Author: anil.saldhana(a)jboss.com
Date: 2009-08-29 03:09:51 -0400 (Sat, 29 Aug 2009)
New Revision: 752
Added:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/KeyStoreUtil.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxrpc.jar
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxws-ext.jar
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxws.jar
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-saaj.jar
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/keystore/sts_keystore.jks
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/log4j.xml
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/jboss-wsse-client.xml
Modified:
identity-federation/trunk/jboss-identity-fed-api/pom.xml
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
Log:
JBID-157: ws-t client
Modified: identity-federation/trunk/jboss-identity-fed-api/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/pom.xml 2009-08-29 07:08:02 UTC (rev
751)
+++ identity-federation/trunk/jboss-identity-fed-api/pom.xml 2009-08-29 07:09:51 UTC (rev
752)
@@ -99,6 +99,30 @@
<scope>test</scope>
</dependency>
<dependency>
+ <groupId>org.jboss.ws.native</groupId>
+ <artifactId>jbossws-native-client</artifactId>
+ <version>3.1.2.SP3</version>
+ <scope>test</scope>
+ <exclusions>
+ <exclusion>
+ <groupId>xml-apis</groupId>
+ <artifactId>xml-apis</artifactId>
+ </exclusion>
+ </exclusions>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jboss-common-core</artifactId>
+ <version>2.2.14.GA</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
+ <groupId>org.jboss</groupId>
+ <artifactId>jbossxb</artifactId>
+ <version>2.0.1.GA</version>
+ <scope>test</scope>
+ </dependency>
+ <dependency>
<groupId>junit</groupId>
<artifactId>junit</artifactId>
<scope>test</scope>
Added:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/KeyStoreUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/KeyStoreUtil.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/KeyStoreUtil.java 2009-08-29
07:09:51 UTC (rev 752)
@@ -0,0 +1,181 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.util;
+
+import java.io.File;
+import java.io.FileInputStream;
+import java.io.FileOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URL;
+import java.security.GeneralSecurityException;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.KeyStore;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.cert.Certificate;
+
+/**
+ * Utility to handle Java Keystore
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 12, 2009
+ */
+public class KeyStoreUtil
+{
+ /**
+ * Get the KeyStore
+ * @param keyStoreFile
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static KeyStore getKeyStore(File keyStoreFile, char[] storePass) throws
GeneralSecurityException, IOException
+ {
+ FileInputStream fis = new FileInputStream(keyStoreFile);
+ return getKeyStore(fis,storePass);
+ }
+
+ /**
+ * Get the Keystore given the url to the keystore file as a string
+ * @param fileURL
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static KeyStore getKeyStore(String fileURL, char[] storePass) throws
GeneralSecurityException, IOException
+ {
+ if(fileURL == null)
+ throw new IllegalArgumentException("fileURL is null");
+
+ File file = new File(fileURL);
+ FileInputStream fis = new FileInputStream(file);
+ return getKeyStore(fis,storePass);
+ }
+
+ /**
+ * Get the Keystore given the URL to the keystore
+ * @param url
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static KeyStore getKeyStore(URL url, char[] storePass) throws
GeneralSecurityException, IOException
+ {
+ if(url == null)
+ throw new IllegalArgumentException("url is null");
+
+ return getKeyStore(url.openStream(), storePass);
+ }
+
+ /**
+ * Get the Key Store
+ * <b>Note:</b> This method wants the InputStream to be not null.
+ * @param ksStream
+ * @param storePass
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ * @throws IllegalArgumentException if ksStream is null
+ */
+ public static KeyStore getKeyStore(InputStream ksStream, char[] storePass) throws
GeneralSecurityException, IOException
+ {
+ if(ksStream == null)
+ throw new IllegalArgumentException("InputStream for the KeyStore is
null");
+ KeyStore ks = KeyStore.getInstance(KeyStore.getDefaultType());
+ ks.load(ksStream, storePass);
+ return ks;
+ }
+
+ /**
+ * Generate a Key Pair
+ * @param algo (RSA, DSA etc)
+ * @return
+ * @throws GeneralSecurityException
+ */
+ public static KeyPair generateKeyPair(String algo) throws GeneralSecurityException
+ {
+ KeyPairGenerator kpg = KeyPairGenerator.getInstance(algo);
+ return kpg.genKeyPair();
+ }
+
+ /**
+ * Get the Public Key from the keystore
+ * @param ks
+ * @param alias
+ * @param password
+ * @return
+ * @throws GeneralSecurityException
+ */
+ public static PublicKey getPublicKey(KeyStore ks, String alias, char[] password)
throws KeyStoreException, NoSuchAlgorithmException, GeneralSecurityException
+ {
+ PublicKey publicKey = null;
+
+ // Get private key
+ Key key = ks.getKey(alias, password);
+ if (key instanceof PrivateKey)
+ {
+ // Get certificate of public key
+ Certificate cert = ks.getCertificate(alias);
+
+ // Get public key
+ publicKey = cert.getPublicKey();
+ }
+ // if alias is a certificate alias, get the public key from the certificate.
+ if(publicKey == null)
+ {
+ Certificate cert = ks.getCertificate(alias);
+ if(cert != null)
+ publicKey = cert.getPublicKey();
+ }
+ return publicKey;
+ }
+
+ /**
+ * Add a certificate to the KeyStore
+ * @param keystoreFile
+ * @param storePass
+ * @param alias
+ * @param cert
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static void addCertificate(File keystoreFile, char[] storePass, String alias,
Certificate cert)
+ throws GeneralSecurityException, IOException
+ {
+ KeyStore keystore = getKeyStore(keystoreFile, storePass);
+
+ // Add the certificate
+ keystore.setCertificateEntry(alias, cert);
+
+ // Save the new keystore contents
+ FileOutputStream out = new FileOutputStream(keystoreFile);
+ keystore.store(out, storePass);
+ out.close();
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java 2009-08-29
07:09:51 UTC (rev 752)
@@ -0,0 +1,240 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.wstrust;
+
+import java.net.URI;
+import java.util.Map;
+
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPBody;
+import javax.xml.soap.SOAPEnvelope;
+import javax.xml.soap.SOAPPart;
+import javax.xml.transform.Source;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Dispatch;
+import javax.xml.ws.Service;
+import javax.xml.ws.Service.Mode;
+import javax.xml.ws.soap.SOAPBinding;
+
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
+import
org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.ws.trust.RenewTargetType;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.jboss.identity.federation.ws.trust.ValidateTargetType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * WS-Trust Client
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 29, 2009
+ */
+public class WSTrustClient
+{
+ private ThreadLocal<Dispatch<Source>> dispatchLocal =
+ new InheritableThreadLocal<Dispatch<Source>>();
+
+ private String targetNS = "http://org.jboss.identity.trust/sts/";
+
+ public static class SecurityInfo
+ {
+ private String username;
+ private String passwd;
+
+ public SecurityInfo(String name, char[] pass)
+ {
+ username = name;
+ passwd = new String(pass);
+ }
+
+ public SecurityInfo(String name, String pass)
+ {
+ username = name;
+ passwd = pass;
+ }
+ }
+
+ public WSTrustClient(String serviceName, String port, String endpointURI,
+ SecurityInfo secInfo) throws ParsingException
+ {
+ QName service = new QName(targetNS, serviceName);
+ QName portName = new QName(targetNS, port);
+
+ Service jaxwsService = Service.create(service);
+ jaxwsService.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING, endpointURI);
+ Dispatch<Source> dispatch = jaxwsService.createDispatch(portName,
+ Source.class, Mode.PAYLOAD);
+
+ // add the username and password to the request context.
+ Map<String, Object> reqContext = dispatch.getRequestContext();
+ if(secInfo != null)
+ {
+ reqContext.put(BindingProvider.USERNAME_PROPERTY, secInfo.username);
+ reqContext.put(BindingProvider.PASSWORD_PROPERTY, secInfo.passwd);
+ }
+
+ dispatchLocal.set(dispatch);
+ }
+
+ public Element issueToken(String tokenType) throws WSTrustException
+ {
+ // create a custom token request message.
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setTokenType(URI.create(tokenType));
+ request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
+ request.setContext("context");
+
+ // send the token request to JBoss STS and get the response.
+ WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
+ DOMSource requestSource = (DOMSource)
jaxbFactory.marshallRequestSecurityToken(request);
+ Source response = dispatchLocal.get().invoke(requestSource);
+
+ Node documentNode = ((DOMSource) response).getNode();
+ Document responseDoc = documentNode instanceof Document ? (Document) documentNode :
documentNode.getOwnerDocument();
+
+
+ NodeList nodes;
+ try
+ {
+ Document myDocument = DocumentUtil.createDocument();
+ Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(),
true);
+ myDocument.appendChild(importedNode);
+
+ nodes = null;
+ if(responseDoc instanceof SOAPPart)
+ {
+ SOAPPart soapPart = (SOAPPart) responseDoc;
+ SOAPEnvelope env = soapPart.getEnvelope();
+ SOAPBody body = env.getBody();
+ Node data = body.getFirstChild();
+ nodes =
((Element)data).getElementsByTagName("RequestedSecurityToken");
+ }
+ else
+ nodes = responseDoc.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE,
"RequestedSecurityToken");
+ }
+ catch (Exception e)
+ {
+ throw new WSTrustException("Exception in issuing token:", e);
+ }
+
+ if(nodes == null)
+ throw new WSTrustException("NodeList is null");
+
+ Node rstr = nodes.item(0);
+
+ return (Element) rstr.getFirstChild();
+ }
+
+ public Element renewToken(String tokenType, Element token) throws WSTrustException
+ {
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setContext("context");
+
+ request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
+ request.setRequestType(URI.create(WSTrustConstants.RENEW_REQUEST));
+ RenewTargetType renewTarget = new RenewTargetType();
+ renewTarget.setAny(token);
+ request.setRenewTarget(renewTarget);
+
+ // send the token request to JBoss STS and get the response.
+ WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
+ DOMSource requestSource = (DOMSource)
jaxbFactory.marshallRequestSecurityToken(request);
+ Source response = dispatchLocal.get().invoke(requestSource);
+
+ Node documentNode = ((DOMSource) response).getNode();
+ Document responseDoc = documentNode instanceof Document ? (Document) documentNode :
documentNode.getOwnerDocument();
+
+
+ NodeList nodes;
+ try
+ {
+ Document myDocument = DocumentUtil.createDocument();
+ Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(),
true);
+ myDocument.appendChild(importedNode);
+
+ nodes = null;
+ if(responseDoc instanceof SOAPPart)
+ {
+ SOAPPart soapPart = (SOAPPart) responseDoc;
+ SOAPEnvelope env = soapPart.getEnvelope();
+ SOAPBody body = env.getBody();
+ Node data = body.getFirstChild();
+ nodes =
((Element)data).getElementsByTagName("RequestedSecurityToken");
+ }
+ else
+ nodes = responseDoc.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE,
"RequestedSecurityToken");
+ }
+ catch (Exception e)
+ {
+ throw new WSTrustException("Exception in renewing token:", e);
+ }
+
+ if(nodes == null)
+ throw new WSTrustException("NodeList is null");
+
+ Node rstr = nodes.item(0);
+
+ return (Element) rstr.getFirstChild();
+
+ }
+
+ public boolean validateToken(Element token) throws WSTrustException
+ {
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setContext("context");
+
+ request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
+ request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST));
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.setAny(token);
+ request.setValidateTarget(validateTarget);
+
+ WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
+
+ DOMSource requestSource = (DOMSource)
jaxbFactory.marshallRequestSecurityToken(request);
+
+ Source response = dispatchLocal.get().invoke(requestSource);
+ RequestSecurityTokenResponseCollection
+ responseCollection = (RequestSecurityTokenResponseCollection) jaxbFactory
+ .parseRequestSecurityTokenResponse(response);
+ RequestSecurityTokenResponse tokenResponse =
responseCollection.getRequestSecurityTokenResponses().get(0);
+
+ StatusType status = tokenResponse.getStatus();
+ if (status != null)
+ {
+ String code = status.getCode();
+ return WSTrustConstants.STATUS_CODE_VALID.equals(code);
+ }
+ return false;
+ }
+
+ public Dispatch<Source> getDispatch()
+ {
+ return dispatchLocal.get();
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java 2009-08-29
07:09:51 UTC (rev 752)
@@ -0,0 +1,235 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.api.wstrust;
+
+import java.net.MalformedURLException;
+import java.net.URI;
+import java.net.URL;
+import java.security.KeyStore;
+import java.security.PublicKey;
+import java.util.Map;
+
+import javax.xml.bind.JAXBException;
+import javax.xml.namespace.QName;
+import javax.xml.soap.SOAPBody;
+import javax.xml.soap.SOAPEnvelope;
+import javax.xml.soap.SOAPPart;
+import javax.xml.transform.Result;
+import javax.xml.transform.Source;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.dom.DOMSource;
+import javax.xml.transform.stream.StreamResult;
+import javax.xml.ws.BindingProvider;
+import javax.xml.ws.Dispatch;
+import javax.xml.ws.Service;
+import javax.xml.ws.Service.Mode;
+import javax.xml.ws.soap.SOAPBinding;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.api.util.KeyStoreUtil;
+import org.jboss.identity.federation.api.util.XMLSignatureUtil;
+import org.jboss.identity.federation.api.wstrust.WSTrustClient;
+import org.jboss.identity.federation.api.wstrust.WSTrustConstants;
+import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory;
+import org.jboss.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
+import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
+import
org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.jboss.identity.federation.ws.trust.ValidateTargetType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * Unit tests for WS-Trust STS Clients
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 26, 2009
+ */
+public class WSTrustClientUnitTestCase extends TestCase
+{
+ //Specify whether this test is run as part of build
+ private boolean usetest = false;
+
+
+ public void testSTS() throws Exception
+ {
+ if(usetest == false)
+ return;
+
+ // create a dispatch object to invoke JBoss STSs.
+ Dispatch<Source> dispatch = createDispatch();
+
+ // create a custom token request message.
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
+ request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
+ request.setContext("context");
+
+ // send the token request to JBoss STS and get the response.
+ WSTrustJAXBFactory jaxbFactory = WSTrustJAXBFactory.getInstance();
+ DOMSource requestSource = (DOMSource)
jaxbFactory.marshallRequestSecurityToken(request);
+ Source response = dispatch.invoke(requestSource);
+
+ Node documentNode = ((DOMSource) response).getNode();
+ Document responseDoc = documentNode instanceof Document ? (Document) documentNode :
documentNode.getOwnerDocument();
+
+
+ Document myDocument = DocumentUtil.createDocument();
+
+ Node importedNode = myDocument.importNode(responseDoc.getDocumentElement(), true);
+
+ myDocument.appendChild(importedNode);
+
+ NodeList nodes = null;
+ if(responseDoc instanceof SOAPPart)
+ {
+ SOAPPart soapPart = (SOAPPart) responseDoc;
+ SOAPEnvelope env = soapPart.getEnvelope();
+ SOAPBody body = env.getBody();
+ Node data = body.getFirstChild();
+ nodes =
((Element)data).getElementsByTagName("RequestedSecurityToken");
+ }
+ else
+ nodes = responseDoc.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE,
"RequestedSecurityToken");
+
+ assertNotNull("Nodelist not null", nodes);
+ Node rstr = nodes.item(0);
+ /*RequestSecurityTokenResponseCollection responseCollection =
(RequestSecurityTokenResponseCollection)
jaxbFactory.parseRequestSecurityTokenResponse(response);
+ RequestSecurityTokenResponse tokenResponse =
responseCollection.getRequestSecurityTokenResponses().get(0);
+
+ // the SAML assertion is returned as an Element.
+ Element assertion = (Element)
tokenResponse.getRequestedSecurityToken().getAny();*/
+ Element assertion = (Element) rstr.getFirstChild();
+ System.out.println("NAMESPACE=" + assertion.getNamespaceURI());
+
+// PublicKey key = getValidatingKey();
+// Document validate = DocumentUtil.createDocument();
+// validate.appendChild(validate.importNode(assertion, true));
+// System.out.println("Is token valid? " +
XMLSignatureUtil.validate(validate, key));
+
+ // print the assertion for demonstration purposes.
+ System.out.println("\nSuccessfully issued a standard SAMLV2.0
Assertion!");
+ printAssertion(assertion);
+
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ KeyStore ks =
KeyStoreUtil.getKeyStore(tcl.getResource("keystore/sts_keystore.jks")
+ , "testpass".toCharArray());
+
+ PublicKey pk = KeyStoreUtil.getPublicKey(ks, "sts",
"keypass".toCharArray());
+
+ assertNotNull("Public key is not null", pk);
+ Document tokenDocument = DocumentUtil.createDocument();
+ importedNode = tokenDocument.importNode(assertion, true);
+ tokenDocument.appendChild(importedNode);
+
+ //System.out.println("Going to validate:" +
DocumentUtil.getDocumentAsString(tokenDocument));
+ //assertTrue("SignedInfo valid",
XMLSignatureUtil.preCheckSignedInfo(tokenDocument));
+ //Locally we will validate the assertion
+ assertTrue("Recieved assertion sig valid",
XMLSignatureUtil.validate(tokenDocument, pk));
+
+ // let's validate the received SAML assertion.
+ request.getAny().clear();
+ request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
+ request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST));
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.setAny(assertion);
+ request.setValidateTarget(validateTarget);
+
+ requestSource = (DOMSource) jaxbFactory.marshallRequestSecurityToken(request);
+
+ response = dispatch.invoke(requestSource);
+ RequestSecurityTokenResponseCollection
+ responseCollection = (RequestSecurityTokenResponseCollection) jaxbFactory
+ .parseRequestSecurityTokenResponse(response);
+ RequestSecurityTokenResponse tokenResponse =
responseCollection.getRequestSecurityTokenResponses().get(0);
+
+ StatusType status = tokenResponse.getStatus();
+ if (status != null)
+ {
+ String code = status.getCode();
+ assertFalse("Signature is valid",
WSTrustConstants.STATUS_CODE_INVALID.equals(code));
+
+ System.out.println("\n\nSAMLV2.0 Assertion successfuly validated!");
+ System.out.println("Validation status code: " +
tokenResponse.getStatus().getCode());
+ System.out.println("Validation status reason: " +
tokenResponse.getStatus().getReason());
+ }
+ else
+ System.out.println("\n\nFailed to validate SAMLV2.0 Assertion");
+ }
+
+ public void testIssue_Validate_Renew() throws Exception
+ {
+ if(usetest == false)
+ return;
+
+ String serviceName = "JBossSTS";
+ String portName = "JBossSTSPort";
+ String endpointAddress = "http://localhost:8080/jboss-sts/JBossSTS";
+ WSTrustClient client = new WSTrustClient(serviceName, portName, endpointAddress,
new SecurityInfo("admin", "admin") );
+ Element token = client.issueToken(SAMLUtil.SAML2_TOKEN_TYPE);
+ assertTrue("Token is valid" , client.validateToken(token));
+
+ Element renewedToken = client.renewToken(SAMLUtil.SAML2_TOKEN_TYPE, token);
+ System.out.println("Renewed Token=" +
DocumentUtil.getNodeAsString(renewedToken));
+ }
+
+
+ private Dispatch<Source> createDispatch() throws MalformedURLException,
JAXBException
+ {
+ // JBoss STS target information.
+ String targetNS = "http://org.jboss.identity.trust/sts/";
+ QName serviceName = new QName(targetNS, "JBossSTS");
+ QName portName = new QName(targetNS, "JBossSTSPort");
+ URL endpointAddress = new
URL("http://localhost:8080/jboss-sts/JBossSTS");
+// URL securityConfigURL = new
File("jboss-wsse-client.xml").toURI().toURL();
+
+ Service service = Service.create(serviceName);
+ service.addPort(portName, SOAPBinding.SOAP11HTTP_BINDING,
endpointAddress.toExternalForm());
+
+ // create the dispatch, setting the client security configuration file.
+ Dispatch<Source> dispatch = service.createDispatch(portName, Source.class,
Mode.PAYLOAD);
+// ((ConfigProvider)
dispatch).setSecurityConfig(securityConfigURL.toExternalForm());
+// ((ConfigProvider) dispatch).setConfigName("Standard WSSecurity
Client");
+
+ // add the username and password to the request context.
+ Map<String, Object> reqContext = dispatch.getRequestContext();
+ reqContext.put(BindingProvider.USERNAME_PROPERTY, "admin");
+ reqContext.put(BindingProvider.PASSWORD_PROPERTY, "admin");
+
+ return dispatch;
+ }
+
+ private void printAssertion(Element assertion) throws Exception
+ {
+ TransformerFactory tranFactory = TransformerFactory.newInstance();
+ Transformer aTransformer = tranFactory.newTransformer();
+ Source src = new DOMSource(assertion);
+ Result dest = new StreamResult(System.out);
+ aTransformer.transform(src, dest);
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxrpc.jar
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxrpc.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxws-ext.jar
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxws-ext.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxws.jar
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-jaxws.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-saaj.jar
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/endorsed/jbossws-native-saaj.jar
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/keystore/sts_keystore.jks
===================================================================
(Binary files differ)
Property changes on:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/keystore/sts_keystore.jks
___________________________________________________________________
Name: svn:mime-type
+ application/octet-stream
Added: identity-federation/trunk/jboss-identity-fed-api/src/test/resources/log4j.xml
===================================================================
--- identity-federation/trunk/jboss-identity-fed-api/src/test/resources/log4j.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/log4j.xml 2009-08-29
07:09:51 UTC (rev 752)
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE log4j:configuration SYSTEM "log4j.dtd">
+
+<!-- ===================================================================== -->
+<!-- -->
+<!-- Log4j Configuration -->
+<!-- -->
+<!-- ===================================================================== -->
+
+<!-- $Id: log4j.xml 34717 2005-08-08 18:15:31Z adrian $ -->
+
+<!--
+ | For more configuration infromation and examples see the Jakarta Log4j
+ | owebsite:
http://jakarta.apache.org/log4j
+ -->
+
+<log4j:configuration
xmlns:log4j="http://jakarta.apache.org/log4j/"
debug="false">
+
+ <!-- ================================= -->
+ <!-- Preserve messages in a local file -->
+ <!-- ================================= -->
+
+ <!-- A time/date based rolling appender -->
+ <appender name="FILE"
class="org.jboss.logging.appender.DailyRollingFileAppender">
+ <param name="File" value="${basedir}/test.log"/>
+ <param name="Append" value="true"/>
+
+ <!-- Rollover at midnight each day -->
+ <param name="DatePattern" value="'.'yyyy-MM-dd"/>
+
+ <!-- Rollover at the top of each hour
+ <param name="DatePattern"
value="'.'yyyy-MM-dd-HH"/>
+ -->
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <!-- The default pattern: Date Priority [Category] Message\n -->
+ <param name="ConversionPattern" value="%d %-5p [%c]
%m%n"/>
+
+ <!-- The full pattern: Date MS Priority [Category] (Thread:NDC) Message\n
+ <param name="ConversionPattern" value="%d %-5r %-5p [%c] (%t:%x)
%m%n"/>
+ -->
+ </layout>
+ </appender>
+
+ <!-- ============================== -->
+ <!-- Append messages to the console -->
+ <!-- ============================== -->
+
+ <appender name="CONSOLE"
class="org.apache.log4j.ConsoleAppender">
+ <param name="Threshold" value="TRACE"/>
+ <param name="Target" value="System.out"/>
+
+ <layout class="org.apache.log4j.PatternLayout">
+ <!-- The default pattern: Date Priority [Category] Message\n -->
+ <param name="ConversionPattern" value="%d{ABSOLUTE} %-5p [%c{1}]
%m%n"/>
+ </layout>
+ </appender>
+ <!-- ================ -->
+ <!-- Limit categories -->
+ <!-- ================ -->
+
+ <!-- Limit JBoss categories to INFO
+ <category name="org.jboss">
+ <priority value="INFO" class="org.jboss.logging.XLevel"/>
+ </category>
+ -->
+
+ <category name="org.jboss">
+ <priority value="TRACE"/>
+ </category>
+
+ <!-- ======================= -->
+ <!-- Setup the Root category -->
+ <!-- ======================= -->
+
+ <root>
+ <appender-ref ref="CONSOLE"/>
+ <appender-ref ref="FILE"/>
+ </root>
+
+</log4j:configuration>
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties 2009-08-29
07:08:02 UTC (rev 751)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/logging.properties 2009-08-29
07:09:51 UTC (rev 752)
@@ -17,7 +17,8 @@
java.util.logging.FileHandler.formatter=java.util.logging.SimpleFormatter
# Set the default logging level for the logger named org.jboss
-org.jcp.xml.dsig.internal.level = FINEST
+org.jcp.level= FINER
+#org.jcp.xml.dsig.internal.dom.level = FINEST
javax.xml.bind.ContextFinder.level = SEVERE
com.sun.org.apache.xml.internal.security.level = FINEST
com.sun.xml.bind.v2.runtime.reflect.opt.Injector.level=SEVERE
Added:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/jboss-wsse-client.xml
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/jboss-wsse-client.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/jboss-wsse-client.xml 2009-08-29
07:09:51 UTC (rev 752)
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<jboss-ws-security
xmlns="http://www.jboss.com/ws-security/config"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+
xsi:schemaLocation="http://www.jboss.com/ws-security/config
http://www.jboss.com/ws-security/schema/jboss-ws-security_1_0.xsd">
+ <config>
+ <username/>
+ </config>
+</jboss-ws-security>
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-08-29
07:08:02 UTC (rev 751)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/util/DocumentUtil.java 2009-08-29
07:09:51 UTC (rev 752)
@@ -46,6 +46,7 @@
import javax.xml.xpath.XPathException;
import org.apache.log4j.Logger;
+import org.w3c.dom.DOMConfiguration;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
@@ -170,7 +171,7 @@
Result streamResult = new StreamResult(sw);
// Write the DOM document to the stream
- Transformer xformer = TransformerFactory.newInstance().newTransformer();
+ Transformer xformer = getTransformer();
xformer.transform(source, streamResult);
return sw.toString();
@@ -191,7 +192,7 @@
Result streamResult = new StreamResult(sw);
// Write the DOM document to the file
- Transformer xformer = TransformerFactory.newInstance().newTransformer();
+ Transformer xformer = getTransformer();
xformer.transform(source, streamResult);
return sw.toString();
@@ -280,6 +281,19 @@
}
/**
+ * DOM3 method: Normalize the document with namespaces
+ * @param doc
+ * @return
+ */
+ public static Document normalizeNamespaces(Document doc)
+ {
+ DOMConfiguration docConfig = doc.getDomConfig();
+ docConfig.setParameter("namespaces", Boolean.TRUE);
+ doc.normalizeDocument();
+ return doc;
+ }
+
+ /**
* Get a {@link Source} given a {@link Document}
* @param doc
* @return