Author: sguilhen(a)redhat.com
Date: 2009-06-24 17:18:18 -0400 (Wed, 24 Jun 2009)
New Revision: 631
Added:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-request.xml
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-response.xml
Removed:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/keystore/sts_keystore.jks
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/JNDIUtilUnitTestCase.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityToken.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java
identity-federation/trunk/jboss-identity-webapps/circleoftrust/
identity-federation/trunk/jboss-identity-webapps/employee/
identity-federation/trunk/jboss-identity-webapps/idp/
identity-federation/trunk/jboss-identity-webapps/metadata/
identity-federation/trunk/jboss-identity-webapps/sales/
identity-federation/trunk/parent/pom.xml
Log:
JBID-124: Moved token signature and signature validation to the request handler. Changed
WSTrustJAXBFactory to preserve token elements from the JAXB marshalling/unmarshalling.
Updated the tests to reflect the changes.
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -141,7 +141,7 @@
*
* @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getEncryptIssuedToken()
*/
- public boolean getEncryptIssuedToken()
+ public boolean encryptIssuedToken()
{
return this.delegate.isEncryptToken();
}
@@ -149,6 +149,17 @@
/*
* (non-Javadoc)
*
+ * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#signIssuedToken()
+ */
+ public boolean signIssuedToken()
+ {
+ //TODO: add the sign-by-default property to the configuration schema.
+ return true;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
* @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getIssuedTokenTimeout()
*/
public long getIssuedTokenTimeout()
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/JNDIUtilUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/JNDIUtilUnitTestCase.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/JNDIUtilUnitTestCase.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -31,7 +31,7 @@
*/
public class JNDIUtilUnitTestCase extends TestCase
{
- @SuppressWarnings("unchecked")
+// @SuppressWarnings("unchecked")
public void testJNDIConnection() throws Exception
{
/*Hashtable env = new Hashtable();
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -134,7 +134,8 @@
*
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
public void testSTSConfiguration() throws Exception
{
@@ -144,7 +145,7 @@
// check the values that have been configured.
assertEquals("Unexpected service name", "Test STS",
config.getSTSName());
assertEquals("Unexpected token timeout value", 7200 * 1000,
config.getIssuedTokenTimeout());
- assertTrue("Encrypt token should be true",
config.getEncryptIssuedToken());
+ assertTrue("Encrypt token should be true", config.encryptIssuedToken());
WSTrustRequestHandler handler = config.getRequestHandler();
assertNotNull("Unexpected null request handler found", handler);
assertTrue("Unexpected request handler type", handler instanceof
StandardRequestHandler);
@@ -198,7 +199,8 @@
*
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
public void testInvokeCustom() throws Exception
{
@@ -254,7 +256,8 @@
*
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
public void testInvokeSAML20() throws Exception
{
@@ -282,7 +285,8 @@
* case, the request should be handled by the custom {@code SpecialTokenProvider}.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
public void testInvokeCustomAppliesTo() throws Exception
{
@@ -310,7 +314,8 @@
* case, the request should be handled by the standard {@code SAML20TokenProvider}.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
public void testInvokeSAML20AppliesTo() throws Exception
{
@@ -347,7 +352,8 @@
* the assertion validated, checking the validation results.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
public void testInvokeSAML20Validate() throws Exception
{
@@ -361,7 +367,7 @@
// invoke the token service.
Source responseMessage = this.tokenService.invoke(requestMessage);
- BaseRequestSecurityTokenResponse baseResponse = WSTrustJAXBFactory.getInstance()
+ BaseRequestSecurityTokenResponse baseResponse = factory
.parseRequestSecurityTokenResponse(responseMessage);
// get the SAML assertion from the request.
@@ -378,7 +384,7 @@
// invoke the token service.
responseMessage =
this.tokenService.invoke(factory.marshallRequestSecurityToken(request));
- baseResponse =
WSTrustJAXBFactory.getInstance().parseRequestSecurityTokenResponse(responseMessage);
+ baseResponse = factory.parseRequestSecurityTokenResponse(responseMessage);
// validate the response contents.
assertNotNull("Unexpected null response", baseResponse);
@@ -395,6 +401,7 @@
// now let's temper the SAML assertion and try to validate it again.
assertion.getFirstChild().getFirstChild().setNodeValue("Tempered
Issuer");
+ request.getValidateTarget().setAny(assertion);
responseMessage =
this.tokenService.invoke(factory.marshallRequestSecurityToken(request));
collection = (RequestSecurityTokenResponseCollection)
WSTrustJAXBFactory.getInstance()
.parseRequestSecurityTokenResponse(responseMessage);
@@ -414,7 +421,8 @@
* security token service.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
public void testInvokeUnknownTokenType() throws Exception
{
@@ -443,12 +451,14 @@
/**
* <p>
- * Validates the contents of a WS-Trust response message that contains a custom token
issued by the test
- * {@code SpecialTokenProvider}.
+ * Validates the contents of a WS-Trust response message that contains a custom token
issued by the test {@code
+ * SpecialTokenProvider}.
* </p>
*
- * @param baseResponse a reference to the WS-Trust response that was sent by the STS.
- * @throws Exception if one of the validation performed fail.
+ * @param baseResponse
+ * a reference to the WS-Trust response that was sent by the STS.
+ * @throws Exception
+ * if one of the validation performed fail.
*/
private void validateCustomTokenResponse(BaseRequestSecurityTokenResponse
baseResponse) throws Exception
{
@@ -481,14 +491,16 @@
/**
* <p>
- * Validates the contents of a WS-Trust response message that contains a SAMLV2.0
assertion issued by the
- * {@code SAML20TokenProvider}.
+ * Validates the contents of a WS-Trust response message that contains a SAMLV2.0
assertion issued by the {@code
+ * SAML20TokenProvider}.
* </p>
*
- * @param baseResponse a reference to the WS-Trust response that was sent by the STS.
+ * @param baseResponse
+ * a reference to the WS-Trust response that was sent by the STS.
* @return the SAMLV2.0 assertion that has been extracted from the response. This
object can be used by the test
* methods to perform extra validations depending on the scenario being
tested.
- * @throws Exception if one of the validation performed fail.
+ * @throws Exception
+ * if one of the validation performed fail.
*/
private AssertionType validateSAMLAssertionResponse(BaseRequestSecurityTokenResponse
baseResponse) throws Exception
{
@@ -568,10 +580,14 @@
* Utility method that creates a simple WS-Trust request using the specified
information.
* </p>
*
- * @param context a {@code String} that represents the request context.
- * @param requestType a {@code String} that represents the WS-Trust request type.
- * @param tokenType a {@code String} that represents the requested token type.
- * @param appliesToString a {@code String} that represents the URL of a service
provider.
+ * @param context
+ * a {@code String} that represents the request context.
+ * @param requestType
+ * a {@code String} that represents the WS-Trust request type.
+ * @param tokenType
+ * a {@code String} that represents the requested token type.
+ * @param appliesToString
+ * a {@code String} that represents the URL of a service provider.
* @return the constructed {@code RequestSecurityToken} object.
*/
private RequestSecurityToken createRequest(String context, String requestType, String
tokenType,
@@ -674,7 +690,8 @@
* Sets the principal to be used in the test case.
* </p>
*
- * @param principal the {@code Principal} to be set.
+ * @param principal
+ * the {@code Principal} to be set.
*/
public void setUserPrincipal(Principal principal)
{
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -26,6 +26,7 @@
import javax.xml.parsers.ParserConfigurationException;
+import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.wstrust.SecurityToken;
import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider;
import org.jboss.identity.federation.api.wstrust.StandardSecurityToken;
@@ -83,10 +84,12 @@
Element root = doc.createElementNS("http://www.tokens.org",
"token:SpecialToken");
root.appendChild(doc.createTextNode("Principal:" + caller));
+ String id = IDGenerator.create("ID_");
+ root.setAttribute("ID", id);
root.setAttribute("TokenType", tokenType.toString());
doc.appendChild(root);
- SecurityToken token = new StandardSecurityToken(tokenType.toString(), root);
+ SecurityToken token = new StandardSecurityToken(tokenType.toString(), root,
id);
context.setSecurityToken(token);
}
catch(ParserConfigurationException pce)
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -46,15 +46,24 @@
/**
* <p>
- * Indicates whether the issued token must be encrypted or not.
+ * Indicates whether the issued token should be encrypted or not.
* </p>
*
- * @return {@code true} if the issued token must be encrypted; {@code false}
otherwise.
+ * @return {@code true} if the issued token is to be encrypted; {@code false}
otherwise.
*/
- public boolean getEncryptIssuedToken();
+ public boolean encryptIssuedToken();
/**
* <p>
+ * Indicates whether the issued token should be digitally signed or not.
+ * </p>
+ *
+ * @return {@code true} if the issued token is to be signed; {@code false} otherwise.
+ */
+ public boolean signIssuedToken();
+
+ /**
+ * <p>
* Obtains the timeout value (in milliseconds) for issued tokens.
* </p>
*
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityToken.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityToken.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityToken.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -33,6 +33,15 @@
/**
* <p>
+ * Obtains the security token unique identifier.
+ * </p>
+ *
+ * @return a {@code String} representing the token id.
+ */
+ public String getTokenID();
+
+ /**
+ * <p>
* Obtains the type of the security token.
* </p>
*
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -22,14 +22,23 @@
package org.jboss.identity.federation.api.wstrust;
import java.net.URI;
+import java.security.KeyPair;
import java.security.Principal;
import java.security.PublicKey;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.SignatureMethod;
+
+import org.jboss.identity.federation.api.util.XMLSignatureUtil;
import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
import org.jboss.identity.federation.ws.policy.AppliesTo;
import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
/**
* <p>
@@ -48,7 +57,9 @@
/*
* (non-Javadoc)
*
- * @see
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#initialize(org.jboss.identity.federation.api.wstrust.STSConfiguration)
+ * @see
+ *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#initialize(org.jboss.identity.federation.api.wstrust
+ * .STSConfiguration)
*/
public void initialize(STSConfiguration configuration)
{
@@ -58,8 +69,9 @@
/*
* (non-Javadoc)
*
- * @see
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#issue(org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken,
- * java.security.Principal)
+ * @see
+ *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#issue(org.jboss.identity.federation.api.wstrust
+ * .protocol.RequestSecurityToken, java.security.Principal)
*/
public RequestSecurityTokenResponse issue(RequestSecurityToken request, Principal
callerPrincipal)
throws WSTrustException
@@ -97,13 +109,33 @@
// if no lifetime has been specified, use the configured timeout value.
request.setLifetime(WSTrustUtil.createDefaultLifetime(this.configuration.getIssuedTokenTimeout()));
}
- requestContext.setSTSKeyPair(this.configuration.getSTSKeyPair());
requestContext.setServiceProviderPublicKey(providerPublicKey);
provider.issueToken(requestContext);
if (requestContext.getSecurityToken() == null)
throw new WSTrustException("Token issued by provider " +
provider.getClass().getName() + " is null");
+ // sign the issued token if needed.
+ if (this.configuration.signIssuedToken() &&
this.configuration.getSTSKeyPair() != null)
+ {
+ KeyPair keyPair = this.configuration.getSTSKeyPair();
+ if (keyPair != null)
+ {
+ URI signatureURI = request.getSignatureAlgorithm();
+ String signatureMethod = signatureURI != null ? signatureURI.toString() :
SignatureMethod.RSA_SHA1;
+ try
+ {
+ Element tokenElement = (Element)
requestContext.getSecurityToken().getTokenValue();
+ XMLSignatureUtil.sign(tokenElement.getOwnerDocument(), keyPair,
DigestMethod.SHA1, signatureMethod,
+ "#" + requestContext.getSecurityToken().getTokenID());
+ }
+ catch (Exception e)
+ {
+ throw new WSTrustException("Failed to sign security token",
e);
+ }
+ }
+ }
+
// construct the ws-trust security token response.
RequestedSecurityTokenType requestedSecurityToken = new
RequestedSecurityTokenType();
requestedSecurityToken.setAny(requestContext.getSecurityToken().getTokenValue());
@@ -134,8 +166,9 @@
/*
* (non-Javadoc)
*
- * @see
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#renew(org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken,
- * java.security.Principal)
+ * @see
+ *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#renew(org.jboss.identity.federation.api.wstrust
+ * .protocol.RequestSecurityToken, java.security.Principal)
*/
public RequestSecurityTokenResponse renew(RequestSecurityToken request, Principal
callerPrincipal)
throws WSTrustException
@@ -147,36 +180,73 @@
/*
* (non-Javadoc)
*
- * @see
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#validate(org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken,
- * java.security.Principal)
+ * @see
+ *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#validate(org.jboss.identity.federation.api.wstrust
+ * .protocol.RequestSecurityToken, java.security.Principal)
*/
public RequestSecurityTokenResponse validate(RequestSecurityToken request, Principal
callerPrincipal)
throws WSTrustException
{
- if(request.getTokenType() == null)
+ if (request.getValidateTarget() == null)
+ throw new WSTrustException("Unable to validate token: validate target is
null");
+
+ if (request.getTokenType() == null)
request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
-
+
// TODO: get the provider using the token from the request.
SecurityTokenProvider provider =
this.configuration.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE);
WSTrustRequestContext context = new WSTrustRequestContext(request,
callerPrincipal);
- context.setSTSKeyPair(this.configuration.getSTSKeyPair());
+
+ StatusType status = null;
- provider.validateToken(context);
+ // validate the security token digital signature.
+ if (this.configuration.signIssuedToken() &&
this.configuration.getSTSKeyPair() != null)
+ {
+ KeyPair keyPair = this.configuration.getSTSKeyPair();
+ try
+ {
+ Element tokenElement = (Element) request.getValidateTarget().getAny();
+ Document tokenDocument = DocumentUtil.createDocument();
+ tokenDocument.appendChild(tokenDocument.importNode(tokenElement, true));
+ if (!XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic()))
+ {
+ status = new StatusType();
+ status.setCode(WSTrustConstants.STATUS_CODE_INVALID);
+ status.setReason("Validation failure: digital signature is
invalid");
+ }
+ }
+ catch (Exception e)
+ {
+ status = new StatusType();
+ status.setCode(WSTrustConstants.STATUS_CODE_INVALID);
+ status.setReason("Validation failure: unable to verify digital
signature: " + e.getMessage());
+ }
+ }
+ // TODO: add logging statements alerting that signature validation was not
perfomed.
+ // if the signature is valid, then let the provider handle perform any additional
validation checks.
+ if(status == null)
+ {
+ provider.validateToken(context);
+ status = context.getStatus();
+ }
+
+ // construct and return the response.
RequestSecurityTokenResponse response = new RequestSecurityTokenResponse();
if (request.getContext() != null)
response.setContext(request.getContext());
response.setTokenType(request.getTokenType());
- response.setStatus(context.getStatus());
-
+ response.setStatus(status);
+
return response;
}
/*
* (non-Javadoc)
*
- * @see
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#cancel(org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken,
- * java.security.Principal)
+ * @see
+ *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#cancel(org.jboss.identity.federation.api.wstrust
+ * .protocol.RequestSecurityToken, java.security.Principal)
*/
public RequestSecurityTokenResponse cancel(RequestSecurityToken request, Principal
callerPrincipal)
throws WSTrustException
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -21,8 +21,6 @@
*/
package org.jboss.identity.federation.api.wstrust;
-import java.util.UUID;
-
import org.w3c.dom.Element;
/**
@@ -48,25 +46,14 @@
* Creates an instance of {@code StandardSecurityToken} with the specified
parameters.
* </p>
*
- * @param tokenType a {@code String} representing the type of the security token. This
is usually the same type as
- * specified in the WS-Trust request message.
- * @param token the security token in its {@code Element} form (i.e. the marshaled
security token).
+ * @param tokenType
+ * a {@code String} representing the type of the security token. This is
usually the same type as specified
+ * in the WS-Trust request message.
+ * @param token
+ * the security token in its {@code Element} form (i.e. the marshaled
security token).
+ * @param tokenID
+ * a {@code String} representing the id of the security token.
*/
- public StandardSecurityToken(String tokenType, Element token)
- {
- this(tokenType, token, UUID.randomUUID().toString());
- }
-
- /**
- * <p>
- * Creates an instance of {@code StandardSecurityToken} with the specified
parameters.
- * </p>
- *
- * @param tokenType a {@code String} representing the type of the security token. This
is usually the same type as
- * specified in the WS-Trust request message.
- * @param token the security token in its {@code Element} form (i.e. the marshaled
security token).
- * @param tokenID a {@code String} representing the id of the security token.
- */
public StandardSecurityToken(String tokenType, Element token, String tokenID)
{
this.tokenType = tokenType;
@@ -94,14 +81,12 @@
return this.token;
}
- /**
- * <p>
- * Obtains the id of the security token.
- * </p>
+ /*
+ * (non-Javadoc)
*
- * @return a {@code String} representing the security token id.
+ * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenID()
*/
- public String getTokenId()
+ public String getTokenID()
{
return this.tokenId;
}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -30,13 +30,13 @@
*/
public class WSTrustConstants
{
- public static final String BASE_NAMESPACE =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512";
+ public static final String BASE_NAMESPACE =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
// WS-Trust request types.
- public static final String ISSUE_REQUEST = BASE_NAMESPACE + "/Issue";
- public static final String RENEW_REQUEST = BASE_NAMESPACE + "/Renew";
- public static final String CANCEL_REQUEST = BASE_NAMESPACE + "/Cancel";
- public static final String VALIDATE_REQUEST = BASE_NAMESPACE + "/Validate";
+ public static final String ISSUE_REQUEST = BASE_NAMESPACE + "Issue";
+ public static final String RENEW_REQUEST = BASE_NAMESPACE + "Renew";
+ public static final String CANCEL_REQUEST = BASE_NAMESPACE + "Cancel";
+ public static final String VALIDATE_REQUEST = BASE_NAMESPACE + "Validate";
// WS-Trust validation constants.
public static final String STATUS_TYPE = BASE_NAMESPACE + "/RSTR/Status";
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -25,21 +25,23 @@
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
import javax.xml.bind.Unmarshaller;
-import javax.xml.bind.util.JAXBSource;
import javax.xml.transform.Source;
+import javax.xml.transform.dom.DOMSource;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.util.JAXBUtil;
import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken;
import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse;
import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenCollection;
import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
import
org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
import org.jboss.identity.federation.ws.trust.ObjectFactory;
-import org.jboss.identity.federation.ws.trust.RequestSecurityTokenCollectionType;
import
org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseCollectionType;
-import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseType;
import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
/**
* <p>
@@ -51,12 +53,12 @@
public class WSTrustJAXBFactory
{
private static final WSTrustJAXBFactory instance = new WSTrustJAXBFactory();
-
+
private Marshaller marshaller;
-
+
private Unmarshaller unmarshaller;
- private final ObjectFactory factory;
+ private final ObjectFactory objectFactory;
/**
* <p>
@@ -64,11 +66,12 @@
* </p>
*/
private WSTrustJAXBFactory()
- {
+ {
try
- {
- marshaller = JAXBUtil.getMarshaller(getPackage());
- this.factory = new ObjectFactory();
+ {
+ this.marshaller = JAXBUtil.getMarshaller(this.getPackages());
+ this.unmarshaller = JAXBUtil.getUnmarshaller(this.getPackages());
+ this.objectFactory = new ObjectFactory();
}
catch (JAXBException e)
{
@@ -87,8 +90,8 @@
{
return instance;
}
-
- public String getPackage()
+
+ private String getPackages()
{
StringBuilder packages = new StringBuilder();
packages.append("org.jboss.identity.federation.ws.addressing");
@@ -98,36 +101,46 @@
packages.append(":org.jboss.identity.federation.ws.wss.utility");
return packages.toString();
}
-
+
/**
* <p>
* Creates a {@code BaseRequestSecurityToken} from the specified XML source.
* </p>
*
- * @param request the XML source containing the security token request message.
- * @return the constructed {@code BaseRequestSecurityToken} instance. It will be an
instance of
- * {@code RequestSecurityToken} the message contains a single token request,
and an instance of
- * {@code RequestSecurityTokenCollection} if multiples requests are being made
in the same message.
+ * @param request
+ * the XML source containing the security token request message.
+ * @return the constructed {@code BaseRequestSecurityToken} instance. It will be an
instance of {@code
+ * RequestSecurityToken} the message contains a single token request, and an
instance of {@code
+ * RequestSecurityTokenCollection} if multiples requests are being made in the
same message.
*/
public BaseRequestSecurityToken parseRequestSecurityToken(Source request)
{
+ // if the request contains a validate, cancel, or renew target, we must preserve it
from JAXB unmarshalling.
+ Document document = (Document) ((DOMSource) request).getNode();
+ Element targetElement = this.getValidateOrRenewOrCancelTarget(document);
+
try
{
- Object object = getUnmarshaller().unmarshal(request);
-
- // check the type of the unmarshalled object.
- if (object instanceof RequestSecurityTokenType)
- return new RequestSecurityToken((RequestSecurityTokenType) object);
- else if (object instanceof RequestSecurityTokenCollectionType)
- return new
RequestSecurityTokenCollection((RequestSecurityTokenCollectionType) object);
- else if (object instanceof JAXBElement)
+ Object object = this.unmarshaller.unmarshal(request);
+ if (object instanceof JAXBElement)
{
JAXBElement<?> element = (JAXBElement<?>)
unmarshaller.unmarshal(request);
- // is this a single token request or a collection of token requests
if (element.getDeclaredType().equals(RequestSecurityTokenType.class))
- return new RequestSecurityToken((RequestSecurityTokenType)
element.getValue());
- else if
(element.getDeclaredType().equals(RequestSecurityTokenCollectionType.class))
- return new
RequestSecurityTokenCollection((RequestSecurityTokenCollectionType) element.getValue());
+ {
+ RequestSecurityToken parsedRequest = new
RequestSecurityToken((RequestSecurityTokenType) element
+ .getValue());
+ // insert the request target in the parsed request.
+ if (targetElement != null)
+ {
+ if (parsedRequest.getValidateTarget() != null)
+ parsedRequest.getValidateTarget().setAny(targetElement);
+ else if (parsedRequest.getRenewTarget() != null)
+ parsedRequest.getRenewTarget().setAny(targetElement);
+ else if (parsedRequest.getCancelTarget() != null)
+ parsedRequest.getCancelTarget().setAny(targetElement);
+ }
+ return parsedRequest;
+ }
else
throw new RuntimeException("Invalid request type: " +
element.getDeclaredType());
}
@@ -145,30 +158,39 @@
* Creates a {@code BaseRequestSecurityTokenResponse} from the specified XML source.
* </p>
*
- * @param response the XML source containing the security token response message.
- * @return the constructed {@code BaseRequestSecurityTokenResponse} instance. It
should return an instance of
- * {@code RequestSecurityTokenResponseCollection} according to the
specification, but we allow a single
- * response to be returned in the form of a {@code
RequestSecurityTokenResponse} instance.
+ * @param response
+ * the XML source containing the security token response message.
+ * @return the constructed {@code BaseRequestSecurityTokenResponse} instance.
According to the WS-Trust
+ * specification, the returned object will be an instance of {@code
RequestSecurityTokenResponseCollection}.
*/
public BaseRequestSecurityTokenResponse parseRequestSecurityTokenResponse(Source
response)
{
+ // if the response contains an issued token, we must preserve it from the JAXB
unmarshalling.
+ Element tokenElement = null;
+ Document document = (Document) ((DOMSource) response).getNode();
+ Node requestedTokenNode = this.findNodeByNameNS(document,
"RequestedSecurityToken",
+ WSTrustConstants.BASE_NAMESPACE);
+ if (requestedTokenNode != null)
+ tokenElement = (Element) requestedTokenNode.getFirstChild();
+
try
{
- Object object = getUnmarshaller().unmarshal(response);
- // check the type of the response object.
- if (object instanceof RequestSecurityTokenResponseType)
- return new RequestSecurityTokenResponse((RequestSecurityTokenResponseType)
object);
- else if (object instanceof RequestSecurityTokenResponseCollectionType)
- return new
RequestSecurityTokenResponseCollection((RequestSecurityTokenResponseCollectionType)
object);
- else if (object instanceof JAXBElement)
+ Object object = this.unmarshaller.unmarshal(response);
+ if (object instanceof JAXBElement)
{
JAXBElement<?> element = (JAXBElement<?>)
unmarshaller.unmarshal(response);
- // is this a single token response or a collection of token responses
- if
(element.getDeclaredType().equals(RequestSecurityTokenResponseType.class))
- return new RequestSecurityTokenResponse((RequestSecurityTokenResponseType)
element.getValue());
- else if
(element.getDeclaredType().equals(RequestSecurityTokenResponseCollectionType.class))
- return new
RequestSecurityTokenResponseCollection((RequestSecurityTokenResponseCollectionType)
element
- .getValue());
+ if
(element.getDeclaredType().equals(RequestSecurityTokenResponseCollectionType.class))
+ {
+ RequestSecurityTokenResponseCollection collection = new
RequestSecurityTokenResponseCollection(
+ (RequestSecurityTokenResponseCollectionType) element.getValue());
+ // insert the security token in the parsed response.
+ if (tokenElement != null)
+ {
+ RequestSecurityTokenResponse parsedResponse =
collection.getRequestSecurityTokenResponses().get(0);
+ parsedResponse.getRequestedSecurityToken().setAny(tokenElement);
+ }
+ return collection;
+ }
else
throw new RuntimeException("Invalid response type: " +
element.getDeclaredType());
}
@@ -186,33 +208,56 @@
* Creates a {@code javax.xml.transform.Source} from the specified request object.
* </p>
*
- * @param request a {@code BaseRequestSecurityToken} representing the object model of
the security token request.
+ * @param request
+ * a {@code RequestSecurityToken} representing the object model of the
security token request.
* @return the constructed {@code Source} instance.
*/
- public Source marshallRequestSecurityToken(BaseRequestSecurityToken request)
+ public Source marshallRequestSecurityToken(RequestSecurityToken request)
{
- JAXBElement<?> element = null;
- if (request instanceof RequestSecurityToken)
+ Element targetElement = null;
+ // if the request has a validate, cancel, or renew target, we must preserve it from
JAXB marshaling.
+ String requestType = request.getRequestType().toString();
+ if (requestType.equalsIgnoreCase(WSTrustConstants.VALIDATE_REQUEST))
{
- RequestSecurityToken requestSecurityToken = (RequestSecurityToken) request;
- element =
this.factory.createRequestSecurityToken(requestSecurityToken.getDelegate());
+ targetElement = (Element) request.getValidateTarget().getAny();
+ request.getValidateTarget().setAny(null);
}
- else if (request instanceof RequestSecurityTokenCollection)
+ else if (requestType.equalsIgnoreCase(WSTrustConstants.RENEW_REQUEST))
{
- RequestSecurityTokenCollection collection = (RequestSecurityTokenCollection)
request;
- element =
this.factory.createRequestSecurityTokenCollection(collection.getDelegate());
+ targetElement = (Element) request.getRenewTarget().getAny();
+ request.getRenewTarget().setAny(null);
}
- else
- throw new RuntimeException("Failed to determine the type of the security
token request");
+ else if (requestType.equalsIgnoreCase(WSTrustConstants.CANCEL_REQUEST))
+ {
+ targetElement = (Element) request.getCancelTarget().getAny();
+ request.getCancelTarget().setAny(null);
+ }
+ Document result = null;
try
{
- return new JAXBSource(getMarshaller(), element);
+ result = DocumentUtil.createDocument();
+
this.marshaller.marshal(this.objectFactory.createRequestSecurityToken(request.getDelegate()),
result);
+
+ // insert the original target in the appropriate element.
+ if (targetElement != null)
+ {
+ Node node = null;
+ if (requestType.equalsIgnoreCase(WSTrustConstants.VALIDATE_REQUEST))
+ node = this.findNodeByNameNS(result, "ValidateTarget",
WSTrustConstants.BASE_NAMESPACE);
+ else if (requestType.equalsIgnoreCase(WSTrustConstants.RENEW_REQUEST))
+ node = this.findNodeByNameNS(result, "RenewTarget",
WSTrustConstants.BASE_NAMESPACE);
+ else if (requestType.equalsIgnoreCase(WSTrustConstants.CANCEL_REQUEST))
+ node = this.findNodeByNameNS(result, "CancelTarget",
WSTrustConstants.BASE_NAMESPACE);
+ node.appendChild(result.importNode(targetElement, true));
+ }
}
- catch (JAXBException je)
+ catch (Exception e)
{
- throw new RuntimeException("Failed to marshall security token
request", je);
+ throw new RuntimeException("Failed to marshall security token
request", e);
}
+
+ return new DOMSource(result);
}
/**
@@ -220,49 +265,92 @@
* Creates a {@code javax.xml.transform.Source} from the specified response object.
* </p>
*
- * @param response a {@code BaseRequestSecurityTokenResponse} representing the object
model of the security token
- * response.
+ * @param collection
+ * a {@code RequestSecurityTokenResponseCollection} representing the object
model of the security token
+ * response.
* @return the constructed {@code Source} instance.
*/
- public Source marshallRequestSecurityTokenResponse(BaseRequestSecurityTokenResponse
response)
+ public Source
marshallRequestSecurityTokenResponse(RequestSecurityTokenResponseCollection collection)
{
- JAXBElement<?> element = null;
- if (response instanceof RequestSecurityTokenResponse)
+ if (collection.getRequestSecurityTokenResponses().size() == 0)
+ throw new IllegalArgumentException("The response collection must contain at
least one response");
+
+ // if the response contains an issued token, we must preserve it from the JAXB
marshaling.
+ Element tokenElement = null;
+ RequestSecurityTokenResponse response =
collection.getRequestSecurityTokenResponses().get(0);
+ if (response.getRequestedSecurityToken() != null)
{
- RequestSecurityTokenResponse requestSecurityTokenResponse =
(RequestSecurityTokenResponse) response;
- element =
this.factory.createRequestSecurityTokenResponse(requestSecurityTokenResponse.getDelegate());
+ tokenElement = (Element) response.getRequestedSecurityToken().getAny();
+ // we don't want to marshall any token - it will be inserted in the DOM
document later.
+ response.getRequestedSecurityToken().setAny(null);
}
- else if (response instanceof RequestSecurityTokenResponseCollection)
- {
- RequestSecurityTokenResponseCollection collection =
(RequestSecurityTokenResponseCollection) response;
- element =
this.factory.createRequestSecurityTokenResponseCollection(collection.getDelegate());
- }
- else
- throw new RuntimeException("Failed to determine the type of the security
token response");
+ Document result = null;
try
{
- return new JAXBSource(getMarshaller(), element);
+ // marshall the response to a document and insert the issued token directly on
the document.
+ result = DocumentUtil.createDocument();
+
this.marshaller.marshal(this.objectFactory.createRequestSecurityTokenResponseCollection(collection
+ .getDelegate()), result);
+
+ // the document is a ws-trust template - we need to insert the token in the
appropriate element.
+ if (tokenElement != null)
+ {
+ Node node = this.findNodeByNameNS(result, "RequestedSecurityToken",
WSTrustConstants.BASE_NAMESPACE);
+ node.appendChild(result.importNode(tokenElement, true));
+ }
}
- catch (JAXBException je)
+ catch (Exception e)
{
- throw new RuntimeException("Failed to marshall security token
request", je);
+ throw new RuntimeException("Failed to marshall security token
response", e);
}
+ return new DOMSource(result);
}
-
- private Unmarshaller getUnmarshaller() throws JAXBException
+ /**
+ * <p>
+ * Finds in the specified document a node that matches the specified name and
namespace.
+ * </p>
+ *
+ * @param document
+ * the {@code Document} instance upon which the search is made.
+ * @param localName
+ * a {@code String} containing the local name of the searched node.
+ * @param namespace
+ * a {@code String} containing the namespace of the searched node.
+ * @return a {@code Node} representing the searched node. If more than one node is
found in the document, the first
+ * one will be returned. If no nodes were found according to the search
parameters, then {@code null} is
+ * returned.
+ */
+ private Node findNodeByNameNS(Document document, String localName, String namespace)
{
- if(unmarshaller == null)
- unmarshaller = JAXBUtil.getUnmarshaller(getPackage());
- return unmarshaller;
+ NodeList list = document.getElementsByTagNameNS(namespace, localName);
+ if (list == null || list.getLength() == 0)
+ // log("Unable to locate element " + localName + " with namespace
" + namespace);
+ return null;
+ return list.item(0);
}
- private Marshaller getMarshaller() throws JAXBException
+ /**
+ * <p>
+ * Searches the specified document for an element that represents a validate, renew,
or cancel target.
+ * </p>
+ *
+ * @param document
+ * the {@code Document} upon which the search is to be made.
+ * @return an {@code Element} representing the validate, renew, or cancel target.
+ */
+ private Element getValidateOrRenewOrCancelTarget(Document document)
{
- if(marshaller == null)
- marshaller = JAXBUtil.getMarshaller(getPackage());
- return marshaller;
+ Node target = this.findNodeByNameNS(document, "ValidateTarget",
WSTrustConstants.BASE_NAMESPACE);
+ if (target != null)
+ return (Element) target.getFirstChild();
+ target = this.findNodeByNameNS(document, "RenewTarget",
WSTrustConstants.BASE_NAMESPACE);
+ if (target != null)
+ return (Element) target.getFirstChild();
+ target = this.findNodeByNameNS(document, "CancelTarget",
WSTrustConstants.BASE_NAMESPACE);
+ if (target != null)
+ return (Element) target.getFirstChild();
+ return null;
}
-
}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -21,7 +21,6 @@
*/
package org.jboss.identity.federation.api.wstrust;
-import java.security.KeyPair;
import java.security.Principal;
import java.security.PublicKey;
@@ -44,8 +43,6 @@
// information supplied by the request handler.
private String tokenIssuer;
- private KeyPair stsKeyPair;
-
private PublicKey providerPublicKey;
private final Principal callerPrincipal;
@@ -102,30 +99,6 @@
/**
* <p>
- * Returns a reference to the {@code KeyPair} instance that holds the STS {@code
PrivateKey} and {@code PublicKey}.
- * </p>
- *
- * @return a reference to the STS {@code KeyPair}.
- */
- public KeyPair getSTSKeyPair()
- {
- return this.stsKeyPair;
- }
-
- /**
- * <p>
- * Sets the {@code KeyPair} instance that holds the STS {@code PrivateKey} and {@code
PublicKey}.
- * </p>
- *
- * @param stsKeyPair a reference to the {@code KeyPair} instance to be set.
- */
- public void setSTSKeyPair(KeyPair stsKeyPair)
- {
- this.stsKeyPair = stsKeyPair;
- }
-
- /**
- * <p>
* Obtains the {@code PublicKey} of the service provider that requires a security
token.
* </p>
*
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -21,18 +21,13 @@
*/
package org.jboss.identity.federation.api.wstrust.plugins.saml;
-import java.net.URI;
-import java.security.KeyPair;
import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.SignatureMethod;
import javax.xml.namespace.QName;
import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
-import org.jboss.identity.federation.api.util.XMLSignatureUtil;
import org.jboss.identity.federation.api.wstrust.SecurityToken;
import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider;
import org.jboss.identity.federation.api.wstrust.StandardSecurityToken;
@@ -40,7 +35,6 @@
import org.jboss.identity.federation.api.wstrust.WSTrustException;
import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext;
import org.jboss.identity.federation.api.wstrust.WSTrustUtil;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
import org.jboss.identity.federation.core.wstrust.Lifetime;
@@ -55,7 +49,6 @@
import org.jboss.identity.federation.ws.trust.StatusType;
import org.jboss.identity.federation.ws.trust.ValidateTargetType;
import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType;
-import org.w3c.dom.Document;
import org.w3c.dom.Element;
/**
@@ -86,7 +79,7 @@
public void issueToken(WSTrustRequestContext context) throws WSTrustException
{
// generate an id for the new assertion.
- String assertionID = IDGenerator.create("ID-");
+ String assertionID = IDGenerator.create("ID_");
// lifetime and audience restrictions.
Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
@@ -116,34 +109,18 @@
conditions, subject, null);
// convert the constructed assertion to element.
- Document document = null;
+ Element assertionElement = null;
try
{
- document = SAMLUtil.toDocument(assertion);
+ assertionElement = SAMLUtil.toElement(assertion);
}
catch (Exception e)
{
throw new WSTrustException("Failed to marshall SAMLV2 assertion", e);
}
- // sign the generated SAML assertion.
- KeyPair keyPair = context.getSTSKeyPair();
- if (keyPair != null)
- {
- URI signatureURI = context.getRequestSecurityToken().getSignatureAlgorithm();
- String signatureMethod = signatureURI != null ? signatureURI.toString() :
SignatureMethod.RSA_SHA1;
- try
- {
- XMLSignatureUtil.sign(document, keyPair, DigestMethod.SHA1, signatureMethod,
"#" + assertionID);
- }
- catch (Exception e)
- {
- throw new WSTrustException("Failed to sign SAMLV2 assertion", e);
- }
- }
-
SecurityToken token = new
StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(),
- document.getDocumentElement(), assertionID);
+ assertionElement, assertionID);
context.setSecurityToken(token);
// set the SAML assertion attached reference.
@@ -187,35 +164,17 @@
}
else
{
- AssertionType assertion = null;
-
- // validate the SAML assertion digital signature.
- KeyPair keyPair = context.getSTSKeyPair();
+ // check the assertion lifetime.
try
{
- assertion = SAMLUtil.fromDocument(assertionElement.getOwnerDocument());
- if(!XMLSignatureUtil.validate(SAMLUtil.toDocument(assertion),
keyPair.getPublic()))
- {
- code = WSTrustConstants.STATUS_CODE_INVALID;
- reason = "Validation failure: digital signature is invalid";
- }
- }
- catch (Exception e)
- {
- code = WSTrustConstants.STATUS_CODE_INVALID;
- reason = "Validation failure: unable to verify digital signature: "
+ e.getMessage();
- }
-
- // if the signature is valid, check the lifetime.
- try
- {
+ AssertionType assertion = SAMLUtil.fromElement(assertionElement);
if(AssertionUtil.hasExpired(assertion))
{
code = WSTrustConstants.STATUS_CODE_INVALID;
reason = "Validation failure: assertion expired or used before its
lifetime period";
}
}
- catch(ConfigurationException ce)
+ catch(Exception ce)
{
code = WSTrustConstants.STATUS_CODE_INVALID;
reason = "Validation failure: unable to verify assertion lifetime:
" + ce.getMessage();
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -27,15 +27,13 @@
import javax.xml.bind.Unmarshaller;
import javax.xml.transform.dom.DOMResult;
-import org.jboss.identity.federation.api.wstrust.WSTrustConstants;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.util.JAXBUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
-import com.sun.xml.bind.marshaller.NamespacePrefixMapper;
-
/**
* <p>
* This class contains utility methods and constants that are used by the SAML token
providers.
@@ -54,37 +52,39 @@
/**
* <p>
- * Utility method that marshals the specified {@code AssertionType} object into a
{@code Document} instance.
+ * Utility method that marshals the specified {@code AssertionType} object into an
{@code Element} instance.
* </p>
*
- * @param assertion an {@code AssertionType} object representing the SAML assertion to
be marshaled.
- * @return a reference to the {@code Document} that contains the marshaled SAML
assertion.
- * @throws Exception if an error occurs while marshaling the assertion.
+ * @param assertion
+ * an {@code AssertionType} object representing the SAML assertion to be
marshaled.
+ * @return a reference to the {@code Element} that contains the marshaled SAML
assertion.
+ * @throws Exception
+ * if an error occurs while marshaling the assertion.
*/
- public static Document toDocument(AssertionType assertion) throws Exception
+ public static Element toElement(AssertionType assertion) throws Exception
{
- Document document = DocumentUtil.createDocument();
+ Document document = DocumentUtil.createDocument();
DOMResult result = new DOMResult(document);
Marshaller marshaller =
JAXBUtil.getMarshaller("org.jboss.identity.federation.saml.v2.assertion");
- marshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper", new
DefaultPrefixMapper());
marshaller.marshal(new ObjectFactory().createAssertion(assertion), result);
- return document;
+ return document.getDocumentElement();
}
/**
* <p>
- * Utility method that unmarshals the specified {@code Document} into an {@code
AssertionType} instance.
+ * Utility method that unmarshals the specified {@code Element} into an {@code
AssertionType} instance.
* </p>
*
- * @param document the {@code Document} that contains a marshaled SAMLV2.0 Assertion.
+ * @param assertionElement
+ * the {@code Element} that contains the marshaled SAMLV2.0 assertion.
* @return a reference to the unmarshaled {@code AssertionType} instance.
- * @throws JAXBException if an error occurs while unmarshaling the document.
+ * @throws JAXBException if an error occurs while unmarshalling the document.
*/
- public static AssertionType fromDocument(Document document) throws JAXBException
- {
+ public static AssertionType fromElement(Element assertionElement) throws
JAXBException
+ {
Unmarshaller unmarshaller =
JAXBUtil.getUnmarshaller("org.jboss.identity.federation.saml.v2.assertion");
- Object object = unmarshaller.unmarshal(document);
+ Object object = unmarshaller.unmarshal(assertionElement);
if (object instanceof AssertionType)
return (AssertionType) object;
else if (object instanceof JAXBElement)
@@ -95,35 +95,4 @@
}
throw new IllegalArgumentException("Supplied document does not contain a
SAMLV2.0 Assertion");
}
-
- /**
- * <p>
- * A {@code NamespacePrefixMapper} implementation that maps the most used namespaces
to commonly used prefixes.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan
Guilhen</a>
- */
- static class DefaultPrefixMapper extends NamespacePrefixMapper
- {
- @Override
- public String getPreferredPrefix(String namespaceURI, String suggestion, boolean
requirePrefix)
- {
- if (WSTrustConstants.WSA_NS.equals(namespaceURI))
- return "wsa";
- else if (WSTrustConstants.WSU_NS.equals(namespaceURI))
- return "wsu";
- else if (WSTrustConstants.WSSE_NS.equals(namespaceURI))
- return "wsse";
- else if (WSTrustConstants.WSSE11_NS.equals(namespaceURI))
- return "wsse11";
- else if (WSTrustConstants.XENC_NS.equals(namespaceURI))
- return "xenc";
- else if (WSTrustConstants.DSIG_NS.equals(namespaceURI))
- return "ds";
- else if (WSTrustConstants.SAML2_ASSERTION_NS.equals(namespaceURI))
- return "saml2";
- else
- return null;
- }
- }
}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -45,13 +45,22 @@
*
* @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getEncryptIssuedToken()
*/
- public boolean getEncryptIssuedToken()
+ public boolean encryptIssuedToken()
{
return false;
}
/*
* (non-Javadoc)
+ * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#signIssuedToken()
+ */
+ public boolean signIssuedToken()
+ {
+ return true;
+ }
+
+ /*
+ * (non-Javadoc)
*
* @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getIssuedTokenTimeout()
*/
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -21,13 +21,8 @@
*/
package org.jboss.test.identity.federation.api.wstrust;
-import java.io.InputStream;
import java.net.URI;
-import java.security.KeyPair;
-import java.security.KeyStore;
import java.security.Principal;
-import java.security.PrivateKey;
-import java.security.PublicKey;
import java.util.GregorianCalendar;
import javax.xml.bind.JAXBContext;
@@ -85,7 +80,6 @@
WSTrustRequestContext context = new WSTrustRequestContext(request, new
TestPrincipal("sguilhen"));
context.setTokenIssuer("JBossSTS");
- context.setSTSKeyPair(this.getKeyPair("keystore/sts_keystore.jks",
"testpass", "sts", "keypass"));
// call the SAML token provider and check the generated token.
new SAML20TokenProvider().issueToken(context);
@@ -100,7 +94,7 @@
AssertionType assertion = (AssertionType) parsedElement.getValue();
StandardSecurityToken securityToken = (StandardSecurityToken)
context.getSecurityToken();
- assertEquals("Unexpected token id", securityToken.getTokenId(),
assertion.getID());
+ assertEquals("Unexpected token id", securityToken.getTokenID(),
assertion.getID());
assertEquals("Unexpected token issuer", "JBossSTS",
assertion.getIssuer().getValue());
// check the contents of the assertion conditions.
@@ -133,9 +127,6 @@
SubjectConfirmationType confirmation = (SubjectConfirmationType)
content.getValue();
assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_BEARER_URI,
confirmation.getMethod());
- // verify if the assertion has been signed.
- assertNotNull("Assertion should have been signed",
assertion.getSignature());
-
// validate the attached token reference created by the SAML provider.
RequestedReferenceType reference = context.getAttachedReference();
assertNotNull("Unexpected null attached reference", reference);
@@ -179,14 +170,6 @@
assertEquals("Unexpected status code",
WSTrustConstants.STATUS_CODE_VALID, status.getCode());
assertEquals("Unexpected status reason", "SAMLV2.0 Assertion
successfuly validated", status.getReason());
- // now let's temper the assertion and try to validate it again.
- assertion.getFirstChild().getFirstChild().setNodeValue("Tempered
Issuer");
- provider.validateToken(context);
- status = context.getStatus();
- assertNotNull("Unexpected null status type", status);
- assertEquals("Unexpected status code",
WSTrustConstants.STATUS_CODE_INVALID, status.getCode());
- assertEquals("Unexpected status reason", "Validation failure:
digital signature is invalid", status.getReason());
-
// now let's create a new SAMLV2.0 assertion with an expired lifetime.
long currentTimeMillis = System.currentTimeMillis();
GregorianCalendar created = new GregorianCalendar();
@@ -210,30 +193,6 @@
/**
* <p>
- * Utility method that retrieves the signing key and corresponding public key from the
specified keystore.
- * </p>
- *
- * @param keyStoreFile a {@code String} representing the keystore file path.
- * @param keyStorePass a {@code String} representing the keystore password.
- * @param signingKeyAlias a {@code String} representing the alias of the private key.
- * @param signingKeyPass a {@code String} representing the password that protects the
private key.
- *
- * @return a {@code KeyPair} instance containing the retrieved private and public
keys.
- */
- private KeyPair getKeyPair(String keyStoreFile, String keyStorePass, String
signingKeyAlias, String signingKeyPass)
- throws Exception
- {
- InputStream stream =
Thread.currentThread().getContextClassLoader().getResourceAsStream(keyStoreFile);
- KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
- keyStore.load(stream, keyStorePass.toCharArray());
-
- PrivateKey privateKey = (PrivateKey) keyStore.getKey(signingKeyAlias,
signingKeyPass.toCharArray());
- PublicKey publicKey = keyStore.getCertificate(signingKeyAlias).getPublicKey();
- return new KeyPair(publicKey, privateKey);
- }
-
- /**
- * <p>
* Creates a {@code WSTrustRequestContext} using the specified lifetime. The created
context is used in the issuing
* test scenarios.
* </p>
@@ -252,9 +211,7 @@
request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
WSTrustRequestContext context = new WSTrustRequestContext(request, new
TestPrincipal("sguilhen"));
- KeyPair keyPair = this.getKeyPair("keystore/sts_keystore.jks",
"testpass", "sts", "keypass");
context.setTokenIssuer("JBossSTS");
- context.setSTSKeyPair(keyPair);
return context;
}
@@ -278,8 +235,6 @@
request.setValidateTarget(validateTarget);
WSTrustRequestContext context = new WSTrustRequestContext(request, new
TestPrincipal("sguilhen"));
- KeyPair keyPair = this.getKeyPair("keystore/sts_keystore.jks",
"testpass", "sts", "keypass");
- context.setSTSKeyPair(keyPair);
return context;
}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java 2009-06-24
14:33:53 UTC (rev 630)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java 2009-06-24
21:18:18 UTC (rev 631)
@@ -23,21 +23,19 @@
import java.net.URI;
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.util.JAXBSource;
import javax.xml.transform.Source;
+import javax.xml.transform.dom.DOMSource;
import junit.framework.TestCase;
import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken;
import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse;
import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenCollection;
import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
import
org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
-import org.jboss.identity.federation.ws.trust.ObjectFactory;
+import org.w3c.dom.Document;
/**
* <p>
@@ -49,45 +47,23 @@
public class WSTrustJAXBFactoryUnitTestCase extends TestCase
{
- private JAXBContext context;
-
- /*
- * (non-Javadoc)
- *
- * @see junit.framework.TestCase#setUp()
- */
- @Override
- protected void setUp() throws Exception
- {
- StringBuffer packages = new StringBuffer();
- packages.append("org.jboss.identity.federation.ws.addressing");
- packages.append(":org.jboss.identity.federation.ws.policy");
- packages.append(":org.jboss.identity.federation.ws.trust");
- packages.append(":org.jboss.identity.federation.ws.wss.secext");
- packages.append(":org.jboss.identity.federation.ws.wss.utility");
- this.context = JAXBContext.newInstance(packages.toString());
- }
-
/**
* <p>
* Tests parsing a WS-Trust request message.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
public void testParseRequestSecurityToken() throws Exception
{
- // create a sample ws-trust request.
- RequestSecurityToken request = new RequestSecurityToken();
- request.setContext("testcontext");
- request.setTokenType(new
URI("http://example.org/specialToken"));
- request.setRequestType(new
URI("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"));
+ // load a sample ws-trust request from a test file.
+ Document document = DocumentUtil
+
.getDocument(this.getClass().getResourceAsStream("/wstrust/ws-trust-request.xml"));
// encapsulate the request in a source object.
- ObjectFactory objectFactory = new ObjectFactory();
- JAXBElement<?> element =
objectFactory.createRequestSecurityToken(request.getDelegate());
- JAXBSource source = new JAXBSource(this.context, element);
-
+ Source source = new DOMSource(document);
+
// parse the request using the WSTrustJAXBFactory.
WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
BaseRequestSecurityToken baseRequest = factory.parseRequestSecurityToken(source);
@@ -97,22 +73,9 @@
assertTrue("Unexpected request message type", baseRequest instanceof
RequestSecurityToken);
RequestSecurityToken parsedRequest = (RequestSecurityToken) baseRequest;
assertEquals("Unexpected context name", "testcontext",
parsedRequest.getContext());
- assertEquals("Unexpected token type",
"http://example.org/specialToken", parsedRequest.getTokenType().toString());
+ assertEquals("Unexpected token type",
"http://www.tokens.org/SpecialToken", parsedRequest.getTokenType().toString());
assertEquals("Unexpected request type",
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue", parsedRequest
.getRequestType().toString());
-
- // repeat the test, this time using a request collection instead of a single
request.
- RequestSecurityTokenCollection collection = new RequestSecurityTokenCollection();
- collection.addRequestSecurityToken(request);
- element =
objectFactory.createRequestSecurityTokenCollection(collection.getDelegate());
- source = new JAXBSource(this.context, element);
-
- baseRequest = factory.parseRequestSecurityToken(source);
- assertNotNull("Unexpected null request message", baseRequest);
- assertTrue("Unexpected request message type", baseRequest instanceof
RequestSecurityTokenCollection);
- RequestSecurityTokenCollection parsedCollection = (RequestSecurityTokenCollection)
baseRequest;
- assertNotNull("Unexpected null request list",
parsedCollection.getRequestSecurityTokens());
- assertEquals("Unexpected number of requests", 1,
parsedCollection.getRequestSecurityTokens().size());
}
/**
@@ -120,20 +83,17 @@
* Tests parsing a WS-Trust response message.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
public void testParseRequestSecurityTokenResponse() throws Exception
{
- // create a sample ws-trust response message.
- RequestSecurityTokenResponse response = new RequestSecurityTokenResponse();
- response.setContext("testcontext");
- response.setTokenType(new
URI("http://example.org/specialToken"));
- response.setForwardable(false);
+ // load a ws-trust response from a file.
+ Document document = DocumentUtil.getDocument(this.getClass()
+ .getResourceAsStream("/wstrust/ws-trust-response.xml"));
// encapsulate the response in a source object.
- ObjectFactory objectFactory = new ObjectFactory();
- JAXBElement<?> element =
objectFactory.createRequestSecurityTokenResponse(response.getDelegate());
- JAXBSource source = new JAXBSource(this.context, element);
+ Source source = new DOMSource(document);
// parse the response using the WSTrustJAXBFactory.
WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
@@ -141,24 +101,16 @@
assertNotNull("Unexpected null response message", baseResponse);
// check the contents of the parsed response.
- assertTrue("Unexpected response message type", baseResponse instanceof
RequestSecurityTokenResponse);
- RequestSecurityTokenResponse parsedResponse = (RequestSecurityTokenResponse)
baseResponse;
- assertEquals("Unexpected context name", "testcontext",
parsedResponse.getContext());
- assertEquals("Unexpected token type",
"http://example.org/specialToken", parsedResponse.getTokenType().toString());
- assertFalse(parsedResponse.isForwardable());
-
- // repeat the test, this time using a response collection instead of a single
response.
- RequestSecurityTokenResponseCollection collection = new
RequestSecurityTokenResponseCollection();
- collection.addRequestSecurityTokenResponse(response);
- element =
objectFactory.createRequestSecurityTokenResponseCollection(collection.getDelegate());
- source = new JAXBSource(this.context, element);
-
- baseResponse = factory.parseRequestSecurityTokenResponse(source);
- assertNotNull("Unexpected null response message", baseResponse);
assertTrue("Unexpected response message type", baseResponse instanceof
RequestSecurityTokenResponseCollection);
RequestSecurityTokenResponseCollection parsedCollection =
(RequestSecurityTokenResponseCollection) baseResponse;
assertNotNull("Unexpected null response list",
parsedCollection.getRequestSecurityTokenResponses());
assertEquals("Unexpected number of responses", 1,
parsedCollection.getRequestSecurityTokenResponses().size());
+
+ RequestSecurityTokenResponse parsedResponse =
parsedCollection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected context name", "testcontext",
parsedResponse.getContext());
+ assertEquals("Unexpected token type",
"http://www.tokens.org/SpecialToken", parsedResponse.getTokenType()
+ .toString());
+ assertFalse(parsedResponse.isForwardable());
}
/**
@@ -166,21 +118,22 @@
* Tests the marshalling of a WS-Trust request.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
public void testMarshallRequestSecurityToken() throws Exception
{
// create a request object.
RequestSecurityToken request = new RequestSecurityToken();
request.setContext("testcontext");
- request.setTokenType(new
URI("http://example.org/specialToken"));
+ request.setTokenType(new
URI("http://www.tokens.org/SpecialToken"));
request.setRequestType(new
URI("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"));
// use the factory to marshall the request.
WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
Source source = factory.marshallRequestSecurityToken(request);
assertNotNull("Unexpected null source", source);
- assertTrue("Unexpected source type", source instanceof JAXBSource);
+ assertTrue("Unexpected source type", source instanceof DOMSource);
// at this point we know that the parsing works, so parse the generated source and
compare to the original request.
BaseRequestSecurityToken baseRequest = factory.parseRequestSecurityToken(source);
@@ -190,64 +143,44 @@
assertEquals("Unexpected context value", request.getContext(),
parsedRequest.getContext());
assertTrue("Unexpected token type",
request.getTokenType().equals(parsedRequest.getTokenType()));
assertTrue("Unexpected request type",
request.getRequestType().equals(parsedRequest.getRequestType()));
-
- // repeat the test, now using a collection of requests.
- RequestSecurityTokenCollection collection = new RequestSecurityTokenCollection();
- collection.addRequestSecurityToken(request);
- source = factory.marshallRequestSecurityToken(collection);
- assertNotNull("Unexpected null source", source);
- assertTrue("Unexpected source type", source instanceof JAXBSource);
-
- baseRequest = factory.parseRequestSecurityToken(source);
- assertNotNull("Unexpected null value for the parsed request",
baseRequest);
- assertTrue("Unexpected parsed request type", baseRequest instanceof
RequestSecurityTokenCollection);
- RequestSecurityTokenCollection parsedCollection = (RequestSecurityTokenCollection)
baseRequest;
- assertNotNull("Unexpected null request list",
parsedCollection.getRequestSecurityTokens());
- assertEquals("Unexpected number of requests", 1,
parsedCollection.getRequestSecurityTokens().size());
}
-
+
/**
* <p>
* Tests the marshalling of a WS-Trust response.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
public void testMarshallRequestSecurityTokenResponse() throws Exception
{
// create a sample ws-trust response message.
RequestSecurityTokenResponse response = new RequestSecurityTokenResponse();
response.setContext("testcontext");
- response.setTokenType(new
URI("http://example.org/specialToken"));
+ response.setTokenType(new
URI("http://www.tokens.org/SpecialToken"));
response.setForwardable(false);
+ RequestSecurityTokenResponseCollection collection = new
RequestSecurityTokenResponseCollection();
+ collection.addRequestSecurityTokenResponse(response);
+
// use the factory to marshall the response.
WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
- Source source = factory.marshallRequestSecurityTokenResponse(response);
+ Source source = factory.marshallRequestSecurityTokenResponse(collection);
assertNotNull("Unexpected null source", source);
- assertTrue("Unexpected source type", source instanceof JAXBSource);
-
+ assertTrue("Unexpected source type", source instanceof DOMSource);
+
// at this point we know that the parsing works, so parse the generated source and
compare to the original response.
BaseRequestSecurityTokenResponse baseResponse =
factory.parseRequestSecurityTokenResponse(source);
assertNotNull("Unexpected null value for the parsed response",
baseResponse);
- assertTrue("Unexpected parsed response type", baseResponse instanceof
RequestSecurityTokenResponse);
- RequestSecurityTokenResponse parsedResponse = (RequestSecurityTokenResponse)
baseResponse;
- assertEquals("Unexpected context value", response.getContext(),
parsedResponse.getContext());
- assertTrue("Unexpected token type",
response.getTokenType().equals(parsedResponse.getTokenType()));
- assertFalse(parsedResponse.isForwardable());
-
- // repeat the test, now using a collection of responses.
- RequestSecurityTokenResponseCollection collection = new
RequestSecurityTokenResponseCollection();
- collection.addRequestSecurityTokenResponse(response);
- source = factory.marshallRequestSecurityTokenResponse(collection);
- assertNotNull("Unexpected null source", source);
- assertTrue("Unexpected source type", source instanceof JAXBSource);
-
- baseResponse = factory.parseRequestSecurityTokenResponse(source);
- assertNotNull("Unexpected null value for the parsed response",
baseResponse);
assertTrue("Unexpected parsed request type", baseResponse instanceof
RequestSecurityTokenResponseCollection);
RequestSecurityTokenResponseCollection parsedCollection =
(RequestSecurityTokenResponseCollection) baseResponse;
assertNotNull("Unexpected null response list",
parsedCollection.getRequestSecurityTokenResponses());
assertEquals("Unexpected number of responses", 1,
parsedCollection.getRequestSecurityTokenResponses().size());
+
+ RequestSecurityTokenResponse parsedResponse =
parsedCollection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected context value", response.getContext(),
parsedResponse.getContext());
+ assertTrue("Unexpected token type",
response.getTokenType().equals(parsedResponse.getTokenType()));
+ assertFalse(parsedResponse.isForwardable());
}
}
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/keystore/sts_keystore.jks
===================================================================
(Binary files differ)
Added:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-request.xml
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-request.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-request.xml 2009-06-24
21:18:18 UTC (rev 631)
@@ -0,0 +1,4 @@
+<wst:RequestSecurityToken
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
Context="testcontext">
+ <
wst:TokenType>http://www.tokens.org/SpecialToken</wst:TokenType>
+
<
wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue...
+</wst:RequestSecurityToken>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-response.xml
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-response.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-response.xml 2009-06-24
21:18:18 UTC (rev 631)
@@ -0,0 +1,7 @@
+<wst:RequestSecurityTokenResponseCollection
+
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/">
+ <wst:RequestSecurityTokenResponse Context="testcontext">
+ <
wst:TokenType>http://www.tokens.org/SpecialToken</wst:TokenType>
+ <wst:Forwardable>false</wst:Forwardable>
+ </wst:RequestSecurityTokenResponse>
+</wst:RequestSecurityTokenResponseCollection>
Property changes on: identity-federation/trunk/jboss-identity-webapps/circleoftrust
___________________________________________________________________
Name: svn:ignore
- target
.metadata
.classpath
target-eclipse
.settings
+ .classpath
.project
.metadata
.settings
target
target-eclipse
Property changes on: identity-federation/trunk/jboss-identity-webapps/employee
___________________________________________________________________
Name: svn:ignore
- target
.metadata
.classpath
target-eclipse
.settings
+ .classpath
.project
.metadata
.settings
target
target-eclipse
Property changes on: identity-federation/trunk/jboss-identity-webapps/idp
___________________________________________________________________
Name: svn:ignore
- target
.metadata
.classpath
target-eclipse
.settings
+ .classpath
.project
.metadata
.settings
target
target-eclipse
Property changes on: identity-federation/trunk/jboss-identity-webapps/metadata
___________________________________________________________________
Name: svn:ignore
- target
.metadata
.classpath
target-eclipse
.settings
+ .classpath
.project
.metadata
.settings
target
target-eclipse
Property changes on: identity-federation/trunk/jboss-identity-webapps/sales
___________________________________________________________________
Name: svn:ignore
- target
.metadata
.classpath
target-eclipse
.settings
+ .classpath
.project
.metadata
.settings
target
target-eclipse
Modified: identity-federation/trunk/parent/pom.xml
===================================================================
--- identity-federation/trunk/parent/pom.xml 2009-06-24 14:33:53 UTC (rev 630)
+++ identity-federation/trunk/parent/pom.xml 2009-06-24 21:18:18 UTC (rev 631)
@@ -134,7 +134,7 @@
<dependency>
<groupId>org.jboss.security</groupId>
<artifactId>jbossxacml</artifactId>
- <version>2.0.3</version>
+ <version>2.0.3.SP2</version>
</dependency>
</dependencies>
</dependencyManagement>