Author: anil.saldhana(a)jboss.com Date: 2009-05-22 18:35:06 -0400 (Fri, 22 May 2009) New Revision: 510 Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/CircleOfTrustServlet.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java Log: Circle of trust changes Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java 2009-05-22 22:34:41 UTC (rev 509) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java 2009-05-22 22:35:06 UTC (rev 510) @@ -62,21 +62,23 @@ * @throws Exception */ PrivateKey getSigningKey() throws Exception; - + /** - * Get the Public Key corresponding to the signing key + * Get the certificate given an alias + * @param alias * @return * @throws Exception */ - PublicKey getPublicKeyForSignature() throws Exception; - + Certificate getCertificate(String alias) throws Exception; + /** - * Get the certificate associated with the signing key + * Get a Public Key given an alias + * @param alias * @return * @throws Exception */ - Certificate getCertificateForSignature() throws Exception; - + PublicKey getPublicKey(String alias) throws Exception; + /** * Given a domain, obtain a secret key * @see {@code EncryptionKeyUtil} Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/CircleOfTrustServlet.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/CircleOfTrustServlet.java 2009-05-22 22:34:41 UTC (rev 509) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/CircleOfTrustServlet.java 2009-05-22 22:35:06 UTC (rev 510) @@ -105,7 +105,48 @@ throw new ServletException(e); } } + if("display_trusted_providers".equalsIgnoreCase(action)) + { + try + { + displayTrustedProvidersForSP(req,resp); + req.getRequestDispatcher("/spTrustedProviders.jsp").forward(req, resp); + } + catch (Exception e) + { + throw new ServletException(e); + } + } } + else + //IDP + if("idp".equalsIgnoreCase(type)) + { + if("add".equalsIgnoreCase(action)) + { + try + { + addSP(req,resp); + req.getRequestDispatcher("/addedSP.jsp").forward(req, resp); + } + catch (Exception e) + { + throw new ServletException(e); + } + } + if("display_trusted_providers".equalsIgnoreCase(action)) + { + try + { + displayTrustedProvidersForIDP(req,resp); + req.getRequestDispatcher("/idpTrustedProviders.jsp").forward(req, resp); + } + catch (Exception e) + { + throw new ServletException(e); + } + } + } } private void addIDP(HttpServletRequest request, HttpServletResponse response) throws Exception @@ -113,19 +154,9 @@ String spName = request.getParameter("spname"); String idpName = request.getParameter("idpname"); String metadataURL = request.getParameter("metadataURL"); - InputStream is = null; - - URL md = new URL(metadataURL); - HttpURLConnection http = (HttpURLConnection) md.openConnection(); - http.setInstanceFollowRedirects(true); - is = http.getInputStream(); - - Unmarshaller un = MetaDataBuilder.getUnmarshaller(); - JAXBElement<?> j = (JAXBElement<?>) un.unmarshal(is); - Object obj = j.getValue(); - if(obj instanceof EntityDescriptorType == false) - throw new RuntimeException("Unsupported type:"+ obj.getClass()); - EntityDescriptorType edt = (EntityDescriptorType) obj; + + EntityDescriptorType edt = getMetaData(metadataURL); + configProvider.persist(edt, idpName); HttpSession httpSession = request.getSession(); @@ -135,7 +166,7 @@ Map<String,String> trustedProviders = new HashMap<String, String>(); try { - configProvider.loadTrustedProviders(spName); + trustedProviders = configProvider.loadTrustedProviders(spName); } catch(Exception e) { @@ -147,4 +178,74 @@ configProvider.persistTrustedProviders(spName, trustedProviders); } } + + private void addSP(HttpServletRequest request, HttpServletResponse response) throws Exception + { + String idpName = request.getParameter("idpname"); + String spName = request.getParameter("spname"); + String metadataURL = request.getParameter("metadataURL"); + + EntityDescriptorType edt = getMetaData(metadataURL); + configProvider.persist(edt, spName); + + HttpSession httpSession = request.getSession(); + httpSession.setAttribute("sp", edt); + + //Let us add the trusted providers + Map<String,String> trustedProviders = new HashMap<String, String>(); + try + { + trustedProviders = configProvider.loadTrustedProviders(spName); + } + catch(Exception e) + { + log("Error obtaining the trusted providers for "+spName); + } + finally + { + trustedProviders.put(spName, metadataURL); + configProvider.persistTrustedProviders(idpName, trustedProviders); + } + } + + + private EntityDescriptorType getMetaData(String metadataURL) throws Exception + { + InputStream is; + URL md = new URL(metadataURL); + HttpURLConnection http = (HttpURLConnection) md.openConnection(); + http.setInstanceFollowRedirects(true); + is = http.getInputStream(); + + Unmarshaller un = MetaDataBuilder.getUnmarshaller(); + JAXBElement<?> j = (JAXBElement<?>) un.unmarshal(is); + Object obj = j.getValue(); + if(obj instanceof EntityDescriptorType == false) + throw new RuntimeException("Unsupported type:"+ obj.getClass()); + EntityDescriptorType edt = (EntityDescriptorType) obj; + return edt; + } + + private void displayTrustedProvidersForIDP(HttpServletRequest request, HttpServletResponse response) throws Exception + { + String idpName = request.getParameter("name"); + + Map<String, String> trustedProviders = configProvider.loadTrustedProviders(idpName); + + HttpSession httpSession = request.getSession(); + httpSession.setAttribute("idpName", idpName); + httpSession.setAttribute("providers", trustedProviders); + } + + private void displayTrustedProvidersForSP(HttpServletRequest request, HttpServletResponse response) throws Exception + { + String spName = request.getParameter("name"); + + Map<String, String> trustedProviders = configProvider.loadTrustedProviders(spName); + + HttpSession httpSession = request.getSession(); + httpSession.setAttribute("spName", spName); + httpSession.setAttribute("providers", trustedProviders); + } + } \ No newline at end of file Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java 2009-05-22 22:34:41 UTC (rev 509) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/MetadataServlet.java 2009-05-22 22:35:06 UTC (rev 510) @@ -50,6 +50,7 @@ import org.jboss.identity.federation.bindings.providers.IMetadataProvider; import org.jboss.identity.federation.bindings.util.ValveUtil; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLConstants; +import org.jboss.identity.federation.core.util.XMLEncryptionUtil; import org.jboss.identity.federation.saml.v2.metadata.EntityDescriptorType; import org.jboss.identity.federation.saml.v2.metadata.KeyDescriptorType; import org.jboss.identity.federation.saml.v2.metadata.RoleDescriptorType; @@ -138,7 +139,7 @@ this.keyManager = (TrustKeyManager) clazz.newInstance(); keyManager.setAuthProperties(keyProvider.getAuth()); - Certificate cert = keyManager.getCertificateForSignature(); + Certificate cert = keyManager.getCertificate(signingAlias); KeyInfoType keyInfo = KeyUtil.getKeyInfo(cert); //TODO: Assume just signing key for now @@ -146,6 +147,18 @@ null, 0, true, false); updateKeyDescriptor(metadata, keyDescriptor); + + //encryption + if(this.encryptingAlias != null) + { + cert = keyManager.getCertificate(encryptingAlias); + keyInfo = KeyUtil.getKeyInfo(cert); + String certAlgo = cert.getPublicKey().getAlgorithm(); + keyDescriptor = KeyDescriptorMetaDataBuilder.createKeyDescriptor(keyInfo, + XMLEncryptionUtil.getEncryptionURL(certAlgo), + XMLEncryptionUtil.getEncryptionKeySize(certAlgo), false, true); + updateKeyDescriptor(metadata, keyDescriptor); + } } catch(Exception e) { Modified: identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java =================================================================== --- identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-05-22 22:34:41 UTC (rev 509) +++ identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-05-22 22:35:06 UTC (rev 510) @@ -87,29 +87,31 @@ return (PrivateKey) ks.getKey(this.signingAlias, this.signingKeyPass); } - /** - * @see TrustKeyManager#getPublicKeyForSignature() + * @see TrustKeyManager#getCertificate(String) */ - public PublicKey getPublicKeyForSignature() throws Exception + public Certificate getCertificate(String alias) throws Exception { if(ks == null) this.setUpKeyStore(); if(ks == null) throw new IllegalStateException("KeyStore is null"); - return ks.getCertificate(signingAlias).getPublicKey(); - } - - public Certificate getCertificateForSignature() throws Exception + return ks.getCertificate(alias); + } + + /** + * @see TrustKeyManager#getPublicKey(String) + */ + public PublicKey getPublicKey(String alias) throws Exception { if(ks == null) this.setUpKeyStore(); if(ks == null) throw new IllegalStateException("KeyStore is null"); - return ks.getCertificate(signingAlias); - } + return ks.getCertificate(alias).getPublicKey(); + } /** * @see TrustKeyManager#getValidatingKey(String)