Author: anil.saldhana(a)jboss.com Date: 2009-04-29 13:51:24 -0400 (Wed, 29 Apr 2009) New Revision: 467 Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/IMetadataConfigurationStore.java identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/SecurityActions.java identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/metadata/ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/metadata/FileBasedMetadataConfigurationStoreUnitTestCase.java identity-federation/trunk/jboss-identity-fed-core/src/test/resources/saml2/ identity-federation/trunk/jboss-identity-fed-core/src/test/resources/saml2/metadata/ identity-federation/trunk/jboss-identity-fed-core/src/test/resources/saml2/metadata/idp-entitydescriptor.xml Log: JBID-90: config store for circle of trust Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/FileBasedMetadataConfigurationStore.java 2009-04-29 17:51:24 UTC (rev 467) @@ -0,0 +1,165 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.saml.v2.metadata.store; + +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.ObjectInputStream; +import java.io.ObjectOutputStream; +import java.util.Map; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.Marshaller; +import javax.xml.bind.Unmarshaller; + +import org.apache.log4j.Logger; +import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory; +import org.jboss.identity.federation.saml.v2.metadata.EntityDescriptorType; +import org.jboss.identity.federation.saml.v2.metadata.ObjectFactory; + +/** + * File based metadata store that uses + * the ${user.home}/jbid-store location to + * persist the data + * @author Anil.Saldhana(a)redhat.com + * @since Apr 27, 2009 + */ +public class FileBasedMetadataConfigurationStore implements IMetadataConfigurationStore +{ + private static Logger log = Logger.getLogger(FileBasedMetadataConfigurationStore.class); + + private static String EXTENSION = ".xml"; + + private String userHome = null; + + private String pkgName = "org.jboss.identity.federation.saml.v2.metadata"; + + public FileBasedMetadataConfigurationStore() + { + userHome = SecurityActions.getSystemProperty("user.home"); + if(userHome == null) + throw new RuntimeException("user.home system property not set"); + + File jbid = new File(userHome + "/jbid-store"); + if(jbid.exists() == false) + { + log.debug(jbid.getPath() + " does not exist. Hence creating."); + jbid.mkdir(); + } + } + + /** + * @see IMetadataConfigurationStore#load(String) + */ + @SuppressWarnings("unchecked") + public EntityDescriptorType load(String id) throws Exception + { + File persistedFile = validateIdAndReturnMDFile(id); + + Unmarshaller un = JBossSAMLBaseFactory.getUnmarshaller(pkgName); + JAXBElement<EntityDescriptorType> je = + (JAXBElement<EntityDescriptorType>) un.unmarshal(persistedFile); + return je.getValue(); + } + + /** + * @see IMetadataConfigurationStore#persist(EntityDescriptorType, String) + */ + public void persist(EntityDescriptorType entity, String id) throws Exception + { + File persistedFile = validateIdAndReturnMDFile(id); + + ObjectFactory of = new ObjectFactory(); + + JAXBElement<?> jentity = of.createEntityDescriptor(entity); + + Marshaller m = JBossSAMLBaseFactory.getMarshaller(pkgName); + m.marshal(jentity, persistedFile); + log.trace("Persisted into " + persistedFile.getPath()); + } + + /** + * @see IMetadataConfigurationStore#delete(String) + */ + public void delete(String id) throws Exception + { + File persistedFile = validateIdAndReturnMDFile(id); + + if(persistedFile.exists()) + persistedFile.delete(); + } + + /** + * @see IMetadataConfigurationStore#loadTrustedProviders(String) + */ + @SuppressWarnings("unchecked") + public Map<String, String> loadTrustedProviders(String id) throws Exception + { + File trustedFile = validateIdAndReturnTrustedProvidersFile(id); + ObjectInputStream ois = new ObjectInputStream(new FileInputStream(trustedFile)); + Map<String, String> trustedMap = (Map<String, String>) ois.readObject(); + return trustedMap; + } + + /** + * @see IMetadataConfigurationStore#persistTrustedProviders(Map) + */ + public void persistTrustedProviders(String id, Map<String, String> trusted) throws Exception + { + File trustedFile = validateIdAndReturnTrustedProvidersFile(id); + ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(trustedFile)); + oos.writeObject(trusted); + oos.close(); + log.trace("Persisted trusted map into "+ trustedFile.getPath()); + } + + /** + * @see IMetadataConfigurationStore#deleteTrustedProviders(String) + */ + public void deleteTrustedProviders(String id) throws Exception + { + File persistedFile = validateIdAndReturnTrustedProvidersFile(id); + + if(persistedFile.exists()) + persistedFile.delete(); + } + + private File validateIdAndReturnMDFile(String id) + { + if(id == null) + throw new IllegalArgumentException("id is null"); + if(!id.endsWith(EXTENSION)) + id += EXTENSION; + return new File(userHome + "/jbid-store/" + id); + } + + private File validateIdAndReturnTrustedProvidersFile(String id) + { + if(id == null) + throw new IllegalArgumentException("id is null"); + + id += "-trusted" + EXTENSION; + + return new File(userHome + "/jbid-store/" + id); + } +} \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/IMetadataConfigurationStore.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/IMetadataConfigurationStore.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/IMetadataConfigurationStore.java 2009-04-29 17:51:24 UTC (rev 467) @@ -0,0 +1,80 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.saml.v2.metadata.store; + +import java.util.Map; + +import org.jboss.identity.federation.saml.v2.metadata.EntityDescriptorType; + +/** + * Configuration Store for the metadata + * @author Anil.Saldhana(a)redhat.com + * @since Apr 27, 2009 + */ +public interface IMetadataConfigurationStore +{ + /** + * Get the Trusted Providers + * @param id + * @return a map of name of provider, metadata urls + * @throws Exception + */ + Map<String, String> loadTrustedProviders(String id) throws Exception; + + /** + * Persist the map of trusted providers + * @param id + * @param trusted + * @throws Exception + */ + void persistTrustedProviders(String id, Map<String,String> trusted) throws Exception; + + /** + * Persist into an external sink (file system, ldap, db etc) + * @param entity + * @param id An unique identifier useful for retrieval + * @throws Exception + */ + void persist(EntityDescriptorType entity, String id) throws Exception; + + /** + * Load the descriptor from the external data sink + * @param id unique identifier used during persistence + * @return + * @throws Exception + */ + EntityDescriptorType load(String id) throws Exception; + + /** + * Delete the descriptor from the external data sink + * @param id + * @throws Exception + */ + void delete(String id) throws Exception; + + /** + * Delete the trusted providers from the external data sink + * @param id + * @throws Exception + */ + void deleteTrustedProviders(String id) throws Exception; +} \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/SecurityActions.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/SecurityActions.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/metadata/store/SecurityActions.java 2009-04-29 17:51:24 UTC (rev 467) @@ -0,0 +1,70 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.identity.federation.core.saml.v2.metadata.store; + +import java.security.AccessController; +import java.security.PrivilegedAction; +import java.security.PrivilegedActionException; +import java.security.PrivilegedExceptionAction; + +/** + * Privileged Blocks + * @author Anil.Saldhana(a)redhat.com + * @since Mar 17, 2009 + */ +class SecurityActions +{ + static String getSystemProperty(final String key) + { + return AccessController.doPrivileged(new PrivilegedAction<String>() + { + public String run() + { + return System.getProperty(key); + } + }); + } + + static void setSystemProperty( final String key, final String value) + { + AccessController.doPrivileged(new PrivilegedAction<Object>() + { + public Object run() + { + System.setProperty(key, value); + return null; + } + }); + } + + static ClassLoader getContextClassLoader() throws PrivilegedActionException + { + return AccessController.doPrivileged(new PrivilegedExceptionAction<ClassLoader>() + { + public ClassLoader run() throws Exception + { + return Thread.currentThread().getContextClassLoader(); + } + }); + } + +} \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/metadata/FileBasedMetadataConfigurationStoreUnitTestCase.java =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/metadata/FileBasedMetadataConfigurationStoreUnitTestCase.java (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/saml/v2/metadata/FileBasedMetadataConfigurationStoreUnitTestCase.java 2009-04-29 17:51:24 UTC (rev 467) @@ -0,0 +1,106 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.jboss.test.identity.federation.core.saml.v2.metadata; + +import java.io.InputStream; +import java.util.HashMap; +import java.util.Map; + +import javax.xml.bind.JAXBElement; +import javax.xml.bind.Unmarshaller; + +import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory; +import org.jboss.identity.federation.core.saml.v2.metadata.store.FileBasedMetadataConfigurationStore; +import org.jboss.identity.federation.saml.v2.metadata.EntityDescriptorType; + +import junit.framework.TestCase; + + +/** + * Unit test the FileBasedMetadataConfigurationStore + * @author Anil.Saldhana(a)redhat.com + * @since Apr 28, 2009 + */ +public class FileBasedMetadataConfigurationStoreUnitTestCase extends TestCase +{ + String pkgName = "org.jboss.identity.federation.saml.v2.metadata"; + String id = "test"; + + @SuppressWarnings("unchecked") + public void testStore() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream is = + tcl.getResourceAsStream("saml2/metadata/idp-entitydescriptor.xml"); + assertNotNull("Inputstream not null", is); + + Unmarshaller un = JBossSAMLBaseFactory.getUnmarshaller(pkgName); + JAXBElement<EntityDescriptorType> je = (JAXBElement<EntityDescriptorType>) un.unmarshal(is); + EntityDescriptorType edt = je.getValue(); + assertNotNull("EntityDescriptorType not null", edt); + + FileBasedMetadataConfigurationStore fbd = new FileBasedMetadataConfigurationStore(); + fbd.persist(edt, id); + + EntityDescriptorType loaded = fbd.load(id); + assertNotNull("loaded EntityDescriptorType not null", loaded); + fbd.delete(id); + + try + { + fbd.load(id); + fail("Did not delete the metadata persistent file"); + } + catch(Exception t) + { + //pass + } + } + + public void testTrustedProviders() throws Exception + { + FileBasedMetadataConfigurationStore fbd = new FileBasedMetadataConfigurationStore(); + Map<String, String> trustedProviders = new HashMap<String, String>(); + trustedProviders.put("idp1", "http://localhost:8080/idp1/metadata"); + trustedProviders.put("idp2", "http://localhost:8080/idp2/metadata"); + fbd.persistTrustedProviders(id, trustedProviders); + + //Lets get back + Map<String, String> loadTP = fbd.loadTrustedProviders(id); + assertNotNull("Loaded Trusted Providers not null", loadTP); + + assertTrue("idp1", loadTP.containsKey("idp1")); + assertTrue("idp2", loadTP.containsKey("idp2")); + assertTrue("size 2", loadTP.size() == 2); + + fbd.deleteTrustedProviders(id); + try + { + fbd.loadTrustedProviders(id); + fail("Did not delete the trusted providers file"); + } + catch(Exception t) + { + //pass + } + } +} \ No newline at end of file Added: identity-federation/trunk/jboss-identity-fed-core/src/test/resources/saml2/metadata/idp-entitydescriptor.xml =================================================================== --- identity-federation/trunk/jboss-identity-fed-core/src/test/resources/saml2/metadata/idp-entitydescriptor.xml (rev 0) +++ identity-federation/trunk/jboss-identity-fed-core/src/test/resources/saml2/metadata/idp-entitydescriptor.xml 2009-04-29 17:51:24 UTC (rev 467) @@ -0,0 +1,42 @@ +<EntityDescriptor xmlns="urn:oasis:names:tc:SAML:2.0:metadata" + xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion" xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + entityID="https://IdentityProvider.com/SAML"> + <IDPSSODescriptor WantAuthnRequestsSigned="true" + protocolSupportEnumeration="urn:oasis:names:tc:SAML:2.0:protocol"> + + <ArtifactResolutionService isDefault="true" + index="0" Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="https://IdentityProvider.com/SAML/Artifact" /> + <SingleLogoutService Binding="urn:oasis:names:tc:SAML:2.0:bindings:SOAP" + Location="https://IdentityProvider.com/SAML/SLO/SOAP" /> + <SingleLogoutService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="https://IdentityProvider.com/SAML/SLO/Browser" + ResponseLocation="https://IdentityProvider.com/SAML/SLO/Response" /> + <NameIDFormat> + urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName + </NameIDFormat> + <NameIDFormat> + urn:oasis:names:tc:SAML:2.0:nameid-format:persistent + </NameIDFormat> + <NameIDFormat> + urn:oasis:names:tc:SAML:2.0:nameid-format:transient + </NameIDFormat> + <SingleSignOnService + Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect" + Location="https://IdentityProvider.com/SAML/SSO/Browser" /> + <SingleSignOnService Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST" + Location="https://IdentityProvider.com/SAML/SSO/Browser" /> + <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" + Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.6" FriendlyName="eduPersonPrincipalName"> + </saml:Attribute> + <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" + Name="urn:oid:1.3.6.1.4.1.5923.1.1.1.1" FriendlyName="eduPersonAffiliation"> + <saml:AttributeValue>member</saml:AttributeValue> + <saml:AttributeValue>student</saml:AttributeValue> + <saml:AttributeValue>faculty</saml:AttributeValue> + <saml:AttributeValue>employee</saml:AttributeValue> + <saml:AttributeValue>staff</saml:AttributeValue> + </saml:Attribute> + </IDPSSODescriptor> +</EntityDescriptor> \ No newline at end of file