7:05 p.m.
Author: anil.saldhana(a)jboss.com
Date: 2009-08-03 13:05:39 -0400 (Mon, 03 Aug 2009)
New Revision: 678
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
Log:
Use DOM rather than JAXB
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-08-03
16:19:12 UTC (rev 677)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-08-03
17:05:39 UTC (rev 678)
@@ -240,19 +240,7 @@
SAML2Response saml2Response = new SAML2Response();
- ResponseType responseType;
- try
- {
- responseType = saml2Response.getResponseType(is);
- }
- catch (JAXBException e)
- {
- throw new ParsingException(e);
- }
- catch (SAXException e)
- {
- throw new ParsingException(e);
- }
+ ResponseType responseType = saml2Response.getResponseType(is);
this.isTrusted(responseType.getIssuer().getValue());
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-08-03
16:19:12 UTC (rev 677)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-08-03
17:05:39 UTC (rev 678)
@@ -48,7 +48,6 @@
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
-import org.xml.sax.SAXException;
/**
* Tomcat Authenticator for the HTTP/Redirect binding with Signature support
@@ -174,11 +173,7 @@
catch (JAXBException e)
{
throw new ConfigurationException(e);
- }
- catch (SAXException e)
- {
- throw new ParsingException(e);
- }
+ }
catch (TransformerFactoryConfigurationError e)
{
throw new ConfigurationException(e);
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java 2009-08-03
16:19:12 UTC (rev 677)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java 2009-08-03
17:05:39 UTC (rev 678)
@@ -28,12 +28,20 @@
import java.security.PrivateKey;
import javax.xml.bind.JAXBException;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.w3c.dom.Document;
import org.xml.sax.SAXException;
@@ -82,23 +90,46 @@
* @param responseType
* @param relayState
* @param signingKey
- * @return
- * @throws SAXException
- * @throws JAXBException
+ * @return
* @throws IOException
* @throws GeneralSecurityException
*/
public static String getSAMLResponseURLWithSignature(ResponseType responseType, String
relayState,
- PrivateKey signingKey) throws JAXBException, SAXException, IOException,
GeneralSecurityException
+ PrivateKey signingKey) throws IOException, GeneralSecurityException
{
SAML2Response saml2Response = new SAML2Response();
- // Deal with the original request
- StringWriter sw = new StringWriter();
- saml2Response.marshall(responseType, sw);
+ Document responseDoc = null;
+
+ try
+ {
+ responseDoc = saml2Response.convert(responseType);
+ }
+ catch (JAXBException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new ParsingException(e);
+ }
//URL Encode the Request
- String urlEncodedResponse =
RedirectBindingUtil.deflateBase64URLEncode(sw.toString());
+ String responseString;
+ try
+ {
+ responseString = DocumentUtil.getDocumentAsString(responseDoc);
+ }
+ catch (TransformerFactoryConfigurationError e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (TransformerException e)
+ {
+ throw new ProcessingException(e);
+ }
+
+ String urlEncodedResponse =
RedirectBindingUtil.deflateBase64URLEncode(responseString);
String urlEncodedRelayState = null;
if(relayState != null && relayState.length() > 0 )
@@ -109,6 +140,7 @@
//Now construct the URL
return getResponseRedirectURLWithSignature(urlEncodedResponse,
urlEncodedRelayState, sigValue, signingKey.getAlgorithm());
}
+
/**
* Given an url-encoded saml request and relay state and a private key, compute the
url
* @param urlEncodedRequest
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-08-03
16:19:12 UTC (rev 677)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-08-03
17:05:39 UTC (rev 678)
@@ -21,6 +21,7 @@
*/
package org.jboss.identity.federation.api.saml.v2.response;
+import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Writer;
@@ -34,8 +35,11 @@
import javax.xml.bind.Unmarshaller;
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Source;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import
org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
@@ -68,6 +72,8 @@
*/
public class SAML2Response
{
+ private Document responseDocument = null;
+
/**
* Create an assertion
* @param id
@@ -204,21 +210,65 @@
* Read a ResponseType from an input stream
* @param is
* @return
- * @throws SAXException
- * @throws JAXBException
+ * @throws ParsingException
+ * @throws ConfigurationException
*/
@SuppressWarnings("unchecked")
- public ResponseType getResponseType(InputStream is) throws JAXBException,
SAXException
+ public ResponseType getResponseType(InputStream is) throws ParsingException,
ConfigurationException
{
if(is == null)
throw new IllegalArgumentException("inputstream is null");
- Unmarshaller un = JBossSAMLAuthnResponseFactory.getUnmarshaller();
- JAXBElement<ResponseType> jaxbAuthnRequestType =
(JAXBElement<ResponseType>) un.unmarshal(is);
- return jaxbAuthnRequestType.getValue();
+ //Read the DOM
+ try
+ {
+ responseDocument = DocumentUtil.getDocument(is);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (IOException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (SAXException e)
+ {
+ throw new ParsingException(e);
+ }
+
+ Source domSource = DocumentUtil.getXMLSource(responseDocument);
+
+ Unmarshaller un;
+ try
+ {
+ un = JBossSAMLAuthnResponseFactory.getUnmarshaller();
+ JAXBElement<ResponseType> jaxbAuthnRequestType =
(JAXBElement<ResponseType>) un.unmarshal(domSource);
+ return jaxbAuthnRequestType.getValue();
+ }
+ catch (JAXBException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (SAXException e)
+ {
+ throw new ParsingException(e);
+ }
}
/**
+ * Return the Parsed Document
+ * @return
+ * @throws ProcessingException if there is no parsed DOM
+ */
+ public Document getResponseDocument() throws ProcessingException
+ {
+ if(responseDocument == null)
+ throw new ProcessingException("Response Document is null");
+ return responseDocument;
+ }
+
+ /**
* Convert an EncryptedElement into a Document
* @param encryptedElementType
* @return
@@ -259,9 +309,9 @@
JAXBContext jaxb = JAXBContext.newInstance(ResponseType.class);
Binder<Node> binder = jaxb.createBinder();
- Document doc = DocumentUtil.createDocument();
- binder.marshal(JAXBElementMappingUtil.get(responseType), doc);
- return doc;
+ responseDocument = DocumentUtil.createDocument();
+ binder.marshal(JAXBElementMappingUtil.get(responseType), responseDocument);
+ return responseDocument;
}
/**
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java 2009-08-03
16:19:12 UTC (rev 677)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java 2009-08-03
17:05:39 UTC (rev 678)
@@ -153,8 +153,8 @@
KeyPair keypair,
String referenceURI) throws JAXBException, ParserConfigurationException,
XPathException, TransformerFactoryConfigurationError, TransformerException,
GeneralSecurityException, MarshalException, XMLSignatureException
{
- SAML2Response saml2Request = new SAML2Response();
- Document doc = saml2Request.convert(response);
+ SAML2Response saml2Response = new SAML2Response();
+ Document doc = saml2Response.convert(response);
Node assertionNode = DocumentUtil.getNodeWithAttribute(doc,
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-08-03
16:19:12 UTC (rev 677)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-08-03
17:05:39 UTC (rev 678)
@@ -55,7 +55,6 @@
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.dom.DOMSource;
import javax.xml.transform.stream.StreamResult;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
@@ -269,6 +268,6 @@
{
TransformerFactory tf = TransformerFactory.newInstance();
Transformer trans = tf.newTransformer();
- trans.transform(new DOMSource(signedDocument), new StreamResult(os));
+ trans.transform(DocumentUtil.getXMLSource(signedDocument), new StreamResult(os));
}
}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-08-03
16:19:12 UTC (rev 677)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-08-03
17:05:39 UTC (rev 678)
@@ -259,7 +259,7 @@
throw new RuntimeException("Failed to marshall security token
request", e);
}
- return new DOMSource(result);
+ return DocumentUtil.getXMLSource(result);
}
/**
@@ -306,7 +306,7 @@
{
throw new RuntimeException("Failed to marshall security token
response", e);
}
- return new DOMSource(result);
+ return DocumentUtil.getXMLSource(result);
}
/**
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2009-08-03
16:19:12 UTC (rev 677)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2009-08-03
17:05:39 UTC (rev 678)
@@ -167,8 +167,7 @@
Node importedSignedNode = validatingDoc.importNode(signedNode, true);
validatingDoc.appendChild(importedSignedNode);
- // Validate the signature
- System.out.println(DocumentUtil.getDocumentAsString(validatingDoc));
+ // Validate the signature
boolean isValid = XMLSignatureUtil.validate(validatingDoc, kp.getPublic());
assertTrue("Signature is valid:", isValid);
@@ -189,8 +188,7 @@
importedSignedNode = validatingDoc.importNode(signedNode, true);
validatingDoc.appendChild(importedSignedNode);
- // The client re-validates the signature.
- System.out.println(DocumentUtil.getDocumentAsString(validatingDoc));
+ // The client re-validates the signature.
assertTrue("Signature is valid:",
XMLSignatureUtil.validate(validatingDoc, kp.getPublic()));
JAXBElement<ResponseType> jaxbresponseType =
(JAXBElement<ResponseType>) binder.unmarshal(readDoc);
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-08-03
16:19:12 UTC (rev 677)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-08-03
17:05:39 UTC (rev 678)
@@ -218,15 +218,6 @@
return bis;
}
-
- private static Transformer getTransformer() throws TransformerConfigurationException,
- TransformerFactoryConfigurationError
- {
- Transformer transformer = TransformerFactory.newInstance().newTransformer();
- transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
- transformer.setOutputProperty(OutputKeys.INDENT, "no");
- return transformer;
- }
/**
* Stream a DOM Node as a String
@@ -288,6 +279,16 @@
}
/**
+ * Get a {@link Source} given a {@link Document}
+ * @param doc
+ * @return
+ */
+ public static Source getXMLSource(Document doc)
+ {
+ return new DOMSource(doc);
+ }
+
+ /**
* Log the nodes in the document
* @param doc
*/
@@ -320,5 +321,14 @@
factory.setNamespaceAware(true);
factory.setXIncludeAware(true);
return factory;
- }
+ }
+
+ private static Transformer getTransformer() throws TransformerConfigurationException,
+ TransformerFactoryConfigurationError
+ {
+ Transformer transformer = TransformerFactory.newInstance().newTransformer();
+ transformer.setOutputProperty(OutputKeys.OMIT_XML_DECLARATION, "yes");
+ transformer.setOutputProperty(OutputKeys.INDENT, "no");
+ return transformer;
+ }
}
\ No newline at end of file