wrappingElement.appendChild(encryptedKeyElement); } - EncryptedKey ekey =3D encryptKey(document, encryptingKey, publicKey); - = - EncryptedData encryptedDataElement =3D - xmlCipher.getEncryptedData(); - KeyInfo keyInfo =3D new KeyInfo(document); - keyInfo.add(ekey); - encryptedDataElement.setKeyInfo(keyInfo); = - return document; = + return encryptedDoc.getDocumentElement(); } = = + = /** - * Decrypt the document given two keys - *The SecretKey needs to be obtained out of band or - * needs to be obtained from the KeyInfo using the private key. - *
- * @see #encryptKey(Document, Key, Key) - * = - * @param encryptedDocument - * @param encryptingKey - * @param signingKey - * @return + * Decrypt an encrypted element inside a document + * @param documentWithEncryptedElement = + * @param privateKey key need to unwrap the encryption key + * @return the document with the encrypted element replaced by the data= element * @throws Exception */ - public static Document decrypt(Document encryptedDocument, - SecretKey encryptingKey, PrivateKey signingKey) throws Exception + public static Element decryptElementInDocument(Document documentWithEnc= ryptedElement, + PrivateKey privateKey) throws Exception { + if(documentWithEncryptedElement =3D=3D null) + throw new IllegalArgumentException("Input document is null"); = - XMLCipher xmlCipher =3D XMLCipher.getInstance(); - xmlCipher.init(XMLCipher.DECRYPT_MODE, encryptingKey); //Symmetric K= ey - xmlCipher.setKEK(signingKey); //Asymmetric Key for Key Transport + //Look for encrypted data element + Element documentRoot =3D documentWithEncryptedElement.getDocumentEle= ment(); + Element encDataElement =3D getNextElementNode(documentRoot.getFirstC= hild()); + if(encDataElement =3D=3D null) + throw new IllegalStateException("No element representing the encr= ypted data found"); = = - //Get the encrypted element - String namespaceURI =3D EncryptionConstants.EncryptionSpecNS; - String localName =3D EncryptionConstants._TAG_ENCRYPTEDDATA; = + //Look at siblings for the key + Element encKeyElement =3D getNextElementNode(encDataElement.getNextS= ibling()); + if(encKeyElement =3D=3D null) + { = + //Search the enc data element for enc key + NodeList nodeList =3D encDataElement.getElementsByTagNameNS( XMLE= NC_NS, "EncryptedKey"); + = + if(nodeList =3D=3D null || nodeList.getLength() =3D=3D 0) + throw new IllegalStateException("Encrypted Key not found in th= e enc data"); + = + encKeyElement =3D (Element) nodeList.item(0); = + } + = + XMLCipher cipher =3D XMLCipher.getInstance(); = + cipher.init(XMLCipher.DECRYPT_MODE, null); = + EncryptedData encryptedData =3D cipher.loadEncryptedData(documentWi= thEncryptedElement, encDataElement); = + EncryptedKey encryptedKey =3D cipher.loadEncryptedKey(documentWithE= ncryptedElement, encKeyElement); + = + Document decryptedDoc =3D null; + = + if (encryptedData !=3D null && encryptedKey !=3D null) = + { + String encAlgoURL =3D encryptedData.getEncryptionMethod().getAlgo= rithm(); + XMLCipher keyCipher =3D XMLCipher.getInstance(); = + keyCipher.init(XMLCipher.UNWRAP_MODE, privateKey); = + Key encryptionKey =3D keyCipher.decryptKey( encryptedKey, encAlg= oURL ); = + cipher =3D XMLCipher.getInstance(); = + cipher.init(XMLCipher.DECRYPT_MODE, encryptionKey); = + decryptedDoc =3D cipher.doFinal(documentWithEncryptedElement, enc= DataElement); = + } + = + Element decryptedRoot =3D decryptedDoc.getDocumentElement(); + Element dataElement =3D getNextElementNode(decryptedRoot.getFirstChi= ld()); + if (dataElement =3D=3D null) = + throw new IllegalStateException("Data Element after encryption is= null"); = - NodeList nl =3D encryptedDocument.getElementsByTagNameNS(namespaceUR= I, localName); - if(nl =3D=3D null || nl.getLength() < 1) - throw new IllegalStateException("Cannot find encrypted element"); - Element encryptedDataElement =3D (Element) nl.item(0); - return xmlCipher.doFinal(encryptedDocument, encryptedDataElement); + decryptedRoot.removeChild(dataElement); + decryptedDoc.replaceChild(dataElement, decryptedRoot); + = + return decryptedDoc.getDocumentElement(); = + } + = + /** + * From the secret key, get the W3C XML Encryption URL + * @param publicKeyAlgo + * @param keySize + * @return + */ + private static String getXMLEncryptionURLForKeyUnwrap(String publicKeyA= lgo, int keySize) + { + if("AES".equals(publicKeyAlgo)) + { + switch(keySize) + { + case 192: return XMLCipher.AES_192_KeyWrap; + case 256: return XMLCipher.AES_256_KeyWrap; + default: + return XMLCipher.AES_128_KeyWrap; + } + } + if(publicKeyAlgo.contains("RSA")) + return XMLCipher.RSA_v1dot5; + if(publicKeyAlgo.contains("DES")) + return XMLCipher.TRIPLEDES_KeyWrap; = + throw new IllegalArgumentException("unsupported publicKey Algo:" + p= ublicKeyAlgo); + } + = + /** + * From the secret key, get the W3C XML Encryption URL + * @param secretKey + * @param keySize + * @return + */ + private static String getXMLEncryptionURL(String algo, int keySize) + { = + if("AES".equals(algo)) + { + switch(keySize) + { + case 192: return XMLCipher.AES_192; + case 256: return XMLCipher.AES_256; + default: + return XMLCipher.AES_128; + } + } + if(algo.contains("RSA")) + return XMLCipher.RSA_v1dot5; + if(algo.contains("DES")) + return XMLCipher.TRIPLEDES_KeyWrap; = + throw new IllegalArgumentException("Secret Key with unsupported algo= :" + algo); + } + = + /** + * Returns the next Element node. + */ + private static Element getNextElementNode(Node node) = + { + while(node !=3D null) + { + if(Node.ELEMENT_NODE =3D=3D node.getNodeType()) + return (Element) node; + node =3D node.getNextSibling(); + } + return null; = } = } \ No newline at end of file Deleted: identity-federation/trunk/identity-fed-api/src/test/java/org/jboss= /test/identity/federation/api/saml/v2/XMLEncryptionUnitTestCase.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test= /identity/federation/api/saml/v2/XMLEncryptionUnitTestCase.java 2009-02-04 = 23:04:06 UTC (rev 306) +++ identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test= /identity/federation/api/saml/v2/XMLEncryptionUnitTestCase.java 2009-02-09 = 03:41:50 UTC (rev 307) @@ -1,112 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2008, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. = - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.test.identity.federation.api.saml.v2; - -import java.io.StringReader; -import java.security.KeyPair; -import java.security.KeyPairGenerator; - -import javax.crypto.KeyGenerator; -import javax.crypto.SecretKey; -import javax.xml.parsers.DocumentBuilder; -import javax.xml.parsers.DocumentBuilderFactory; - -import junit.framework.TestCase; - -import org.jboss.identity.federation.api.util.XMLEncryptionUtil; -import org.w3c.dom.Document; -import org.w3c.dom.Element; -import org.xml.sax.InputSource; - -/** - * Unit Test the XML Encryption Util - * @author Anil.Saldhana(a)redhat.com - * @since Feb 4, 2009 - */ -public class XMLEncryptionUnitTestCase extends TestCase -{ - private String docString =3D "+ * Default implementation of the {@code WSTrustRequestHandler} interface. = It creates the request context containing the + * original WS-Trust request as well as any information that may be releva= nt to the token processing, and delegates the + * actual token handling processing to the appropriate {@code SecurityToke= nProvider}. + *
+ * = + * @author Stefan Guilhen + */ +public class JBossRequestHandler implements WSTrustRequestHandler +{ + + private STSConfiguration configuration; + + /* + * (non-Javadoc) + * = + * @see org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler= #initialize(org.jboss.identity.federation.api.wstrust.STSConfiguration) + */ + public void initialize(STSConfiguration configuration) + { + this.configuration =3D configuration; + } + + /* + * (non-Javadoc) + * = + * @see org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler= #issue(org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTo= ken, + * javax.xml.ws.handler.MessageContext) + */ + public RequestSecurityTokenResponse issue(RequestSecurityToken request,= MessageContext context) + throws WSTrustException + { + SecurityTokenProvider provider =3D null; + = + // first try to obtain the security token provider using the applies= -to contents. + AppliesTo appliesTo =3D request.getAppliesTo(); + if(appliesTo !=3D null) + { + String serviceName =3D WSTrustUtil.parseAppliesTo(appliesTo); + if(serviceName !=3D null) + provider =3D this.configuration.getProviderForService(serviceN= ame); + } + // if applies-to is not available or if no provider was found for th= e service, use the token type. + else if(request.getTokenType() !=3D null && provider =3D=3D null) + { + provider =3D this.configuration.getProviderForTokenType(request.g= etTokenType().toString()); + } + else if(request.getTokenType() =3D=3D null) + throw new WSTrustException("Either AppliesTo or TokenType must be= present in a security token request"); + = + if(provider !=3D null) + { + // create the request context and delegate token generation to th= e provider. + WSTrustRequestContext requestContext =3D new WSTrustRequestContex= t(request); + = + // TODO: add a lifetime to the request when one hasn't been speci= fied. = + provider.issueToken(requestContext); + = + // construct the ws-trust security token response. + RequestedSecurityTokenType requestedSecurityToken =3D new Request= edSecurityTokenType(); + requestedSecurityToken.setAny(requestContext.getSecurityToken()); + = + // TODO: create proof token and encrypt the token if needed + = + RequestSecurityTokenResponse response =3D new RequestSecurityToke= nResponse(); + if(request.getContext() !=3D null) + response.setContext(request.getContext()); + = + // TODO: obtain the token type even when the request doesn't have= one. + response.setTokenType(request.getTokenType()); + response.setAppliesTo(appliesTo); + response.setRequestedSecurityToken(requestedSecurityToken); + return response; + } + else + throw new WSTrustException("Unable to find a token provider for t= he token request"); + } + + /* + * (non-Javadoc) + * = + * @see org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler= #renew(org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTo= ken, + * javax.xml.ws.handler.MessageContext) + */ + public RequestSecurityTokenResponse renew(RequestSecurityToken request,= MessageContext context) + throws WSTrustException + { + // TODO: implement renew logic. + throw new UnsupportedOperationException(); + } + + /* + * (non-Javadoc) + * = + * @see org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler= #validate(org.jboss.identity.federation.api.wstrust.protocol.RequestSecurit= yToken, + * javax.xml.ws.handler.MessageContext) + */ + public RequestSecurityTokenResponse validate(RequestSecurityToken reque= st, MessageContext context) + throws WSTrustException + { + // TODO: implement validate logic. + throw new UnsupportedOperationException(); + } + + /* + * (non-Javadoc) + * = + * @see org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler= #cancel(org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityT= oken, + * javax.xml.ws.handler.MessageContext) + */ + public RequestSecurityTokenResponse cancel(RequestSecurityToken request= , MessageContext context) + throws WSTrustException + { + // TODO: implement cancel logic. + throw new UnsupportedOperationException(); + } + +} Added: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/= identity/federation/bindings/jboss/trust/JBossSTS.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/ide= ntity/federation/bindings/jboss/trust/JBossSTS.java = (rev 0) +++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/ide= ntity/federation/bindings/jboss/trust/JBossSTS.java 2009-02-09 18:47:40 UTC= (rev 311) @@ -0,0 +1,163 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.bindings.jboss.trust; + +import javax.annotation.Resource; +import javax.xml.transform.Source; +import javax.xml.ws.Service; +import javax.xml.ws.ServiceMode; +import javax.xml.ws.WebServiceContext; +import javax.xml.ws.WebServiceException; +import javax.xml.ws.WebServiceProvider; + +import org.jboss.identity.federation.api.wstrust.STSConfiguration; +import org.jboss.identity.federation.api.wstrust.SecurityTokenService; +import org.jboss.identity.federation.api.wstrust.WSTrustConstants; +import org.jboss.identity.federation.api.wstrust.WSTrustException; +import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory; +import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler; +import org.jboss.identity.federation.api.wstrust.WSTrustServiceFactory; +import org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecur= ityToken; +import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityT= oken; +import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityT= okenCollection; +import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityT= okenResponse; +import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityT= okenResponseCollection; + +/** + *+ * Default implementation of the {@code SecurityTokenService} interface. + *
+ * = + * @author Stefan Guilhen + */ +(a)WebServiceProvider +(a)ServiceMode(value =3D Service.Mode.PAYLOAD) +public class JBossSTS implements SecurityTokenService +{ + + @Resource + protected WebServiceContext context; + + /* + * (non-Javadoc) + * = + * @see org.jboss.identity.federation.api.wstrust.SecurityTokenService#= invoke(javax.xml.transform.Source) + */ + public Source invoke(Source request) + { + BaseRequestSecurityToken baseRequest =3D WSTrustJAXBFactory.getInsta= nce().parseRequestSecurityToken(request); + if (baseRequest instanceof RequestSecurityToken) + return this.handleTokenRequest((RequestSecurityToken) baseRequest= ); + else if (baseRequest instanceof RequestSecurityTokenCollection) + return this.handleTokenRequestCollection((RequestSecurityTokenCol= lection) baseRequest); + else + throw new WebServiceException("Invalid security token request"); + } + + /** + *+ * Process a security token request. + *
+ * = + * @param request a {@code RequestSecurityToken} instance that contains= the request information. + * @return a {@code Source} instance representing the marshalled respon= se. + */ + protected Source handleTokenRequest(RequestSecurityToken request) + { + WSTrustRequestHandler handler =3D WSTrustServiceFactory.getInstance(= ).createRequestHandler(this.getConfiguration()); + String requestType =3D request.getRequestType().toString(); + + try + { + if (requestType.equals(WSTrustConstants.ISSUE_REQUEST)) + return this.marshallResponse(handler.issue(request, this.conte= xt.getMessageContext())); + else if (requestType.equals(WSTrustConstants.RENEW_REQUEST)) + return this.marshallResponse(handler.renew(request, this.conte= xt.getMessageContext())); + else if (requestType.equals(WSTrustConstants.CANCEL_REQUEST)) + return this.marshallResponse(handler.cancel(request, this.cont= ext.getMessageContext())); + else if (requestType.equals(WSTrustConstants.VALIDATE_REQUEST)) + return this.marshallResponse(handler.validate(request, this.co= ntext.getMessageContext())); + else + throw new WSTrustException("Invalid request type: " + requestT= ype); + } + catch (WSTrustException we) + { + throw new WebServiceException(we.getMessage(), we); + } + } + + /** + *+ * Process a collection of security token requests. + *
+ * = + * @param requestCollection a {@code RequestSecurityTokenCollection} co= ntaining the various requests information. + * @return a {@code Source} instance representing the marshalled respon= se. + */ + protected Source handleTokenRequestCollection(RequestSecurityTokenColle= ction requestCollection) + { + // TODO: implement multiple token request handling code. + return null; + } + + /** + *+ * Marshalls the specified {@code RequestSecurityTokenResponse} into a = {@code Source} instance. + *
+ * = + * @param response the {@code RequestSecurityTokenResponse} to be marsh= alled. + * @return the resulting {@code Source} instance. + */ + protected Source marshallResponse(RequestSecurityTokenResponse response) + { + // add the single response to a RequestSecurityTokenResponse collect= ion, as per the specification. + RequestSecurityTokenResponseCollection responseCollection =3D new Re= questSecurityTokenResponseCollection(); + responseCollection.addRequestSecurityTokenResponse(response); + return this.marshallResponse(responseCollection); + } + + /** + *+ * Marshalls the specified {@code RequestSecurityTokenResponseCollectio= n} into a {@code Source} instance. + *
+ * = + * @param responseCollection the {@code RequestSecurityTokenResponseCol= lection} to be marshalled. + * @return the resulting {@code Source} instance. + */ + protected Source marshallResponse(RequestSecurityTokenResponseCollectio= n responseCollection) + { + return WSTrustJAXBFactory.getInstance().marshallRequestSecurityToken= Response(responseCollection); + } + + /** + *+ * Obtains the STS configuration options. + *
+ * = + * @return an instance of {@code STSConfiguration} containing the STS c= onfiguration properties. + */ + protected STSConfiguration getConfiguration() + { + // TODO: create the configuration instance. + return null; + } +} Modified: identity-federation/trunk/identity-fed-api/.classpath =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/.classpath 2009-02-09 05:17:= 32 UTC (rev 310) +++ identity-federation/trunk/identity-fed-api/.classpath 2009-02-09 18:47:= 40 UTC (rev 311) @@ -1,17 +1,21 @@ -+ * The {@code STSConfiguration} interface allows access to the security to= ken service (STS) configuration attributes. + *
+ * = + * @author Stefan Guilhen + */ +public interface STSConfiguration +{ + + /** + *+ * Obtains the unique name of the secure token service. + *
+ * = + * @return a {@code String} representing the STS name. + */ + public String getSTSName(); + + /** + *+ * Indicates whether the issued token must be encrypted or not. + *
+ * = + * @return {@code true} if the issued token must be encrypted; {@code f= alse} otherwise. + */ + public boolean getEncryptIssuedToken(); + + /** + *+ * Obtains the timeout value (in milliseconds) for issued tokens. + *
+ * = + * @return the token timeout value. + */ + public long getIssuedTokenTimeout(); + = + /** + *+ * Given the name of a service provider, obtains the provider that must= be used when issuing tokens to clients of + * that service. When requesting a token to the STS, a client can speci= fy the service it needs the token for using + * the {@code AppliesTo} element. Based on the service provider name, t= he STS identifies the type of the token that + * is to be issued and then selects the appropriate token provider to h= andle the request. + *
+ * = + * @param serviceName the name of the service provider that requires a = token from its clients. + * @return a reference to the {@code SecurityTokenProvider} that must b= e used in order to issue tokens to clients of + * the specified service. + */ + public SecurityTokenProvider getProviderForService(String serviceName); + + /** + *+ * Given a token type, obtains the token provider that should be used t= o handle token requests of that type. When a + * client doesn't specify the service provider name through the {@code = AppliesTo} element, it must specify the token + * type through the {@code TokenType} element. The STS uses the supplie= d type to select the appropriate token + * provider. + *
+ * = + * @param tokenType a {@code String} representing the type of the token. + * @return a reference to the {@code SecurityTokenProvider} that must b= e used to handle token requests of the + * specified type. + */ + public SecurityTokenProvider getProviderForTokenType(String tokenType); + + /** + *+ * Obtains a {@code Map} that contains the non-standard configuration o= ptions. + *
+ * = + * @return a {@code Map+ * Interface that represents a security token. + *
+ * = + * @author Stefan Guilhen + */ +public interface SecurityToken +{ + + /** + *+ * Obtains the type of the security token. + *
+ * = + * @return a {@code String} representing the security token type. + */ + public String getTokenType(); + = + /** + *+ * Obtains the value of the security token. + *
+ * = + * @return an {@code Object} representing the security token value. + */ + public Object getTokenValue(); +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/i= dentity/federation/api/wstrust/SecurityTokenProvider.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/SecurityTokenProvider.java = (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/SecurityTokenProvider.java 2009-02-09 18:47:40 = UTC (rev 311) @@ -0,0 +1,76 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust; + +/** + *+ * This interface defines the methods that must be implemented by security= token providers. + *
+ * = + * @author Stefan Guilhen + */ +public interface SecurityTokenProvider +{ + /** + *+ * Generates a security token using the information contained in the sp= ecified request context and stores the + * newly-created token in the context itself. + *
+ * = + * @param context the {@code WSTrustRequestContext} to be used when gen= erating the token. + * @throws WSTrustException if an error occurs while creating the secur= ity token. + */ + public void issueToken(WSTrustRequestContext context) throws WSTrustExc= eption; + + /** + *+ * Renews the security token contained in the specified request context= . This method is used when a previously + * generated token has expired, generating a new version of the same to= ken with different expiration semantics. + *
+ * = + * @param context the {@code WSTrustRequestContext} that contains the t= oken to be renewed. + * @throws WSTrustException if an error occurs while renewing the secur= ity token. + */ + public void renewToken(WSTrustRequestContext context) throws WSTrustExc= eption; + + /** + *+ * Cancels the token contained in the specified request context. A secu= rity token is usually canceled when one wants + * to make sure that the token will not be used anymore. A security tok= en can't be renewed once it has been canceled. + *
+ * = + * @param context the {@code WSTrustRequestContext} that contains the t= oken to be canceled. + * @throws WSTrustException if an error occurs while canceling the secu= rity token. + */ + public void cancelToken(WSTrustRequestContext context) throws WSTrustEx= ception; + + /** + *+ * Evaluates the validity of the token contained in the specified reque= st context and sets the result in the context + * itself. The result can be a status, a new token, or both. + *
+ * = + * @param context the {@code WSTrustRequestContext} that contains the t= oken to be validated. + * @throws WSTrustException if an error occurs while validating the sec= urity token. + */ + public void validateToken(WSTrustRequestContext context) throws WSTrust= Exception; +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/i= dentity/federation/api/wstrust/SecurityTokenService.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/SecurityTokenService.java = (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/SecurityTokenService.java 2009-02-09 18:47:40 U= TC (rev 311) @@ -0,0 +1,43 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust; + +import javax.xml.transform.Source; +import javax.xml.ws.Provider; + +/** + *+ * The {@code SecurityTokenService} (STS) interface. It extends the {@code= Provider} interface so that it can be + * dynamically invoked (as opposed to having a service endpoint interface). + *
+ * = + * @author Stefan Guilhen + */ +public interface SecurityTokenService extends Provider+ * This class defines the constants used throughout the WS-Trust implement= ation code. + *
+ * = + * @author Stefan Guilhen + */ +public class WSTrustConstants +{ + public final static String BASE_NAMESPACE =3D "http://docs.oasis-open.o= rg/ws-sx/ws-trust/200512"; + = + public final static String ISSUE_REQUEST =3D BASE_NAMESPACE + "/Issue"; + = + public final static String RENEW_REQUEST =3D BASE_NAMESPACE + "/Renew"; + = + public final static String CANCEL_REQUEST =3D BASE_NAMESPACE + "/Cancel= "; + = + public final static String VALIDATE_REQUEST =3D BASE_NAMESPACE + "/Vali= date"; +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/i= dentity/federation/api/wstrust/WSTrustException.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/WSTrustException.java (= rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/WSTrustException.java 2009-02-09 18:47:40 UTC (= rev 311) @@ -0,0 +1,60 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust; + +/** + *+ * Exception used to convey that an error has happened when handling a WS-= Trust request message. + *
+ * = + * @author Stefan Guilhen + */ +public class WSTrustException extends Exception +{ + + private static final long serialVersionUID =3D -232066282004315310L; + + /** + *+ * Creates an instance of {@code WSTrustException} using the specified = error message. + *
+ * = + * @param message the error message. + */ + public WSTrustException(String message) + { + super(message); + } + = + /** + *+ * Creates an instance of {@code WSTrustException} using the specified = error message and cause. + *
+ * = + * @param message the error message. + * @param cause a {@code Throwable} representing the cause of the error= . = + */ + public WSTrustException(String message, Throwable cause) + { + super(message, cause); + } +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/i= dentity/federation/api/wstrust/WSTrustJAXBFactory.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/WSTrustJAXBFactory.java = (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-02-09 18:47:40 UTC= (rev 311) @@ -0,0 +1,227 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust; + +import javax.xml.bind.JAXBContext; +import javax.xml.bind.JAXBElement; +import javax.xml.bind.JAXBException; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; +import javax.xml.bind.util.JAXBSource; +import javax.xml.transform.Source; + +import org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecur= ityToken; +import org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecur= ityTokenResponse; +import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityT= oken; +import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityT= okenCollection; +import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityT= okenResponse; +import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityT= okenResponseCollection; +import org.jboss.identity.federation.ws.trust.ObjectFactory; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenCollecti= onType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponse= CollectionType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponse= Type; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType; + +/** + *+ * This factory implements utility methods for converting between JAXB mod= el objects and XML source. + *
+ * = + * @author Stefan Guilhen + */ +public class WSTrustJAXBFactory +{ + private static final WSTrustJAXBFactory instance =3D new WSTrustJAXBFac= tory(); + + private final JAXBContext context; + + private final ObjectFactory factory; + + /** + *+ * Creates the {@code WSTrustJAXBFactory} singleton instance. + *
+ */ + private WSTrustJAXBFactory() + { + StringBuffer packages =3D new StringBuffer(); + packages.append("org.jboss.identity.federation.ws.addressing"); + packages.append(":org.jboss.identity.federation.ws.policy"); + packages.append(":org.jboss.identity.federation.ws.trust"); + packages.append(":org.jboss.identity.federation.ws.wss.secext"); + packages.append(":org.jboss.identity.federation.ws.wss.utility"); + try + { + this.context =3D JAXBContext.newInstance(packages.toString()); + this.factory =3D new ObjectFactory(); + } + catch (JAXBException e) + { + throw new RuntimeException(e.getMessage(), e); + } + } + + /** + *+ * Gets a reference to the singleton instance. + *
+ * = + * @return a reference to the {@code WSTrustJAXBFactory} instance. + */ + public static WSTrustJAXBFactory getInstance() + { + return instance; + } + + /** + *+ * Creates a {@code BaseRequestSecurityToken} from the specified XML so= urce. + *
+ * = + * @param request the XML source containing the security token request = message. + * @return the constructed {@code BaseRequestSecurityToken} instance. I= t will be an instance of + * {@code RequestSecurityToken} the message contains a single t= oken request, and an instance of + * {@code RequestSecurityTokenCollection} if multiples requests= are being made in the same message. + */ + public BaseRequestSecurityToken parseRequestSecurityToken(Source reques= t) + { + try + { + Unmarshaller unmarshaller =3D this.context.createUnmarshaller(); + JAXBElement> element =3D (JAXBElement>) unmarshaller.unmarsha= l(request); + // is this a single token request or a collection of token reques= ts + if (element.getDeclaredType().equals(RequestSecurityTokenType.cla= ss)) + return new RequestSecurityToken((RequestSecurityTokenType) ele= ment.getValue()); + else if (element.getDeclaredType().equals(RequestSecurityTokenCol= lectionType.class)) + return new RequestSecurityTokenCollection((RequestSecurityToke= nCollectionType) element.getValue()); + else + throw new RuntimeException("Invalid request type: " + element.= getDeclaredType()); + } + catch (Exception e) + { + throw new RuntimeException("Failed to unmarshall security token r= equest", e); + } + } + + /** + *+ * Creates a {@code BaseRequestSecurityTokenResponse} from the specifie= d XML source. + *
+ * = + * @param response the XML source containing the security token respons= e message. + * @return the constructed {@code BaseRequestSecurityTokenResponse} ins= tance. It should return an instance of + * {@code RequestSecurityTokenResponseCollection} according to = the specification, but we allow a single + * response to be returned in the form of a {@code RequestSecur= ityTokenResponse} instance. + */ + public BaseRequestSecurityTokenResponse parseRequestSecurityTokenRespon= se(Source response) + { + try + { + Unmarshaller unmarshaller =3D this.context.createUnmarshaller(); + JAXBElement> element =3D (JAXBElement>) unmarshaller.unmarsha= l(response); + // is this a single token response or a collection of token respo= nses + if (element.getDeclaredType().equals(RequestSecurityTokenResponse= Type.class)) + return new RequestSecurityTokenResponse((RequestSecurityTokenR= esponseType) element.getValue()); + else if (element.getDeclaredType().equals(RequestSecurityTokenRes= ponseCollectionType.class)) + return new RequestSecurityTokenResponseCollection((RequestSecu= rityTokenResponseCollectionType) element + .getValue()); + else + throw new RuntimeException("Invalid response type: " + element= .getDeclaredType()); + } + catch (Exception e) + { + throw new RuntimeException("Failed to unmarshall security token r= esponse", e); + } + } + + /** + *+ * Creates a {@code javax.xml.transform.Source} from the specified requ= est object. + *
+ * = + * @param request a {@code BaseRequestSecurityToken} representing the o= bject model of the security token request. + * @return the constructed {@code Source} instance. + */ + public Source marshallRequestSecurityToken(BaseRequestSecurityToken req= uest) + { + JAXBElement> element =3D null; + if (request instanceof RequestSecurityToken) + { + RequestSecurityToken requestSecurityToken =3D (RequestSecurityTok= en) request; + element =3D this.factory.createRequestSecurityToken(requestSecuri= tyToken.getDelegate()); + } + else if (request instanceof RequestSecurityTokenCollection) + { + RequestSecurityTokenCollection collection =3D (RequestSecurityTok= enCollection) request; + element =3D this.factory.createRequestSecurityTokenCollection(col= lection.getDelegate()); + } + else + throw new RuntimeException("Failed to determine the type of the s= ecurity token request"); + + try + { + Marshaller marshaller =3D this.context.createMarshaller(); + return new JAXBSource(marshaller, element); + } + catch (JAXBException je) + { + throw new RuntimeException("Failed to marshall security token req= uest", je); + } + } + + /** + *+ * Creates a {@code javax.xml.transform.Source} from the specified resp= onse object. + *
+ * = + * @param response a {@code BaseRequestSecurityTokenResponse} represent= ing the object model of the security token + * response. + * @return the constructed {@code Source} instance. + */ + public Source marshallRequestSecurityTokenResponse(BaseRequestSecurityT= okenResponse response) + { + JAXBElement> element =3D null; + if (response instanceof RequestSecurityTokenResponse) + { + RequestSecurityTokenResponse requestSecurityTokenResponse =3D (Re= questSecurityTokenResponse) response; + element =3D this.factory.createRequestSecurityTokenResponse(reque= stSecurityTokenResponse.getDelegate()); + } + else if (response instanceof RequestSecurityTokenResponseCollection) + { + RequestSecurityTokenResponseCollection collection =3D (RequestSec= urityTokenResponseCollection) response; + element =3D this.factory.createRequestSecurityTokenResponseCollec= tion(collection.getDelegate()); + } + else + throw new RuntimeException("Failed to determine the type of the s= ecurity token response"); + + try + { + Marshaller marshaller =3D this.context.createMarshaller(); + return new JAXBSource(marshaller, element); + } + catch (JAXBException je) + { + throw new RuntimeException("Failed to marshall security token req= uest", je); + } + } + +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/i= dentity/federation/api/wstrust/WSTrustRequestContext.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/WSTrustRequestContext.java = (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/WSTrustRequestContext.java 2009-02-09 18:47:40 = UTC (rev 311) @@ -0,0 +1,89 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust; + +import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityT= oken; + +/** + *+ * The {@code WSTrustRequestContext} contains all the information that is = relevant for the security token request + * processing. + *
+ * = + * @author Stefan Guilhen + */ +public class WSTrustRequestContext +{ + + private final RequestSecurityToken request; + + private SecurityToken securityToken; + = + /** + *+ * Creates an instance of {@code WSTrustRequestContext} using the speci= fied request. + *
+ * = + * @param request a {@code RequestSecurityToken} object that contains t= he information about the security token + * request. + */ + public WSTrustRequestContext(RequestSecurityToken request) + { + this.request =3D request; + } + + /** + *+ * Obtains the object the contains the information about the security t= oken request. + *
+ * = + * @return a reference to the {@code RequestSecurityToken} instance. + */ + public RequestSecurityToken getRequestSecurityToken() + { + return this.request; + } + = + /** + *+ * Obtains the security token contained in this context. + *
+ * = + * @return a reference to the {@code SecurityToken} instance. + */ + public SecurityToken getSecurityToken() + { + return this.securityToken; + } + = + /** + *+ * Sets the security token in the context. + *
+ * = + * @param token the {@code SecurityToken} instance to be set. + */ + public void setSecurityToken(SecurityToken token) + { + this.securityToken =3D token; + } +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/i= dentity/federation/api/wstrust/WSTrustRequestHandler.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/WSTrustRequestHandler.java = (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/WSTrustRequestHandler.java 2009-02-09 18:47:40 = UTC (rev 311) @@ -0,0 +1,105 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust; + +import javax.xml.ws.handler.MessageContext; + +import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityT= oken; +import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityT= okenResponse; + +/** + *+ * The {@code WSTrustRequestHandler} interface defines the methods that wi= ll be responsible for handling the different + * types of WS-Trust request messages. + *
+ * = + * @author Stefan Guilhen + */ +public interface WSTrustRequestHandler +{ + + /** + *+ * Initializes the concrete {@code WSTrustRequestHandler} instance. + *
+ * = + * @param configuration a reference to object that contains the STS con= figuration. + */ + public void initialize(STSConfiguration configuration); + + /** + *+ * Generates a security token according to the information specified in= the request message and returns the created + * token in the response. + *
+ * = + * @param request the security token request message. + * @param context the context of the token request message. The context= provides information that may be relevant to + * the request processing, such as the subject of the caller. + * @return a {@code RequestSecurityTokenResponse} containing the genera= ted token. + * @throws WSTrustException if an error occurs while handling the reque= st message. + */ + public RequestSecurityTokenResponse issue(RequestSecurityToken request,= MessageContext context) + throws WSTrustException; + + /** + *+ * Renews the security token as specified in the request message, retur= ning the renewed token in the response. + *
+ * = + * @param request the request message that contains the token to be ren= ewed. + * @param context the context of the token request message. The context= provides information that may be relevant to + * the request processing, such as the subject of the caller. + * @return a {@code RequestSecurityTokenResponse} containing the renewe= d token. + * @throws WSTrustException if an error occurs while handling the renew= al process. + */ + public RequestSecurityTokenResponse renew(RequestSecurityToken request,= MessageContext context) + throws WSTrustException; + + /** + *+ * Cancels the security token as specified in the request message. + *
+ * = + * @param request the request message that contains the token to be can= celed. + * @param context the context of the token request message. The context= provides information that may be relevant to + * the request processing, such as the subject of the caller. + * @return a {@code RequestSecurityTokenResponse} indicating whether th= e token has been canceled or not. + * @throws WSTrustException if an error occurs while handling the cance= llation process. + */ + public RequestSecurityTokenResponse cancel(RequestSecurityToken request= , MessageContext context) + throws WSTrustException; + + /** + *+ * Validates the security token as specified in the request message. + *
+ * = + * @param request the request message that contains the token to be val= idated. + * @param context the context of the token request message. The context= provides information that may be relevant to + * the request processing, such as the subject of the caller. + * @return a {@code RequestSecurityTokenResponse} containing the valida= tion status or a new token. + * @throws WSTrustException if an error occurs while handling the valid= ation process. + */ + public RequestSecurityTokenResponse validate(RequestSecurityToken reque= st, MessageContext context) + throws WSTrustException; +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/i= dentity/federation/api/wstrust/WSTrustServiceFactory.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/WSTrustServiceFactory.java = (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/WSTrustServiceFactory.java 2009-02-09 18:47:40 = UTC (rev 311) @@ -0,0 +1,81 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust; + +/** + *+ * Factory class used for instantiating pluggable services, such as the {@= code WSTrustRequestHandler} and + * {@code SecurityTokenProvider} implementations. + *
+ * = + * @author Stefan Guilhen + */ +public class WSTrustServiceFactory +{ + + private static final WSTrustServiceFactory factory =3D new WSTrustServi= ceFactory(); + + /** + *+ * Creates the {@code WSTrustConfigurationFactory} singleton instance. + *
+ */ + private WSTrustServiceFactory() + { + } + + /** + *+ * Obtains a reference to the singleton instance. + *
+ * = + * @return the {@code WSTrustConfigurationFactory} singleton. + */ + public static WSTrustServiceFactory getInstance() + { + return factory; + } + + public WSTrustRequestHandler createRequestHandler(STSConfiguration conf= iguration) + { + // TODO: obtain the actual WSTrustRequestHandler implementation clas= s from the configuration. + String handlerClassName =3D "org.jboss.identity.federation.api.wstru= st.JBossWSTrustRequestHandler"; + try + { + Class> handlerClass =3D null; + ClassLoader loader =3D Thread.currentThread().getContextClassLoad= er(); + if (loader =3D=3D null) + handlerClass =3D Class.forName(handlerClassName); + else + handlerClass =3D loader.loadClass(handlerClassName); + + // TODO: instantiate the class using a privileged block. + WSTrustRequestHandler handler =3D (WSTrustRequestHandler) handler= Class.newInstance(); + handler.initialize(configuration); + return handler; + } + catch (Exception e) + { + throw new RuntimeException(e.getMessage(), e); + } + } +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/i= dentity/federation/api/wstrust/WSTrustUtil.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/WSTrustUtil.java (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/WSTrustUtil.java 2009-02-09 18:47:40 UTC (rev 3= 11) @@ -0,0 +1,67 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust; + +import javax.xml.bind.JAXBElement; + +import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; +import org.jboss.identity.federation.ws.policy.AppliesTo; + +/** + *+ * Utility class that provides methods for parsing/creating WS-Trust eleme= nts. + *
+ * = + * @author Stefan Guilhen + */ +public class WSTrustUtil +{ + + /** + *+ * Parses the contents of the {@code AppliesTo} element and returns the= address the uniquely identify the service + * provider. + *
+ * = + * @param appliesTo the {@code AppliesTo} instance to be parsed. + * @return the address of the service provider. + */ + public static String parseAppliesTo(AppliesTo appliesTo) + { + EndpointReferenceType reference =3D null; + for (Object obj : appliesTo.getAny()) + { + if (obj instanceof EndpointReferenceType) + reference =3D (EndpointReferenceType) obj; + else if (obj instanceof JAXBElement) + { + JAXBElement> element =3D (JAXBElement>) obj; + if (element.getName().getLocalPart().equalsIgnoreCase("Endpoin= tReference")) + reference =3D (EndpointReferenceType) element.getValue(); + } + + if (reference !=3D null && reference.getAddress() !=3D null) + return reference.getAddress().toString(); + } + return null; + } +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/i= dentity/federation/api/wstrust/protocol/BaseRequestSecurityToken.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/protocol/BaseRequestSecurityToken.java = (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/protocol/BaseRequestSecurityToken.java 2009-02-= 09 18:47:40 UTC (rev 311) @@ -0,0 +1,33 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust.protocol; + +/** + *+ * Marker interface for the request security token types. + *
+ * = + * @author Stefan Guilhen + */ +public interface BaseRequestSecurityToken +{ +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/i= dentity/federation/api/wstrust/protocol/BaseRequestSecurityTokenResponse.ja= va =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/protocol/BaseRequestSecurityTokenResponse.java = (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/protocol/BaseRequestSecurityTokenResponse.java = 2009-02-09 18:47:40 UTC (rev 311) @@ -0,0 +1,33 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust.protocol; + +/** + *+ * Marker interface for the security token response types. + *
+ * = + * @author Stefan Guilhen + */ +public interface BaseRequestSecurityTokenResponse +{ +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/i= dentity/federation/api/wstrust/protocol/RequestSecurityToken.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/protocol/RequestSecurityToken.java = (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/protocol/RequestSecurityToken.java 2009-02-09 1= 8:47:40 UTC (rev 311) @@ -0,0 +1,1001 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust.protocol; + +import java.net.URI; +import java.net.URISyntaxException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import javax.xml.bind.JAXBElement; +import javax.xml.namespace.QName; + +import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; +import org.jboss.identity.federation.ws.policy.AppliesTo; +import org.jboss.identity.federation.ws.policy.Policy; +import org.jboss.identity.federation.ws.policy.PolicyReference; +import org.jboss.identity.federation.ws.trust.AllowPostdatingType; +import org.jboss.identity.federation.ws.trust.ClaimsType; +import org.jboss.identity.federation.ws.trust.DelegateToType; +import org.jboss.identity.federation.ws.trust.EncryptionType; +import org.jboss.identity.federation.ws.trust.EntropyType; +import org.jboss.identity.federation.ws.trust.LifetimeType; +import org.jboss.identity.federation.ws.trust.ObjectFactory; +import org.jboss.identity.federation.ws.trust.OnBehalfOfType; +import org.jboss.identity.federation.ws.trust.ProofEncryptionType; +import org.jboss.identity.federation.ws.trust.RenewingType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType; +import org.jboss.identity.federation.ws.trust.UseKeyType; + +/** + *+ * This class represents a WS-Trust {@code RequestSecurityToken}. It wraps= the JAXB representation of the security + * token request and offers a series of getter/setter methods that make it= easy to work with elements that are + * represented by the {@code Any} XML type. + *
+ *+ * The following shows the intended content model of a {@code RequestSecur= ityToken}: + * = + *
+ * <xs:element ref=3D'wst:TokenType' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:RequestType' /> + * <xs:element ref=3D'wsp:AppliesTo' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Claims' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Entropy' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Lifetime' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:AllowPostdating' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Renewing' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:OnBehalfOf' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Issuer' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:AuthenticationType' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:KeyType' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:KeySize' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:SignatureAlgorithm' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Encryption' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:EncryptionAlgorithm' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:CanonicalizationAlgorithm' minOccurs=3D'0= ' /> + * <xs:element ref=3D'wst:ProofEncryption' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:UseKey' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:SignWith' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:EncryptWith' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:DelegateTo' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Forwardable' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Delegatable' minOccurs=3D'0' /> + * <xs:element ref=3D'wsp:Policy' minOccurs=3D'0' /> + * <xs:element ref=3D'wsp:PolicyReference' minOccurs=3D'0' /> + * <xs:any namespace=3D'##other' processContents=3D'lax' minOccurs= =3D'0' maxOccurs=3D'unbounded' /> + *+ * = + * + * = + * @author Stefan Guilhen + */ +public class RequestSecurityToken implements BaseRequestSecurityToken +{ + + private final RequestSecurityTokenType delegate; + + private URI tokenType; + + private URI requestType; + + private AppliesTo appliesTo; + + private ClaimsType claims; + + private EntropyType entropy; + + private LifetimeType lifetime; + + private AllowPostdatingType allowPostDating; + + private RenewingType renewing; + + private OnBehalfOfType onBehalfOf; + + private EndpointReferenceType issuer; + + private URI authenticationType; + + private URI keyType; + + private long keySize; + + private URI signatureAlgorithm; + + private EncryptionType encryption; + + private URI encryptionAlgorithm; + + private URI canonicalizationAlgorithm; + + private ProofEncryptionType proofEncryption; + + private UseKeyType useKey; + + private URI signWith; + + private URI encryptWith; + + private DelegateToType delegateTo; + + private boolean forwardable; + + private boolean delegatable; + + private Policy policy; + + private PolicyReference policyReference; + + private final List
+ * Creates an instance of {@code RequestSecurityToken}. + *
+ */ + public RequestSecurityToken() + { + this.delegate =3D new RequestSecurityTokenType(); + } + + /** + *+ * Creates an instance of {@code RequestSecurityToken} using the specif= ied delegate. + *
+ * = + * @param delegate the JAXB {@code RequestSecurityTokenType} that repre= sents a WS-Trust token request. + */ + public RequestSecurityToken(RequestSecurityTokenType delegate) + { + this.delegate =3D delegate; + // parse the delegate's Any contents. + try + { + for (Object obj : this.delegate.getAny()) + { + if (obj instanceof AppliesTo) + { + this.appliesTo =3D (AppliesTo) obj; + } + else if (obj instanceof Policy) + { + this.policy =3D (Policy) obj; + } + else if (obj instanceof PolicyReference) + { + this.policyReference =3D (PolicyReference) obj; + } + else if (obj instanceof JAXBElement) + { + JAXBElement> element =3D (JAXBElement>) obj; + String localName =3D element.getName().getLocalPart(); + if (localName.equalsIgnoreCase("TokenType")) + this.tokenType =3D new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("RequestType")) + this.requestType =3D new URI((String) element.getValue()= ); + else if (localName.equalsIgnoreCase("Claims")) + this.claims =3D (ClaimsType) element.getValue(); + else if (localName.equalsIgnoreCase("Entropy")) + this.entropy =3D (EntropyType) element.getValue(); + else if (localName.equalsIgnoreCase("Lifetime")) + this.lifetime =3D (LifetimeType) element.getValue(); + else if (localName.equalsIgnoreCase("AllowPostdating")) + this.allowPostDating =3D (AllowPostdatingType) element.g= etValue(); + else if (localName.equalsIgnoreCase("Renewing")) + this.renewing =3D (RenewingType) element.getValue(); + else if (localName.equalsIgnoreCase("OnBehalfOf")) + this.onBehalfOf =3D (OnBehalfOfType) element.getValue(); + else if (localName.equalsIgnoreCase("Issuer")) + this.issuer =3D (EndpointReferenceType) element.getValue= (); + else if (localName.equalsIgnoreCase("AuthenticationType")) + this.authenticationType =3D new URI((String) element.get= Value()); + else if (localName.equalsIgnoreCase("KeyType")) + this.keyType =3D new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("KeySize")) + this.keySize =3D (Long) element.getValue(); + else if (localName.equalsIgnoreCase("SignatureAlgorithm")) + this.signatureAlgorithm =3D new URI((String) element.get= Value()); + else if (localName.equalsIgnoreCase("Encryption")) + this.encryption =3D (EncryptionType) element.getValue(); + else if (localName.equalsIgnoreCase("EntropyAlgorithm")) + this.encryptionAlgorithm =3D new URI((String) element.ge= tValue()); + else if (localName.equalsIgnoreCase("CanonicalizationAlgori= thm")) + this.canonicalizationAlgorithm =3D new URI((String) elem= ent.getValue()); + else if (localName.equalsIgnoreCase("ProofEncryption")) + this.proofEncryption =3D (ProofEncryptionType) element.g= etValue(); + else if (localName.equalsIgnoreCase("UseKey")) + this.useKey =3D (UseKeyType) element.getValue(); + else if (localName.equalsIgnoreCase("SignWith")) + this.signWith =3D new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("EncryptWith")) + this.encryptWith =3D new URI((String) element.getValue()= ); + else if (localName.equalsIgnoreCase("DelegateTo")) + this.delegateTo =3D (DelegateToType) element.getValue(); + else if (localName.equalsIgnoreCase("Forwardable")) + this.forwardable =3D (Boolean) element.getValue(); + else if (localName.equalsIgnoreCase("Delegatable")) + this.delegatable =3D (Boolean) element.getValue(); + else + this.extensionElements.add(element.getValue()); + } + else + { + this.extensionElements.add(obj); + } + } + } + catch (URISyntaxException e) + { + throw new RuntimeException(e.getMessage(), e); + } + } + + /** + *+ * Obtains the {@code URI} that identifies the token type. + *
+ * = + * @return a {@code URI} that represents the token type. + */ + public URI getTokenType() + { + return tokenType; + } + + /** + *+ * Sets the token type. + *
+ * = + * @param tokenType a {@code URI} that identifies the token type. + */ + public void setTokenType(URI tokenType) + { + this.tokenType =3D tokenType; + this.delegate.getAny().add(this.factory.createTokenType(tokenType.to= String())); + + } + + /** + *+ * Obtains the request type. + *
+ * = + * @return a {@code URI} that identifies the request type. + */ + public URI getRequestType() + { + return requestType; + } + + /** + *+ * Sets the request type. The type must be one of the request types des= cribed in the WS-Trust specification. + *
+ * = + * @param requestType a {@code URI} that identifies the request type. + */ + public void setRequestType(URI requestType) + { + this.requestType =3D requestType; + this.delegate.getAny().add(this.factory.createRequestType(requestTyp= e.toString())); + } + + /** + *+ * Obtains the {@code AppliesTo} value of this request. The {@code Appl= iesTo} object identifies the service provider + * (web service) that requires a token to be presented by clients. A ST= S uses this object to find the type of the + * token that is accepted by the service provider so that it can issue = appropriate tokens to clients. + *
+ * = + * @return the reference to the {@code AppliesTo} object. + */ + public AppliesTo getAppliesTo() + { + return appliesTo; + } + + /** + *+ * Sets the {@code AppliesTo} value of this request. The {@code Applies= To} object identifies the service provider + * (web service) that requires a token to be presented by clients. A ST= S uses this object to find the type of the + * token that is accepted by the service provider so that it can issue = appropriate tokens to clients. + *
+ * = + * @param appliesTo a reference to the {@code AppliesTo} object that id= entifies the service provider. + */ + public void setAppliesTo(AppliesTo appliesTo) + { + this.appliesTo =3D appliesTo; + this.delegate.getAny().add(appliesTo); + } + + /** + *+ * Obtains the set of claims of this request. + *
+ * = + * @return a reference to the {@code ClaimsType} object that represents= the request's claims. + */ + public ClaimsType getClaims() + { + return claims; + } + + /** + *+ * Sets the claims of this request. + *
+ * = + * @param claims the {@code ClaimsType} object that represents the clai= ms to be set. + */ + public void setClaims(ClaimsType claims) + { + this.claims =3D claims; + this.delegate.getAny().add(this.factory.createClaims(claims)); + } + + /** + *+ * Obtains the entropy that will be used in creating the key. + *
+ * = + * @return a reference to the {@code EntropyType} that represents the e= ntropy. + */ + public EntropyType getEntropy() + { + return entropy; + } + + /** + *+ * Sets the entropy that must be used when creating the key. + *
+ * = + * @param entropy the {@code EntropyType} representing the entropy to b= e set. + */ + public void setEntropy(EntropyType entropy) + { + this.entropy =3D entropy; + this.delegate.getAny().add(this.factory.createEntropy(entropy)); + } + + /** + *+ * Obtains the desired lifetime of the requested token. + *
+ * = + * @return a reference to the {@code LifetimeType} that represents the = lifetime. + */ + public LifetimeType getLifetime() + { + return lifetime; + } + + /** + *+ * Sets the desired lifetime of the requested token. + *
+ * = + * @param lifetime the {@code LifetimeType} object representing the lif= etime to be set. + */ + public void setLifetime(LifetimeType lifetime) + { + this.lifetime =3D lifetime; + this.delegate.getAny().add(this.factory.createLifetime(lifetime)); + } + + /** + *+ * Checks whether a request for a postdated token should be allowed or = not. + *
+ * = + * @return {@code null} if the token can't have a future lifetime (e.g.= a token to be used the next day); a + * {@code AllowPostdatingType} otherwise. + */ + public AllowPostdatingType getAllowPostDating() + { + return allowPostDating; + } + + /** + *+ * Specifies whether a request for a postdated token should be allowed = or not. + *
+ * = + * @param allowPostDating {@code null} if the token can't have a future= lifetime (e.g. a token to be used the next + * day); a {@code AllowPostdatingType} otherwise. + */ + public void setAllowPostDating(AllowPostdatingType allowPostDating) + { + this.allowPostDating =3D allowPostDating; + this.delegate.getAny().add(this.factory.createAllowPostdating(allowP= ostDating)); + } + + /** + *+ * Obtains the renew semantics for this request. + *
+ * = + * @return a reference to the {@code RenewingType} that represents the = renew semantics for this request. + */ + public RenewingType getRenewing() + { + return renewing; + } + + /** + *+ * Sets the renew semantics for this request. + *
+ * = + * @param renewing the {@code RenewingType} object representing the sem= antics to be set. + */ + public void setRenewing(RenewingType renewing) + { + this.renewing =3D renewing; + this.delegate.getAny().add(this.factory.createRenewing(renewing)); + } + + /** + *+ * Obtains the identity on whose behalf this request was made. + *
+ * = + * @return a reference to the {@code OnBehalfOfType} that represents th= e identity on whose behalf this request was + * made. + */ + public OnBehalfOfType getOnBehalfOf() + { + return onBehalfOf; + } + + /** + *+ * Specifies the identity on whose behalf this request is being made. + *
+ * = + * @param onBehalfOf the {@code OnBehalfOfType} object representing the= identity to be set. + */ + public void setOnBehalfOf(OnBehalfOfType onBehalfOf) + { + this.onBehalfOf =3D onBehalfOf; + this.delegate.getAny().add(this.factory.createOnBehalfOf(onBehalfOf)= ); + } + + /** + *+ * Obtains the issuer of the token included in the request in the scena= rios where the requestor is obtaining a token + * on behalf of another party. + *
+ * = + * @return a reference to the {@code EndpointReferenceType} that repres= ents the issuer. + */ + public EndpointReferenceType getIssuer() + { + return this.issuer; + } + + /** + *+ * Sets the issuer of the token included in the request in scenarios wh= ere the requestor is obtaining a token on + * behalf of another party. + *
+ * = + * @param issuer the {@code EndpointReferenceType} object representing = the issuer to be set. + */ + public void setIssuer(EndpointReferenceType issuer) + { + this.issuer =3D issuer; + this.delegate.getAny().add(this.factory.createIssuer(issuer)); + } + + /** + *+ * Obtains the type of authentication that has been set as part of the = request. + *
+ * = + * @return a {@code URI} that identifies the desired authentication typ= e. + */ + public URI getAuthenticationType() + { + return authenticationType; + } + + /** + *+ * Sets the authentication type in the request. + *
+ * = + * @param authenticationType a {@code URI} that identifies the authenti= cation type to be set. + */ + public void setAuthenticationType(URI authenticationType) + { + this.authenticationType =3D authenticationType; + this.delegate.getAny().add(this.factory.createAuthenticationType(aut= henticationType.toString())); + } + + /** + *+ * Obtains the type of the key that has been set in the request. + *
+ * = + * @return a {@code URI} that identifies the key type. + */ + public URI getKeyType() + { + return keyType; + } + + /** + *+ * Sets the key type in the request. + *
+ * = + * @param keyType a {@code URI} that specifies the key type. + */ + public void setKeyType(URI keyType) + { + this.keyType =3D keyType; + this.delegate.getAny().add(this.factory.createKeyType(keyType.toStri= ng())); + } + + /** + *+ * Obtains the size of they key that has been set in the request. + *
+ * = + * @return a {@code long} representing the key size in bytes. + */ + public long getKeySize() + { + return keySize; + } + + /** + *+ * Sets the size of the key in the request. + *
+ * = + * @param keySize a {@code long} representing the key size in bytes. + */ + public void setKeySize(long keySize) + { + this.keySize =3D keySize; + this.delegate.getAny().add(this.factory.createKeySize(keySize)); + } + + /** + *+ * Obtains the signature algorithm that has been set in the request. + *
+ * = + * @return a {@code URI} that represents the signature algorithm. + */ + public URI getSignatureAlgorithm() + { + return signatureAlgorithm; + } + + /** + *+ * Sets the signature algorithm in the request. + *
+ * = + * @param signatureAlgorithm a {@code URI} that represents the algorith= m to be set. + */ + public void setSignatureAlgorithm(URI signatureAlgorithm) + { + this.signatureAlgorithm =3D signatureAlgorithm; + this.delegate.getAny().add(this.factory.createSignatureAlgorithm(sig= natureAlgorithm.toString())); + } + + /** + *+ * Obtains the {@code Encryption} section of the request. The {@code En= cryption} element indicates that the requestor + * desires any returned secrets in issued security tokens to be encrypt= ed. + *
+ * = + * @return a reference to the {@code EncryptionType} object. + */ + public EncryptionType getEncryption() + { + return encryption; + } + + /** + *+ * Sets the {@code Encryption} section of the request. The {@code Encry= ption} element indicates that the requestor + * desires any returned secrets in issued security tokens to be encrypt= ed. + *
+ * = + * @param encryption the {@code EncryptionType} to be set. + */ + public void setEncryption(EncryptionType encryption) + { + this.encryption =3D encryption; + this.delegate.getAny().add(this.factory.createEncryption(encryption)= ); + } + + /** + *+ * Obtains the encryption algorithm that has been set in the request. + *
+ * = + * @return a {@code URI} that represents the encryption algorithm. + */ + public URI getEncryptionAlgorithm() + { + return encryptionAlgorithm; + } + + /** + *+ * Sets the encryption algorithm in the request. + *
+ * = + * @param encryptionAlgorithm a {@code URI} that represents the encrypt= ion algorithm to be set. + */ + public void setEncryptionAlgorithm(URI encryptionAlgorithm) + { + this.encryptionAlgorithm =3D encryptionAlgorithm; + this.delegate.getAny().add(this.factory.createEncryptionAlgorithm(en= cryptionAlgorithm.toString())); + } + + /** + *+ * Obtains the canonicalization algorithm that has been set in the requ= est. + *
+ * = + * @return a {@code URI} that represents the canonicalization algorithm. + */ + public URI getCanonicalizationAlgorithm() + { + return canonicalizationAlgorithm; + } + + /** + *+ * Sets the canonicalization algorithm in the request. + *
+ * = + * @param canonicalizationAlgorithm a {@code URI} that represents the a= lgorithm to be set. + */ + public void setCanonicalizationAlgorithm(URI canonicalizationAlgorithm) + { + this.canonicalizationAlgorithm =3D canonicalizationAlgorithm; + this.delegate.getAny().add(this.factory.createCanonicalizationAlgori= thm(canonicalizationAlgorithm.toString())); + } + + /** + *+ * Obtains the {@code ProofEncryption} section of the request. The {@co= de ProofEncryption} indicates that the + * requestor desires any returned secrets in issued security tokens to = be encrypted. + *
+ * = + * @return a reference to the {@code ProofEncryptionType} object. + */ + public ProofEncryptionType getProofEncryption() + { + return proofEncryption; + } + + /** + *+ * Sets the {@code ProofEncryption} section of the request. The {@code = ProofEncryption} indicates that the requestor + * desires any returned secrets in issued security tokens to be encrypt= ed. + *
+ * = + * @param proofEncryption the {@code ProofEncryptionType} to be set. + */ + public void setProofEncryption(ProofEncryptionType proofEncryption) + { + this.proofEncryption =3D proofEncryption; + this.delegate.getAny().add(this.factory.createProofEncryption(proofE= ncryption)); + } + + /** + *+ * Obtains the key that should be used in the returned token. + *
+ * = + * @return a reference to the {@code UseKeyType} instance that represen= ts the key to be used. + */ + public UseKeyType getUseKey() + { + return useKey; + } + + /** + *+ * Sets the key that should be used in the returned token. + *
+ * = + * @param useKey the {@code UseKeyType} instance to be set. + */ + public void setUseKey(UseKeyType useKey) + { + this.useKey =3D useKey; + this.delegate.getAny().add(this.factory.createUseKey(useKey)); + } + + /** + *+ * Obtains the signature algorithm that should be used with the issued = security token. + *
+ * = + * @return a {@code URI} representing the algorithm that should be used. + */ + public URI getSignWith() + { + return signWith; + } + + /** + *+ * Sets the signature algorithm that should be used with the issued sec= urity token. + *
+ * = + * @param signWith a {@code URI} representing the algorithm to be used. + */ + public void setSignWith(URI signWith) + { + this.signWith =3D signWith; + this.delegate.getAny().add(this.factory.createSignatureAlgorithm(sig= nWith.toString())); + } + + /** + *+ * Obtains the encryption algorithm that should be used with the issued= security token. + *
+ * = + * @return a {@code URI} representing the encryption algorithm that sho= uld be used. + */ + public URI getEncryptWith() + { + return encryptWith; + } + + /** + *+ * Sets the encryption algorithm that should be used with the issued se= curity token. + *
+ * = + * @param encryptWith a {@code URI} representing the algorithm to be us= ed. + */ + public void setEncryptWith(URI encryptWith) + { + this.encryptWith =3D encryptWith; + this.delegate.getAny().add(this.factory.createEncryptWith(encryptWit= h.toString())); + } + + /** + *+ * Obtains the identity to which the requested token should be delegate= d. + *
+ * = + * @return a reference to the {@code DelegateToType} instance that repr= esents the identity. + */ + public DelegateToType getDelegateTo() + { + return delegateTo; + } + + /** + *+ * Sets the identity to which the requested token should be delegated. + *
+ * = + * @param delegateTo the {@code DelegateToType} object representing the= identity to be set. + */ + public void setDelegateTo(DelegateToType delegateTo) + { + this.delegateTo =3D delegateTo; + this.delegate.getAny().add(this.factory.createDelegateTo(delegateTo)= ); + } + + /** + *+ * Indicates whether the requested token should be marked as "forwardab= le" or not. In general, this flag is used when + * a token is normally bound to the requestor's machine or service. Usi= ng this flag, the returned token MAY be used + * from any source machine so long as the key is correctly proven. + *
+ * = + * @return {@code true} if the requested token should be marked as "for= wardable"; {@code false} otherwise. + */ + public boolean isForwardable() + { + return forwardable; + } + + /** + *+ * Specifies whether the requested token should be marked as "forwardab= le" or not. In general, this flag is used when + * a token is normally bound to the requestor's machine or service. Usi= ng this flag, the returned token MAY be used + * from any source machine so long as the key is correctly proven. + *
+ * = + * @param forwardable {@code true} if the requested token should be mar= ked as "forwardable"; {@code false} otherwise. + */ + public void setForwardable(boolean forwardable) + { + this.forwardable =3D forwardable; + this.delegate.getAny().add(this.factory.createForwardable(forwardabl= e)); + } + + /** + *+ * Indicates whether the requested token should be marked as "delegatab= le" or not. Using this flag, the returned + * token MAY be delegated to another party. + *
+ * = + * @return {@code true} if the requested token should be marked as "del= egatable"; {@code false} otherwise. + */ + public boolean isDelegatable() + { + return delegatable; + } + + /** + *+ * Specifies whether the requested token should be marked as "delegatab= le" or not. Using this flag, the returned + * token MAY be delegated to another party. + *
+ * = + * @param delegatable {@code true} if the requested token should be mar= ked as "delegatable"; {@code false} otherwise. + */ + public void setDelegatable(boolean delegatable) + { + this.delegatable =3D delegatable; + this.delegate.getAny().add(this.factory.createDelegatable(delegatabl= e)); + } + + /** + *+ * Obtains the {@code Policy} associated with the request. The policy s= pecifies defaults that can be overridden by + * the previous properties. + *
+ * = + * @return a reference to the {@code Policy} that has been set in the r= equest. + */ + public Policy getPolicy() + { + return policy; + } + + /** + *+ * Sets the {@code Policy} in the request. The policy specifies default= s that can be overridden by + * the previous properties. + *
+ * = + * @param policy the {@code Policy} instance to be set. + */ + public void setPolicy(Policy policy) + { + this.policy =3D policy; + this.delegate.getAny().add(policy); + } + + /** + *+ * Obtains the reference to the {@code Policy} that should be used. + *
+ * = + * @return a {@code PolicyReference} that specifies where the {@code Po= licy} can be found. + */ + public PolicyReference getPolicyReference() + { + return policyReference; + } + + /** + *+ * Sets the reference to the {@code Policy} that should be used. + *
+ * = + * @param policyReference the {@code PolicyReference} object to be set. + */ + public void setPolicyReference(PolicyReference policyReference) + { + this.policyReference =3D policyReference; + this.delegate.getAny().add(policyReference); + } + + /** + *+ * Obtains the list of request elements that are not part of the standa= rd content model. + *
+ * = + * @return a {@code List+ * Obtains the request context. + *
+ * = + * @return a {@code String} that identifies the request. + */ + public String getContext() + { + return this.delegate.getContext(); + } + + /** + *+ * Sets the request context. + *
+ * = + * @param context a {@code String} that identifies the request. + */ + public void setContext(String context) + { + this.delegate.setContext(context); + } + + /** + *+ * Obtains a map that contains attributes that aren't bound to any type= d property on the request. This is a live + * reference, so attributes can be added/changed/removed directly. For = this reason, there is no setter method. + *
+ * = + * @return a {@code Map+ * Gets a reference to the list that holds all request element values. + *
+ * = + * @return a {@code List+ * Obtains a reference to the {@code RequestSecurityTokenType} delegate. + *
+ * = + * @return a reference to the delegate instance. + */ + public RequestSecurityTokenType getDelegate() + { + return this.delegate; + } +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/i= dentity/federation/api/wstrust/protocol/RequestSecurityTokenCollection.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/protocol/RequestSecurityTokenCollection.java = (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/protocol/RequestSecurityTokenCollection.java 20= 09-02-09 18:47:40 UTC (rev 311) @@ -0,0 +1,122 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust.protocol; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenCollecti= onType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType; + +/** + *+ * This class represents a WS-Trust {@code RequestSecurityTokenCollection}= . It wraps the JAXB representation of the + * security token collection request. + *
+ * = + * @author Stefan Guilhen + */ +public class RequestSecurityTokenCollection implements BaseRequestSecurity= Token +{ + + private final RequestSecurityTokenCollectionType delegate; + + private final List+ * Creates an instance of {@code RequestSecurityTokenCollection}. + *
+ */ + public RequestSecurityTokenCollection() + { + this.requestSecurityTokens =3D new ArrayList+ * Creates an instance of {@code RequestSecurityTokenCollection} using = the specified delegate. + *
+ * = + * @param delegate the JAXB {@code RequestSecurityTokenCollectionType} = that represents a WS-Trust request collection. + */ + public RequestSecurityTokenCollection(RequestSecurityTokenCollectionTyp= e delegate) + { + this.delegate =3D delegate; + this.requestSecurityTokens =3D new ArrayList+ * Obtains the collection of {@code RequestSecurityToken} objects. The = returned collection is immutable, so addition + * or removal of requests must be carried by the appropriate add/remove= methods. + *
+ * = + * @return a {@code List+ * Adds the specified {@code RequestSecurityToken} object to the collec= tion of token requests. + *
+ * = + * @param request the {@code RequestSecurityToken} to be added. + */ + public void addRequestSecurityToken(RequestSecurityToken request) + { + this.delegate.getRequestSecurityToken().add(request.getDelegate()); + this.requestSecurityTokens.add(request); + } + = + /** + *+ * Removes the specified {@code RequestSecurityToken} object from the c= ollection of token requests. + *
+ * = + * @param request the {@code RequestSecurityToken} to be removed. + */ + public void removeRequestSecurityToken(RequestSecurityToken request) + { + this.delegate.getRequestSecurityToken().remove(request.getDelegate()= ); + this.requestSecurityTokens.remove(request); + } + = + /** + *+ * Obtains a reference to the {@code RequestSecurityTokenCollectionType= } delegate. + *
+ * = + * @return a reference to the delegate instance. + */ + public RequestSecurityTokenCollectionType getDelegate() + { + return this.delegate; + } +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/i= dentity/federation/api/wstrust/protocol/RequestSecurityTokenResponse.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/protocol/RequestSecurityTokenResponse.java = (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/protocol/RequestSecurityTokenResponse.java 2009= -02-09 18:47:40 UTC (rev 311) @@ -0,0 +1,1159 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust.protocol; + +import java.net.URI; +import java.net.URISyntaxException; +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; +import java.util.Map; + +import javax.xml.bind.JAXBElement; +import javax.xml.namespace.QName; + +import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; +import org.jboss.identity.federation.ws.policy.AppliesTo; +import org.jboss.identity.federation.ws.policy.Policy; +import org.jboss.identity.federation.ws.policy.PolicyReference; +import org.jboss.identity.federation.ws.trust.AllowPostdatingType; +import org.jboss.identity.federation.ws.trust.AuthenticatorType; +import org.jboss.identity.federation.ws.trust.DelegateToType; +import org.jboss.identity.federation.ws.trust.EncryptionType; +import org.jboss.identity.federation.ws.trust.EntropyType; +import org.jboss.identity.federation.ws.trust.LifetimeType; +import org.jboss.identity.federation.ws.trust.ObjectFactory; +import org.jboss.identity.federation.ws.trust.OnBehalfOfType; +import org.jboss.identity.federation.ws.trust.ProofEncryptionType; +import org.jboss.identity.federation.ws.trust.RenewingType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponse= Type; +import org.jboss.identity.federation.ws.trust.RequestedProofTokenType; +import org.jboss.identity.federation.ws.trust.RequestedReferenceType; +import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType; +import org.jboss.identity.federation.ws.trust.StatusType; +import org.jboss.identity.federation.ws.trust.UseKeyType; + +/** + *+ * This class represents a WS-Trust {@code RequestSecurityTokenResponse}. = It wraps the JAXB representation of the + * security token response and offers a series of getter/setter methods th= at make it easy to work with elements that are + * represented by the {@code Any} XML type. + *
+ *+ * The following shows the intended content model of a {@code RequestSecur= ityTokenResponse}: + * = + *
+ * <xs:element ref=3D'wst:TokenType' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:RequestType' /> + * <xs:element ref=3D'wst:RequestedSecurityToken' minOccurs=3D'0' /= > + * <xs:element ref=3D'wsp:AppliesTo' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:RequestedAttachedReference' minOccurs=3D'0= ' /> + * <xs:element ref=3D'wst:RequestedUnattachedReference' minOccurs=3D= '0' /> + * <xs:element ref=3D'wst:RequestedProofToken' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Entropy' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Lifetime' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Status' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:AllowPostdating' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Renewing' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:OnBehalfOf' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Issuer' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:AuthenticationType' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Authenticator' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:KeyType' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:KeySize' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:SignatureAlgorithm' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Encryption' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:EncryptionAlgorithm' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:CanonicalizationAlgorithm' minOccurs=3D'0'= /> + * <xs:element ref=3D'wst:ProofEncryption' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:UseKey' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:SignWith' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:EncryptWith' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:DelegateTo' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Forwardable' minOccurs=3D'0' /> + * <xs:element ref=3D'wst:Delegatable' minOccurs=3D'0' /> + * <xs:element ref=3D'wsp:Policy' minOccurs=3D'0' /> + * <xs:element ref=3D'wsp:PolicyReference' minOccurs=3D'0' /> + * <xs:any namespace=3D'##other' processContents=3D'lax' minOccurs= =3D'0' maxOccurs=3D'unbounded' /> + *+ * = + * + * = + * @author Stefan Guilhen + */ +/** + *
+ *
+ * = + * @author Stefan Guilhen + */ +public class RequestSecurityTokenResponse implements BaseRequestSecurityTo= kenResponse +{ + + private final RequestSecurityTokenResponseType delegate; + + private URI tokenType; + + private URI requestType; + + private RequestedSecurityTokenType requestedSecurityToken; + + private AppliesTo appliesTo; + + private RequestedReferenceType requestedAttachedReference; + + private RequestedReferenceType requestedUnattachedReference; + + private RequestedProofTokenType requestedProofToken; + + private EntropyType entropy; + + private LifetimeType lifetime; + + private StatusType status; + + private AllowPostdatingType allowPostDating; + + private RenewingType renewing; + + private OnBehalfOfType onBehalfOf; + + private EndpointReferenceType issuer; + + private URI authenticationType; + + private AuthenticatorType authenticator; + + private URI keyType; + + private long keySize; + + private URI signatureAlgorithm; + + private EncryptionType encryption; + + private URI encryptionAlgorithm; + + private URI canonicalizationAlgorithm; + + private ProofEncryptionType proofEncryption; + + private UseKeyType useKey; + + private URI signWith; + + private URI encryptWith; + + private DelegateToType delegateTo; + + private boolean forwardable; + + private boolean delegatable; + + private Policy policy; + + private PolicyReference policyReference; + + private final List+ * Creates an instance of {@code RequestSecurityTokenResponse}. + *
+ */ + public RequestSecurityTokenResponse() + { + this.delegate =3D new RequestSecurityTokenResponseType(); + } + + /** + *+ * Creates an instance of {@code RequestSecurityTokenResponse} using th= e specified delegate. + *
+ * = + * @param delegate the JAXB {@code RequestSecurityTokenResponseType} th= at represents a WS-Trust response. + */ + public RequestSecurityTokenResponse(RequestSecurityTokenResponseType de= legate) + { + this.delegate =3D delegate; + // parse the delegate's Any contents. + try + { + for (Object obj : this.delegate.getAny()) + { + if (obj instanceof AppliesTo) + { + this.appliesTo =3D (AppliesTo) obj; + } + else if (obj instanceof Policy) + { + this.policy =3D (Policy) obj; + } + else if (obj instanceof PolicyReference) + { + this.policyReference =3D (PolicyReference) obj; + } + else if (obj instanceof JAXBElement) + { + JAXBElement> element =3D (JAXBElement>) obj; + String localName =3D element.getName().getLocalPart(); + if (localName.equalsIgnoreCase("TokenType")) + this.tokenType =3D new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("RequestType")) + this.requestType =3D new URI((String) element.getValue()= ); + else if (localName.equalsIgnoreCase("RequestedSecurityToken= ")) + this.requestedSecurityToken =3D (RequestedSecurityTokenT= ype) element.getValue(); + else if (localName.equalsIgnoreCase("RequestedAttachedRefer= ence")) + this.requestedAttachedReference =3D (RequestedReferenceT= ype) element.getValue(); + else if (localName.equalsIgnoreCase("RequestedUnattachedRef= erence")) + this.requestedUnattachedReference =3D (RequestedReferenc= eType) element.getValue(); + else if (localName.equalsIgnoreCase("RequestedProofToken")) + this.requestedProofToken =3D (RequestedProofTokenType) e= lement.getValue(); + else if (localName.equalsIgnoreCase("Entropy")) + this.entropy =3D (EntropyType) element.getValue(); + else if (localName.equalsIgnoreCase("Lifetime")) + this.lifetime =3D (LifetimeType) element.getValue(); + else if (localName.equalsIgnoreCase("Status")) + this.status =3D (StatusType) element.getValue(); + else if (localName.equalsIgnoreCase("AllowPostdating")) + this.allowPostDating =3D (AllowPostdatingType) element.g= etValue(); + else if (localName.equalsIgnoreCase("Renewing")) + this.renewing =3D (RenewingType) element.getValue(); + else if (localName.equalsIgnoreCase("OnBehalfOf")) + this.onBehalfOf =3D (OnBehalfOfType) element.getValue(); + else if (localName.equalsIgnoreCase("Issuer")) + this.issuer =3D (EndpointReferenceType) element.getValue= (); + else if (localName.equalsIgnoreCase("AuthenticationType")) + this.authenticationType =3D new URI((String) element.get= Value()); + else if (localName.equalsIgnoreCase("Authenticator")) + this.authenticator =3D (AuthenticatorType) element.getVa= lue(); + else if (localName.equalsIgnoreCase("KeyType")) + this.keyType =3D new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("KeySize")) + this.keySize =3D (Long) element.getValue(); + else if (localName.equalsIgnoreCase("SignatureAlgorithm")) + this.signatureAlgorithm =3D new URI((String) element.get= Value()); + else if (localName.equalsIgnoreCase("Encryption")) + this.encryption =3D (EncryptionType) element.getValue(); + else if (localName.equalsIgnoreCase("EntropyAlgorithm")) + this.encryptionAlgorithm =3D new URI((String) element.ge= tValue()); + else if (localName.equalsIgnoreCase("CanonicalizationAlgori= thm")) + this.canonicalizationAlgorithm =3D new URI((String) elem= ent.getValue()); + else if (localName.equalsIgnoreCase("ProofEncryption")) + this.proofEncryption =3D (ProofEncryptionType) element.g= etValue(); + else if (localName.equalsIgnoreCase("UseKey")) + this.useKey =3D (UseKeyType) element.getValue(); + else if (localName.equalsIgnoreCase("SignWith")) + this.signWith =3D new URI((String) element.getValue()); + else if (localName.equalsIgnoreCase("EncryptWith")) + this.encryptWith =3D new URI((String) element.getValue()= ); + else if (localName.equalsIgnoreCase("DelegateTo")) + this.delegateTo =3D (DelegateToType) element.getValue(); + else if (localName.equalsIgnoreCase("Forwardable")) + this.forwardable =3D (Boolean) element.getValue(); + else if (localName.equalsIgnoreCase("Delegatable")) + this.delegatable =3D (Boolean) element.getValue(); + else + this.extensionElements.add(element.getValue()); + } + else + { + this.extensionElements.add(obj); + } + } + } + catch (URISyntaxException e) + { + throw new RuntimeException(e.getMessage(), e); + } + } + + /** + *+ * Obtains the {@code URI} that identifies the token type. + *
+ * = + * @return a {@code URI} that represents the token type. + */ + public URI getTokenType() + { + return tokenType; + } + + /** + *+ * Sets the token type. + *
+ * = + * @param tokenType a {@code URI} that identifies the token type. + */ + public void setTokenType(URI tokenType) + { + this.tokenType =3D tokenType; + this.delegate.getAny().add(this.factory.createTokenType(tokenType.to= String())); + + } + + /** + *+ * Obtains the request type. + *
+ * = + * @return a {@code URI} that identifies the request type. + */ + public URI getRequestType() + { + return requestType; + } + + /** + *+ * Sets the request type. The type must be one of the request types des= cribed in the WS-Trust specification. + *
+ * = + * @param requestType a {@code URI} that identifies the request type. + */ + public void setRequestType(URI requestType) + { + this.requestType =3D requestType; + this.delegate.getAny().add(this.factory.createRequestType(requestTyp= e.toString())); + } + + /** + *+ * Obtains the requested security token that has been set in the respon= se. + *
+ * = + * @return a reference to the {@code RequestedSecurityTokenType} that c= ontains the token. + */ + public RequestedSecurityTokenType getRequestedSecurityToken() + { + return requestedSecurityToken; + } + + /** + *+ * Sets the requested security token in the response. + *
+ * = + * @param requestedSecurityToken the {@code RequestedSecurityTokenType}= instance to be set. + */ + public void setRequestedSecurityToken(RequestedSecurityTokenType reques= tedSecurityToken) + { + this.requestedSecurityToken =3D requestedSecurityToken; + this.delegate.getAny().add(this.factory.createRequestedSecurityToken= (requestedSecurityToken)); + } + + /** + *+ * Obtains the scope to which the security token applies. + *
+ * = + * @return a reference to the {@code AppliesTo} instance that represent= s the token scope. + */ + public AppliesTo getAppliesTo() + { + return appliesTo; + } + + /** + *+ * Sets the scope to which the security token applies. + *
+ * = + * @param appliesTo a reference to the {@code AppliesTo} object that re= presents the scope to be set. + */ + public void setAppliesTo(AppliesTo appliesTo) + { + this.appliesTo =3D appliesTo; + this.delegate.getAny().add(appliesTo); + } + + /** + *+ * Obtains the {@code RequestedAttachedReference} that indicate how to = reference the returned token when that token + * doesn't support references using URI fragments (XML ID). + *
+ * = + * @return a {@code RequestedReferenceType} that represents the token r= eference. + */ + public RequestedReferenceType getRequestedAttachedReference() + { + return requestedAttachedReference; + } + + /** + *+ * Sets the {@code RequestedAttachedReference} that indicate how to ref= erence the returned token when that token + * doesn't support references using URI fragments (XML ID). + *
+ * = + * @param requestedAttachedReference the {@code RequestedReferenceType}= instance to be set. + */ + public void setRequestedAttachedReference(RequestedReferenceType reques= tedAttachedReference) + { + this.requestedAttachedReference =3D requestedAttachedReference; + this.delegate.getAny().add(this.factory.createRequestedAttachedRefer= ence(requestedAttachedReference)); + } + + /** + *+ * Obtains the {@code RequestedUnattachedReference} that specifies to i= ndicate how to reference the token when it is + * not placed inside the message. + *
+ * = + * @return a {@code RequestedReferenceType} that represents the unattac= hed reference. + */ + public RequestedReferenceType getRequestedUnattachedReference() + { + return requestedUnattachedReference; + } + + /** + *+ * Sets the {@code RequestedUnattachedReference} that specifies to indi= cate how to reference the token when it is not + * placed inside the message. + *
+ * = + * @param requestedUnattachedReference the {@code RequestedReferenceTyp= e} instance to be set. + */ + public void setRequestedUnattachedReference(RequestedReferenceType requ= estedUnattachedReference) + { + this.requestedUnattachedReference =3D requestedUnattachedReference; + this.delegate.getAny().add(this.factory.createRequestedUnattachedRef= erence(requestedUnattachedReference)); + } + + /** + *+ * Obtains the proof of possession token that has been set in the respo= nse. + *
+ * = + * @return a reference to the {@code RequestedProofTokenType} that cont= ains the token. + */ + public RequestedProofTokenType getRequestedProofToken() + { + return requestedProofToken; + } + + /** + *+ * Sets the proof of possesion token in the response. + *
+ * = + * @param requestedProofToken the {@code RequestedProofTokenType} insta= nce to be set. + */ + public void setRequestedProofToken(RequestedProofTokenType requestedPro= ofToken) + { + this.requestedProofToken =3D requestedProofToken; + this.delegate.getAny().add(this.factory.createRequestedProofToken(re= questedProofToken)); + } + + /** + *+ * Obtains the entropy that has been used in creating the key. + *
+ * = + * @return a reference to the {@code EntropyType} that represents the e= ntropy. + */ + public EntropyType getEntropy() + { + return entropy; + } + + /** + *+ * Sets the entropy that has been used in creating the key. + *
+ * = + * @param entropy the {@code EntropyType} representing the entropy to b= e set. + */ + public void setEntropy(EntropyType entropy) + { + this.entropy =3D entropy; + this.delegate.getAny().add(this.factory.createEntropy(entropy)); + } + + /** + *+ * Obtains the lifetime of the security token. + *
+ * = + * @return a reference to the {@code LifetimeType} that represents the = lifetime of the security token. + */ + public LifetimeType getLifetime() + { + return lifetime; + } + + /** + *+ * Sets the lifetime of the security token. + *
+ * = + * @param lifetime the {@code LifetimeType} object representing the lif= etime to be set. + */ + public void setLifetime(LifetimeType lifetime) + { + this.lifetime =3D lifetime; + this.delegate.getAny().add(this.factory.createLifetime(lifetime)); + } + + /** + *+ * Obtains the result of a security token validation. + *
+ * = + * @return a referece to the {@code StatusType} instance that represent= s the status of the validation. + */ + public StatusType getStatus() + { + return status; + } + + /** + *+ * Sets the result of a security token validation. + *
+ * = + * @param status the {@code StatusType} instance to be set. + */ + public void setStatus(StatusType status) + { + this.status =3D status; + this.delegate.getAny().add(this.factory.createStatus(status)); + } + + /** + *+ * Checks whether the returned token is a postdated token or not. + *
+ * = + * @return {@code null} if the token is not postdated; a {@code AllowPo= stdatingType} otherwise. + */ + public AllowPostdatingType getAllowPostDating() + { + return allowPostDating; + } + + /** + *+ * Specifies whether the returned token is a postdated token or not. + *
+ * = + * @param allowPostDating {@code null} if the token is not postdated; a= {@code AllowPostdatingType} otherwise. + */ + public void setAllowPostDating(AllowPostdatingType allowPostDating) + { + this.allowPostDating =3D allowPostDating; + this.delegate.getAny().add(this.factory.createAllowPostdating(allowP= ostDating)); + } + + /** + *+ * Obtains the renew semantics for the token request. + *
+ * = + * @return a reference to the {@code RenewingType} that represents the = renew semantics for the request. + */ + public RenewingType getRenewing() + { + return renewing; + } + + /** + *+ * Sets the renew semantics for the token request. + *
+ * = + * @param renewing the {@code RenewingType} object representing the sem= antics to be set. + */ + public void setRenewing(RenewingType renewing) + { + this.renewing =3D renewing; + this.delegate.getAny().add(this.factory.createRenewing(renewing)); + } + + /** + *+ * Obtains the identity on whose behalf the token request was made. + *
+ * = + * @return a reference to the {@code OnBehalfOfType} that represents th= e identity on whose behalf the token request + * was made. + */ + public OnBehalfOfType getOnBehalfOf() + { + return onBehalfOf; + } + + /** + *+ * Specifies the identity on whose behalf the token request was made. + *
+ * = + * @param onBehalfOf the {@code OnBehalfOfType} object representing the= identity to be set. + */ + public void setOnBehalfOf(OnBehalfOfType onBehalfOf) + { + this.onBehalfOf =3D onBehalfOf; + this.delegate.getAny().add(this.factory.createOnBehalfOf(onBehalfOf)= ); + } + + /** + *+ * Obtains the issuer of the token included in the request in the scena= rios where the requestor is obtaining a token + * on behalf of another party. + *
+ * = + * @return a reference to the {@code EndpointReferenceType} that repres= ents the issuer. + */ + public EndpointReferenceType getIssuer() + { + return this.issuer; + } + + /** + *+ * Sets the issuer of the token included in the request in scenarios wh= ere the requestor is obtaining a token on + * behalf of another party. + *
+ * = + * @param issuer the {@code EndpointReferenceType} object representing = the issuer to be set. + */ + public void setIssuer(EndpointReferenceType issuer) + { + this.issuer =3D issuer; + this.delegate.getAny().add(this.factory.createIssuer(issuer)); + } + + /** + *+ * Obtains the type of authentication that is to be conducted. + *
+ * = + * @return a {@code URI} that identifies the authentication type. + */ + public URI getAuthenticationType() + { + return authenticationType; + } + + /** + *+ * Sets the authentication type in the response. + *
+ * = + * @param authenticationType a {@code URI} that identifies the authenti= cation type to be set. + */ + public void setAuthenticationType(URI authenticationType) + { + this.authenticationType =3D authenticationType; + this.delegate.getAny().add(this.factory.createAuthenticationType(aut= henticationType.toString())); + } + + /** + *+ * Obtains the authenticator that must be used in authenticating exchan= ges. + *
+ * = + * @return a reference to the {@code AuthenticatorType} that represents= the authenticator. + */ + public AuthenticatorType getAuthenticator() + { + return authenticator; + } + + /** + *+ * Sets the authenticator that must be used in authenticating exchanges. + *
+ * = + * @param authenticator the {@code AuthenticatorType} instance to be se= t. + */ + public void setAuthenticator(AuthenticatorType authenticator) + { + this.authenticator =3D authenticator; + this.delegate.getAny().add(this.factory.createAuthenticator(authenti= cator)); + } + + /** + *+ * Obtains the type of the key that has been set in the response. + *
+ * = + * @return a {@code URI} that identifies the key type. + */ + public URI getKeyType() + { + return keyType; + } + + /** + *+ * Sets the key type in the response. + *
+ * = + * @param keyType a {@code URI} that specifies the key type. + */ + public void setKeyType(URI keyType) + { + this.keyType =3D keyType; + this.delegate.getAny().add(this.factory.createKeyType(keyType.toStri= ng())); + } + + /** + *+ * Obtains the size of they key that has been set in the response. + *
+ * = + * @return a {@code long} representing the key size in bytes. + */ + public long getKeySize() + { + return keySize; + } + + /** + *+ * Sets the size of the key in the response. + *
+ * = + * @param keySize a {@code long} representing the key size in bytes. + */ + public void setKeySize(long keySize) + { + this.keySize =3D keySize; + this.delegate.getAny().add(this.factory.createKeySize(keySize)); + } + + /** + *+ * Obtains the signature algorithm that has been set in the response. + *
+ * = + * @return a {@code URI} that represents the signature algorithm. + */ + public URI getSignatureAlgorithm() + { + return signatureAlgorithm; + } + + /** + *+ * Sets the signature algorithm in the response. + *
+ * = + * @param signatureAlgorithm a {@code URI} that represents the algorith= m to be set. + */ + public void setSignatureAlgorithm(URI signatureAlgorithm) + { + this.signatureAlgorithm =3D signatureAlgorithm; + this.delegate.getAny().add(this.factory.createSignatureAlgorithm(sig= natureAlgorithm.toString())); + } + + /** + *+ * Obtains the {@code Encryption} section of the response. The {@code E= ncryption} element indicates that the + * requestor desires any returned secrets in issued security tokens to = be encrypted. + *
+ * = + * @return a reference to the {@code EncryptionType} object. + */ + public EncryptionType getEncryption() + { + return encryption; + } + + /** + *+ * Sets the {@code Encryption} section of the response. The {@code Encr= yption} element indicates that the requestor + * desires any returned secrets in issued security tokens to be encrypt= ed. + *
+ * = + * @param encryption the {@code EncryptionType} to be set. + */ + public void setEncryption(EncryptionType encryption) + { + this.encryption =3D encryption; + this.delegate.getAny().add(this.factory.createEncryption(encryption)= ); + } + + /** + *+ * Obtains the encryption algorithm that has been set in the response. + *
+ * = + * @return a {@code URI} that represents the encryption algorithm. + */ + public URI getEncryptionAlgorithm() + { + return encryptionAlgorithm; + } + + /** + *+ * Sets the encryption algorithm in the response. + *
+ * = + * @param encryptionAlgorithm a {@code URI} that represents the encrypt= ion algorithm to be set. + */ + public void setEncryptionAlgorithm(URI encryptionAlgorithm) + { + this.encryptionAlgorithm =3D encryptionAlgorithm; + this.delegate.getAny().add(this.factory.createEncryptionAlgorithm(en= cryptionAlgorithm.toString())); + } + + /** + *+ * Obtains the canonicalization algorithm that has been set in the resp= onse. + *
+ * = + * @return a {@code URI} that represents the canonicalization algorithm. + */ + public URI getCanonicalizationAlgorithm() + { + return canonicalizationAlgorithm; + } + + /** + *+ * Sets the canonicalization algorithm in the response. + *
+ * = + * @param canonicalizationAlgorithm a {@code URI} that represents the a= lgorithm to be set. + */ + public void setCanonicalizationAlgorithm(URI canonicalizationAlgorithm) + { + this.canonicalizationAlgorithm =3D canonicalizationAlgorithm; + this.delegate.getAny().add(this.factory.createCanonicalizationAlgori= thm(canonicalizationAlgorithm.toString())); + } + + /** + *+ * Obtains the {@code ProofEncryption} section of the response. The {@c= ode ProofEncryption} indicates that the + * requestor desires any returned secrets in issued security tokens to = be encrypted. + *
+ * = + * @return a reference to the {@code ProofEncryptionType} object. + */ + public ProofEncryptionType getProofEncryption() + { + return proofEncryption; + } + + /** + *+ * Sets the {@code ProofEncryption} section of the response. The {@code= ProofEncryption} indicates that the requestor + * desires any returned secrets in issued security tokens to be encrypt= ed. + *
+ * = + * @param proofEncryption the {@code ProofEncryptionType} to be set. + */ + public void setProofEncryption(ProofEncryptionType proofEncryption) + { + this.proofEncryption =3D proofEncryption; + this.delegate.getAny().add(this.factory.createProofEncryption(proofE= ncryption)); + } + + /** + *+ * Obtains the key that used in the returned token. + *
+ * = + * @return a reference to the {@code UseKeyType} instance that represen= ts the key used. + */ + public UseKeyType getUseKey() + { + return useKey; + } + + /** + *+ * Sets the key that used in the returned token. + *
+ * = + * @param useKey the {@code UseKeyType} instance to be set. + */ + public void setUseKey(UseKeyType useKey) + { + this.useKey =3D useKey; + this.delegate.getAny().add(this.factory.createUseKey(useKey)); + } + + /** + *+ * Obtains the signature algorithm used with the issued security token. + *
+ * = + * @return a {@code URI} representing the algorithm used. + */ + public URI getSignWith() + { + return signWith; + } + + /** + *+ * Sets the signature algorithm used with the issued security token. + *
+ * = + * @param signWith a {@code URI} representing the algorithm used. + */ + public void setSignWith(URI signWith) + { + this.signWith =3D signWith; + this.delegate.getAny().add(this.factory.createSignatureAlgorithm(sig= nWith.toString())); + } + + /** + *+ * Obtains the encryption algorithm used with the issued security token. + *
+ * = + * @return a {@code URI} representing the encryption algorithm used. + */ + public URI getEncryptWith() + { + return encryptWith; + } + + /** + *+ * Sets the encryption algorithm used with the issued security token. + *
+ * = + * @param encryptWith a {@code URI} representing the algorithm used. + */ + public void setEncryptWith(URI encryptWith) + { + this.encryptWith =3D encryptWith; + this.delegate.getAny().add(this.factory.createEncryptWith(encryptWit= h.toString())); + } + + /** + *+ * Obtains the identity to which the requested token should be delegate= d. + *
+ * = + * @return a reference to the {@code DelegateToType} instance that repr= esents the identity. + */ + public DelegateToType getDelegateTo() + { + return delegateTo; + } + + /** + *+ * Sets the identity to which the requested token should be delegated. + *
+ * = + * @param delegateTo the {@code DelegateToType} object representing the= identity to be set. + */ + public void setDelegateTo(DelegateToType delegateTo) + { + this.delegateTo =3D delegateTo; + this.delegate.getAny().add(this.factory.createDelegateTo(delegateTo)= ); + } + + /** + *+ * Indicates whether the requested token has been marked as "forwardabl= e" or not. In general, this flag is used when + * a token is normally bound to the requestor's machine or service. Usi= ng this flag, the returned token MAY be used + * from any source machine so long as the key is correctly proven. + *
+ * = + * @return {@code true} if the requested token has been marked as "forw= ardable"; {@code false} otherwise. + */ + public boolean isForwardable() + { + return forwardable; + } + + /** + *+ * Specifies whether the requested token has been marked as "forwardabl= e" or not. In general, this flag is used when + * a token is normally bound to the requestor's machine or service. Usi= ng this flag, the returned token MAY be used + * from any source machine so long as the key is correctly proven. + *
+ * = + * @param forwardable {@code true} if the requested token has been mark= ed as "forwardable"; {@code false} otherwise. + */ + public void setForwardable(boolean forwardable) + { + this.forwardable =3D forwardable; + this.delegate.getAny().add(this.factory.createForwardable(forwardabl= e)); + } + + /** + *+ * Indicates whether the requested token has been marked as "delegatabl= e" or not. Using this flag, the returned token + * MAY be delegated to another party. + *
+ * = + * @return {@code true} if the requested token has been marked as "dele= gatable"; {@code false} otherwise. + */ + public boolean isDelegatable() + { + return delegatable; + } + + /** + *+ * Specifies whether the requested token has been marked as "delegatabl= e" or not. Using this flag, the returned token + * MAY be delegated to another party. + *
+ * = + * @param delegatable {@code true} if the requested token has been mark= ed as "delegatable"; {@code false} otherwise. + */ + public void setDelegatable(boolean delegatable) + { + this.delegatable =3D delegatable; + this.delegate.getAny().add(this.factory.createDelegatable(delegatabl= e)); + } + + /** + *+ * Obtains the {@code Policy} that was associated with the request. The= policy specifies defaults that can be + * overridden by the previous properties. + *
+ * = + * @return a reference to the {@code Policy} that was associated with t= he request. + */ + public Policy getPolicy() + { + return policy; + } + + /** + *+ * Sets the {@code Policy} in the response. The policy specifies defaul= ts that can be overridden by the previous + * properties. + *
+ * = + * @param policy the {@code Policy} instance to be set. + */ + public void setPolicy(Policy policy) + { + this.policy =3D policy; + this.delegate.getAny().add(policy); + } + + /** + *+ * Obtains the reference to the {@code Policy} that was associated with= the request. + *
+ * = + * @return a {@code PolicyReference} that specifies where the {@code Po= licy} can be found. + */ + public PolicyReference getPolicyReference() + { + return policyReference; + } + + /** + *+ * Sets the reference to the {@code Policy} that was associated with th= e request. + *
+ * = + * @param policyReference the {@code PolicyReference} object to be set. + */ + public void setPolicyReference(PolicyReference policyReference) + { + this.policyReference =3D policyReference; + this.delegate.getAny().add(policyReference); + } + + /** + *+ * Obtains the list of request elements that are not part of the standa= rd content model. + *
+ * = + * @return a {@code List+ * Obtains the response context. + *
+ * = + * @return a {@code String} that identifies the original request. + */ + public String getContext() + { + return this.delegate.getContext(); + } + + /** + *+ * Sets the response context. + *
+ * = + * @param context a {@code String} that identifies the original request. + */ + public void setContext(String context) + { + this.delegate.setContext(context); + } + + /** + *+ * Obtains a map that contains attributes that aren't bound to any type= d property on the response. This is a live + * reference, so attributes can be added/changed/removed directly. For = this reason, there is no setter method. + *
+ * = + * @return a {@code Map+ * Gets a reference to the list that holds all response element values. + *
+ * = + * @return a {@code List+ * Obtains a reference to the {@code RequestSecurityTokenResponseType} = delegate. + *
+ * = + * @return a reference to the delegate instance. + */ + public RequestSecurityTokenResponseType getDelegate() + { + return this.delegate; + } +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/i= dentity/federation/api/wstrust/protocol/RequestSecurityTokenResponseCollect= ion.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/protocol/RequestSecurityTokenResponseCollection= .java (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/protocol/RequestSecurityTokenResponseCollection= .java 2009-02-09 18:47:40 UTC (rev 311) @@ -0,0 +1,124 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2009, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. = + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.wstrust.protocol; + +import java.util.ArrayList; +import java.util.Collections; +import java.util.List; + +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponse= CollectionType; +import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponse= Type; + +/** + *+ * This class represents a WS-Trust {@code RequestSecurityTokenResponseCol= lection}. It wraps the JAXB representation of + * the security token collection response. + *
+ * = + * @author Stefan Guilhen + */ +public class RequestSecurityTokenResponseCollection implements BaseRequest= SecurityTokenResponse +{ + + private final RequestSecurityTokenResponseCollectionType delegate; + + private final List+ * Creates an instance of {@code RequestSecurityTokenResponseCollection= }. + *
+ */ + public RequestSecurityTokenResponseCollection() + { + this.requestSecurityTokenResponses =3D new ArrayList+ * Creates an instance of {@code RequestSecurityTokenResponseCollection= } using the specified delegate. + *
+ * = + * @param delegate the JAXB {@code RequestSecurityTokenResponseCollecti= onType} that represents a WS-Trust request + * collection. + */ + public RequestSecurityTokenResponseCollection(RequestSecurityTokenRespo= nseCollectionType delegate) + { + this.delegate =3D delegate; + this.requestSecurityTokenResponses =3D new ArrayList+ * Obtains the collection of {@code RequestSecurityTokenResponse} objec= ts. The returned collection is immutable, so + * addition or removal of requests must be carried by the appropriate a= dd/remove methods. + *
+ * = + * @return a {@code List+ * Adds the specified {@code RequestSecurityTokenResponse} object to th= e collection of token requests. + *
+ * = + * @param request the {@code RequestSecurityTokenResponse} to be added. + */ + public void addRequestSecurityTokenResponse(RequestSecurityTokenRespons= e response) + { + this.delegate.getRequestSecurityTokenResponse().add(response.getDele= gate()); + this.requestSecurityTokenResponses.add(response); + } + + /** + *+ * Removes the specified {@code RequestSecurityTokenResponse} object fr= om the collection of token requests. + *
+ * = + * @param request the {@code RequestSecurityTokenResponse} to be remove= d. + */ + public void removeRequestSecurityTokenResponse(RequestSecurityTokenResp= onse response) + { + this.delegate.getRequestSecurityTokenResponse().remove(response.getD= elegate()); + this.requestSecurityTokenResponses.remove(response); + } + + /** + *+ * Obtains a reference to the {@code RequestSecurityTokenResponseCollec= tionType} delegate. + *
+ * = + * @return a reference to the delegate instance. + */ + public RequestSecurityTokenResponseCollectionType getDelegate() + { + return this.delegate; + } + +} Modified: identity-federation/trunk/identity-fed-core/.classpath =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-core/.classpath 2009-02-09 05:17= :32 UTC (rev 310) +++ identity-federation/trunk/identity-fed-core/.classpath 2009-02-09 18:47= :40 UTC (rev 311) @@ -1,15 +1,20 @@ -+ * Given the name of a service provider, obtains the type of the token = that should be used when issuing tokens to + * clients of that service. + *
+ * = + * @param serviceName the name of the service provider that requires a = token from its clients. + * @return a {@code String} representing the type of the token that sui= ts the specified service. + */ + public String getTokenTypeForService(String serviceName); = /** *Modified: identity-federation/trunk/identity-fed-api/src/main/java/org/jbos= s/identity/federation/api/wstrust/WSTrustUtil.java =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/WSTrustUtil.java 2009-02-12 15:58:49 UTC (rev 3= 14) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/iden= tity/federation/api/wstrust/WSTrustUtil.java 2009-02-12 17:50:18 UTC (rev 3= 15) @@ -21,10 +21,17 @@ */ package org.jboss.identity.federation.api.wstrust; = +import java.text.SimpleDateFormat; +import java.util.Calendar; +import java.util.GregorianCalendar; +import java.util.Locale; + import javax.xml.bind.JAXBElement; = import org.jboss.identity.federation.ws.addressing.EndpointReferenceType; import org.jboss.identity.federation.ws.policy.AppliesTo; +import org.jboss.identity.federation.ws.trust.LifetimeType; +import org.jboss.identity.federation.ws.wss.utility.AttributedDateTime; = /** *
@@ -64,4 +71,55 @@ } return null; } + + /** + *
+ * Creates a {@code LifetimeType} instance that specifies a range of ti= me that starts at the current GMT time and has + * the specified duration in milliseconds. + *
+ * = + * @param tokenTimeout the token timeout value (in milliseconds). + * @return the constructed {@code LifetimeType} instance. + */ + public static LifetimeType createDefaultLifetime(long tokenTimeout) + { + long createdTime =3D getCurrentGMTTime(); + final SimpleDateFormat calendarFormatter =3D new SimpleDateFormat("y= yyy-MM-dd'T'HH:mm:ss'.'SSS'Z'", Locale + .getDefault()); + Calendar calendar =3D new GregorianCalendar(); + calendarFormatter.setTimeZone(calendar.getTimeZone()); + + // instantiate the "created" time. + calendar.setTimeInMillis(createdTime); + AttributedDateTime created =3D new AttributedDateTime(); + created.setValue(calendarFormatter.format(calendar.getTime())); + + // instantiate the "expires" time. + calendar.setTimeInMillis(createdTime + tokenTimeout); + AttributedDateTime expires =3D new AttributedDateTime(); + expires.setValue(calendarFormatter.format(calendar.getTime())); + + LifetimeType type =3D new LifetimeType(); + type.setCreated(created); + type.setExpires(expires); + return type; + } + + /** + *+ * Obtains the current GMT time in milliseconds. + *
+ * = + * @return a long representing the current GMT time in milliseconds. + */ + public static long getCurrentGMTTime() + { + Calendar cal =3D new GregorianCalendar(); + int offset =3D cal.get(Calendar.ZONE_OFFSET); + if (cal.getTimeZone().inDaylightTime(cal.getTime())) + offset +=3D cal.getTimeZone().getDSTSavings(); + + // return the UTC/GMT time. + return cal.getTimeInMillis() - offset; + } } --===============7492068937912860328==-- From jboss-identity-commits at lists.jboss.org Fri Feb 13 16:07:24 2009 Content-Type: multipart/mixed; boundary="===============3517912368499482939==" MIME-Version: 1.0 From: jboss-identity-commits at lists.jboss.org To: jboss-identity-commits at lists.jboss.org Subject: [jboss-identity-commits] JBoss Identity SVN: r316 - /. Date: Fri, 13 Feb 2009 16:07:24 -0500 Message-ID:+ * The password sent to this module should be = + * {@link ServiceProviderSAMLContext#EMPTY_PASSWORD} + *
+ *+ * The username is available from {@link ServiceProviderSAMLContext#getUse= rName()} + * and roles is available from {@link ServiceProviderSAMLContext#getRoles(= )}. + * If the roles is null, then plugged in login modules in the stack have t= o provide + * the roles. + *
+ * @author Anil.Saldhana(a)redhat.com + * @since Feb 13, 2009 + */ +public class SAML2LoginModule extends UsernamePasswordLoginModule +{ = + @Override + protected Principal getIdentity() + { = + return new SimplePrincipal(ServiceProviderSAMLContext.getUserName()); + } + + @Override + protected Group[] getRoleSets() throws LoginException + { + Group group =3D new SimpleGroup("Roles"); + = + List