Author: anil.saldhana(a)jboss.com Date: 2009-01-05 13:59:17 -0500 (Mon, 05 Jan 2009) New Revision: 180 Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/common/ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/common/IDGenerator.java identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SecurityActions.java identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/exceptions/ identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/exceptions/AssertionExpiredException.java Removed: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/exceptions/AssertionExpiredException.java Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectValve.java identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnRequestFactory.java identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnResponseFactory.java identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java Log: refactor to introduce cleaner api Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java =================================================================== --- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2008-12-17 18:57:46 UTC (rev 179) +++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-01-05 18:59:17 UTC (rev 180) @@ -41,9 +41,10 @@ import org.apache.catalina.realm.GenericPrincipal; import org.apache.catalina.valves.ValveBase; import org.apache.log4j.Logger; -import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnRequestFactory; import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnResponseFactory; import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLBaseFactory; +import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; +import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; import org.jboss.identity.federation.api.util.Base64; import org.jboss.identity.federation.api.util.DeflateUtil; import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil; @@ -105,9 +106,11 @@ { try { + SAML2Response saml2Response = new SAML2Response(); + ResponseType responseType = this.getResponse(request, userPrincipal); StringWriter stringWriter = new StringWriter(); - JBossSAMLAuthnResponseFactory.marshall(responseType, stringWriter); + saml2Response.marshall(responseType, stringWriter); String responseMessage = stringWriter.toString(); @@ -145,14 +148,16 @@ byte[] decodedMessage = Base64.decode(getSAMLMessage(request)); InputStream is = DeflateUtil.decode(decodedMessage); - AuthnRequestType authnRequestType = JBossSAMLAuthnRequestFactory.getAuthnRequestType(is); + SAML2Request saml2Request = new SAML2Request(); + + AuthnRequestType authnRequestType = saml2Request.getAuthnRequestType(is); if(authnRequestType == null) throw new IllegalStateException("AuthnRequest is null"); if(log.isTraceEnabled()) { StringWriter sw = new StringWriter(); - JBossSAMLAuthnRequestFactory.marshall(authnRequestType, sw); + saml2Request.marshall(authnRequestType, sw); log.trace("IDPRedirectValve::AuthnRequest="+sw.toString()); } @@ -186,7 +191,8 @@ if(log.isTraceEnabled()) { StringWriter sw = new StringWriter(); - JBossSAMLAuthnResponseFactory.marshall(responseType, sw); + SAML2Response saml2Response = new SAML2Response(); + saml2Response.marshall(responseType, sw); log.trace("IDPRedirectValve::Response="+sw.toString()); } Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java =================================================================== --- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2008-12-17 18:57:46 UTC (rev 179) +++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-01-05 18:59:17 UTC (rev 180) @@ -41,14 +41,15 @@ import org.apache.catalina.deploy.LoginConfig; import org.apache.catalina.realm.GenericPrincipal; import org.apache.log4j.Logger; -import org.jboss.identity.federation.api.saml.v2.exceptions.AssertionExpiredException; import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnRequestFactory; -import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnResponseFactory; import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLBaseFactory; +import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; +import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; import org.jboss.identity.federation.api.util.Base64; import org.jboss.identity.federation.api.util.DeflateUtil; import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; +import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException; import org.jboss.identity.federation.saml.v2.assertion.AssertionType; import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType; import org.jboss.identity.federation.saml.v2.assertion.AttributeType; @@ -146,9 +147,11 @@ AuthnRequestType authnRequest = JBossSAMLAuthnRequestFactory.createAuthnRequestType( "ID_" + JBossSAMLBaseFactory.createUUID(), serviceURL, identityURL, serviceURL); - + + SAML2Request saml2Request = new SAML2Request(); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); - JBossSAMLAuthnRequestFactory.marshall(authnRequest, baos); + saml2Request.marshall(authnRequest, baos); //Deflate encoding byte[] deflatedMsg = DeflateUtil.encode(baos.toByteArray()); @@ -175,7 +178,9 @@ byte[] base64DecodedResponse = Base64.decode(samlResponse); InputStream is = DeflateUtil.decode(base64DecodedResponse); - ResponseType responseType = JBossSAMLAuthnResponseFactory.getResponseType(is); + SAML2Response saml2Response = new SAML2Response(); + + ResponseType responseType = saml2Response.getResponseType(is); StatusType statusType = responseType.getStatus(); if(statusType == null) throw new Exception("Status Type from the IDP is null"); Modified: identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectValve.java =================================================================== --- identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectValve.java 2008-12-17 18:57:46 UTC (rev 179) +++ identity-federation/trunk/identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectValve.java 2009-01-05 18:59:17 UTC (rev 180) @@ -41,11 +41,12 @@ import org.apache.catalina.valves.ValveBase; import org.apache.log4j.Logger; import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnRequestFactory; -import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnResponseFactory; import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLBaseFactory; +import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; +import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; import org.jboss.identity.federation.api.util.Base64; import org.jboss.identity.federation.api.util.DeflateUtil; -import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil; +import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.saml.v2.assertion.AssertionType; import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType; @@ -95,7 +96,9 @@ byte[] base64DecodedResponse = Base64.decode(samlResponse); InputStream is = DeflateUtil.decode(base64DecodedResponse); - ResponseType responseType = JBossSAMLAuthnResponseFactory.getResponseType(is); + SAML2Response saml2Response = new SAML2Response(); + + ResponseType responseType = saml2Response.getResponseType(is); StatusType statusType = responseType.getStatus(); if(statusType == null) throw new Exception("Status Type from the IDP is null"); @@ -138,8 +141,10 @@ "ID_" + JBossSAMLBaseFactory.createUUID(), serviceURL, identityURL, serviceURL); + SAML2Request saml2Request = new SAML2Request(); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); - JBossSAMLAuthnRequestFactory.marshall(authnRequest, baos); + saml2Request.marshall(authnRequest, baos); //Deflate encoding byte[] deflatedMsg = DeflateUtil.encode(baos.toByteArray()); Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/common/IDGenerator.java =================================================================== --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/common/IDGenerator.java (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/common/IDGenerator.java 2009-01-05 18:59:17 UTC (rev 180) @@ -0,0 +1,55 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.saml.v2.common; + +import java.util.UUID; + +/** + * Utility class that generates unique IDs + * @author Anil.Saldhana(a)redhat.com + * @since Jan 5, 2009 + */ +public class IDGenerator +{ + /* + * Create a basic unique ID + */ + public static String create() + { + return UUID.randomUUID().toString(); + } + + /** + * Create an id that is prefixed by a string + * @param prefix + * @return an id + * @throws IllegalArgumentException when prefix is null + */ + public static String create(String prefix) + { + if(prefix == null) + throw new IllegalArgumentException("prefix is null"); + StringBuilder sb = new StringBuilder(prefix); + sb.append(IDGenerator.create()); + return sb.toString(); + } +} \ No newline at end of file Deleted: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/exceptions/AssertionExpiredException.java =================================================================== --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/exceptions/AssertionExpiredException.java 2008-12-17 18:57:46 UTC (rev 179) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/exceptions/AssertionExpiredException.java 2009-01-05 18:59:17 UTC (rev 180) @@ -1,52 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2008, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.jboss.identity.federation.api.saml.v2.exceptions; - -import java.security.GeneralSecurityException; - -/** - * Security Exception indicating expiration of SAML2 assertion - * @author Anil.Saldhana(a)redhat.com - * @since Dec 12, 2008 - */ -public class AssertionExpiredException extends GeneralSecurityException -{ - private static final long serialVersionUID = 1L; - - public AssertionExpiredException() - { - } - - public AssertionExpiredException(String message, Throwable cause) - { - } - - public AssertionExpiredException(String msg) - { - super(msg); - } - - public AssertionExpiredException(Throwable cause) - { - super(cause); - } -} \ No newline at end of file Modified: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnRequestFactory.java =================================================================== --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2008-12-17 18:57:46 UTC (rev 179) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnRequestFactory.java 2009-01-05 18:59:17 UTC (rev 180) @@ -21,10 +21,6 @@ */ package org.jboss.identity.federation.api.saml.v2.factories; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.Writer; - import javax.xml.bind.JAXBElement; import javax.xml.bind.Marshaller; import javax.xml.bind.Unmarshaller; @@ -95,65 +91,34 @@ public static JAXBElement<AuthnRequestType> createAuthnRequestType(AuthnRequestType authnRequestType) { return protocolObjectFactory.createAuthnRequest(authnRequestType); - } + } /** - * Get AuthnRequestType from a file - * @param fileName file with the serialized AuthnRequestType - * @return AuthnRequestType - * @throws Exception - * @throws IllegalArgumentException if the input fileName is null - * IllegalStateException if the InputStream from the fileName is null + * Get the Object Factory useful for dealing with SAML2 requests + * @return */ - public static AuthnRequestType getAuthnRequestType(String fileName) throws Exception - { - if(fileName == null) - throw new IllegalArgumentException("fileName is null"); - ClassLoader tcl = SecurityActions.getContextClassLoader(); - InputStream is = tcl.getResourceAsStream(fileName); - return getAuthnRequestType(is); + public static ObjectFactory getObjectFactory() + { + return protocolObjectFactory; } /** - * Get the AuthnRequestType from an input stream - * @param is Inputstream containing the AuthnRequest + * Get the validating marshaller * @return * @throws Exception - * @throws IllegalArgumentException inputstream is null */ - @SuppressWarnings("unchecked") - public static AuthnRequestType getAuthnRequestType(InputStream is) throws Exception + public static Marshaller getValidatingMarshaller() throws Exception { - if(is == null) - throw new IllegalStateException("InputStream is null"); - Unmarshaller un = JBossSAMLBaseFactory.getValidatingUnmarshaller(pkgName, schemaLocation); - JAXBElement<AuthnRequestType> jaxbAuthnRequestType = (JAXBElement<AuthnRequestType>) un.unmarshal(is); - return jaxbAuthnRequestType.getValue(); - } - - /** - * Marshall the AuthnRequestType to an output stream - * @param requestType - * @param os - * @throws Exception - */ - public static void marshall(AuthnRequestType requestType, OutputStream os) throws Exception - { - Marshaller marshaller = JBossSAMLBaseFactory.getValidatingMarshaller(pkgName, schemaLocation); - JAXBElement<AuthnRequestType> jaxb = protocolObjectFactory.createAuthnRequest(requestType); - marshaller.marshal(jaxb, os); + return JBossSAMLBaseFactory.getValidatingMarshaller(pkgName, schemaLocation); } /** - * Marshall the AuthnRequestType to a writer - * @param requestType - * @param writer + * Get the validating unmarshaller + * @return * @throws Exception */ - public static void marshall(AuthnRequestType requestType, Writer writer) throws Exception + public static Unmarshaller getValidatingUnmarshaller() throws Exception { - Marshaller marshaller = JBossSAMLBaseFactory.getValidatingMarshaller(pkgName, schemaLocation); - JAXBElement<AuthnRequestType> jaxb = protocolObjectFactory.createAuthnRequest(requestType); - marshaller.marshal(jaxb, writer); + return JBossSAMLBaseFactory.getValidatingUnmarshaller(pkgName, schemaLocation); } } \ No newline at end of file Modified: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnResponseFactory.java =================================================================== --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2008-12-17 18:57:46 UTC (rev 179) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/factories/JBossSAMLAuthnResponseFactory.java 2009-01-05 18:59:17 UTC (rev 180) @@ -21,10 +21,6 @@ */ package org.jboss.identity.federation.api.saml.v2.factories; -import java.io.InputStream; -import java.io.OutputStream; -import java.io.Writer; - import javax.xml.bind.JAXBElement; import javax.xml.bind.Marshaller; import javax.xml.bind.Unmarshaller; @@ -147,49 +143,31 @@ } /** - * Read a ResponseType from an input stream - * @param is + * Return the JAXB2 object factory (mainly for invocation chaining) * @return - * @throws Exception */ - @SuppressWarnings("unchecked") - public static ResponseType getResponseType(InputStream is) throws Exception + public static ObjectFactory getObjectFactory() { - if(is == null) - throw new IllegalArgumentException("inputstream is null"); - - Unmarshaller un = JBossSAMLBaseFactory.getValidatingUnmarshaller(pkgName, schemaLocation); - JAXBElement<ResponseType> jaxbAuthnRequestType = (JAXBElement<ResponseType>) un.unmarshal(is); - return jaxbAuthnRequestType.getValue(); + return protocolObjectFactory; } /** - * Marshall the response type to the output stream - * <p> <b>Note:</b> JAXB marshaller by default picks up arbitrary namespace - * prefixes (ns2,ns3 etc). The NamespacePrefixMapper is a Sun RI customization - * that may be needed (this is a TODO) to get a prefix such as saml, samlp </b> - * - * @param responseType - * @param os + * Get the JAXB2 marshaller + * @return * @throws Exception */ - public static void marshall(ResponseType responseType, OutputStream os) throws Exception + public static Marshaller getValidatingMarshaller() throws Exception { - Marshaller marshaller = JBossSAMLBaseFactory.getValidatingMarshaller(pkgName, schemaLocation); - JAXBElement<ResponseType> jaxb = protocolObjectFactory.createResponse(responseType); - marshaller.marshal(jaxb, os); + return JBossSAMLBaseFactory.getValidatingMarshaller(pkgName, schemaLocation); } - + /** - * Marshall the ResponseType into a writer - * @param responseType - * @param writer + * Get the JAXB2 Unmarshaller + * @return * @throws Exception */ - public static void marshall(ResponseType responseType, Writer writer) throws Exception + public static Unmarshaller getValidatingUnmarshaller() throws Exception { - Marshaller marshaller = JBossSAMLBaseFactory.getValidatingMarshaller(pkgName, schemaLocation); - JAXBElement<ResponseType> jaxb = protocolObjectFactory.createResponse(responseType); - marshaller.marshal(jaxb, writer); + return JBossSAMLBaseFactory.getValidatingUnmarshaller(pkgName, schemaLocation); } } \ No newline at end of file Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java =================================================================== --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-01-05 18:59:17 UTC (rev 180) @@ -0,0 +1,110 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.saml.v2.request; + +import java.io.InputStream; +import java.io.OutputStream; +import java.io.Writer; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; + +import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnRequestFactory; +import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; + +/** + * API for SAML2 Request + * @author Anil.Saldhana(a)redhat.com + * @since Jan 5, 2009 + */ +public class SAML2Request +{ + public AuthnRequestType createAuthnRequestType(String id, + String assertionConsumerURL, + String destination, + String issuerValue) throws Exception + { + return JBossSAMLAuthnRequestFactory.createAuthnRequestType( + id, assertionConsumerURL, destination, issuerValue); + } + + /** + * Get AuthnRequestType from a file + * @param fileName file with the serialized AuthnRequestType + * @return AuthnRequestType + * @throws Exception + * @throws IllegalArgumentException if the input fileName is null + * IllegalStateException if the InputStream from the fileName is null + */ + public AuthnRequestType getAuthnRequestType(String fileName) throws Exception + { + if(fileName == null) + throw new IllegalArgumentException("fileName is null"); + ClassLoader tcl = SecurityActions.getContextClassLoader(); + InputStream is = tcl.getResourceAsStream(fileName); + return getAuthnRequestType(is); + } + + /** + * Get the AuthnRequestType from an input stream + * @param is Inputstream containing the AuthnRequest + * @return + * @throws Exception + * @throws IllegalArgumentException inputstream is null + */ + @SuppressWarnings("unchecked") + public AuthnRequestType getAuthnRequestType(InputStream is) throws Exception + { + if(is == null) + throw new IllegalStateException("InputStream is null"); + Unmarshaller un = JBossSAMLAuthnRequestFactory.getValidatingUnmarshaller(); + JAXBElement<AuthnRequestType> jaxbAuthnRequestType = (JAXBElement<AuthnRequestType>) un.unmarshal(is); + return jaxbAuthnRequestType.getValue(); + } + + /** + * Marshall the AuthnRequestType to an output stream + * @param requestType + * @param os + * @throws Exception + */ + public void marshall(AuthnRequestType requestType, OutputStream os) throws Exception + { + Marshaller marshaller = JBossSAMLAuthnRequestFactory.getValidatingMarshaller(); + JAXBElement<AuthnRequestType> jaxb = JBossSAMLAuthnRequestFactory.getObjectFactory().createAuthnRequest(requestType); + marshaller.marshal(jaxb, os); + } + + /** + * Marshall the AuthnRequestType to a writer + * @param requestType + * @param writer + * @throws Exception + */ + public void marshall(AuthnRequestType requestType, Writer writer) throws Exception + { + Marshaller marshaller = JBossSAMLAuthnRequestFactory.getValidatingMarshaller(); + JAXBElement<AuthnRequestType> jaxb = JBossSAMLAuthnRequestFactory.getObjectFactory().createAuthnRequest(requestType); + marshaller.marshal(jaxb, writer); + } +} \ No newline at end of file Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SecurityActions.java =================================================================== --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SecurityActions.java (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SecurityActions.java 2009-01-05 18:59:17 UTC (rev 180) @@ -0,0 +1,48 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.saml.v2.request; + +import java.security.AccessController; +import java.security.PrivilegedAction; + +/** + * Privileged Blocks + * @author Anil.Saldhana(a)redhat.com + * @since Dec 9, 2008 + */ +class SecurityActions +{ + /** + * Get the Thread Context ClassLoader + * @return + */ + static ClassLoader getContextClassLoader() + { + return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>() + { + public ClassLoader run() + { + return Thread.currentThread().getContextClassLoader(); + } + }); + } +} Added: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java =================================================================== --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java (rev 0) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-01-05 18:59:17 UTC (rev 180) @@ -0,0 +1,105 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.api.saml.v2.response; + +import java.io.InputStream; +import java.io.OutputStream; +import java.io.Writer; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; + +import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnResponseFactory; +import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder; +import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder; +import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder; +import org.jboss.identity.federation.saml.v2.protocol.ResponseType; + +/** + * API for dealing with SAML2 Response objects + * @author Anil.Saldhana(a)redhat.com + * @since Jan 5, 2009 + */ +public class SAML2Response +{ + /** + * Create a ResponseType + * @param ID id of the response + * @param sp holder with the information about the Service Provider + * @param idp holder with the information on the Identity Provider + * @param issuerInfo holder with information on the issuer + * @return + * @throws Exception + */ + public ResponseType createResponseType(String ID, SPInfoHolder sp, IDPInfoHolder idp, IssuerInfoHolder issuerInfo) throws Exception + { + return JBossSAMLAuthnResponseFactory.createResponseType(ID, sp, idp, issuerInfo); + } + + /** + * Read a ResponseType from an input stream + * @param is + * @return + * @throws Exception + */ + @SuppressWarnings("unchecked") + public ResponseType getResponseType(InputStream is) throws Exception + { + if(is == null) + throw new IllegalArgumentException("inputstream is null"); + + Unmarshaller un = JBossSAMLAuthnResponseFactory.getValidatingUnmarshaller(); + JAXBElement<ResponseType> jaxbAuthnRequestType = (JAXBElement<ResponseType>) un.unmarshal(is); + return jaxbAuthnRequestType.getValue(); + } + + /** + * Marshall the response type to the output stream + * <p> <b>Note:</b> JAXB marshaller by default picks up arbitrary namespace + * prefixes (ns2,ns3 etc). The NamespacePrefixMapper is a Sun RI customization + * that may be needed (this is a TODO) to get a prefix such as saml, samlp </b> + * + * @param responseType + * @param os + * @throws Exception + */ + public void marshall(ResponseType responseType, OutputStream os) throws Exception + { + Marshaller marshaller = JBossSAMLAuthnResponseFactory.getValidatingMarshaller(); + JAXBElement<ResponseType> jaxb = JBossSAMLAuthnResponseFactory.getObjectFactory().createResponse(responseType); + marshaller.marshal(jaxb, os); + } + + /** + * Marshall the ResponseType into a writer + * @param responseType + * @param writer + * @throws Exception + */ + public void marshall(ResponseType responseType, Writer writer) throws Exception + { + Marshaller marshaller = JBossSAMLAuthnResponseFactory.getValidatingMarshaller(); + JAXBElement<ResponseType> jaxb = JBossSAMLAuthnResponseFactory.getObjectFactory().createResponse(responseType); + marshaller.marshal(jaxb, writer); + } +} \ No newline at end of file Modified: identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java =================================================================== --- identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2008-12-17 18:57:46 UTC (rev 179) +++ identity-federation/trunk/identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-01-05 18:59:17 UTC (rev 180) @@ -52,8 +52,8 @@ import javax.xml.transform.dom.DOMSource; import javax.xml.transform.stream.StreamResult; -import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnRequestFactory; import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLBaseFactory; +import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; import org.jboss.identity.federation.w3.xmldsig.ObjectFactory; import org.jboss.identity.federation.w3.xmldsig.SignatureType; @@ -92,8 +92,10 @@ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); + SAML2Request saml2Request = new SAML2Request(); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); - JBossSAMLAuthnRequestFactory.marshall(request, baos); + saml2Request.marshall(request, baos); DocumentBuilder builder = dbf.newDocumentBuilder(); Document doc = builder.parse(new ByteArrayInputStream(baos.toByteArray()) ); @@ -145,8 +147,10 @@ DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); + SAML2Request saml2Request = new SAML2Request(); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); - JBossSAMLAuthnRequestFactory.marshall(request, baos); + saml2Request.marshall(request, baos); DocumentBuilder builder = dbf.newDocumentBuilder(); Document doc = builder.parse(new ByteArrayInputStream(baos.toByteArray()) ); Modified: identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java =================================================================== --- identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java 2008-12-17 18:57:46 UTC (rev 179) +++ identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java 2009-01-05 18:59:17 UTC (rev 180) @@ -24,14 +24,15 @@ import java.io.InputStream; import java.io.StringWriter; +import junit.framework.TestCase; + import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnRequestFactory; import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLBaseFactory; +import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; import org.jboss.identity.federation.api.util.Base64; import org.jboss.identity.federation.api.util.DeflateUtil; import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType; -import junit.framework.TestCase; - /** * Unit test the DEFLATE compression * encoding/decoding cycles @@ -47,7 +48,8 @@ "http://localhost:8080/idp","http://sp"); StringWriter sw = new StringWriter(); - JBossSAMLAuthnRequestFactory.marshall(authnRequest, sw); + SAML2Request request = new SAML2Request(); + request.marshall(authnRequest, sw); byte[] deflatedMsg = DeflateUtil.encode(sw.toString()); String base64Request = Base64.encodeBytes(deflatedMsg, Base64.DONT_BREAK_LINES); @@ -55,7 +57,7 @@ //Decode byte[] decodedMessage = Base64.decode(base64Request); InputStream is = DeflateUtil.decode(decodedMessage); - AuthnRequestType decodedRequestType = JBossSAMLAuthnRequestFactory.getAuthnRequestType(is); + AuthnRequestType decodedRequestType = request.getAuthnRequestType(is); assertNotNull(decodedRequestType); } Modified: identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java =================================================================== --- identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java 2008-12-17 18:57:46 UTC (rev 179) +++ identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java 2009-01-05 18:59:17 UTC (rev 180) @@ -28,8 +28,8 @@ import junit.framework.TestCase; -import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnRequestFactory; -import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLBaseFactory; +import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; +import org.jboss.identity.federation.api.saml.v2.request.SAML2Request; import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType; import org.jboss.identity.federation.saml.v2.assertion.ConditionAbstractType; import org.jboss.identity.federation.saml.v2.assertion.ConditionsType; @@ -56,8 +56,10 @@ { String resourceName = "saml/v2/authnrequest/samlAuthnRequestExample.xml"; - AuthnRequestType authnRequestType = JBossSAMLAuthnRequestFactory.getAuthnRequestType(resourceName); + SAML2Request request = new SAML2Request(); + AuthnRequestType authnRequestType = request.getAuthnRequestType(resourceName); + assertEquals("http://www.example.com/";, authnRequestType.getDestination()); assertEquals("urn:oasis:names:tc:SAML:2.0:consent:obtained", authnRequestType.getConsent()); assertEquals("http://www.example.com/",authnRequestType.getAsse...; @@ -90,7 +92,7 @@ //Let us marshall it back to an output stream ByteArrayOutputStream baos = new ByteArrayOutputStream(); - JBossSAMLAuthnRequestFactory.marshall(authnRequestType, baos); + request.marshall(authnRequestType, baos); } /** @@ -102,7 +104,9 @@ { String resourceName = "saml/v2/authnrequest/samlAuthnRequestWithSignature.xml"; - AuthnRequestType authnRequestType = JBossSAMLAuthnRequestFactory.getAuthnRequestType(resourceName); + SAML2Request request = new SAML2Request(); + + AuthnRequestType authnRequestType = request.getAuthnRequestType(resourceName); assertNotNull(authnRequestType); SignatureType signatureType = authnRequestType.getSignature(); @@ -110,7 +114,7 @@ //Let us marshall it back to an output stream ByteArrayOutputStream baos = new ByteArrayOutputStream(); - JBossSAMLAuthnRequestFactory.marshall(authnRequestType, baos); + request.marshall(authnRequestType, baos); } /** @@ -119,10 +123,13 @@ */ public void testAuthnRequestCreation() throws Exception { - AuthnRequestType authnRequest = JBossSAMLAuthnRequestFactory.createAuthnRequestType( - "ID_" + JBossSAMLBaseFactory.createUUID(), "http://sp", "http://idp", "http://sp"); + String id = IDGenerator.create("ID_"); + + SAML2Request request = new SAML2Request(); + AuthnRequestType authnRequest = request.createAuthnRequestType( + id, "http://sp", "http://idp", "http://sp"); ByteArrayOutputStream baos = new ByteArrayOutputStream(); - JBossSAMLAuthnRequestFactory.marshall(authnRequest, baos); + request.marshall(authnRequest, baos); } } \ No newline at end of file Modified: identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java =================================================================== --- identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java 2008-12-17 18:57:46 UTC (rev 179) +++ identity-federation/trunk/identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java 2009-01-05 18:59:17 UTC (rev 180) @@ -23,17 +23,18 @@ import java.io.ByteArrayOutputStream; +import junit.framework.TestCase; + +import org.jboss.identity.federation.api.saml.v2.common.IDGenerator; import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLAuthnResponseFactory; -import org.jboss.identity.federation.api.saml.v2.factories.JBossSAMLBaseFactory; +import org.jboss.identity.federation.api.saml.v2.response.SAML2Response; import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder; import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder; -import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder; +import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder; import org.jboss.identity.federation.saml.v2.protocol.ResponseType; -import junit.framework.TestCase; - /** * Unit Test the SAML2 Authn Response factory * @author Anil.Saldhana(a)redhat.com @@ -48,13 +49,14 @@ issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get()); IDPInfoHolder idp = new IDPInfoHolder(); - idp.setNameIDFormatValue(JBossSAMLBaseFactory.createUUID().toString()); + idp.setNameIDFormatValue(IDGenerator.create()); ResponseType rt = JBossSAMLAuthnResponseFactory.createResponseType("response111", new SPInfoHolder(), idp, issuerHolder); assertNotNull(rt); + SAML2Response saml2Response = new SAML2Response(); ByteArrayOutputStream baos = new ByteArrayOutputStream(); - JBossSAMLAuthnResponseFactory.marshall(rt, baos); + saml2Response.marshall(rt, baos); } } \ No newline at end of file Added: identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/exceptions/AssertionExpiredException.java =================================================================== --- identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/exceptions/AssertionExpiredException.java (rev 0) +++ identity-federation/trunk/identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/exceptions/AssertionExpiredException.java 2009-01-05 18:59:17 UTC (rev 180) @@ -0,0 +1,52 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.saml.v2.exceptions; + +import java.security.GeneralSecurityException; + +/** + * Security Exception indicating expiration of SAML2 assertion + * @author Anil.Saldhana(a)redhat.com + * @since Dec 12, 2008 + */ +public class AssertionExpiredException extends GeneralSecurityException +{ + private static final long serialVersionUID = 1L; + + public AssertionExpiredException() + { + } + + public AssertionExpiredException(String message, Throwable cause) + { + } + + public AssertionExpiredException(String msg) + { + super(msg); + } + + public AssertionExpiredException(Throwable cause) + { + super(cause); + } +} \ No newline at end of file