JBoss Identity SVN: r547 - in identity-federation/trunk: jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss and 13 other directories.
1:26 a.m.
Author: sguilhen(a)redhat.com
Date: 2009-05-31 19:25:59 -0400 (Sun, 31 May 2009)
New Revision: 547
Added:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java
Removed:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/trust/
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/trust/
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/DefaultSecurityToken.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/StandardTokenProvider.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/protocol/
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/StandardTokenProvider.java
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/SecurityActions.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java
identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java
Log:
JBID-84: Added signing capabilities to SAML20TokenProvider; Revised the package structure
of the project; Added missing javadocs; Extended the test cases to include tests for the
SAML20TokenProvider.
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/interfaces/TrustKeyManager.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -21,6 +21,7 @@
*/
package org.jboss.identity.federation.bindings.interfaces;
+import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.cert.Certificate;
@@ -67,6 +68,17 @@
throws TrustKeyConfigurationException, TrustKeyProcessingException;
/**
+ * <p>
+ * Constructs a {@code KeyPair} instance containing the signing key ({@code
PrivateKey}) and associated
+ * {@code PublicKey}.
+ * </p>
+ *
+ * @return the constructed {@code KeyPair} object.
+ */
+ KeyPair getSigningKeyPair()
+ throws TrustKeyConfigurationException, TrustKeyProcessingException;
+
+ /**
* Get the certificate given an alias
* @param alias
* @return
Copied:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust
(from rev 546,
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/trust)
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/trust/JBossSTS.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.identity.federation.bindings.jboss.trust;
+package org.jboss.identity.federation.bindings.jboss.wstrust;
import java.io.InputStream;
import java.net.URL;
@@ -40,12 +40,12 @@
import org.jboss.identity.federation.api.wstrust.WSTrustException;
import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory;
import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler;
-import org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecurityToken;
-import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken;
-import
org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenCollection;
-import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponse;
-import
org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponseCollection;
import org.jboss.identity.federation.bindings.config.STSType;
+import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenCollection;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
+import
org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
/**
* <p>
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/trust/JBossSTSConfiguration.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -19,9 +19,9 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.identity.federation.bindings.jboss.trust;
+package org.jboss.identity.federation.bindings.jboss.wstrust;
-import java.security.PrivateKey;
+import java.security.KeyPair;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.Map;
@@ -60,7 +60,7 @@
private TrustKeyManager trustManager;
private WSTrustRequestHandler handler;
-
+
/**
* <p>
* Creates an instance of {@code JBossSTSConfiguration} with default configuration
values.
@@ -220,10 +220,9 @@
/*
* (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getPublicKeyForService(java.lang.String)
+ * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getServiceProviderPublicKey(java.lang.String)
*/
- public PublicKey getPublicKeyForService(String serviceName)
+ public PublicKey getServiceProviderPublicKey(String serviceName)
{
PublicKey key = null;
if (this.trustManager != null)
@@ -242,24 +241,23 @@
/*
* (non-Javadoc)
- *
- * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSigningKey()
+ * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSKeyPair()
*/
- public PrivateKey getSigningKey()
+ public KeyPair getSTSKeyPair()
{
- PrivateKey key = null;
+ KeyPair keyPair = null;
if (this.trustManager != null)
{
try
{
- key = this.trustManager.getSigningKey();
+ keyPair = this.trustManager.getSigningKeyPair();
}
catch (Exception e)
{
- throw new RuntimeException("Error obtaining signing key", e);
+ throw new RuntimeException("Error obtaining signing key pair", e);
}
}
- return key;
+ return keyPair;
}
}
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/SecurityActions.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/trust/SecurityActions.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/SecurityActions.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.identity.federation.bindings.jboss.trust;
+package org.jboss.identity.federation.bindings.jboss.wstrust;
import java.security.AccessController;
import java.security.PrivilegedAction;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/KeyStoreKeyManager.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -24,6 +24,7 @@
import java.io.IOException;
import java.io.InputStream;
import java.security.GeneralSecurityException;
+import java.security.KeyPair;
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
@@ -61,10 +62,10 @@
* a TPM module or a HSM module.
* Also see JBoss XMLKey.
*/
- private Map<String,SecretKey> keys = new HashMap<String,SecretKey>();
+ private final Map<String,SecretKey> keys = new
HashMap<String,SecretKey>();
- private HashMap<String,String> domainAliasMap = new
HashMap<String,String>();
- private HashMap<String,String> authPropsMap = new
HashMap<String,String>();
+ private final HashMap<String,String> domainAliasMap = new
HashMap<String,String>();
+ private final HashMap<String,String> authPropsMap = new
HashMap<String,String>();
private KeyStore ks = null;
@@ -114,6 +115,36 @@
throw new TrustKeyProcessingException(e);
}
}
+
+ /*
+ * (non-Javadoc)
+ * @see
org.jboss.identity.federation.bindings.interfaces.TrustKeyManager#getSigningKeyPair()
+ */
+ public KeyPair getSigningKeyPair()
+ throws TrustKeyConfigurationException, TrustKeyProcessingException
+ {
+ try
+ {
+ if(this.ks == null)
+ this.setUpKeyStore();
+
+ PrivateKey privateKey = this.getSigningKey();
+ PublicKey publicKey = KeyStoreUtil.getPublicKey(this.ks, this.signingAlias,
this.signingKeyPass);
+ return new KeyPair(publicKey, privateKey);
+ }
+ catch (KeyStoreException e)
+ {
+ throw new TrustKeyConfigurationException(e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ catch (IOException e)
+ {
+ throw new TrustKeyProcessingException(e);
+ }
+ }
/**
* @see TrustKeyManager#getCertificate(String)
Copied:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust
(from rev 546,
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/trust)
Deleted:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/DefaultSecurityToken.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/trust/DefaultSecurityToken.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/DefaultSecurityToken.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -1,82 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.identity.federation.bindings.trust;
-
-import java.util.UUID;
-
-import org.jboss.identity.federation.api.wstrust.SecurityToken;
-import org.w3c.dom.Element;
-
-/**
- * <p>
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class DefaultSecurityToken implements SecurityToken
-{
-
- private final String tokenType;
-
- private final String tokenId;
-
- private final Element token;
-
- /**
- *
- * @param tokenType
- * @param token
- */
- public DefaultSecurityToken(String tokenType, Element token)
- {
- this.tokenType = tokenType;
- this.tokenId = UUID.randomUUID().toString();
- this.token = token;
- }
-
- /*
- * (non-Javadoc)
- * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenType()
- */
- public String getTokenType()
- {
- return this.tokenType;
- }
-
- /*
- * (non-Javadoc)
- * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenValue()
- */
- public Object getTokenValue()
- {
- return this.token;
- }
-
- /**
- *
- * @return
- */
- public String getTokenId()
- {
- return this.tokenId;
- }
-}
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/trust/JBossSTSUnitTestCase.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -19,11 +19,16 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.test.identity.federation.bindings.trust;
+package org.jboss.test.identity.federation.bindings.wstrust;
import java.net.URI;
import java.security.Principal;
+import java.util.List;
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.namespace.QName;
import javax.xml.transform.Source;
import javax.xml.ws.EndpointReference;
import javax.xml.ws.WebServiceContext;
@@ -38,18 +43,28 @@
import org.jboss.identity.federation.api.wstrust.WSTrustException;
import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory;
import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler;
-import
org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecurityTokenResponse;
-import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken;
-import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponse;
-import
org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider;
import org.jboss.identity.federation.bindings.jboss.subject.JBossIdentityPrincipal;
-import org.jboss.identity.federation.bindings.jboss.trust.JBossSTS;
+import org.jboss.identity.federation.bindings.jboss.wstrust.JBossSTS;
+import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse;
+import org.jboss.identity.federation.core.wstrust.Lifetime;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
+import
org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType;
+import org.jboss.identity.federation.saml.v2.assertion.ConditionAbstractType;
+import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
+import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
+import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType;
import org.jboss.identity.federation.ws.addressing.AttributedURIType;
import org.jboss.identity.federation.ws.addressing.EndpointReferenceType;
import org.jboss.identity.federation.ws.addressing.ObjectFactory;
import org.jboss.identity.federation.ws.policy.AppliesTo;
-import org.jboss.identity.federation.ws.trust.LifetimeType;
+import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType;
+import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType;
+import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType;
import org.w3c.dom.Element;
/**
@@ -62,30 +77,55 @@
public class JBossSTSUnitTestCase extends TestCase
{
+ private TestSTS tokenService;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see junit.framework.TestCase#setUp()
+ */
+ @Override
+ protected void setUp() throws Exception
+ {
+ // for testing purposes we can instantiate the TestSTS as a regular POJO.
+ this.tokenService = new TestSTS();
+ TestContext context = new TestContext();
+ context.setUserPrincipal(new JBossIdentityPrincipal("sguilhen"));
+ this.tokenService.setContext(context);
+
+ super.setUp();
+ }
+
/**
* <p>
* This test verifies that the STS service can read and load all configuration
parameters correctly. The
* configuration file (jboss-sts.xml) looks like the following:
*
* <pre>
- * <JBossSTS
xmlns="urn:jboss:identity-federation:config:1.0"
+ * <JBossSTS
xmlns="urn:jboss:identity-federation:config:1.0"
* STSName="Test STS" TokenTimeout="7200"
EncryptToken="true">
* <KeyProvider
ClassName="org.jboss.identity.federation.bindings.tomcat.KeyStoreKeyManager">
* <Auth Key="KeyStoreURL"
Value="keystore/sts_keystore.jks"/>
- * <Auth Key="KeyStorePass"
Value="testpass"/>
- * <Auth Key="SigningKeyAlias"
Value="sts"/>
- * <Auth Key="SigningKeyPass"
Value="keypass"/>
- * <ValidatingAlias
Key="http://services.testcorp.org/provider1"
Value="service1"/>
+ * <Auth Key="KeyStorePass"
Value="testpass"/>
+ * <Auth Key="SigningKeyAlias"
Value="sts"/>
+ * <Auth Key="SigningKeyPass"
Value="keypass"/>
+ * <ValidatingAlias
Key="http://services.testcorp.org/provider1"
Value="service1"/>
* <ValidatingAlias
Key="http://services.testcorp.org/provider2"
Value="service2"/>
* </KeyProvider>
- *
<RequestHandler>org.jboss.identity.federation.wstrust.Handler</RequestHandler>
+ *
<RequestHandler>org.jboss.identity.federation.api.wstrust.StandardRequestHandler</RequestHandler>
+ * <TokenProviders>
+ * <TokenProvider
ProviderClass="org.jboss.test.identity.federation.bindings.trust.SpecialTokenProvider"
+ *
TokenType="http://www.tokens.org/SpecialToken"/>
+ * <TokenProvider
ProviderClass="org.jboss.identity.federation.api.wstrust.SAML20TokenProvider"
+ *
TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-p...
+ * </TokenProviders>
* <ServiceProviders>
- * <ServiceProvider
endpoint="http://services.testcorp.org/provider1"
TokenType="specialToken"
+ * <ServiceProvider
Endpoint="http://services.testcorp.org/provider1"
TokenType="http://www.tokens.org/SpecialToken"
* TruststoreAlias="service1"/>
- * <ServiceProvider
endpoint="http://services.testcorp.org/provider2"
TokenType="specialToken"
+ * <ServiceProvider
Endpoint="http://services.testcorp.org/provider2"
TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-p...
* TruststoreAlias="service2"/>
* </ServiceProviders>
- * </JBossSTS>
+ * </JBossSTS> *
* </pre>
*
* </p>
@@ -94,11 +134,8 @@
*/
public void testSTSConfiguration() throws Exception
{
- // for testing purposes we can instantiate the TestSTS as a regular POJO.
- TestSTS sts = new TestSTS();
-
// make the STS read the configuration file.
- STSConfiguration config = sts.getConfiguration();
+ STSConfiguration config = this.tokenService.getConfiguration();
// check the values that have been configured.
assertEquals("Unexpected service name", "Test STS",
config.getSTSName());
@@ -112,16 +149,18 @@
SecurityTokenProvider provider =
config.getProviderForTokenType("http://www.tokens.org/SpecialToken&q...;
assertNotNull("Unexpected null token provider", provider);
assertTrue("Unexpected token provider type", provider instanceof
SpecialTokenProvider);
- provider =
config.getProviderForTokenType("http://www.tokens.org/StandardToken&...;
+ provider = config
+
.getProviderForTokenType("http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0");
assertNotNull("Unexpected null token provider", provider);
- assertTrue("Unexpected token provider type", provider instanceof
StandardTokenProvider);
+ assertTrue("Unexpected token provider type", provider instanceof
SAML20TokenProvider);
assertNull(config.getProviderForTokenType("unexistentType"));
// check the service provider -> token type mapping.
assertEquals("Invalid token type for service provider 1",
"http://www.tokens.org/SpecialToken", config
.getTokenTypeForService("http://services.testcorp.org/provider1"));
- assertEquals("Invalid token type for service provider 2",
"http://www.tokens.org/StandardToken", config
-
.getTokenTypeForService("http://services.testcorp.org/provider2"));
+ assertEquals("Invalid token type for service provider 2",
+
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0",
config
+
.getTokenTypeForService("http://services.testcorp.org/provider2"));
assertNull(config.getTokenTypeForService("http://invalid.service/service"));
// check the service provider -> token provider mapping.
@@ -130,22 +169,24 @@
assertTrue("Unexpected token provider type", provider instanceof
SpecialTokenProvider);
provider =
config.getProviderForService("http://services.testcorp.org/provider2...;
assertNotNull("Unexpected null token provider", provider);
- assertTrue("Unexpected token provider type", provider instanceof
StandardTokenProvider);
+ assertTrue("Unexpected token provider type", provider instanceof
SAML20TokenProvider);
assertNull(config.getProviderForService("http://invalid.service/service"));
// check the keystore configuration.
- assertNotNull("Invalid null private key", config.getSigningKey());
+ assertNotNull("Invalid null STS key pair", config.getSTSKeyPair());
+ assertNotNull("Invalid null STS public key",
config.getSTSKeyPair().getPublic());
+ assertNotNull("Invalid null STS private key",
config.getSTSKeyPair().getPrivate());
assertNotNull("Invalid null validating key for service provider 1",
config
-
.getPublicKeyForService("http://services.testcorp.org/provider1"));
+
.getServiceProviderPublicKey("http://services.testcorp.org/provider1"));
assertNotNull("Invalid null validating key for service provider 2",
config
-
.getPublicKeyForService("http://services.testcorp.org/provider2"));
+
.getServiceProviderPublicKey("http://services.testcorp.org/provider2"));
}
/**
* <p>
- * This tests sets up some simple token providers and then sends security token
requests to JBossSTS. The returned
- * response is verified to make sure the expected tokens have been returned by the
service. The token that is
- * generated in this test looks as follows:
+ * This tests sends a security token request to JBossSTS custom {@code
SpecialTokenProvider}. The returned response
+ * is verified to make sure the expected tokens have been returned by the service. The
token that is generated in
+ * this test looks as follows:
*
* <pre>
* <token:SpecialToken xmlns:token="http://www.tokens.org"
TokenType="http://www.tokens.org/SpecialToken">
@@ -157,115 +198,141 @@
*
* @throws Exception if an error occurs while running the test.
*/
- public void testInvoke() throws Exception
+ public void testInvokeCustom() throws Exception
{
// create a simple token request, asking for a "special" test token.
- RequestSecurityToken request = new RequestSecurityToken();
- request.setContext("testcontext");
- request.setTokenType(new URI("http://www.tokens.org/SpecialToken"));
- request.setRequestType(new
URI("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"));
+ RequestSecurityToken request = this.createRequest("testcontext",
"http://www.tokens.org/SpecialToken", null);
// use the factory to marshall the request.
WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
Source requestMessage = factory.marshallRequestSecurityToken(request);
- // set up the security token service, injecting the context.
- TestSTS tokenService = new TestSTS();
- TestContext context = new TestContext();
- context.setUserPrincipal(new JBossIdentityPrincipal("sguilhen"));
- tokenService.setContext(context);
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ BaseRequestSecurityTokenResponse baseResponse = WSTrustJAXBFactory.getInstance()
+ .parseRequestSecurityTokenResponse(responseMessage);
+ // validate the security token response.
+ this.validateCustomTokenResponse(baseResponse);
+ }
+
+ /**
+ * <p>
+ * This tests sends a SAMLV2.0 security token request to JBossSTS. This request should
be handled by the standard
+ * {@code SAML20TokenProvider} and should result in a SAMLV2.0 assertion that looks
like the following:
+ *
+ * <pre>
+ * <saml2:Assertion
xmlns:saml2="urn:oasis:names:tc:SAML:2.0:assertion"
+ * xmlns:ds="http://www.w3.org/2000/09/xmldsig#"
+ * xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"
+ * ID="ID-cc541137-74dc-4fc0-8bcc-7e9e3a4c899d"
+ *
IssueInstant="2009-05-29T18:02:13.458-03:00">
+ * <saml2:Issuer>
+ * JBossSTS
+ * </saml2:Issuer>
+ * <saml2:Subject>
+ * <saml2:NameID
NameQualifier="http://www.jboss.org">
+ * sguilhen
+ * </saml2:NameID>
+ * <saml2:SubjectConfirmation
Method="urn:oasis:names:tc:SAML:2.0:cm:bearer"/>
+ * </saml2:Subject>
+ * <saml2:Conditions
NotBefore="2009-05-29T18:02:13.458-03:00"
NotOnOrAfter="2009-05-29T19:02:13.458-03:00">
+ * <saml2:AudienceRestriction>
+ * <saml2:Audience>
+ * http://services.testcorp.org/provider2
+ * </saml2:Audience>
+ * </saml2:AudienceRestriction>
+ * </saml2:Conditions>
+ * </saml2:Assertion>
+ * </pre>
+ *
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testInvokeSAML20() throws Exception
+ {
+ // create a simple token request, asking for a SAMLv2.0 token.
+ RequestSecurityToken request = this.createRequest("testcontext",
+
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0",
null);
+
+ // use the factory to marshall the request.
+ WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
+ Source requestMessage = factory.marshallRequestSecurityToken(request);
+
// invoke the token service.
- Source responseMessage = tokenService.invoke(requestMessage);
+ Source responseMessage = this.tokenService.invoke(requestMessage);
BaseRequestSecurityTokenResponse baseResponse = WSTrustJAXBFactory.getInstance()
.parseRequestSecurityTokenResponse(responseMessage);
- // validate the received response.
- assertNotNull("Unexpected null response", baseResponse);
- assertTrue("Unexpected response type", baseResponse instanceof
RequestSecurityTokenResponseCollection);
- RequestSecurityTokenResponseCollection collection =
(RequestSecurityTokenResponseCollection) baseResponse;
- assertEquals("Unexpected number of responses", 1,
collection.getRequestSecurityTokenResponses().size());
- RequestSecurityTokenResponse response =
collection.getRequestSecurityTokenResponses().get(0);
- assertEquals("Unexpected response context", "testcontext",
response.getContext());
- assertEquals("Unexpected token type",
"http://www.tokens.org/SpecialToken", response.getTokenType().toString());
- LifetimeType lifetime = response.getLifetime();
- assertNotNull("Unexpected null token lifetime", lifetime);
-
- // validate the received token.
- RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
- assertNotNull("Unexpected null requested security token",
requestedToken);
- Object token = requestedToken.getAny();
- assertNotNull("Unexpected null token", token);
- assertTrue("Unexpected token class", token instanceof Element);
- Element element = (Element) requestedToken.getAny();
- assertEquals("Unexpected namespace value",
"http://www.tokens.org", element.getNamespaceURI());
- assertEquals("Unexpected attribute value",
"http://www.tokens.org/SpecialToken", element
- .getAttribute("TokenType"));
- assertEquals("Unexpected token value", "Principal:sguilhen",
element.getFirstChild().getNodeValue());
+ // validate the security token response.
+ this.validateSAMLAssertionResponse(baseResponse);
}
/**
* <p>
* This test requests a token to the STS using the {@code AppliesTo} to identify the
service provider. The STS must
- * be able to find out the type of the token that must be issued using the service
provider URI.
+ * be able to find out the type of the token that must be issued using the service
provider URI. In this specific
+ * case, the request should be handled by the custom {@code SpecialTokenProvider}.
* </p>
*
* @throws Exception if an error occurs while running the test.
*/
- public void testInvokeAppliesTo() throws Exception
+ public void testInvokeCustomAppliesTo() throws Exception
{
// create a simple token request, this time using the applies to get to the token
type.
- AttributedURIType attributedURI = new AttributedURIType();
- attributedURI.setValue("http://services.testcorp.org/provider1");
- EndpointReferenceType reference = new EndpointReferenceType();
- reference.setAddress(attributedURI);
- AppliesTo appliesTo = new AppliesTo();
- appliesTo.getAny().add(new ObjectFactory().createEndpointReference(reference));
+ RequestSecurityToken request = this.createRequest("testcontext", null,
"http://services.testcorp.org/provider1");
- RequestSecurityToken request = new RequestSecurityToken();
- request.setContext("testcontext");
- request.setRequestType(new
URI("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"));
- request.setAppliesTo(appliesTo);
-
// use the factory to marshall the request.
WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
Source requestMessage = factory.marshallRequestSecurityToken(request);
- // set up the security token service, injecting the context.
- TestSTS tokenService = new TestSTS();
- TestContext context = new TestContext();
- context.setUserPrincipal(new JBossIdentityPrincipal("sguilhen"));
- tokenService.setContext(context);
+ // invoke the token service.
+ Source responseMessage = this.tokenService.invoke(requestMessage);
+ BaseRequestSecurityTokenResponse baseResponse = WSTrustJAXBFactory.getInstance()
+ .parseRequestSecurityTokenResponse(responseMessage);
+ // validate the security token response.
+ this.validateCustomTokenResponse(baseResponse);
+ }
+
+ /**
+ * <p>
+ * This test requests a token to the STS using the {@code AppliesTo} to identify the
service provider. The STS must
+ * be able to find out the type of the token that must be issued using the service
provider URI. In this specific
+ * case, the request should be handled by the standard {@code SAML20TokenProvider}.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testInvokeSAML20AppliesTo() throws Exception
+ {
+ RequestSecurityToken request = this.createRequest("testcontext", null,
"http://services.testcorp.org/provider2");
+
+ // use the factory to marshall the request.
+ WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
+ Source requestMessage = factory.marshallRequestSecurityToken(request);
+
// invoke the token service.
- Source responseMessage = tokenService.invoke(requestMessage);
+ Source responseMessage = this.tokenService.invoke(requestMessage);
BaseRequestSecurityTokenResponse baseResponse = WSTrustJAXBFactory.getInstance()
.parseRequestSecurityTokenResponse(responseMessage);
- // validate the received response.
- assertNotNull("Unexpected null response", baseResponse);
- assertTrue("Unexpected response type", baseResponse instanceof
RequestSecurityTokenResponseCollection);
- RequestSecurityTokenResponseCollection collection =
(RequestSecurityTokenResponseCollection) baseResponse;
- assertEquals("Unexpected number of responses", 1,
collection.getRequestSecurityTokenResponses().size());
- RequestSecurityTokenResponse response =
collection.getRequestSecurityTokenResponses().get(0);
- assertEquals("Unexpected response context", "testcontext",
response.getContext());
- assertEquals("Unexpected token type",
"http://www.tokens.org/SpecialToken", response.getTokenType().toString());
- LifetimeType lifetime = response.getLifetime();
- assertNotNull("Unexpected null token lifetime", lifetime);
+ // validate the security token response.
+ AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse);
- // validate the received token.
- RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
- assertNotNull("Unexpected null requested security token",
requestedToken);
- Object token = requestedToken.getAny();
- assertNotNull("Unexpected null token", token);
- assertTrue("Unexpected token class", token instanceof Element);
- Element element = (Element) requestedToken.getAny();
- assertEquals("Unexpected namespace value",
"http://www.tokens.org", element.getNamespaceURI());
- assertEquals("Unexpected attribute value",
"http://www.tokens.org/SpecialToken", element
- .getAttribute("TokenType"));
- assertEquals("Unexpected token value", "Principal:sguilhen",
element.getFirstChild().getNodeValue());
+ // in this scenario, the conditions section should have an audience restriction.
+ ConditionsType conditions = assertion.getConditions();
+ assertEquals("Unexpected restriction list size", 1,
conditions.getConditionOrAudienceRestrictionOrOneTimeUse()
+ .size());
+ ConditionAbstractType abstractType =
conditions.getConditionOrAudienceRestrictionOrOneTimeUse().get(0);
+ assertTrue("Unexpected restriction type", abstractType instanceof
AudienceRestrictionType);
+ AudienceRestrictionType audienceRestriction = (AudienceRestrictionType)
abstractType;
+ assertEquals("Unexpected audience restriction list size", 1,
audienceRestriction.getAudience().size());
+ assertEquals("Unexpected audience restriction item",
"http://services.testcorp.org/provider2",
+ audienceRestriction.getAudience().get(0));
}
-
+
/**
* <p>
* This test tries to request a token of an unknown type, checking if an exception is
correctly thrown by the
@@ -286,16 +353,10 @@
WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
Source requestMessage = factory.marshallRequestSecurityToken(request);
- // set up the security token service, injecting the context.
- TestSTS tokenService = new TestSTS();
- TestContext context = new TestContext();
- context.setUserPrincipal(new JBossIdentityPrincipal("sguilhen"));
- tokenService.setContext(context);
-
// invoke the security token service.
try
{
- tokenService.invoke(requestMessage);
+ this.tokenService.invoke(requestMessage);
fail("An exception should have been raised by the security token
service");
}
catch (WebServiceException we)
@@ -309,6 +370,159 @@
/**
* <p>
+ * Validates the contents of a WS-Trust response message that contains a custom token
issued by the test
+ * {@code SpecialTokenProvider}.
+ * </p>
+ *
+ * @param baseResponse a reference to the WS-Trust response that was sent by the STS.
+ * @throws Exception if one of the validation performed fail.
+ */
+ private void validateCustomTokenResponse(BaseRequestSecurityTokenResponse
baseResponse) throws Exception
+ {
+
+ // =============================== WS-Trust Security Token Response Validation
===============================//
+
+ assertNotNull("Unexpected null response", baseResponse);
+ assertTrue("Unexpected response type", baseResponse instanceof
RequestSecurityTokenResponseCollection);
+ RequestSecurityTokenResponseCollection collection =
(RequestSecurityTokenResponseCollection) baseResponse;
+ assertEquals("Unexpected number of responses", 1,
collection.getRequestSecurityTokenResponses().size());
+ RequestSecurityTokenResponse response =
collection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected response context", "testcontext",
response.getContext());
+ assertEquals("Unexpected token type",
"http://www.tokens.org/SpecialToken", response.getTokenType().toString());
+ Lifetime lifetime = response.getLifetime();
+ assertNotNull("Unexpected null token lifetime", lifetime);
+
+ // ========================================= Custom Token Validation
=========================================//
+
+ RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
+ assertNotNull("Unexpected null requested security token",
requestedToken);
+ Object token = requestedToken.getAny();
+ assertNotNull("Unexpected null token", token);
+ assertTrue("Unexpected token class", token instanceof Element);
+ Element element = (Element) requestedToken.getAny();
+ assertEquals("Unexpected namespace value",
"http://www.tokens.org", element.getNamespaceURI());
+ assertEquals("Unexpected attribute value",
"http://www.tokens.org/SpecialToken", element
+ .getAttribute("TokenType"));
+ assertEquals("Unexpected token value", "Principal:sguilhen",
element.getFirstChild().getNodeValue());
+ }
+
+ /**
+ * <p>
+ * Validates the contents of a WS-Trust response message that contains a SAMLV2.0
assertion issued by the
+ * {@code SAML20TokenProvider}.
+ * </p>
+ *
+ * @param baseResponse a reference to the WS-Trust response that was sent by the STS.
+ * @return the SAMLV2.0 assertion that has been extracted from the response. This
object can be used by the test
+ * methods to perform extra validations depending on the scenario being
tested.
+ * @throws Exception if one of the validation performed fail.
+ */
+ private AssertionType validateSAMLAssertionResponse(BaseRequestSecurityTokenResponse
baseResponse) throws Exception
+ {
+
+ // =============================== WS-Trust Security Token Response Validation
===============================//
+
+ assertNotNull("Unexpected null response", baseResponse);
+ assertTrue("Unexpected response type", baseResponse instanceof
RequestSecurityTokenResponseCollection);
+ RequestSecurityTokenResponseCollection collection =
(RequestSecurityTokenResponseCollection) baseResponse;
+ assertEquals("Unexpected number of responses", 1,
collection.getRequestSecurityTokenResponses().size());
+ RequestSecurityTokenResponse response =
collection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected response context", "testcontext",
response.getContext());
+ assertEquals("Unexpected token type",
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0",
+ response.getTokenType().toString());
+ Lifetime lifetime = response.getLifetime();
+ assertNotNull("Unexpected null token lifetime", lifetime);
+
+ // validate the attached token reference.
+ RequestedReferenceType reference = response.getRequestedAttachedReference();
+ assertNotNull("Unexpected null attached reference", reference);
+ SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
+ assertNotNull("Unexpected null security reference", securityRef);
+ String tokenTypeAttr = securityRef.getOtherAttributes().get(
+ new
QName("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1....;,
"TokenType"));
+ assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
+ assertEquals("TokenType attribute has an unexpected value",
+
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0",
tokenTypeAttr);
+ JAXBElement<?> keyIdElement = (JAXBElement<?>)
securityRef.getAny().get(0);
+ KeyIdentifierType keyId = (KeyIdentifierType) keyIdElement.getValue();
+ assertEquals("Unexpected key value type",
+
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID",
keyId.getValueType());
+ assertNotNull("Unexpected null key identifier value", keyId.getValue());
+
+ // ====================================== SAMLV2.0 Assertion Validation
======================================//
+
+ RequestedSecurityTokenType requestedToken = response.getRequestedSecurityToken();
+ assertNotNull("Unexpected null requested security token",
requestedToken);
+
+ // unmarshall the SAMLV2.0 assertion.
+ JAXBContext jaxbContext =
JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion");
+ Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+ JAXBElement<?> assertionElement = (JAXBElement<?>)
unmarshaller.unmarshal((Element) requestedToken.getAny());
+ assertEquals("Unexpected assertion type", AssertionType.class,
assertionElement.getDeclaredType());
+ AssertionType assertion = (AssertionType) assertionElement.getValue();
+
+ // verify the contents of the unmarshalled assertion.
+ assertNotNull("Invalid null assertion ID", assertion.getID());
+ assertEquals(keyId.getValue().substring(1), assertion.getID());
+ assertEquals(lifetime.getCreated(), assertion.getIssueInstant());
+
+ // validate the assertion issuer.
+ assertNotNull("Unexpected null assertion issuer",
assertion.getIssuer());
+ assertEquals("Unexpected assertion issuer name", "Test STS",
assertion.getIssuer().getValue());
+
+ // validate the assertion subject.
+ assertNotNull("Unexpected null subject", assertion.getSubject());
+ List<JAXBElement<?>> content = assertion.getSubject().getContent();
+ assertNotNull("Unexpected null subject content");
+ assertEquals(2, content.size());
+ assertEquals("Unexpected type found", NameIDType.class,
content.get(0).getDeclaredType());
+ NameIDType nameID = (NameIDType) content.get(0).getValue();
+ assertEquals("Unexpected name id qualifier",
"urn:jboss:identity-federation", nameID.getNameQualifier());
+ assertEquals("Unexpected name id value", "sguilhen",
nameID.getValue());
+ assertEquals("Unexpected type found", SubjectConfirmationType.class,
content.get(1).getDeclaredType());
+ SubjectConfirmationType subjType = (SubjectConfirmationType)
content.get(1).getValue();
+ assertEquals("Unexpected confirmation method",
"urn:oasis:names:tc:SAML:2.0:cm:bearer", subjType.getMethod());
+
+ // validate the assertion conditions.
+ assertNotNull("Unexpected null conditions", assertion.getConditions());
+ assertEquals(lifetime.getCreated(), assertion.getConditions().getNotBefore());
+ assertEquals(lifetime.getExpires(), assertion.getConditions().getNotOnOrAfter());
+
+ return assertion;
+ }
+
+ /**
+ * <p>
+ * Utility method that creates a simple WS-Trust request using the specified
information.
+ * </p>
+ *
+ * @param context a {@code String} representing the request context.
+ * @param tokenType a {@code String} representing the type of the requested token.
+ * @param appliesToString a {@code String} representing the URL of a service
provider.
+ * @return the constructed {@code RequestSecurityToken} object.
+ */
+ private RequestSecurityToken createRequest(String context, String tokenType, String
appliesToString)
+ {
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setContext(context);
+ if (tokenType != null)
+ request.setTokenType(URI.create(tokenType));
+
request.setRequestType(URI.create("http://docs.oasis-open.org/ws-sx/...;
+ if (appliesToString != null)
+ {
+ AttributedURIType attributedURI = new AttributedURIType();
+ attributedURI.setValue(appliesToString);
+ EndpointReferenceType reference = new EndpointReferenceType();
+ reference.setAddress(attributedURI);
+ AppliesTo appliesTo = new AppliesTo();
+ appliesTo.getAny().add(new ObjectFactory().createEndpointReference(reference));
+ request.setAppliesTo(appliesTo);
+ }
+ return request;
+ }
+
+ /**
+ * <p>
* Helper class that exposes the JBossSTS methods as public for the tests to work.
* </p>
*
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/trust/SpecialTokenProvider.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -19,7 +19,7 @@
* Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
* 02110-1301 USA, or see the FSF site: http://www.fsf.org.
*/
-package org.jboss.test.identity.federation.bindings.trust;
+package org.jboss.test.identity.federation.bindings.wstrust;
import java.net.URI;
import java.net.URISyntaxException;
@@ -30,6 +30,7 @@
import org.jboss.identity.federation.api.wstrust.SecurityToken;
import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider;
+import org.jboss.identity.federation.api.wstrust.StandardSecurityToken;
import org.jboss.identity.federation.api.wstrust.WSTrustException;
import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext;
import org.w3c.dom.Document;
@@ -88,7 +89,7 @@
root.setAttribute("TokenType", tokenType.toString());
doc.appendChild(root);
- SecurityToken token = new DefaultSecurityToken(tokenType.toString(), root);
+ SecurityToken token = new StandardSecurityToken(tokenType.toString(), root);
context.setSecurityToken(token);
}
catch(ParserConfigurationException pce)
Deleted:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/StandardTokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/trust/StandardTokenProvider.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/StandardTokenProvider.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -1,74 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.identity.federation.bindings.trust;
-
-import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider;
-import org.jboss.identity.federation.api.wstrust.WSTrustException;
-import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext;
-
-/**
- * <p>
- * Mock {@code SecurityTokenProvider} used in the test scenarios.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class StandardTokenProvider implements SecurityTokenProvider
-{
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void cancelToken(WSTrustRequestContext context) throws WSTrustException
- {
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void issueToken(WSTrustRequestContext context) throws WSTrustException
- {
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void renewToken(WSTrustRequestContext context) throws WSTrustException
- {
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void validateToken(WSTrustRequestContext context) throws WSTrustException
- {
- }
-
-}
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml 2009-05-31
23:25:59 UTC (rev 547)
@@ -10,15 +10,15 @@
</KeyProvider>
<RequestHandler>org.jboss.identity.federation.api.wstrust.StandardRequestHandler</RequestHandler>
<TokenProviders>
- <TokenProvider
ProviderClass="org.jboss.test.identity.federation.bindings.trust.SpecialTokenProvider"
+ <TokenProvider
ProviderClass="org.jboss.test.identity.federation.bindings.wstrust.SpecialTokenProvider"
TokenType="http://www.tokens.org/SpecialToken"/>
- <TokenProvider
ProviderClass="org.jboss.test.identity.federation.bindings.trust.StandardTokenProvider"
- TokenType="http://www.tokens.org/StandardToken"/>
+ <TokenProvider
ProviderClass="org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider"
+ TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profi...
</TokenProviders>
<ServiceProviders>
<ServiceProvider Endpoint="http://services.testcorp.org/provider1"
TokenType="http://www.tokens.org/SpecialToken"
TruststoreAlias="service1"/>
- <ServiceProvider Endpoint="http://services.testcorp.org/provider2"
TokenType="http://www.tokens.org/StandardToken"
+ <ServiceProvider Endpoint="http://services.testcorp.org/provider2"
TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profi...
TruststoreAlias="service2"/>
</ServiceProviders>
</JBossSTS>
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -191,7 +191,8 @@
PublicKey publicKey = keyPair.getPublic();
DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
-
+ dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
+
DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
Transform transform = fac.newTransform(Transform.ENVELOPED,
(TransformParameterSpec) null);
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SAML20TokenProvider.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -1,212 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import java.util.ArrayList;
-import java.util.GregorianCalendar;
-import java.util.List;
-import java.util.UUID;
-
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.Marshaller;
-import javax.xml.datatype.DatatypeConfigurationException;
-import javax.xml.datatype.DatatypeFactory;
-import javax.xml.datatype.XMLGregorianCalendar;
-import javax.xml.transform.dom.DOMResult;
-
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
-import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType;
-import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
-import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
-import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
-import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType;
-import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
-import org.jboss.identity.federation.ws.policy.AppliesTo;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-
-import com.sun.xml.bind.marshaller.NamespacePrefixMapper;
-
-/**
- * <p>
- * A {@code SecurityTokenProvider} implementation that handles WS-Trust SAML 2.0 token
requests.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class SAML20TokenProvider implements SecurityTokenProvider
-{
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void cancelToken(WSTrustRequestContext context) throws WSTrustException
- {
- // TODO: implement cancel logic.
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void issueToken(WSTrustRequestContext context) throws WSTrustException
- {
- // generate an id for the new assertion.
- String assertionID = "ID-" + UUID.randomUUID().toString();
-
- // lifetime and audience restrictions.
- GregorianCalendar[] lifetime =
WSTrustUtil.parseLifetime(context.getRequestSecurityToken().getLifetime());
- List<AudienceRestrictionType> audienceRestrictions = null;
- AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
- if (appliesTo != null)
- {
- AudienceRestrictionType restriction = new AudienceRestrictionType();
- restriction.getAudience().add(WSTrustUtil.parseAppliesTo(appliesTo));
- audienceRestrictions = new ArrayList<AudienceRestrictionType>();
- audienceRestrictions.add(restriction);
- }
- ConditionsType conditions = this.createConditions(lifetime[0], lifetime[1],
audienceRestrictions);
-
- // TODO: implement support for the other confirmation methods.
- String confirmationMethod = "urn:oasis:names:tc:SAML:2.0:cm:bearer";
- SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
- subjectConfirmation.setMethod(confirmationMethod);
-
- // create a subject using the caller principal.
- NameIDType nameID = new NameIDType();
- nameID.setValue(context.getCallerPrincipal().getName());
- nameID.setNameQualifier("http://www.jboss.org");
- SubjectType subject = new SubjectType();
- ObjectFactory factory = new ObjectFactory();
- subject.getContent().add(factory.createNameID(nameID));
- subject.getContent().add(factory.createSubjectConfirmation(subjectConfirmation));
-
- // TODO: add SAML statements that corresponds to the claims provided by the
requester.
-
- // generate the SAML assertion.
- AssertionType assertion = new AssertionType();
- NameIDType issuerID = new NameIDType();
- issuerID.setValue(context.getTokenIssuer());
- assertion.setID(assertionID);
- assertion.setIssuer(issuerID);
- assertion.setIssueInstant(this.getXMLCalendar(lifetime[0]));
- assertion.setConditions(conditions);
- assertion.setSubject(subject);
-
- // convert the constructed assertion to element.
- Document document = null;
- try
- {
- document = DocumentUtil.createDocument();
- DOMResult result = new DOMResult(document);
- JAXBContext jaxbContext =
JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion");
- Marshaller marshaller = jaxbContext.createMarshaller();
- marshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper", new
NamespacePrefixMapper()
- {
- @Override
- public String getPreferredPrefix(String namespaceURI, String suggestion,
boolean requirePrefix)
- {
-
if("urn:oasis:names:tc:SAML:2.0:assertion".equals(namespaceURI))
- return "saml2";
- else
if("http://www.w3.org/2001/04/xmlenc#".equals(namespaceURI))
- return "xenc";
- else
if("http://www.w3.org/2000/09/xmldsig#".equals(namespaceURI))
- return "ds";
- else
- return null;
- }
- });
- marshaller.marshal(factory.createAssertion(assertion), result);
-
- Element element = (Element) document.getChildNodes().item(0);
- // TODO: sign the generated SAML assertion.
-
- SecurityToken token = new
StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(),
- assertionID, element);
- context.setSecurityToken(token);
- }
- catch (Exception e)
- {
- throw new RuntimeException(e);
- }
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void renewToken(WSTrustRequestContext context) throws WSTrustException
- {
- // TODO: implement renew logic.
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void validateToken(WSTrustRequestContext context) throws WSTrustException
- {
- // TODO: implemnent validate logic.
- }
-
- /**
- *
- * @param created
- * @param expires
- * @param restrictions
- * @return
- */
- private ConditionsType createConditions(GregorianCalendar created, GregorianCalendar
expires,
- List<AudienceRestrictionType> restrictions)
- {
- ConditionsType conditions = new ConditionsType();
- conditions.setNotBefore(this.getXMLCalendar(created));
- conditions.setNotOnOrAfter(this.getXMLCalendar(expires));
- conditions.getConditionOrAudienceRestrictionOrOneTimeUse().addAll(restrictions);
- return conditions;
- }
-
- /**
- *
- * @param calendar
- * @return
- */
- private XMLGregorianCalendar getXMLCalendar(GregorianCalendar calendar)
- {
- DatatypeFactory factory = null;
- try
- {
- factory = DatatypeFactory.newInstance();
- return factory.newXMLGregorianCalendar(calendar);
- }
- catch (DatatypeConfigurationException dce)
- {
- throw new RuntimeException("Unable to get DatatypeFactory instance",
dce);
- }
- }
-}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -21,7 +21,7 @@
*/
package org.jboss.identity.federation.api.wstrust;
-import java.security.PrivateKey;
+import java.security.KeyPair;
import java.security.PublicKey;
import java.util.Map;
@@ -70,7 +70,7 @@
* @return a reference to the configured {@code WSTrustRequestHandler}.
*/
public WSTrustRequestHandler getRequestHandler();
-
+
/**
* <p>
* Given the name of a service provider, obtains the type of the token that should be
used when issuing tokens to
@@ -81,7 +81,7 @@
* @return a {@code String} representing the type of the token that suits the
specified service.
*/
public String getTokenTypeForService(String serviceName);
-
+
/**
* <p>
* Given the name of a service provider, obtains the provider that must be used when
issuing tokens to clients of
@@ -118,16 +118,16 @@
* @return a {@code Map<String, Object>} containing the additional configuration
options.
*/
public Map<String, Object> getOptions();
-
+
/**
* <p>
- * Obtains the STS {@code PrivateKey} that must be used when signing assertions.
+ * Obtains a reference to the {@code KeyPair} object that contains the STS {@code
PrivateKey} and {@code PublicKey}.
* </p>
*
- * @return a reference to the STS {@code PrivateKey}.
+ * @return a reference to the STS {@code KeyPair}.
*/
- public PrivateKey getSigningKey();
-
+ public KeyPair getSTSKeyPair();
+
/**
* <p>
* Obtains the public key of the specified service provider. The returned key is used
to encrypt issued tokens.
@@ -136,5 +136,5 @@
* @param serviceName the name of the service provider (normally the provider URL).
* @return a reference to the provider's {@code PublicKey}
*/
- public PublicKey getPublicKeyForService(String serviceName);
+ public PublicKey getServiceProviderPublicKey(String serviceName);
}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -21,12 +21,13 @@
*/
package org.jboss.identity.federation.api.wstrust;
+import java.net.URI;
import java.security.Principal;
+import java.security.PublicKey;
-import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken;
-import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponse;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
import org.jboss.identity.federation.ws.policy.AppliesTo;
-import org.jboss.identity.federation.ws.trust.LifetimeType;
import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType;
/**
@@ -66,13 +67,15 @@
// first try to obtain the security token provider using the applies-to contents.
AppliesTo appliesTo = request.getAppliesTo();
+ PublicKey providerPublicKey = null;
if (appliesTo != null)
{
String serviceName = WSTrustUtil.parseAppliesTo(appliesTo);
if (serviceName != null)
{
provider = this.configuration.getProviderForService(serviceName);
-
request.setTokenType(WSTrustUtil.getURI(this.configuration.getTokenTypeForService(serviceName)));
+
request.setTokenType(URI.create(this.configuration.getTokenTypeForService(serviceName)));
+ providerPublicKey =
this.configuration.getServiceProviderPublicKey(serviceName);
}
}
// if applies-to is not available or if no provider was found for the service, use
the token type.
@@ -91,14 +94,15 @@
if (request.getLifetime() == null &&
this.configuration.getIssuedTokenTimeout() != 0)
{
// if no lifetime has been specified, use the configured timeout value.
- LifetimeType lifetime =
WSTrustUtil.createDefaultLifetime(this.configuration.getIssuedTokenTimeout());
- request.setLifetime(lifetime);
+
request.setLifetime(WSTrustUtil.createDefaultLifetime(this.configuration.getIssuedTokenTimeout()));
}
+ requestContext.setSTSKeyPair(this.configuration.getSTSKeyPair());
+ requestContext.setServiceProviderPublicKey(providerPublicKey);
provider.issueToken(requestContext);
-
- if(requestContext.getSecurityToken() == null)
+
+ if (requestContext.getSecurityToken() == null)
throw new WSTrustException("Token issued by provider " +
provider.getClass().getName() + " is null");
-
+
// construct the ws-trust security token response.
RequestedSecurityTokenType requestedSecurityToken = new
RequestedSecurityTokenType();
requestedSecurityToken.setAny(requestContext.getSecurityToken().getTokenValue());
@@ -113,6 +117,13 @@
response.setLifetime(request.getLifetime());
response.setAppliesTo(appliesTo);
response.setRequestedSecurityToken(requestedSecurityToken);
+
+ // set the attached and unattached references.
+ if (requestContext.getAttachedReference() != null)
+
response.setRequestedAttachedReference(requestContext.getAttachedReference());
+ if (requestContext.getUnattachedReference() != null)
+
response.setRequestedUnattachedReference(requestContext.getUnattachedReference());
+
return response;
}
else
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -27,6 +27,10 @@
/**
* <p>
+ * Standard implementation of the {@code SecurityToken} interface. This implementation
stores the issued token as an
+ * {@code Element}. The token providers are responsible for marshaling the security token
into an {@code Element}
+ * instance because the security token marshaling process falls out of the scope of the
STS (the STS only deals with
+ * WS-Trust classes and doesn't know how to marshal each specific token type).
* </p>
*
* @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
@@ -36,53 +40,66 @@
private final String tokenType;
private final String tokenId;
-
+
private final Element token;
/**
+ * <p>
+ * Creates an instance of {@code StandardSecurityToken} with the specified
parameters.
+ * </p>
*
- * @param tokenType
- * @param token
+ * @param tokenType a {@code String} representing the type of the security token. This
is usually the same type as
+ * specified in the WS-Trust request message.
+ * @param token the security token in its {@code Element} form (i.e. the marshaled
security token).
*/
public StandardSecurityToken(String tokenType, Element token)
{
- this(tokenType, UUID.randomUUID().toString(), token);
+ this(tokenType, token, UUID.randomUUID().toString());
}
-
+
/**
+ * <p>
+ * Creates an instance of {@code StandardSecurityToken} with the specified
parameters.
+ * </p>
*
- * @param tokenType
- * @param tokenID
- * @param token
+ * @param tokenType a {@code String} representing the type of the security token. This
is usually the same type as
+ * specified in the WS-Trust request message.
+ * @param token the security token in its {@code Element} form (i.e. the marshaled
security token).
+ * @param tokenID a {@code String} representing the id of the security token.
*/
- public StandardSecurityToken(String tokenType, String tokenID, Element token)
+ public StandardSecurityToken(String tokenType, Element token, String tokenID)
{
this.tokenType = tokenType;
this.tokenId = tokenID;
this.token = token;
}
-
+
/*
* (non-Javadoc)
+ *
* @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenType()
*/
public String getTokenType()
{
return this.tokenType;
}
-
+
/*
* (non-Javadoc)
+ *
* @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenValue()
*/
public Object getTokenValue()
{
return this.token;
}
-
+
/**
+ * <p>
+ * Obtains the id of the security token.
+ * </p>
*
- * @return
+ * @return a {@code String} representing the security token id.
*/
public String getTokenId()
{
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -31,12 +31,19 @@
public class WSTrustConstants
{
public final static String BASE_NAMESPACE =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512";
-
+
+ // WS-Trust request types.
public final static String ISSUE_REQUEST = BASE_NAMESPACE + "/Issue";
-
public final static String RENEW_REQUEST = BASE_NAMESPACE + "/Renew";
-
public final static String CANCEL_REQUEST = BASE_NAMESPACE + "/Cancel";
+ public final static String VALIDATE_REQUEST = BASE_NAMESPACE + "/Validate";
- public final static String VALIDATE_REQUEST = BASE_NAMESPACE + "/Validate";
+ // WSS namespaces values.
+ public final static String WSA_NS = "http://www.w3.org/2005/08/addressing";
+ public final static String WSU_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+ public final static String WSSE_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
+ public final static String WSSE11_NS =
"http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
+ public final static String XENC_NS = "http://www.w3.org/2001/04/xmlenc#";
+ public final static String DSIG_NS = "http://www.w3.org/2000/09/xmldsig#";
+ public final static String SAML2_ASSERTION_NS =
"urn:oasis:names:tc:SAML:2.0:assertion";
}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -29,12 +29,12 @@
import javax.xml.bind.util.JAXBSource;
import javax.xml.transform.Source;
-import org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecurityToken;
-import
org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecurityTokenResponse;
-import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken;
-import
org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenCollection;
-import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponse;
-import
org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenCollection;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
+import
org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
import org.jboss.identity.federation.ws.trust.ObjectFactory;
import org.jboss.identity.federation.ws.trust.RequestSecurityTokenCollectionType;
import
org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseCollectionType;
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -21,14 +21,19 @@
*/
package org.jboss.identity.federation.api.wstrust;
+import java.security.KeyPair;
import java.security.Principal;
+import java.security.PublicKey;
-import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
+import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
+import org.jboss.identity.federation.ws.trust.StatusType;
/**
* <p>
* The {@code WSTrustRequestContext} contains all the information that is relevant for
the security token request
- * processing.
+ * processing. Its attributes are divided into two groups: attributes set by the request
handler before calling a token
+ * provider, and attributes set by the token provider after processing the token
request.
* </p>
*
* @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
@@ -36,14 +41,26 @@
public class WSTrustRequestContext
{
+ // information supplied by the request handler.
+ private String tokenIssuer;
+
+ private KeyPair stsKeyPair;
+
+ private PublicKey providerPublicKey;
+
+ private final Principal callerPrincipal;
+
private final RequestSecurityToken request;
- private final Principal callerPrincipal;
-
+ // information supplied by the token provider.
private SecurityToken securityToken;
-
- private String tokenIssuer;
-
+
+ private StatusType status;
+
+ private RequestedReferenceType attachedReference;
+
+ private RequestedReferenceType unattachedReference;
+
/**
* <p>
* Creates an instance of {@code WSTrustRequestContext} using the specified request.
@@ -51,6 +68,7 @@
*
* @param request a {@code RequestSecurityToken} object that contains the information
about the security token
* request.
+ * @param callerPrincipal the {@code Principal} of the security token requester.
*/
public WSTrustRequestContext(RequestSecurityToken request, Principal callerPrincipal)
{
@@ -60,30 +78,102 @@
/**
* <p>
- * Obtains the object the contains the information about the security token request.
+ * Obtains the name of the token issuer (security token service name).
* </p>
*
- * @return a reference to the {@code RequestSecurityToken} instance.
+ * @return a {@code String} representing the token issuer name.
*/
- public RequestSecurityToken getRequestSecurityToken()
+ public String getTokenIssuer()
{
- return this.request;
+ return tokenIssuer;
}
-
+
/**
* <p>
- * Obtains the principal of the ws-trust token requester.
+ * Sets the name of the token issuer.
* </p>
*
+ * @param tokenIssuer a {@code String} representing the token issuer name.
+ */
+ public void setTokenIssuer(String tokenIssuer)
+ {
+ this.tokenIssuer = tokenIssuer;
+ }
+
+ /**
+ * <p>
+ * Returns a reference to the {@code KeyPair} instance that holds the STS {@code
PrivateKey} and {@code PublicKey}.
+ * </p>
+ *
+ * @return a reference to the STS {@code KeyPair}.
+ */
+ public KeyPair getSTSKeyPair()
+ {
+ return this.stsKeyPair;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code KeyPair} instance that holds the STS {@code PrivateKey} and {@code
PublicKey}.
+ * </p>
+ *
+ * @param stsKeyPair a reference to the {@code KeyPair} instance to be set.
+ */
+ public void setSTSKeyPair(KeyPair stsKeyPair)
+ {
+ this.stsKeyPair = stsKeyPair;
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code PublicKey} of the service provider that requires a security
token.
+ * </p>
+ *
+ * @return the service provider's {@code PublicKey}.
+ */
+ public PublicKey getServiceProviderPublicKey()
+ {
+ return this.providerPublicKey;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code PublicKey} of the service provider that requires a security token.
+ * </p>
+ *
+ * @param providerPublicKey the service provider's {@code PublicKey}.
+ */
+ public void setServiceProviderPublicKey(PublicKey providerPublicKey)
+ {
+ this.providerPublicKey = providerPublicKey;
+ }
+
+ /**
+ * <p>
+ * Obtains the principal of the WS-Trust token requester.
+ * </p>
+ *
* @return a reference to the caller {@code Principal} object.
*/
public Principal getCallerPrincipal()
{
return this.callerPrincipal;
}
-
+
/**
* <p>
+ * Obtains the object the contains the information about the security token request.
+ * </p>
+ *
+ * @return a reference to the {@code RequestSecurityToken} instance.
+ */
+ public RequestSecurityToken getRequestSecurityToken()
+ {
+ return this.request;
+ }
+
+ /**
+ * <p>
* Obtains the security token contained in this context.
* </p>
*
@@ -93,7 +183,7 @@
{
return this.securityToken;
}
-
+
/**
* <p>
* Sets the security token in the context.
@@ -105,28 +195,80 @@
{
this.securityToken = token;
}
-
+
/**
* <p>
- * Obtains the name of the token issuer (security token service name).
+ * Obtains the status of the security token validation.
* </p>
*
- * @return a {@code String} representing the token issuer name.
+ * @return a reference to the resulting {@code StatusType}.
*/
- public String getTokenIssuer()
+ public StatusType getStatus()
{
- return tokenIssuer;
+ return this.status;
}
-
+
/**
* <p>
- * Sets the name of the token issuer.
+ * Sets the status of the security token validation.
* </p>
*
- * @param tokenIssuer a {@code String} representing the token issuer name.
+ * @param status a reference to the {@code StatusType} that represents the validation
status.
*/
- public void setTokenIssuer(String tokenIssuer)
+ public void setStatus(StatusType status)
{
- this.tokenIssuer = tokenIssuer;
+ this.status = status;
}
+
+ /**
+ * <p>
+ * Obtains the security token attached reference. This reference is used to locate the
token inside the WS-Trust
+ * response message when that token doesn't support references using URI
fragments.
+ * </p>
+ *
+ * @return a {@code RequestedReferenceType} representing the attached reference.
+ */
+ public RequestedReferenceType getAttachedReference()
+ {
+ return this.attachedReference;
+ }
+
+ /**
+ * <p>
+ * Sets the security token attached reference. This reference is used to locate the
token inside the WS-Trust
+ * response message when that token doesn't support references using URI
fragments.
+ * </p>
+ *
+ * @param attachedReference a {@code RequestedReferenceType} representing the attached
reference.
+ */
+ public void setAttachedReference(RequestedReferenceType attachedReference)
+ {
+ this.attachedReference = attachedReference;
+ }
+
+ /**
+ * <p>
+ * Obtains the security token unattached reference. This reference is used to locate
the token when it is not placed
+ * inside the WS-Trust response message.
+ * </p>
+ *
+ * @return a {@code RequestedReferenceType} representing the unattached reference.
+ */
+ public RequestedReferenceType getUnattachedReference()
+ {
+ return this.unattachedReference;
+ }
+
+ /**
+ * <p>
+ * Sets the security token unattached reference. This reference is used to locate the
token when it is not placed
+ * inside the WS-Trust response message.
+ * </p>
+ *
+ * @param unattachedReference a {@code RequestedReferenceType} representing the
unattached reference.
+ */
+ public void setUnattachedReference(RequestedReferenceType unattachedReference)
+ {
+ this.unattachedReference = unattachedReference;
+ }
}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -23,8 +23,8 @@
import java.security.Principal;
-import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken;
-import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponse;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
/**
* <p>
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -21,22 +21,20 @@
*/
package org.jboss.identity.federation.api.wstrust;
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.text.ParseException;
-import java.text.SimpleDateFormat;
-import java.util.Calendar;
import java.util.GregorianCalendar;
-import java.util.Locale;
+import java.util.Map;
import javax.xml.bind.JAXBElement;
+import javax.xml.namespace.QName;
+import org.jboss.identity.federation.core.wstrust.Lifetime;
import org.jboss.identity.federation.ws.addressing.AttributedURIType;
import org.jboss.identity.federation.ws.addressing.EndpointReferenceType;
import org.jboss.identity.federation.ws.addressing.ObjectFactory;
import org.jboss.identity.federation.ws.policy.AppliesTo;
-import org.jboss.identity.federation.ws.trust.LifetimeType;
-import org.jboss.identity.federation.ws.wss.utility.AttributedDateTime;
+import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
+import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType;
+import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType;
/**
* <p>
@@ -48,13 +46,54 @@
public class WSTrustUtil
{
- private static final SimpleDateFormat calendarFormatter = new
SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'.'SSS'Z'",
- Locale.getDefault());
+ /**
+ * <p>
+ * Creates an instance of {@code KeyIdentifierType} with the specified values.
+ * </p>
+ *
+ * @param valueType a {@code String} representing the identifier value type.
+ * @param value a {@code String} representing the identifier value.
+ * @return the constructed {@code KeyIdentifierType} instance.
+ */
+ public static KeyIdentifierType createKeyIdentifier(String valueType, String value)
+ {
+ KeyIdentifierType keyIdentifier = new KeyIdentifierType();
+ keyIdentifier.setValueType(valueType);
+ keyIdentifier.setValue(value);
+ return keyIdentifier;
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestedReferenceType} with the specified values.
This method first creates a
+ * {@code SecurityTokenReferenceType} with the specified key identifier and attributes
and then use this reference
+ * to construct the {@code RequestedReferenceType} that is returned.
+ * </p>
+ *
+ * @param keyIdentifier the key identifier of the security token reference.
+ * @param attributes the attributes to be set on the security token reference.
+ * @return the constructed {@code RequestedReferenceType} instance.
+ */
+ public static RequestedReferenceType createRequestedReference(KeyIdentifierType
keyIdentifier,
+ Map<QName, String> attributes)
+ {
+ SecurityTokenReferenceType securityTokenReference = new
SecurityTokenReferenceType();
+ securityTokenReference.getAny().add(
+ new
org.jboss.identity.federation.ws.wss.secext.ObjectFactory().createKeyIdentifier(keyIdentifier));
+ securityTokenReference.getOtherAttributes().putAll(attributes);
+ RequestedReferenceType reference = new RequestedReferenceType();
+ reference.setSecurityTokenReference(securityTokenReference);
+ return reference;
+ }
+
/**
+ * <p>
+ * Creates an instance of {@code AppliesTo} using the specified endpoint address.
+ * </p>
*
- * @param endpointURI
- * @return
+ * @param endpointURI a {@code String} representing the endpoint URI.
+ * @return the constructed {@code AppliesTo} instance.
*/
public static AppliesTo createAppliesTo(String endpointURI)
{
@@ -67,7 +106,7 @@
return appliesTo;
}
-
+
/**
* <p>
* Parses the contents of the {@code AppliesTo} element and returns the address the
uniquely identify the service
@@ -99,80 +138,20 @@
/**
* <p>
- * Creates a {@code LifetimeType} instance that specifies a range of time that starts
at the current GMT time and has
+ * Creates a {@code Lifetime} instance that specifies a range of time that starts at
the current GMT time and has
* the specified duration in milliseconds.
* </p>
*
* @param tokenTimeout the token timeout value (in milliseconds).
- * @return the constructed {@code LifetimeType} instance.
+ * @return the constructed {@code Lifetime} instance.
*/
- public static LifetimeType createDefaultLifetime(long tokenTimeout)
+ public static Lifetime createDefaultLifetime(long tokenTimeout)
{
- long createdTime = System.currentTimeMillis();
- Calendar calendar = new GregorianCalendar();
- calendarFormatter.setTimeZone(calendar.getTimeZone());
+ GregorianCalendar created = new GregorianCalendar();
+ GregorianCalendar expires = new GregorianCalendar();
+ expires.setTimeInMillis(created.getTimeInMillis() + tokenTimeout);
- // instantiate the "created" time.
- calendar.setTimeInMillis(createdTime);
- AttributedDateTime created = new AttributedDateTime();
- created.setValue(calendarFormatter.format(calendar.getTime()));
-
- // instantiate the "expires" time.
- calendar.setTimeInMillis(createdTime + tokenTimeout);
- AttributedDateTime expires = new AttributedDateTime();
- expires.setValue(calendarFormatter.format(calendar.getTime()));
-
- LifetimeType type = new LifetimeType();
- type.setCreated(created);
- type.setExpires(expires);
- return type;
+ return new Lifetime(created, expires);
}
- /**
- * <p>
- * Parses the specified {@code LifetimeType} instance, returning the 'created'
and 'expires' times as
- * {@code GregorianCalendar} objects.
- * </p>
- *
- * @param lifetime the {@code LifetimeType} instance to be parsed.
- * @return a {@code GregorianCalendar[]} containing the parsed 'created' and
'expires' times.
- */
- public static GregorianCalendar[] parseLifetime(LifetimeType lifetime)
- {
- String createdTime = lifetime.getCreated().getValue();
- String expiresTime = lifetime.getExpires().getValue();
-
- try
- {
- GregorianCalendar createdCalendar = new GregorianCalendar();
- createdCalendar.setTime(calendarFormatter.parse(createdTime));
- GregorianCalendar expiresCalendar = new GregorianCalendar();
- expiresCalendar.setTime(calendarFormatter.parse(expiresTime));
- return new GregorianCalendar[] {createdCalendar, expiresCalendar};
- }
- catch (ParseException pe)
- {
- throw new IllegalArgumentException("Error parsing lifetime object",
pe);
- }
- }
-
- /**
- * <p>
- * Utility method for creating URIs without having to deal with the {@code
URISyntaxException}.
- * </p>
- *
- * @param text the URI in its {@code String} form.
- * @return the constructed {@code URI}.
- */
- public static URI getURI(String text)
- {
- try
- {
- return new URI(text);
- }
- catch (URISyntaxException use)
- {
- throw new RuntimeException(use);
- }
- }
}
Added:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAML20TokenProvider.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -0,0 +1,171 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.wstrust.plugins.saml;
+
+import java.net.URI;
+import java.security.KeyPair;
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+import java.util.UUID;
+
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.namespace.QName;
+
+import org.jboss.identity.federation.api.util.XMLSignatureUtil;
+import org.jboss.identity.federation.api.wstrust.SecurityToken;
+import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider;
+import org.jboss.identity.federation.api.wstrust.StandardSecurityToken;
+import org.jboss.identity.federation.api.wstrust.WSTrustConstants;
+import org.jboss.identity.federation.api.wstrust.WSTrustException;
+import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext;
+import org.jboss.identity.federation.api.wstrust.WSTrustUtil;
+import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
+import org.jboss.identity.federation.core.wstrust.Lifetime;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType;
+import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
+import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
+import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType;
+import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
+import org.jboss.identity.federation.ws.policy.AppliesTo;
+import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
+import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType;
+import org.w3c.dom.Document;
+
+/**
+ * <p>
+ * A {@code SecurityTokenProvider} implementation that handles WS-Trust SAML 2.0 token
requests.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class SAML20TokenProvider implements SecurityTokenProvider
+{
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
+ */
+ public void cancelToken(WSTrustRequestContext context) throws WSTrustException
+ {
+ // TODO: implement cancel logic.
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
+ */
+ public void issueToken(WSTrustRequestContext context) throws WSTrustException
+ {
+ // generate an id for the new assertion.
+ String assertionID = "ID-" + UUID.randomUUID().toString();
+
+ // lifetime and audience restrictions.
+ Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
+ AudienceRestrictionType restriction = null;
+ AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
+ if (appliesTo != null)
+ restriction =
SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
+ ConditionsType conditions =
SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
+ restriction);
+
+ // TODO: implement support for the other confirmation methods.
+ String confirmationMethod = SAMLUtil.SAML2_BEARER_URI;
+ SubjectConfirmationType subjectConfirmation =
SAMLAssertionFactory.createSubjectConfirmation(null,
+ confirmationMethod, null);
+
+ // create a subject using the caller principal.
+ Principal principal = context.getCallerPrincipal();
+ String subjectName = principal == null ? "ANONYMOUS" :
principal.getName();
+ NameIDType nameID = SAMLAssertionFactory.createNameID(null,
"urn:jboss:identity-federation", subjectName);
+ SubjectType subject = SAMLAssertionFactory.createSubject(nameID,
subjectConfirmation);
+
+ // TODO: add SAML statements that corresponds to the claims provided by the
requester.
+
+ // create the SAML assertion.
+ NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null,
context.getTokenIssuer());
+ AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID,
issuerID, lifetime.getCreated(),
+ conditions, subject, null);
+
+ // convert the constructed assertion to element.
+ Document document = null;
+ try
+ {
+ document = SAMLUtil.toDocument(assertion);
+ }
+ catch (Exception e)
+ {
+ throw new WSTrustException("Failed to marshall SAMLV2 assertion", e);
+ }
+
+ // sign the generated SAML assertion.
+ KeyPair keyPair = context.getSTSKeyPair();
+ if (keyPair != null)
+ {
+ URI signatureURI = context.getRequestSecurityToken().getSignatureAlgorithm();
+ String signatureMethod = signatureURI != null ? signatureURI.toString() :
SignatureMethod.RSA_SHA1;
+ try
+ {
+ XMLSignatureUtil.sign(document, keyPair, DigestMethod.SHA1, signatureMethod,
"#" + assertionID);
+ }
+ catch (Exception e)
+ {
+ throw new WSTrustException("Failed to sign SAMLV2 assertion", e);
+ }
+ }
+
+ SecurityToken token = new
StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(),
+ document.getDocumentElement(), assertionID);
+ context.setSecurityToken(token);
+
+ // set the SAML assertion attached reference.
+ KeyIdentifierType keyIdentifier =
WSTrustUtil.createKeyIdentifier(SAMLUtil.SAML2_VALUE_TYPE, "#" + assertionID);
+ Map<QName, String> attributes = new HashMap<QName, String>();
+ attributes.put(new QName(WSTrustConstants.WSSE11_NS, "TokenType"),
SAMLUtil.SAML2_TOKEN_TYPE);
+ RequestedReferenceType attachedReference =
WSTrustUtil.createRequestedReference(keyIdentifier, attributes);
+ context.setAttachedReference(attachedReference);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
+ */
+ public void renewToken(WSTrustRequestContext context) throws WSTrustException
+ {
+ // TODO: implement renew logic.
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
+ */
+ public void validateToken(WSTrustRequestContext context) throws WSTrustException
+ {
+ // TODO: implement validate logic.
+ }
+}
Added:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/SAMLUtil.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -0,0 +1,103 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.api.wstrust.plugins.saml;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.Marshaller;
+import javax.xml.parsers.DocumentBuilderFactory;
+import javax.xml.transform.dom.DOMResult;
+
+import org.jboss.identity.federation.api.wstrust.WSTrustConstants;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
+import org.w3c.dom.Document;
+
+import com.sun.xml.bind.marshaller.NamespacePrefixMapper;
+
+/**
+ * <p>
+ * This class contains utility methods and constants that are used by the SAML token
providers.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class SAMLUtil
+{
+
+ public static final String SAML2_BEARER_URI =
"urn:oasis:names:tc:SAML:2.0:cm:bearer";
+
+ public static final String SAML2_TOKEN_TYPE =
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
+
+ public static final String SAML2_VALUE_TYPE =
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";
+
+ /**
+ * <p>
+ * Utility method that marshals the specified {@code AssertionType} object into a
{@code Document} instance.
+ * </p>
+ *
+ * @param assertion an {@code AssertionType} object representing the SAML assertion to
be marshaled.
+ * @return a reference to the {@code Document} that contains the marshaled SAML
assertion.
+ */
+ public static Document toDocument(AssertionType assertion) throws Exception
+ {
+ Document document = null;
+ document =
DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ DOMResult result = new DOMResult(document);
+ JAXBContext jaxbContext =
JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion");
+ Marshaller marshaller = jaxbContext.createMarshaller();
+ marshaller.setProperty("com.sun.xml.bind.namespacePrefixMapper", new
DefaultPrefixMapper());
+ marshaller.marshal(new ObjectFactory().createAssertion(assertion), result);
+
+ return document;
+ }
+
+ /**
+ * <p>
+ * A {@code NamespacePrefixMapper} implementation that maps the most used namespaces
to commonly used prefixes.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan
Guilhen</a>
+ */
+ static class DefaultPrefixMapper extends NamespacePrefixMapper
+ {
+ @Override
+ public String getPreferredPrefix(String namespaceURI, String suggestion, boolean
requirePrefix)
+ {
+ if (WSTrustConstants.WSA_NS.equals(namespaceURI))
+ return "wsa";
+ else if (WSTrustConstants.WSU_NS.equals(namespaceURI))
+ return "wsu";
+ else if (WSTrustConstants.WSSE_NS.equals(namespaceURI))
+ return "wsse";
+ else if (WSTrustConstants.WSSE11_NS.equals(namespaceURI))
+ return "wsse11";
+ else if (WSTrustConstants.XENC_NS.equals(namespaceURI))
+ return "xenc";
+ else if (WSTrustConstants.DSIG_NS.equals(namespaceURI))
+ return "ds";
+ else if (WSTrustConstants.SAML2_ASSERTION_NS.equals(namespaceURI))
+ return "saml2";
+ else
+ return null;
+ }
+ }
+}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -21,7 +21,7 @@
*/
package org.jboss.test.identity.federation.api.wstrust;
-import java.security.PrivateKey;
+import java.security.KeyPair;
import java.security.PublicKey;
import java.util.Map;
@@ -93,9 +93,9 @@
/*
* (non-Javadoc)
*
- * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getPublicKeyForService(java.lang.String)
+ * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getTokenTypeForService(java.lang.String)
*/
- public PublicKey getPublicKeyForService(String serviceName)
+ public String getTokenTypeForService(String serviceName)
{
return null;
}
@@ -123,9 +123,9 @@
/*
* (non-Javadoc)
*
- * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSigningKey()
+ * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getServiceProviderPublicKey(java.lang.String)
*/
- public PrivateKey getSigningKey()
+ public PublicKey getServiceProviderPublicKey(String serviceName)
{
return null;
}
@@ -133,9 +133,9 @@
/*
* (non-Javadoc)
*
- * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getTokenTypeForService(java.lang.String)
+ * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSKeyPair()
*/
- public String getTokenTypeForService(String serviceName)
+ public KeyPair getSTSKeyPair()
{
return null;
}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -27,24 +27,29 @@
import javax.xml.bind.JAXBContext;
import javax.xml.bind.JAXBElement;
import javax.xml.bind.Unmarshaller;
+import javax.xml.namespace.QName;
import junit.framework.TestCase;
-import org.jboss.identity.federation.api.wstrust.SAML20TokenProvider;
import org.jboss.identity.federation.api.wstrust.StandardSecurityToken;
import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext;
import org.jboss.identity.federation.api.wstrust.WSTrustUtil;
-import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken;
+import org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType;
import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType;
import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
+import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
+import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType;
+import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType;
import org.w3c.dom.Element;
/**
* <p>
+ * This {@code TestCase} tests the functionalities of the {@code SAML20TokenProvider}
class.
* </p>
*
* @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
@@ -53,15 +58,18 @@
{
/**
+ * <p>
+ * Tests the issuance of a SAMLV2.0 Assertion.
+ * </p>
*
- * @throws Exception
+ * @throws Exception if an error occurs while running the test.
*/
public void testIssueSAMLToken() throws Exception
{
// create a WSTrustRequestContext with a simple WS-Trust request.
RequestSecurityToken request = new RequestSecurityToken();
request.setLifetime(WSTrustUtil.createDefaultLifetime(3600000));
-
request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.te...;
+
request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.te...;
request.setTokenType(new URI("urn:oasis:names:tc:SAML:2.0:assertion"));
WSTrustRequestContext context = new WSTrustRequestContext(request, new
TestPrincipal("sguilhen"));
@@ -96,7 +104,7 @@
.getConditionOrAudienceRestrictionOrOneTimeUse().get(0);
assertNotNull("Unexpected null audience list",
restrictionType.getAudience());
assertEquals("Unexpected number of audience elements", 1,
restrictionType.getAudience().size());
- assertEquals("Unexpected audience value",
"http://services.testcorp.org/provider1",
+ assertEquals("Unexpected audience value",
"http://services.testcorp.org/provider2",
restrictionType.getAudience().get(0));
// check the contents of the assertion subject.
@@ -111,10 +119,29 @@
assertEquals("Unexpected content type", SubjectConfirmationType.class,
content.getDeclaredType());
SubjectConfirmationType confirmation = (SubjectConfirmationType)
content.getValue();
assertEquals("Unexpected confirmation method",
"urn:oasis:names:tc:SAML:2.0:cm:bearer", confirmation.getMethod());
+
+ // validate the attached token reference created by the SAML provider.
+ RequestedReferenceType reference = context.getAttachedReference();
+ assertNotNull("Unexpected null attached reference", reference);
+ SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
+ assertNotNull("Unexpected null security reference", securityRef);
+ String tokenTypeAttr = securityRef.getOtherAttributes().get(
+ new
QName("http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1....;,
"TokenType"));
+ assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
+ assertEquals("TokenType attribute has an unexpected value",
+
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0",
tokenTypeAttr);
+ JAXBElement<?> keyIdElement = (JAXBElement<?>)
securityRef.getAny().get(0);
+ KeyIdentifierType keyId = (KeyIdentifierType) keyIdElement.getValue();
+ assertEquals("Unexpected key value type",
+
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID",
keyId.getValueType());
+ assertNotNull("Unexpected null key identifier value", keyId.getValue());
+ assertEquals(assertion.getID(), keyId.getValue().substring(1));
+
}
/**
* <p>
+ * Simple {@code Principal} implementation used in the test scenarios.
* </p>
*
* @author <a href="mailto:sguilhen@redhat.com">Stefan
Guilhen</a>
@@ -124,8 +151,11 @@
private final String name;
/**
+ * <p>
+ * Creates an instance of {@code TestPrincipal} with the specified name.
+ * </p>
*
- * @param name
+ * @param name a {@code String} representing the principal name.
*/
public TestPrincipal(String name)
{
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/StandardTokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/StandardTokenProvider.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/StandardTokenProvider.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -1,74 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
- */
-package org.jboss.test.identity.federation.api.wstrust;
-
-import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider;
-import org.jboss.identity.federation.api.wstrust.WSTrustException;
-import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext;
-
-/**
- * <p>
- * Mock {@code SecurityTokenProvider} used in the test scenarios.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class StandardTokenProvider implements SecurityTokenProvider
-{
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void cancelToken(WSTrustRequestContext context) throws WSTrustException
- {
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void issueToken(WSTrustRequestContext context) throws WSTrustException
- {
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void renewToken(WSTrustRequestContext context) throws WSTrustException
- {
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void validateToken(WSTrustRequestContext context) throws WSTrustException
- {
- }
-
-}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -31,12 +31,12 @@
import junit.framework.TestCase;
import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory;
-import org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecurityToken;
-import
org.jboss.identity.federation.api.wstrust.protocol.BaseRequestSecurityTokenResponse;
-import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityToken;
-import
org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenCollection;
-import org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponse;
-import
org.jboss.identity.federation.api.wstrust.protocol.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenCollection;
+import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
+import
org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
import org.jboss.identity.federation.ws.trust.ObjectFactory;
/**
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -30,6 +30,7 @@
import org.jboss.identity.federation.api.wstrust.StandardRequestHandler;
import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler;
import org.jboss.identity.federation.api.wstrust.WSTrustServiceFactory;
+import org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider;
/**
* <p>
@@ -82,21 +83,21 @@
{
WSTrustServiceFactory factory = WSTrustServiceFactory.getInstance();
SecurityTokenProvider provider = factory
-
.createTokenProvider("org.jboss.test.identity.federation.api.wstrust.StandardTokenProvider");
+
.createTokenProvider("org.jboss.test.identity.federation.api.wstrust.SpecialTokenProvider");
assertNotNull("Unexpected null token provider", provider);
- assertTrue("Unexpected token provider type", provider instanceof
StandardTokenProvider);
+ assertTrue("Unexpected token provider type", provider instanceof
SpecialTokenProvider);
provider = factory
-
.createTokenProvider("org.jboss.test.identity.federation.api.wstrust.SpecialTokenProvider");
+
.createTokenProvider("org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider");
assertNotNull("Unexpected null token provider", provider);
- assertTrue("Unexpected token provider type", provider instanceof
SpecialTokenProvider);
-
+ assertTrue("Unexpected token provider type", provider instanceof
SAML20TokenProvider);
+
// try to create an invalid token provider.
try
{
factory.createTokenProvider("InvalidTokenProvider");
fail("An exception should have been raised");
}
- catch(RuntimeException re)
+ catch (RuntimeException re)
{
assertTrue(re.getCause() instanceof PrivilegedActionException);
}
Modified:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java 2009-05-29
20:58:38 UTC (rev 546)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/factories/SAMLAssertionFactory.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -21,19 +21,160 @@
*/
package org.jboss.identity.federation.core.saml.v2.factories;
+import java.util.Arrays;
+import java.util.List;
+
+import javax.xml.datatype.XMLGregorianCalendar;
+
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType;
+import org.jboss.identity.federation.saml.v2.assertion.ConditionAbstractType;
+import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
+import org.jboss.identity.federation.saml.v2.assertion.KeyInfoConfirmationDataType;
+import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
+import org.jboss.identity.federation.saml.v2.assertion.StatementAbstractType;
+import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType;
+import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
/**
* Get the SAML Assertion Object Factory
+ *
* @author Anil.Saldhana(a)redhat.com
* @since Jan 28, 2009
*/
public class SAMLAssertionFactory
{
private static ObjectFactory factory = new ObjectFactory();
-
+
public static ObjectFactory getObjectFactory()
{
return factory;
}
+
+ /**
+ * <p>
+ * Creates an {@code AudienceRestrictionType} with the specified values.
+ * </p>
+ *
+ * @param values a {@code String[]} containing the restriction values.
+ * @return the constructed {@code AudienceRestrictionType} instance.
+ */
+ public static AudienceRestrictionType createAudienceRestriction(String... values)
+ {
+ AudienceRestrictionType audienceRestriction = new AudienceRestrictionType();
+ if (values != null)
+ audienceRestriction.getAudience().addAll(Arrays.asList(values));
+ return audienceRestriction;
+ }
+
+ /**
+ * <p>
+ * Creates a {@code NameIDType} instance with the specified values.
+ * </p>
+ *
+ * @param format a {@code String} representing the name format.
+ * @param qualifier a {@code String} representing the name qualifier.
+ * @param value a {@code String} representing the name value.
+ * @return the constructed {@code NameIDType} instance.
+ */
+ public static NameIDType createNameID(String format, String qualifier, String value)
+ {
+ NameIDType nameID = new NameIDType();
+ nameID.setFormat(format);
+ nameID.setNameQualifier(qualifier);
+ nameID.setValue(value);
+ return nameID;
+ }
+
+ /**
+ * <p>
+ * Creates a {@code Conditions} instance with the specified values.
+ * </p>
+ *
+ * @param notBefore a {@code XMLGregorianCalendar} representing the start of the token
lifetime period.
+ * @param notOnOrAfter a {@code XMLGregorianCalendar} representing the end of the
token lifetime period.
+ * @param restrictions an array containing the applicable restrictions.
+ * @return the constructed {@code Conditions} instance.
+ */
+ public static ConditionsType createConditions(XMLGregorianCalendar notBefore,
XMLGregorianCalendar notOnOrAfter,
+ ConditionAbstractType... restrictions)
+ {
+ ConditionsType conditions = new ConditionsType();
+ conditions.setNotBefore(notBefore);
+ conditions.setNotOnOrAfter(notOnOrAfter);
+ if (restrictions != null)
+
conditions.getConditionOrAudienceRestrictionOrOneTimeUse().addAll(Arrays.asList(restrictions));
+ return conditions;
+ }
+
+ /**
+ * <p>
+ * Creates a {@code SubjectConfirmationType} object with the specified values.
+ * </p>
+ *
+ * @param nameID the identifier of the confirmation.
+ * @param confirmationMethod a {@code String} representing the confirmation method.
+ * @param keyInfoData the {@code KeyInfoConfirmationDataType} instance that contains
the proof of possession key.
+ * @return the constructed {@code SubjectConfirmationType} instance.
+ */
+ public static SubjectConfirmationType createSubjectConfirmation(NameIDType nameID,
String confirmationMethod,
+ KeyInfoConfirmationDataType keyInfoData)
+ {
+ SubjectConfirmationType subjectConfirmation = new SubjectConfirmationType();
+ subjectConfirmation.setNameID(nameID);
+ subjectConfirmation.setMethod(confirmationMethod);
+ subjectConfirmation.setSubjectConfirmationData(keyInfoData);
+ return subjectConfirmation;
+ }
+
+ /**
+ * <p>
+ * Creates a {@code SubjectType} object with the specified values.
+ * </p>
+ *
+ * @param nameID the identifier of the subject.
+ * @param confirmation the {@code SubjectConfirmationType} that is used to establish
the correspondence between the
+ * subject and claims of SAML statements.
+ * @return the constructed {@code SubjectType} instance.
+ */
+ public static SubjectType createSubject(NameIDType nameID, SubjectConfirmationType
confirmation)
+ {
+ SubjectType subject = new SubjectType();
+ ObjectFactory factory = getObjectFactory();
+ if (nameID != null)
+ subject.getContent().add(factory.createNameID(nameID));
+ if (confirmation != null)
+ subject.getContent().add(factory.createSubjectConfirmation(confirmation));
+ return subject;
+ }
+
+ /**
+ * <p>
+ * Creates a SAMLV2 {@code AssertionType} with the specified values.
+ * </p>
+ *
+ * @param id a {@code String} representing the assertion ID.
+ * @param issuerID a {@code NameIDType} that identifies the assertion issuer.
+ * @param issueInstant the assertion time of creation.
+ * @param conditions the {@code ConditionsType} that specify the conditions under
which the assertion is to be
+ * considered valid
+ * @param subject the {@code SubjectType} that identifies the authenticated
principal.
+ * @param statements a list of statements associated with the authenticated
principal.
+ * @return
+ */
+ public static AssertionType createAssertion(String id, NameIDType issuerID,
XMLGregorianCalendar issueInstant,
+ ConditionsType conditions, SubjectType subject,
List<StatementAbstractType> statements)
+ {
+ AssertionType assertion = new AssertionType();
+ assertion.setID(id);
+ assertion.setIssuer(issuerID);
+ assertion.setIssueInstant(issueInstant);
+ assertion.setConditions(conditions);
+ assertion.setSubject(subject);
+ if (statements != null)
+
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().addAll(statements);
+ return assertion;
+ }
+
}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -0,0 +1,33 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+/**
+ * <p>
+ * Marker interface for the request security token types.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public interface BaseRequestSecurityToken
+{
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -0,0 +1,33 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+/**
+ * <p>
+ * Marker interface for the security token response types.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public interface BaseRequestSecurityTokenResponse
+{
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -0,0 +1,236 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.util.GregorianCalendar;
+
+import javax.xml.datatype.DatatypeConfigurationException;
+import javax.xml.datatype.DatatypeFactory;
+import javax.xml.datatype.XMLGregorianCalendar;
+
+import org.jboss.identity.federation.ws.trust.LifetimeType;
+import org.jboss.identity.federation.ws.wss.utility.AttributedDateTime;
+
+/**
+ * <p>
+ * This class represents a WS-Trust {@code Lifetime}. It wraps the JAXB {@code
LifetimeType} and offer methods that
+ * allows for easy retrieval of the creation and expiration times as {@code
XMLGregorianCalendar} and
+ * {@code GregorianCalendar} objects.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class Lifetime
+{
+
+ private final LifetimeType delegate;
+
+ private XMLGregorianCalendar created;
+
+ private XMLGregorianCalendar expires;
+
+ private DatatypeFactory factory;
+
+ /**
+ * <p>
+ * Creates an instance of {@code Lifetime} with the specified parameters.
+ * </p>
+ *
+ * @param created a {@code GregorianCalendar} representing the token creation time.
+ * @param expires a {@code GregorianCalendar} representing the token expiration time.
+ */
+ public Lifetime(GregorianCalendar created, GregorianCalendar expires)
+ {
+ try
+ {
+ this.factory = DatatypeFactory.newInstance();
+ }
+ catch (DatatypeConfigurationException dce)
+ {
+ throw new RuntimeException("Unable to get DatatypeFactory instance",
dce);
+ }
+
+ // normalize the parameters (convert to UTC).
+ this.created = factory.newXMLGregorianCalendar(created).normalize();
+ this.expires = factory.newXMLGregorianCalendar(expires).normalize();
+
+ // set the delegate fields.
+ this.delegate = new LifetimeType();
+ AttributedDateTime dateTime = new AttributedDateTime();
+ dateTime.setValue(this.created.toXMLFormat());
+ this.delegate.setCreated(dateTime);
+ dateTime = new AttributedDateTime();
+ dateTime.setValue(this.expires.toXMLFormat());
+ this.delegate.setExpires(dateTime);
+
+ }
+
+ /**
+ * <p>
+ * Creates a {@code Lifetime} instance using the specified {@code LifetimeType}.
+ * </p>
+ *
+ * @param lifetime a reference to the {@code LifetimeType} instance that contains the
information used in the
+ * {@code Lifetime} construction.
+ */
+ public Lifetime(LifetimeType lifetime)
+ {
+ if (lifetime == null)
+ throw new IllegalArgumentException("Unable to create a Lifetime object from
a null LifetimeType");
+
+ try
+ {
+ this.factory = DatatypeFactory.newInstance();
+ }
+ catch (DatatypeConfigurationException dce)
+ {
+ throw new RuntimeException("Unable to get DatatypeFactory instance",
dce);
+ }
+ this.delegate = lifetime;
+
+ // construct the created and expires instances from the lifetime object.
+ this.created = factory.newXMLGregorianCalendar(lifetime.getCreated().getValue());
+ this.expires = factory.newXMLGregorianCalendar(lifetime.getExpires().getValue());
+
+ // check if the supplied lifetime needs to be normalized.
+ if (this.created.getTimezone() != 0)
+ {
+ this.created = this.created.normalize();
+ this.delegate.getCreated().setValue(this.created.toXMLFormat());
+ }
+ if (this.expires.getTimezone() != 0)
+ {
+ this.expires = this.expires.normalize();
+ this.delegate.getExpires().setValue(this.expires.toXMLFormat());
+ }
+ }
+
+ /**
+ * <p>
+ * Obtains the creation time as a {@code XMLGregorianCalendar}.
+ * </p>
+ *
+ * @return a reference to the {@code XMLGregorianCalendar} that represents the
creation time.
+ */
+ public XMLGregorianCalendar getCreated()
+ {
+ return this.created;
+ }
+
+ /**
+ * <p>
+ * Sets the creation time.
+ * </p>
+ *
+ * @param created a reference to the {@code XMLGregorianCalendar} that represents the
creation time to be set.
+ */
+ public void setCreated(XMLGregorianCalendar created)
+ {
+ this.created = created.normalize();
+ this.delegate.getCreated().setValue(this.created.toXMLFormat());
+ }
+
+ /**
+ * <p>
+ * Obtains the creation time as a {@code GregorianCalendar}.
+ * </p>
+ *
+ * @return a reference to the {@code GregorianCalendar} that represents the creation
time.
+ */
+ public GregorianCalendar getCreatedCalendar()
+ {
+ return this.created.toGregorianCalendar();
+ }
+
+ /**
+ * <p>
+ * Sets the creation time.
+ * </p>
+ *
+ * @param created a reference to the {@code GregorianCalendar} that represents the
creation time to be set.
+ */
+ public void setCreatedCalendar(GregorianCalendar created)
+ {
+ this.setCreated(this.factory.newXMLGregorianCalendar(created));
+ }
+
+ /**
+ * <p>
+ * Obtains the expiration time as a {@code XMLGregorianCalendar}.
+ * </p>
+ *
+ * @return a reference to the {@code XMLGregorianCalendar} that represents the
expiration time.
+ */
+ public XMLGregorianCalendar getExpires()
+ {
+ return this.expires;
+ }
+
+ /**
+ * <p>
+ * Sets the expiration time.
+ * </p>
+ *
+ * @param expires a reference to the {@code XMLGregorianCalendar} that represents the
expiration time.
+ */
+ public void setExpires(XMLGregorianCalendar expires)
+ {
+ this.expires = expires.normalize();
+ this.delegate.getExpires().setValue(this.expires.toXMLFormat());
+ }
+
+ /**
+ * <p>
+ * Obtains the expiration time as a {@code GregorianCalendar}.
+ * </p>
+ *
+ * @return a reference to the {@code GregorianCalendar} that represents the expiration
time.
+ */
+ public GregorianCalendar getExpiresCalendar()
+ {
+ return this.expires.toGregorianCalendar();
+ }
+
+ /**
+ * <p>
+ * Sets the expiration time.
+ * </p>
+ *
+ * @param expires a reference to the {@code GregorianCalendar} that represents the
expiration time.
+ */
+ public void setExpiresCalendar(GregorianCalendar expires)
+ {
+ this.setExpires(this.factory.newXMLGregorianCalendar(expires));
+ }
+
+ /**
+ * <p>
+ * Obtains a reference to the {@code LifetimeType} delegate.
+ * </p>
+ *
+ * @return a reference to the delegate instance.
+ */
+ public LifetimeType getDelegate()
+ {
+ return this.delegate;
+ }
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -0,0 +1,1001 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.namespace.QName;
+
+import org.jboss.identity.federation.ws.addressing.EndpointReferenceType;
+import org.jboss.identity.federation.ws.policy.AppliesTo;
+import org.jboss.identity.federation.ws.policy.Policy;
+import org.jboss.identity.federation.ws.policy.PolicyReference;
+import org.jboss.identity.federation.ws.trust.AllowPostdatingType;
+import org.jboss.identity.federation.ws.trust.ClaimsType;
+import org.jboss.identity.federation.ws.trust.DelegateToType;
+import org.jboss.identity.federation.ws.trust.EncryptionType;
+import org.jboss.identity.federation.ws.trust.EntropyType;
+import org.jboss.identity.federation.ws.trust.LifetimeType;
+import org.jboss.identity.federation.ws.trust.ObjectFactory;
+import org.jboss.identity.federation.ws.trust.OnBehalfOfType;
+import org.jboss.identity.federation.ws.trust.ProofEncryptionType;
+import org.jboss.identity.federation.ws.trust.RenewingType;
+import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType;
+import org.jboss.identity.federation.ws.trust.UseKeyType;
+
+/**
+ * <p>
+ * This class represents a WS-Trust {@code RequestSecurityToken}. It wraps the JAXB
representation of the security
+ * token request and offers a series of getter/setter methods that make it easy to work
with elements that are
+ * represented by the {@code Any} XML type.
+ * </p>
+ * <p>
+ * The following shows the intended content model of a {@code RequestSecurityToken}:
+ *
+ * <pre>
+ * <xs:element ref='wst:TokenType' minOccurs='0' />
+ * <xs:element ref='wst:RequestType' />
+ * <xs:element ref='wsp:AppliesTo' minOccurs='0' />
+ * <xs:element ref='wst:Claims' minOccurs='0' />
+ * <xs:element ref='wst:Entropy' minOccurs='0' />
+ * <xs:element ref='wst:Lifetime' minOccurs='0' />
+ * <xs:element ref='wst:AllowPostdating' minOccurs='0'
/>
+ * <xs:element ref='wst:Renewing' minOccurs='0' />
+ * <xs:element ref='wst:OnBehalfOf' minOccurs='0' />
+ * <xs:element ref='wst:Issuer' minOccurs='0' />
+ * <xs:element ref='wst:AuthenticationType' minOccurs='0'
/>
+ * <xs:element ref='wst:KeyType' minOccurs='0' />
+ * <xs:element ref='wst:KeySize' minOccurs='0' />
+ * <xs:element ref='wst:SignatureAlgorithm' minOccurs='0'
/>
+ * <xs:element ref='wst:Encryption' minOccurs='0' />
+ * <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0'
/>
+ * <xs:element ref='wst:CanonicalizationAlgorithm'
minOccurs='0' />
+ * <xs:element ref='wst:ProofEncryption' minOccurs='0'
/>
+ * <xs:element ref='wst:UseKey' minOccurs='0' />
+ * <xs:element ref='wst:SignWith' minOccurs='0' />
+ * <xs:element ref='wst:EncryptWith' minOccurs='0' />
+ * <xs:element ref='wst:DelegateTo' minOccurs='0' />
+ * <xs:element ref='wst:Forwardable' minOccurs='0' />
+ * <xs:element ref='wst:Delegatable' minOccurs='0' />
+ * <xs:element ref='wsp:Policy' minOccurs='0' />
+ * <xs:element ref='wsp:PolicyReference' minOccurs='0'
/>
+ * <xs:any namespace='##other' processContents='lax'
minOccurs='0' maxOccurs='unbounded' />
+ * </pre>
+ *
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class RequestSecurityToken implements BaseRequestSecurityToken
+{
+
+ private final RequestSecurityTokenType delegate;
+
+ private URI tokenType;
+
+ private URI requestType;
+
+ private AppliesTo appliesTo;
+
+ private ClaimsType claims;
+
+ private EntropyType entropy;
+
+ private Lifetime lifetime;
+
+ private AllowPostdatingType allowPostDating;
+
+ private RenewingType renewing;
+
+ private OnBehalfOfType onBehalfOf;
+
+ private EndpointReferenceType issuer;
+
+ private URI authenticationType;
+
+ private URI keyType;
+
+ private long keySize;
+
+ private URI signatureAlgorithm;
+
+ private EncryptionType encryption;
+
+ private URI encryptionAlgorithm;
+
+ private URI canonicalizationAlgorithm;
+
+ private ProofEncryptionType proofEncryption;
+
+ private UseKeyType useKey;
+
+ private URI signWith;
+
+ private URI encryptWith;
+
+ private DelegateToType delegateTo;
+
+ private boolean forwardable;
+
+ private boolean delegatable;
+
+ private Policy policy;
+
+ private PolicyReference policyReference;
+
+ private final List<Object> extensionElements = new ArrayList<Object>();
+
+ private final ObjectFactory factory = new ObjectFactory();
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityToken}.
+ * </p>
+ */
+ public RequestSecurityToken()
+ {
+ this.delegate = new RequestSecurityTokenType();
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityToken} using the specified delegate.
+ * </p>
+ *
+ * @param delegate the JAXB {@code RequestSecurityTokenType} that represents a
WS-Trust token request.
+ */
+ public RequestSecurityToken(RequestSecurityTokenType delegate)
+ {
+ this.delegate = delegate;
+ // parse the delegate's Any contents.
+ try
+ {
+ for (Object obj : this.delegate.getAny())
+ {
+ if (obj instanceof AppliesTo)
+ {
+ this.appliesTo = (AppliesTo) obj;
+ }
+ else if (obj instanceof Policy)
+ {
+ this.policy = (Policy) obj;
+ }
+ else if (obj instanceof PolicyReference)
+ {
+ this.policyReference = (PolicyReference) obj;
+ }
+ else if (obj instanceof JAXBElement)
+ {
+ JAXBElement<?> element = (JAXBElement<?>) obj;
+ String localName = element.getName().getLocalPart();
+ if (localName.equalsIgnoreCase("TokenType"))
+ this.tokenType = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("RequestType"))
+ this.requestType = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("Claims"))
+ this.claims = (ClaimsType) element.getValue();
+ else if (localName.equalsIgnoreCase("Entropy"))
+ this.entropy = (EntropyType) element.getValue();
+ else if (localName.equalsIgnoreCase("Lifetime"))
+ this.lifetime = new Lifetime((LifetimeType) element.getValue());
+ else if (localName.equalsIgnoreCase("AllowPostdating"))
+ this.allowPostDating = (AllowPostdatingType) element.getValue();
+ else if (localName.equalsIgnoreCase("Renewing"))
+ this.renewing = (RenewingType) element.getValue();
+ else if (localName.equalsIgnoreCase("OnBehalfOf"))
+ this.onBehalfOf = (OnBehalfOfType) element.getValue();
+ else if (localName.equalsIgnoreCase("Issuer"))
+ this.issuer = (EndpointReferenceType) element.getValue();
+ else if (localName.equalsIgnoreCase("AuthenticationType"))
+ this.authenticationType = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("KeyType"))
+ this.keyType = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("KeySize"))
+ this.keySize = (Long) element.getValue();
+ else if (localName.equalsIgnoreCase("SignatureAlgorithm"))
+ this.signatureAlgorithm = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("Encryption"))
+ this.encryption = (EncryptionType) element.getValue();
+ else if (localName.equalsIgnoreCase("EntropyAlgorithm"))
+ this.encryptionAlgorithm = new URI((String) element.getValue());
+ else if
(localName.equalsIgnoreCase("CanonicalizationAlgorithm"))
+ this.canonicalizationAlgorithm = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("ProofEncryption"))
+ this.proofEncryption = (ProofEncryptionType) element.getValue();
+ else if (localName.equalsIgnoreCase("UseKey"))
+ this.useKey = (UseKeyType) element.getValue();
+ else if (localName.equalsIgnoreCase("SignWith"))
+ this.signWith = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("EncryptWith"))
+ this.encryptWith = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("DelegateTo"))
+ this.delegateTo = (DelegateToType) element.getValue();
+ else if (localName.equalsIgnoreCase("Forwardable"))
+ this.forwardable = (Boolean) element.getValue();
+ else if (localName.equalsIgnoreCase("Delegatable"))
+ this.delegatable = (Boolean) element.getValue();
+ else
+ this.extensionElements.add(element.getValue());
+ }
+ else
+ {
+ this.extensionElements.add(obj);
+ }
+ }
+ }
+ catch (URISyntaxException e)
+ {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code URI} that identifies the token type.
+ * </p>
+ *
+ * @return a {@code URI} that represents the token type.
+ */
+ public URI getTokenType()
+ {
+ return tokenType;
+ }
+
+ /**
+ * <p>
+ * Sets the token type.
+ * </p>
+ *
+ * @param tokenType a {@code URI} that identifies the token type.
+ */
+ public void setTokenType(URI tokenType)
+ {
+ this.tokenType = tokenType;
+ this.delegate.getAny().add(this.factory.createTokenType(tokenType.toString()));
+
+ }
+
+ /**
+ * <p>
+ * Obtains the request type.
+ * </p>
+ *
+ * @return a {@code URI} that identifies the request type.
+ */
+ public URI getRequestType()
+ {
+ return requestType;
+ }
+
+ /**
+ * <p>
+ * Sets the request type. The type must be one of the request types described in the
WS-Trust specification.
+ * </p>
+ *
+ * @param requestType a {@code URI} that identifies the request type.
+ */
+ public void setRequestType(URI requestType)
+ {
+ this.requestType = requestType;
+
this.delegate.getAny().add(this.factory.createRequestType(requestType.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code AppliesTo} value of this request. The {@code AppliesTo} object
identifies the service provider
+ * (web service) that requires a token to be presented by clients. A STS uses this
object to find the type of the
+ * token that is accepted by the service provider so that it can issue appropriate
tokens to clients.
+ * </p>
+ *
+ * @return the reference to the {@code AppliesTo} object.
+ */
+ public AppliesTo getAppliesTo()
+ {
+ return appliesTo;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code AppliesTo} value of this request. The {@code AppliesTo} object
identifies the service provider
+ * (web service) that requires a token to be presented by clients. A STS uses this
object to find the type of the
+ * token that is accepted by the service provider so that it can issue appropriate
tokens to clients.
+ * </p>
+ *
+ * @param appliesTo a reference to the {@code AppliesTo} object that identifies the
service provider.
+ */
+ public void setAppliesTo(AppliesTo appliesTo)
+ {
+ this.appliesTo = appliesTo;
+ this.delegate.getAny().add(appliesTo);
+ }
+
+ /**
+ * <p>
+ * Obtains the set of claims of this request.
+ * </p>
+ *
+ * @return a reference to the {@code ClaimsType} object that represents the
request's claims.
+ */
+ public ClaimsType getClaims()
+ {
+ return claims;
+ }
+
+ /**
+ * <p>
+ * Sets the claims of this request.
+ * </p>
+ *
+ * @param claims the {@code ClaimsType} object that represents the claims to be set.
+ */
+ public void setClaims(ClaimsType claims)
+ {
+ this.claims = claims;
+ this.delegate.getAny().add(this.factory.createClaims(claims));
+ }
+
+ /**
+ * <p>
+ * Obtains the entropy that will be used in creating the key.
+ * </p>
+ *
+ * @return a reference to the {@code EntropyType} that represents the entropy.
+ */
+ public EntropyType getEntropy()
+ {
+ return entropy;
+ }
+
+ /**
+ * <p>
+ * Sets the entropy that must be used when creating the key.
+ * </p>
+ *
+ * @param entropy the {@code EntropyType} representing the entropy to be set.
+ */
+ public void setEntropy(EntropyType entropy)
+ {
+ this.entropy = entropy;
+ this.delegate.getAny().add(this.factory.createEntropy(entropy));
+ }
+
+ /**
+ * <p>
+ * Obtains the desired lifetime of the requested token.
+ * </p>
+ *
+ * @return a reference to the {@code Lifetime} that represents the lifetime.
+ */
+ public Lifetime getLifetime()
+ {
+ return lifetime;
+ }
+
+ /**
+ * <p>
+ * Sets the desired lifetime of the requested token.
+ * </p>
+ *
+ * @param lifetime the {@code Lifetime} object representing the lifetime to be set.
+ */
+ public void setLifetime(Lifetime lifetime)
+ {
+ this.lifetime = lifetime;
+ this.delegate.getAny().add(this.factory.createLifetime(lifetime.getDelegate()));
+ }
+
+ /**
+ * <p>
+ * Checks whether a request for a postdated token should be allowed or not.
+ * </p>
+ *
+ * @return {@code null} if the token can't have a future lifetime (e.g. a token to
be used the next day); a
+ * {@code AllowPostdatingType} otherwise.
+ */
+ public AllowPostdatingType getAllowPostDating()
+ {
+ return allowPostDating;
+ }
+
+ /**
+ * <p>
+ * Specifies whether a request for a postdated token should be allowed or not.
+ * </p>
+ *
+ * @param allowPostDating {@code null} if the token can't have a future lifetime
(e.g. a token to be used the next
+ * day); a {@code AllowPostdatingType} otherwise.
+ */
+ public void setAllowPostDating(AllowPostdatingType allowPostDating)
+ {
+ this.allowPostDating = allowPostDating;
+ this.delegate.getAny().add(this.factory.createAllowPostdating(allowPostDating));
+ }
+
+ /**
+ * <p>
+ * Obtains the renew semantics for this request.
+ * </p>
+ *
+ * @return a reference to the {@code RenewingType} that represents the renew semantics
for this request.
+ */
+ public RenewingType getRenewing()
+ {
+ return renewing;
+ }
+
+ /**
+ * <p>
+ * Sets the renew semantics for this request.
+ * </p>
+ *
+ * @param renewing the {@code RenewingType} object representing the semantics to be
set.
+ */
+ public void setRenewing(RenewingType renewing)
+ {
+ this.renewing = renewing;
+ this.delegate.getAny().add(this.factory.createRenewing(renewing));
+ }
+
+ /**
+ * <p>
+ * Obtains the identity on whose behalf this request was made.
+ * </p>
+ *
+ * @return a reference to the {@code OnBehalfOfType} that represents the identity on
whose behalf this request was
+ * made.
+ */
+ public OnBehalfOfType getOnBehalfOf()
+ {
+ return onBehalfOf;
+ }
+
+ /**
+ * <p>
+ * Specifies the identity on whose behalf this request is being made.
+ * </p>
+ *
+ * @param onBehalfOf the {@code OnBehalfOfType} object representing the identity to be
set.
+ */
+ public void setOnBehalfOf(OnBehalfOfType onBehalfOf)
+ {
+ this.onBehalfOf = onBehalfOf;
+ this.delegate.getAny().add(this.factory.createOnBehalfOf(onBehalfOf));
+ }
+
+ /**
+ * <p>
+ * Obtains the issuer of the token included in the request in the scenarios where the
requestor is obtaining a token
+ * on behalf of another party.
+ * </p>
+ *
+ * @return a reference to the {@code EndpointReferenceType} that represents the
issuer.
+ */
+ public EndpointReferenceType getIssuer()
+ {
+ return this.issuer;
+ }
+
+ /**
+ * <p>
+ * Sets the issuer of the token included in the request in scenarios where the
requestor is obtaining a token on
+ * behalf of another party.
+ * </p>
+ *
+ * @param issuer the {@code EndpointReferenceType} object representing the issuer to
be set.
+ */
+ public void setIssuer(EndpointReferenceType issuer)
+ {
+ this.issuer = issuer;
+ this.delegate.getAny().add(this.factory.createIssuer(issuer));
+ }
+
+ /**
+ * <p>
+ * Obtains the type of authentication that has been set as part of the request.
+ * </p>
+ *
+ * @return a {@code URI} that identifies the desired authentication type.
+ */
+ public URI getAuthenticationType()
+ {
+ return authenticationType;
+ }
+
+ /**
+ * <p>
+ * Sets the authentication type in the request.
+ * </p>
+ *
+ * @param authenticationType a {@code URI} that identifies the authentication type to
be set.
+ */
+ public void setAuthenticationType(URI authenticationType)
+ {
+ this.authenticationType = authenticationType;
+
this.delegate.getAny().add(this.factory.createAuthenticationType(authenticationType.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the type of the key that has been set in the request.
+ * </p>
+ *
+ * @return a {@code URI} that identifies the key type.
+ */
+ public URI getKeyType()
+ {
+ return keyType;
+ }
+
+ /**
+ * <p>
+ * Sets the key type in the request.
+ * </p>
+ *
+ * @param keyType a {@code URI} that specifies the key type.
+ */
+ public void setKeyType(URI keyType)
+ {
+ this.keyType = keyType;
+ this.delegate.getAny().add(this.factory.createKeyType(keyType.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the size of they key that has been set in the request.
+ * </p>
+ *
+ * @return a {@code long} representing the key size in bytes.
+ */
+ public long getKeySize()
+ {
+ return keySize;
+ }
+
+ /**
+ * <p>
+ * Sets the size of the key in the request.
+ * </p>
+ *
+ * @param keySize a {@code long} representing the key size in bytes.
+ */
+ public void setKeySize(long keySize)
+ {
+ this.keySize = keySize;
+ this.delegate.getAny().add(this.factory.createKeySize(keySize));
+ }
+
+ /**
+ * <p>
+ * Obtains the signature algorithm that has been set in the request.
+ * </p>
+ *
+ * @return a {@code URI} that represents the signature algorithm.
+ */
+ public URI getSignatureAlgorithm()
+ {
+ return signatureAlgorithm;
+ }
+
+ /**
+ * <p>
+ * Sets the signature algorithm in the request.
+ * </p>
+ *
+ * @param signatureAlgorithm a {@code URI} that represents the algorithm to be set.
+ */
+ public void setSignatureAlgorithm(URI signatureAlgorithm)
+ {
+ this.signatureAlgorithm = signatureAlgorithm;
+
this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signatureAlgorithm.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code Encryption} section of the request. The {@code Encryption}
element indicates that the requestor
+ * desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @return a reference to the {@code EncryptionType} object.
+ */
+ public EncryptionType getEncryption()
+ {
+ return encryption;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code Encryption} section of the request. The {@code Encryption} element
indicates that the requestor
+ * desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @param encryption the {@code EncryptionType} to be set.
+ */
+ public void setEncryption(EncryptionType encryption)
+ {
+ this.encryption = encryption;
+ this.delegate.getAny().add(this.factory.createEncryption(encryption));
+ }
+
+ /**
+ * <p>
+ * Obtains the encryption algorithm that has been set in the request.
+ * </p>
+ *
+ * @return a {@code URI} that represents the encryption algorithm.
+ */
+ public URI getEncryptionAlgorithm()
+ {
+ return encryptionAlgorithm;
+ }
+
+ /**
+ * <p>
+ * Sets the encryption algorithm in the request.
+ * </p>
+ *
+ * @param encryptionAlgorithm a {@code URI} that represents the encryption algorithm
to be set.
+ */
+ public void setEncryptionAlgorithm(URI encryptionAlgorithm)
+ {
+ this.encryptionAlgorithm = encryptionAlgorithm;
+
this.delegate.getAny().add(this.factory.createEncryptionAlgorithm(encryptionAlgorithm.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the canonicalization algorithm that has been set in the request.
+ * </p>
+ *
+ * @return a {@code URI} that represents the canonicalization algorithm.
+ */
+ public URI getCanonicalizationAlgorithm()
+ {
+ return canonicalizationAlgorithm;
+ }
+
+ /**
+ * <p>
+ * Sets the canonicalization algorithm in the request.
+ * </p>
+ *
+ * @param canonicalizationAlgorithm a {@code URI} that represents the algorithm to be
set.
+ */
+ public void setCanonicalizationAlgorithm(URI canonicalizationAlgorithm)
+ {
+ this.canonicalizationAlgorithm = canonicalizationAlgorithm;
+
this.delegate.getAny().add(this.factory.createCanonicalizationAlgorithm(canonicalizationAlgorithm.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code ProofEncryption} section of the request. The {@code
ProofEncryption} indicates that the
+ * requestor desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @return a reference to the {@code ProofEncryptionType} object.
+ */
+ public ProofEncryptionType getProofEncryption()
+ {
+ return proofEncryption;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code ProofEncryption} section of the request. The {@code
ProofEncryption} indicates that the requestor
+ * desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @param proofEncryption the {@code ProofEncryptionType} to be set.
+ */
+ public void setProofEncryption(ProofEncryptionType proofEncryption)
+ {
+ this.proofEncryption = proofEncryption;
+ this.delegate.getAny().add(this.factory.createProofEncryption(proofEncryption));
+ }
+
+ /**
+ * <p>
+ * Obtains the key that should be used in the returned token.
+ * </p>
+ *
+ * @return a reference to the {@code UseKeyType} instance that represents the key to
be used.
+ */
+ public UseKeyType getUseKey()
+ {
+ return useKey;
+ }
+
+ /**
+ * <p>
+ * Sets the key that should be used in the returned token.
+ * </p>
+ *
+ * @param useKey the {@code UseKeyType} instance to be set.
+ */
+ public void setUseKey(UseKeyType useKey)
+ {
+ this.useKey = useKey;
+ this.delegate.getAny().add(this.factory.createUseKey(useKey));
+ }
+
+ /**
+ * <p>
+ * Obtains the signature algorithm that should be used with the issued security
token.
+ * </p>
+ *
+ * @return a {@code URI} representing the algorithm that should be used.
+ */
+ public URI getSignWith()
+ {
+ return signWith;
+ }
+
+ /**
+ * <p>
+ * Sets the signature algorithm that should be used with the issued security token.
+ * </p>
+ *
+ * @param signWith a {@code URI} representing the algorithm to be used.
+ */
+ public void setSignWith(URI signWith)
+ {
+ this.signWith = signWith;
+
this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signWith.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the encryption algorithm that should be used with the issued security
token.
+ * </p>
+ *
+ * @return a {@code URI} representing the encryption algorithm that should be used.
+ */
+ public URI getEncryptWith()
+ {
+ return encryptWith;
+ }
+
+ /**
+ * <p>
+ * Sets the encryption algorithm that should be used with the issued security token.
+ * </p>
+ *
+ * @param encryptWith a {@code URI} representing the algorithm to be used.
+ */
+ public void setEncryptWith(URI encryptWith)
+ {
+ this.encryptWith = encryptWith;
+
this.delegate.getAny().add(this.factory.createEncryptWith(encryptWith.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the identity to which the requested token should be delegated.
+ * </p>
+ *
+ * @return a reference to the {@code DelegateToType} instance that represents the
identity.
+ */
+ public DelegateToType getDelegateTo()
+ {
+ return delegateTo;
+ }
+
+ /**
+ * <p>
+ * Sets the identity to which the requested token should be delegated.
+ * </p>
+ *
+ * @param delegateTo the {@code DelegateToType} object representing the identity to be
set.
+ */
+ public void setDelegateTo(DelegateToType delegateTo)
+ {
+ this.delegateTo = delegateTo;
+ this.delegate.getAny().add(this.factory.createDelegateTo(delegateTo));
+ }
+
+ /**
+ * <p>
+ * Indicates whether the requested token should be marked as "forwardable"
or not. In general, this flag is used when
+ * a token is normally bound to the requestor's machine or service. Using this
flag, the returned token MAY be used
+ * from any source machine so long as the key is correctly proven.
+ * </p>
+ *
+ * @return {@code true} if the requested token should be marked as
"forwardable"; {@code false} otherwise.
+ */
+ public boolean isForwardable()
+ {
+ return forwardable;
+ }
+
+ /**
+ * <p>
+ * Specifies whether the requested token should be marked as "forwardable"
or not. In general, this flag is used when
+ * a token is normally bound to the requestor's machine or service. Using this
flag, the returned token MAY be used
+ * from any source machine so long as the key is correctly proven.
+ * </p>
+ *
+ * @param forwardable {@code true} if the requested token should be marked as
"forwardable"; {@code false} otherwise.
+ */
+ public void setForwardable(boolean forwardable)
+ {
+ this.forwardable = forwardable;
+ this.delegate.getAny().add(this.factory.createForwardable(forwardable));
+ }
+
+ /**
+ * <p>
+ * Indicates whether the requested token should be marked as "delegatable"
or not. Using this flag, the returned
+ * token MAY be delegated to another party.
+ * </p>
+ *
+ * @return {@code true} if the requested token should be marked as
"delegatable"; {@code false} otherwise.
+ */
+ public boolean isDelegatable()
+ {
+ return delegatable;
+ }
+
+ /**
+ * <p>
+ * Specifies whether the requested token should be marked as "delegatable"
or not. Using this flag, the returned
+ * token MAY be delegated to another party.
+ * </p>
+ *
+ * @param delegatable {@code true} if the requested token should be marked as
"delegatable"; {@code false} otherwise.
+ */
+ public void setDelegatable(boolean delegatable)
+ {
+ this.delegatable = delegatable;
+ this.delegate.getAny().add(this.factory.createDelegatable(delegatable));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code Policy} associated with the request. The policy specifies
defaults that can be overridden by
+ * the previous properties.
+ * </p>
+ *
+ * @return a reference to the {@code Policy} that has been set in the request.
+ */
+ public Policy getPolicy()
+ {
+ return policy;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code Policy} in the request. The policy specifies defaults that can be
overridden by
+ * the previous properties.
+ * </p>
+ *
+ * @param policy the {@code Policy} instance to be set.
+ */
+ public void setPolicy(Policy policy)
+ {
+ this.policy = policy;
+ this.delegate.getAny().add(policy);
+ }
+
+ /**
+ * <p>
+ * Obtains the reference to the {@code Policy} that should be used.
+ * </p>
+ *
+ * @return a {@code PolicyReference} that specifies where the {@code Policy} can be
found.
+ */
+ public PolicyReference getPolicyReference()
+ {
+ return policyReference;
+ }
+
+ /**
+ * <p>
+ * Sets the reference to the {@code Policy} that should be used.
+ * </p>
+ *
+ * @param policyReference the {@code PolicyReference} object to be set.
+ */
+ public void setPolicyReference(PolicyReference policyReference)
+ {
+ this.policyReference = policyReference;
+ this.delegate.getAny().add(policyReference);
+ }
+
+ /**
+ * <p>
+ * Obtains the list of request elements that are not part of the standard content
model.
+ * </p>
+ *
+ * @return a {@code List<Object>} containing the extension elements.
+ */
+ public List<Object> getExtensionElements()
+ {
+ return Collections.unmodifiableList(this.extensionElements);
+ }
+
+ /**
+ * <p>
+ * Obtains the request context.
+ * </p>
+ *
+ * @return a {@code String} that identifies the request.
+ */
+ public String getContext()
+ {
+ return this.delegate.getContext();
+ }
+
+ /**
+ * <p>
+ * Sets the request context.
+ * </p>
+ *
+ * @param context a {@code String} that identifies the request.
+ */
+ public void setContext(String context)
+ {
+ this.delegate.setContext(context);
+ }
+
+ /**
+ * <p>
+ * Obtains a map that contains attributes that aren't bound to any typed property
on the request. This is a live
+ * reference, so attributes can be added/changed/removed directly. For this reason,
there is no setter method.
+ * </p>
+ *
+ * @return a {@code Map<QName, String>} that contains the attributes.
+ */
+ public Map<QName, String> getOtherAttributes()
+ {
+ return this.delegate.getOtherAttributes();
+ }
+
+ /**
+ * <p>
+ * Gets a reference to the list that holds all request element values.
+ * </p>
+ *
+ * @return a {@code List<Object>} containing all values specified in the
request.
+ */
+ public List<Object> getAny()
+ {
+ return this.delegate.getAny();
+ }
+
+ /**
+ * <p>
+ * Obtains a reference to the {@code RequestSecurityTokenType} delegate.
+ * </p>
+ *
+ * @return a reference to the delegate instance.
+ */
+ public RequestSecurityTokenType getDelegate()
+ {
+ return this.delegate;
+ }
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -0,0 +1,122 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.jboss.identity.federation.ws.trust.RequestSecurityTokenCollectionType;
+import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType;
+
+/**
+ * <p>
+ * This class represents a WS-Trust {@code RequestSecurityTokenCollection}. It wraps the
JAXB representation of the
+ * security token collection request.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class RequestSecurityTokenCollection implements BaseRequestSecurityToken
+{
+
+ private final RequestSecurityTokenCollectionType delegate;
+
+ private final List<RequestSecurityToken> requestSecurityTokens;
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityTokenCollection}.
+ * </p>
+ */
+ public RequestSecurityTokenCollection()
+ {
+ this.requestSecurityTokens = new ArrayList<RequestSecurityToken>();
+ this.delegate = new RequestSecurityTokenCollectionType();
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityTokenCollection} using the specified
delegate.
+ * </p>
+ *
+ * @param delegate the JAXB {@code RequestSecurityTokenCollectionType} that represents
a WS-Trust request collection.
+ */
+ public RequestSecurityTokenCollection(RequestSecurityTokenCollectionType delegate)
+ {
+ this.delegate = delegate;
+ this.requestSecurityTokens = new ArrayList<RequestSecurityToken>();
+ for (RequestSecurityTokenType request : delegate.getRequestSecurityToken())
+ this.requestSecurityTokens.add(new RequestSecurityToken(request));
+ }
+
+ /**
+ * <p>
+ * Obtains the collection of {@code RequestSecurityToken} objects. The returned
collection is immutable, so addition
+ * or removal of requests must be carried by the appropriate add/remove methods.
+ * </p>
+ *
+ * @return a {@code List<RequestSecurityToken>} containing the token requests.
+ */
+ public List<RequestSecurityToken> getRequestSecurityTokens()
+ {
+ return Collections.unmodifiableList(this.requestSecurityTokens);
+ }
+
+ /**
+ * <p>
+ * Adds the specified {@code RequestSecurityToken} object to the collection of token
requests.
+ * </p>
+ *
+ * @param request the {@code RequestSecurityToken} to be added.
+ */
+ public void addRequestSecurityToken(RequestSecurityToken request)
+ {
+ this.delegate.getRequestSecurityToken().add(request.getDelegate());
+ this.requestSecurityTokens.add(request);
+ }
+
+ /**
+ * <p>
+ * Removes the specified {@code RequestSecurityToken} object from the collection of
token requests.
+ * </p>
+ *
+ * @param request the {@code RequestSecurityToken} to be removed.
+ */
+ public void removeRequestSecurityToken(RequestSecurityToken request)
+ {
+ this.delegate.getRequestSecurityToken().remove(request.getDelegate());
+ this.requestSecurityTokens.remove(request);
+ }
+
+ /**
+ * <p>
+ * Obtains a reference to the {@code RequestSecurityTokenCollectionType} delegate.
+ * </p>
+ *
+ * @return a reference to the delegate instance.
+ */
+ public RequestSecurityTokenCollectionType getDelegate()
+ {
+ return this.delegate;
+ }
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -0,0 +1,1159 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.namespace.QName;
+
+import org.jboss.identity.federation.ws.addressing.EndpointReferenceType;
+import org.jboss.identity.federation.ws.policy.AppliesTo;
+import org.jboss.identity.federation.ws.policy.Policy;
+import org.jboss.identity.federation.ws.policy.PolicyReference;
+import org.jboss.identity.federation.ws.trust.AllowPostdatingType;
+import org.jboss.identity.federation.ws.trust.AuthenticatorType;
+import org.jboss.identity.federation.ws.trust.DelegateToType;
+import org.jboss.identity.federation.ws.trust.EncryptionType;
+import org.jboss.identity.federation.ws.trust.EntropyType;
+import org.jboss.identity.federation.ws.trust.LifetimeType;
+import org.jboss.identity.federation.ws.trust.ObjectFactory;
+import org.jboss.identity.federation.ws.trust.OnBehalfOfType;
+import org.jboss.identity.federation.ws.trust.ProofEncryptionType;
+import org.jboss.identity.federation.ws.trust.RenewingType;
+import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseType;
+import org.jboss.identity.federation.ws.trust.RequestedProofTokenType;
+import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
+import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.jboss.identity.federation.ws.trust.UseKeyType;
+
+/**
+ * <p>
+ * This class represents a WS-Trust {@code RequestSecurityTokenResponse}. It wraps the
JAXB representation of the
+ * security token response and offers a series of getter/setter methods that make it easy
to work with elements that are
+ * represented by the {@code Any} XML type.
+ * </p>
+ * <p>
+ * The following shows the intended content model of a {@code
RequestSecurityTokenResponse}:
+ *
+ * <pre>
+ * <xs:element ref='wst:TokenType' minOccurs='0' />
+ * <xs:element ref='wst:RequestType' />
+ * <xs:element ref='wst:RequestedSecurityToken' minOccurs='0'
/>
+ * <xs:element ref='wsp:AppliesTo' minOccurs='0' />
+ * <xs:element ref='wst:RequestedAttachedReference'
minOccurs='0' />
+ * <xs:element ref='wst:RequestedUnattachedReference'
minOccurs='0' />
+ * <xs:element ref='wst:RequestedProofToken' minOccurs='0'
/>
+ * <xs:element ref='wst:Entropy' minOccurs='0' />
+ * <xs:element ref='wst:Lifetime' minOccurs='0' />
+ * <xs:element ref='wst:Status' minOccurs='0' />
+ * <xs:element ref='wst:AllowPostdating' minOccurs='0'
/>
+ * <xs:element ref='wst:Renewing' minOccurs='0' />
+ * <xs:element ref='wst:OnBehalfOf' minOccurs='0' />
+ * <xs:element ref='wst:Issuer' minOccurs='0' />
+ * <xs:element ref='wst:AuthenticationType' minOccurs='0'
/>
+ * <xs:element ref='wst:Authenticator' minOccurs='0' />
+ * <xs:element ref='wst:KeyType' minOccurs='0' />
+ * <xs:element ref='wst:KeySize' minOccurs='0' />
+ * <xs:element ref='wst:SignatureAlgorithm' minOccurs='0'
/>
+ * <xs:element ref='wst:Encryption' minOccurs='0' />
+ * <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0'
/>
+ * <xs:element ref='wst:CanonicalizationAlgorithm'
minOccurs='0' />
+ * <xs:element ref='wst:ProofEncryption' minOccurs='0'
/>
+ * <xs:element ref='wst:UseKey' minOccurs='0' />
+ * <xs:element ref='wst:SignWith' minOccurs='0' />
+ * <xs:element ref='wst:EncryptWith' minOccurs='0' />
+ * <xs:element ref='wst:DelegateTo' minOccurs='0' />
+ * <xs:element ref='wst:Forwardable' minOccurs='0' />
+ * <xs:element ref='wst:Delegatable' minOccurs='0' />
+ * <xs:element ref='wsp:Policy' minOccurs='0' />
+ * <xs:element ref='wsp:PolicyReference' minOccurs='0'
/>
+ * <xs:any namespace='##other' processContents='lax'
minOccurs='0' maxOccurs='unbounded' />
+ * </pre>
+ *
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+/**
+ * <p>
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class RequestSecurityTokenResponse implements BaseRequestSecurityTokenResponse
+{
+
+ private final RequestSecurityTokenResponseType delegate;
+
+ private URI tokenType;
+
+ private URI requestType;
+
+ private RequestedSecurityTokenType requestedSecurityToken;
+
+ private AppliesTo appliesTo;
+
+ private RequestedReferenceType requestedAttachedReference;
+
+ private RequestedReferenceType requestedUnattachedReference;
+
+ private RequestedProofTokenType requestedProofToken;
+
+ private EntropyType entropy;
+
+ private Lifetime lifetime;
+
+ private StatusType status;
+
+ private AllowPostdatingType allowPostDating;
+
+ private RenewingType renewing;
+
+ private OnBehalfOfType onBehalfOf;
+
+ private EndpointReferenceType issuer;
+
+ private URI authenticationType;
+
+ private AuthenticatorType authenticator;
+
+ private URI keyType;
+
+ private long keySize;
+
+ private URI signatureAlgorithm;
+
+ private EncryptionType encryption;
+
+ private URI encryptionAlgorithm;
+
+ private URI canonicalizationAlgorithm;
+
+ private ProofEncryptionType proofEncryption;
+
+ private UseKeyType useKey;
+
+ private URI signWith;
+
+ private URI encryptWith;
+
+ private DelegateToType delegateTo;
+
+ private boolean forwardable;
+
+ private boolean delegatable;
+
+ private Policy policy;
+
+ private PolicyReference policyReference;
+
+ private final List<Object> extensionElements = new ArrayList<Object>();
+
+ private final ObjectFactory factory = new ObjectFactory();
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityTokenResponse}.
+ * </p>
+ */
+ public RequestSecurityTokenResponse()
+ {
+ this.delegate = new RequestSecurityTokenResponseType();
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityTokenResponse} using the specified
delegate.
+ * </p>
+ *
+ * @param delegate the JAXB {@code RequestSecurityTokenResponseType} that represents a
WS-Trust response.
+ */
+ public RequestSecurityTokenResponse(RequestSecurityTokenResponseType delegate)
+ {
+ this.delegate = delegate;
+ // parse the delegate's Any contents.
+ try
+ {
+ for (Object obj : this.delegate.getAny())
+ {
+ if (obj instanceof AppliesTo)
+ {
+ this.appliesTo = (AppliesTo) obj;
+ }
+ else if (obj instanceof Policy)
+ {
+ this.policy = (Policy) obj;
+ }
+ else if (obj instanceof PolicyReference)
+ {
+ this.policyReference = (PolicyReference) obj;
+ }
+ else if (obj instanceof JAXBElement)
+ {
+ JAXBElement<?> element = (JAXBElement<?>) obj;
+ String localName = element.getName().getLocalPart();
+ if (localName.equalsIgnoreCase("TokenType"))
+ this.tokenType = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("RequestType"))
+ this.requestType = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("RequestedSecurityToken"))
+ this.requestedSecurityToken = (RequestedSecurityTokenType)
element.getValue();
+ else if
(localName.equalsIgnoreCase("RequestedAttachedReference"))
+ this.requestedAttachedReference = (RequestedReferenceType)
element.getValue();
+ else if
(localName.equalsIgnoreCase("RequestedUnattachedReference"))
+ this.requestedUnattachedReference = (RequestedReferenceType)
element.getValue();
+ else if (localName.equalsIgnoreCase("RequestedProofToken"))
+ this.requestedProofToken = (RequestedProofTokenType)
element.getValue();
+ else if (localName.equalsIgnoreCase("Entropy"))
+ this.entropy = (EntropyType) element.getValue();
+ else if (localName.equalsIgnoreCase("Lifetime"))
+ this.lifetime = new Lifetime((LifetimeType) element.getValue());
+ else if (localName.equalsIgnoreCase("Status"))
+ this.status = (StatusType) element.getValue();
+ else if (localName.equalsIgnoreCase("AllowPostdating"))
+ this.allowPostDating = (AllowPostdatingType) element.getValue();
+ else if (localName.equalsIgnoreCase("Renewing"))
+ this.renewing = (RenewingType) element.getValue();
+ else if (localName.equalsIgnoreCase("OnBehalfOf"))
+ this.onBehalfOf = (OnBehalfOfType) element.getValue();
+ else if (localName.equalsIgnoreCase("Issuer"))
+ this.issuer = (EndpointReferenceType) element.getValue();
+ else if (localName.equalsIgnoreCase("AuthenticationType"))
+ this.authenticationType = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("Authenticator"))
+ this.authenticator = (AuthenticatorType) element.getValue();
+ else if (localName.equalsIgnoreCase("KeyType"))
+ this.keyType = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("KeySize"))
+ this.keySize = (Long) element.getValue();
+ else if (localName.equalsIgnoreCase("SignatureAlgorithm"))
+ this.signatureAlgorithm = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("Encryption"))
+ this.encryption = (EncryptionType) element.getValue();
+ else if (localName.equalsIgnoreCase("EntropyAlgorithm"))
+ this.encryptionAlgorithm = new URI((String) element.getValue());
+ else if
(localName.equalsIgnoreCase("CanonicalizationAlgorithm"))
+ this.canonicalizationAlgorithm = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("ProofEncryption"))
+ this.proofEncryption = (ProofEncryptionType) element.getValue();
+ else if (localName.equalsIgnoreCase("UseKey"))
+ this.useKey = (UseKeyType) element.getValue();
+ else if (localName.equalsIgnoreCase("SignWith"))
+ this.signWith = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("EncryptWith"))
+ this.encryptWith = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("DelegateTo"))
+ this.delegateTo = (DelegateToType) element.getValue();
+ else if (localName.equalsIgnoreCase("Forwardable"))
+ this.forwardable = (Boolean) element.getValue();
+ else if (localName.equalsIgnoreCase("Delegatable"))
+ this.delegatable = (Boolean) element.getValue();
+ else
+ this.extensionElements.add(element.getValue());
+ }
+ else
+ {
+ this.extensionElements.add(obj);
+ }
+ }
+ }
+ catch (URISyntaxException e)
+ {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code URI} that identifies the token type.
+ * </p>
+ *
+ * @return a {@code URI} that represents the token type.
+ */
+ public URI getTokenType()
+ {
+ return tokenType;
+ }
+
+ /**
+ * <p>
+ * Sets the token type.
+ * </p>
+ *
+ * @param tokenType a {@code URI} that identifies the token type.
+ */
+ public void setTokenType(URI tokenType)
+ {
+ this.tokenType = tokenType;
+ this.delegate.getAny().add(this.factory.createTokenType(tokenType.toString()));
+
+ }
+
+ /**
+ * <p>
+ * Obtains the request type.
+ * </p>
+ *
+ * @return a {@code URI} that identifies the request type.
+ */
+ public URI getRequestType()
+ {
+ return requestType;
+ }
+
+ /**
+ * <p>
+ * Sets the request type. The type must be one of the request types described in the
WS-Trust specification.
+ * </p>
+ *
+ * @param requestType a {@code URI} that identifies the request type.
+ */
+ public void setRequestType(URI requestType)
+ {
+ this.requestType = requestType;
+
this.delegate.getAny().add(this.factory.createRequestType(requestType.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the requested security token that has been set in the response.
+ * </p>
+ *
+ * @return a reference to the {@code RequestedSecurityTokenType} that contains the
token.
+ */
+ public RequestedSecurityTokenType getRequestedSecurityToken()
+ {
+ return requestedSecurityToken;
+ }
+
+ /**
+ * <p>
+ * Sets the requested security token in the response.
+ * </p>
+ *
+ * @param requestedSecurityToken the {@code RequestedSecurityTokenType} instance to be
set.
+ */
+ public void setRequestedSecurityToken(RequestedSecurityTokenType
requestedSecurityToken)
+ {
+ this.requestedSecurityToken = requestedSecurityToken;
+
this.delegate.getAny().add(this.factory.createRequestedSecurityToken(requestedSecurityToken));
+ }
+
+ /**
+ * <p>
+ * Obtains the scope to which the security token applies.
+ * </p>
+ *
+ * @return a reference to the {@code AppliesTo} instance that represents the token
scope.
+ */
+ public AppliesTo getAppliesTo()
+ {
+ return appliesTo;
+ }
+
+ /**
+ * <p>
+ * Sets the scope to which the security token applies.
+ * </p>
+ *
+ * @param appliesTo a reference to the {@code AppliesTo} object that represents the
scope to be set.
+ */
+ public void setAppliesTo(AppliesTo appliesTo)
+ {
+ this.appliesTo = appliesTo;
+ this.delegate.getAny().add(appliesTo);
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code RequestedAttachedReference} that indicate how to reference the
returned token when that token
+ * doesn't support references using URI fragments (XML ID).
+ * </p>
+ *
+ * @return a {@code RequestedReferenceType} that represents the token reference.
+ */
+ public RequestedReferenceType getRequestedAttachedReference()
+ {
+ return requestedAttachedReference;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code RequestedAttachedReference} that indicate how to reference the
returned token when that token
+ * doesn't support references using URI fragments (XML ID).
+ * </p>
+ *
+ * @param requestedAttachedReference the {@code RequestedReferenceType} instance to be
set.
+ */
+ public void setRequestedAttachedReference(RequestedReferenceType
requestedAttachedReference)
+ {
+ this.requestedAttachedReference = requestedAttachedReference;
+
this.delegate.getAny().add(this.factory.createRequestedAttachedReference(requestedAttachedReference));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code RequestedUnattachedReference} that specifies to indicate how to
reference the token when it is
+ * not placed inside the message.
+ * </p>
+ *
+ * @return a {@code RequestedReferenceType} that represents the unattached reference.
+ */
+ public RequestedReferenceType getRequestedUnattachedReference()
+ {
+ return requestedUnattachedReference;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code RequestedUnattachedReference} that specifies to indicate how to
reference the token when it is not
+ * placed inside the message.
+ * </p>
+ *
+ * @param requestedUnattachedReference the {@code RequestedReferenceType} instance to
be set.
+ */
+ public void setRequestedUnattachedReference(RequestedReferenceType
requestedUnattachedReference)
+ {
+ this.requestedUnattachedReference = requestedUnattachedReference;
+
this.delegate.getAny().add(this.factory.createRequestedUnattachedReference(requestedUnattachedReference));
+ }
+
+ /**
+ * <p>
+ * Obtains the proof of possession token that has been set in the response.
+ * </p>
+ *
+ * @return a reference to the {@code RequestedProofTokenType} that contains the
token.
+ */
+ public RequestedProofTokenType getRequestedProofToken()
+ {
+ return requestedProofToken;
+ }
+
+ /**
+ * <p>
+ * Sets the proof of possesion token in the response.
+ * </p>
+ *
+ * @param requestedProofToken the {@code RequestedProofTokenType} instance to be set.
+ */
+ public void setRequestedProofToken(RequestedProofTokenType requestedProofToken)
+ {
+ this.requestedProofToken = requestedProofToken;
+
this.delegate.getAny().add(this.factory.createRequestedProofToken(requestedProofToken));
+ }
+
+ /**
+ * <p>
+ * Obtains the entropy that has been used in creating the key.
+ * </p>
+ *
+ * @return a reference to the {@code EntropyType} that represents the entropy.
+ */
+ public EntropyType getEntropy()
+ {
+ return entropy;
+ }
+
+ /**
+ * <p>
+ * Sets the entropy that has been used in creating the key.
+ * </p>
+ *
+ * @param entropy the {@code EntropyType} representing the entropy to be set.
+ */
+ public void setEntropy(EntropyType entropy)
+ {
+ this.entropy = entropy;
+ this.delegate.getAny().add(this.factory.createEntropy(entropy));
+ }
+
+ /**
+ * <p>
+ * Obtains the lifetime of the security token.
+ * </p>
+ *
+ * @return a reference to the {@code Lifetime} that represents the lifetime of the
security token.
+ */
+ public Lifetime getLifetime()
+ {
+ return lifetime;
+ }
+
+ /**
+ * <p>
+ * Sets the lifetime of the security token.
+ * </p>
+ *
+ * @param lifetime the {@code Lifetime} object representing the lifetime to be set.
+ */
+ public void setLifetime(Lifetime lifetime)
+ {
+ this.lifetime = lifetime;
+ this.delegate.getAny().add(this.factory.createLifetime(lifetime.getDelegate()));
+ }
+
+ /**
+ * <p>
+ * Obtains the result of a security token validation.
+ * </p>
+ *
+ * @return a referece to the {@code StatusType} instance that represents the status of
the validation.
+ */
+ public StatusType getStatus()
+ {
+ return status;
+ }
+
+ /**
+ * <p>
+ * Sets the result of a security token validation.
+ * </p>
+ *
+ * @param status the {@code StatusType} instance to be set.
+ */
+ public void setStatus(StatusType status)
+ {
+ this.status = status;
+ this.delegate.getAny().add(this.factory.createStatus(status));
+ }
+
+ /**
+ * <p>
+ * Checks whether the returned token is a postdated token or not.
+ * </p>
+ *
+ * @return {@code null} if the token is not postdated; a {@code AllowPostdatingType}
otherwise.
+ */
+ public AllowPostdatingType getAllowPostDating()
+ {
+ return allowPostDating;
+ }
+
+ /**
+ * <p>
+ * Specifies whether the returned token is a postdated token or not.
+ * </p>
+ *
+ * @param allowPostDating {@code null} if the token is not postdated; a {@code
AllowPostdatingType} otherwise.
+ */
+ public void setAllowPostDating(AllowPostdatingType allowPostDating)
+ {
+ this.allowPostDating = allowPostDating;
+ this.delegate.getAny().add(this.factory.createAllowPostdating(allowPostDating));
+ }
+
+ /**
+ * <p>
+ * Obtains the renew semantics for the token request.
+ * </p>
+ *
+ * @return a reference to the {@code RenewingType} that represents the renew semantics
for the request.
+ */
+ public RenewingType getRenewing()
+ {
+ return renewing;
+ }
+
+ /**
+ * <p>
+ * Sets the renew semantics for the token request.
+ * </p>
+ *
+ * @param renewing the {@code RenewingType} object representing the semantics to be
set.
+ */
+ public void setRenewing(RenewingType renewing)
+ {
+ this.renewing = renewing;
+ this.delegate.getAny().add(this.factory.createRenewing(renewing));
+ }
+
+ /**
+ * <p>
+ * Obtains the identity on whose behalf the token request was made.
+ * </p>
+ *
+ * @return a reference to the {@code OnBehalfOfType} that represents the identity on
whose behalf the token request
+ * was made.
+ */
+ public OnBehalfOfType getOnBehalfOf()
+ {
+ return onBehalfOf;
+ }
+
+ /**
+ * <p>
+ * Specifies the identity on whose behalf the token request was made.
+ * </p>
+ *
+ * @param onBehalfOf the {@code OnBehalfOfType} object representing the identity to be
set.
+ */
+ public void setOnBehalfOf(OnBehalfOfType onBehalfOf)
+ {
+ this.onBehalfOf = onBehalfOf;
+ this.delegate.getAny().add(this.factory.createOnBehalfOf(onBehalfOf));
+ }
+
+ /**
+ * <p>
+ * Obtains the issuer of the token included in the request in the scenarios where the
requestor is obtaining a token
+ * on behalf of another party.
+ * </p>
+ *
+ * @return a reference to the {@code EndpointReferenceType} that represents the
issuer.
+ */
+ public EndpointReferenceType getIssuer()
+ {
+ return this.issuer;
+ }
+
+ /**
+ * <p>
+ * Sets the issuer of the token included in the request in scenarios where the
requestor is obtaining a token on
+ * behalf of another party.
+ * </p>
+ *
+ * @param issuer the {@code EndpointReferenceType} object representing the issuer to
be set.
+ */
+ public void setIssuer(EndpointReferenceType issuer)
+ {
+ this.issuer = issuer;
+ this.delegate.getAny().add(this.factory.createIssuer(issuer));
+ }
+
+ /**
+ * <p>
+ * Obtains the type of authentication that is to be conducted.
+ * </p>
+ *
+ * @return a {@code URI} that identifies the authentication type.
+ */
+ public URI getAuthenticationType()
+ {
+ return authenticationType;
+ }
+
+ /**
+ * <p>
+ * Sets the authentication type in the response.
+ * </p>
+ *
+ * @param authenticationType a {@code URI} that identifies the authentication type to
be set.
+ */
+ public void setAuthenticationType(URI authenticationType)
+ {
+ this.authenticationType = authenticationType;
+
this.delegate.getAny().add(this.factory.createAuthenticationType(authenticationType.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the authenticator that must be used in authenticating exchanges.
+ * </p>
+ *
+ * @return a reference to the {@code AuthenticatorType} that represents the
authenticator.
+ */
+ public AuthenticatorType getAuthenticator()
+ {
+ return authenticator;
+ }
+
+ /**
+ * <p>
+ * Sets the authenticator that must be used in authenticating exchanges.
+ * </p>
+ *
+ * @param authenticator the {@code AuthenticatorType} instance to be set.
+ */
+ public void setAuthenticator(AuthenticatorType authenticator)
+ {
+ this.authenticator = authenticator;
+ this.delegate.getAny().add(this.factory.createAuthenticator(authenticator));
+ }
+
+ /**
+ * <p>
+ * Obtains the type of the key that has been set in the response.
+ * </p>
+ *
+ * @return a {@code URI} that identifies the key type.
+ */
+ public URI getKeyType()
+ {
+ return keyType;
+ }
+
+ /**
+ * <p>
+ * Sets the key type in the response.
+ * </p>
+ *
+ * @param keyType a {@code URI} that specifies the key type.
+ */
+ public void setKeyType(URI keyType)
+ {
+ this.keyType = keyType;
+ this.delegate.getAny().add(this.factory.createKeyType(keyType.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the size of they key that has been set in the response.
+ * </p>
+ *
+ * @return a {@code long} representing the key size in bytes.
+ */
+ public long getKeySize()
+ {
+ return keySize;
+ }
+
+ /**
+ * <p>
+ * Sets the size of the key in the response.
+ * </p>
+ *
+ * @param keySize a {@code long} representing the key size in bytes.
+ */
+ public void setKeySize(long keySize)
+ {
+ this.keySize = keySize;
+ this.delegate.getAny().add(this.factory.createKeySize(keySize));
+ }
+
+ /**
+ * <p>
+ * Obtains the signature algorithm that has been set in the response.
+ * </p>
+ *
+ * @return a {@code URI} that represents the signature algorithm.
+ */
+ public URI getSignatureAlgorithm()
+ {
+ return signatureAlgorithm;
+ }
+
+ /**
+ * <p>
+ * Sets the signature algorithm in the response.
+ * </p>
+ *
+ * @param signatureAlgorithm a {@code URI} that represents the algorithm to be set.
+ */
+ public void setSignatureAlgorithm(URI signatureAlgorithm)
+ {
+ this.signatureAlgorithm = signatureAlgorithm;
+
this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signatureAlgorithm.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code Encryption} section of the response. The {@code Encryption}
element indicates that the
+ * requestor desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @return a reference to the {@code EncryptionType} object.
+ */
+ public EncryptionType getEncryption()
+ {
+ return encryption;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code Encryption} section of the response. The {@code Encryption} element
indicates that the requestor
+ * desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @param encryption the {@code EncryptionType} to be set.
+ */
+ public void setEncryption(EncryptionType encryption)
+ {
+ this.encryption = encryption;
+ this.delegate.getAny().add(this.factory.createEncryption(encryption));
+ }
+
+ /**
+ * <p>
+ * Obtains the encryption algorithm that has been set in the response.
+ * </p>
+ *
+ * @return a {@code URI} that represents the encryption algorithm.
+ */
+ public URI getEncryptionAlgorithm()
+ {
+ return encryptionAlgorithm;
+ }
+
+ /**
+ * <p>
+ * Sets the encryption algorithm in the response.
+ * </p>
+ *
+ * @param encryptionAlgorithm a {@code URI} that represents the encryption algorithm
to be set.
+ */
+ public void setEncryptionAlgorithm(URI encryptionAlgorithm)
+ {
+ this.encryptionAlgorithm = encryptionAlgorithm;
+
this.delegate.getAny().add(this.factory.createEncryptionAlgorithm(encryptionAlgorithm.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the canonicalization algorithm that has been set in the response.
+ * </p>
+ *
+ * @return a {@code URI} that represents the canonicalization algorithm.
+ */
+ public URI getCanonicalizationAlgorithm()
+ {
+ return canonicalizationAlgorithm;
+ }
+
+ /**
+ * <p>
+ * Sets the canonicalization algorithm in the response.
+ * </p>
+ *
+ * @param canonicalizationAlgorithm a {@code URI} that represents the algorithm to be
set.
+ */
+ public void setCanonicalizationAlgorithm(URI canonicalizationAlgorithm)
+ {
+ this.canonicalizationAlgorithm = canonicalizationAlgorithm;
+
this.delegate.getAny().add(this.factory.createCanonicalizationAlgorithm(canonicalizationAlgorithm.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code ProofEncryption} section of the response. The {@code
ProofEncryption} indicates that the
+ * requestor desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @return a reference to the {@code ProofEncryptionType} object.
+ */
+ public ProofEncryptionType getProofEncryption()
+ {
+ return proofEncryption;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code ProofEncryption} section of the response. The {@code
ProofEncryption} indicates that the requestor
+ * desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @param proofEncryption the {@code ProofEncryptionType} to be set.
+ */
+ public void setProofEncryption(ProofEncryptionType proofEncryption)
+ {
+ this.proofEncryption = proofEncryption;
+ this.delegate.getAny().add(this.factory.createProofEncryption(proofEncryption));
+ }
+
+ /**
+ * <p>
+ * Obtains the key that used in the returned token.
+ * </p>
+ *
+ * @return a reference to the {@code UseKeyType} instance that represents the key
used.
+ */
+ public UseKeyType getUseKey()
+ {
+ return useKey;
+ }
+
+ /**
+ * <p>
+ * Sets the key that used in the returned token.
+ * </p>
+ *
+ * @param useKey the {@code UseKeyType} instance to be set.
+ */
+ public void setUseKey(UseKeyType useKey)
+ {
+ this.useKey = useKey;
+ this.delegate.getAny().add(this.factory.createUseKey(useKey));
+ }
+
+ /**
+ * <p>
+ * Obtains the signature algorithm used with the issued security token.
+ * </p>
+ *
+ * @return a {@code URI} representing the algorithm used.
+ */
+ public URI getSignWith()
+ {
+ return signWith;
+ }
+
+ /**
+ * <p>
+ * Sets the signature algorithm used with the issued security token.
+ * </p>
+ *
+ * @param signWith a {@code URI} representing the algorithm used.
+ */
+ public void setSignWith(URI signWith)
+ {
+ this.signWith = signWith;
+
this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signWith.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the encryption algorithm used with the issued security token.
+ * </p>
+ *
+ * @return a {@code URI} representing the encryption algorithm used.
+ */
+ public URI getEncryptWith()
+ {
+ return encryptWith;
+ }
+
+ /**
+ * <p>
+ * Sets the encryption algorithm used with the issued security token.
+ * </p>
+ *
+ * @param encryptWith a {@code URI} representing the algorithm used.
+ */
+ public void setEncryptWith(URI encryptWith)
+ {
+ this.encryptWith = encryptWith;
+
this.delegate.getAny().add(this.factory.createEncryptWith(encryptWith.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the identity to which the requested token should be delegated.
+ * </p>
+ *
+ * @return a reference to the {@code DelegateToType} instance that represents the
identity.
+ */
+ public DelegateToType getDelegateTo()
+ {
+ return delegateTo;
+ }
+
+ /**
+ * <p>
+ * Sets the identity to which the requested token should be delegated.
+ * </p>
+ *
+ * @param delegateTo the {@code DelegateToType} object representing the identity to be
set.
+ */
+ public void setDelegateTo(DelegateToType delegateTo)
+ {
+ this.delegateTo = delegateTo;
+ this.delegate.getAny().add(this.factory.createDelegateTo(delegateTo));
+ }
+
+ /**
+ * <p>
+ * Indicates whether the requested token has been marked as "forwardable" or
not. In general, this flag is used when
+ * a token is normally bound to the requestor's machine or service. Using this
flag, the returned token MAY be used
+ * from any source machine so long as the key is correctly proven.
+ * </p>
+ *
+ * @return {@code true} if the requested token has been marked as
"forwardable"; {@code false} otherwise.
+ */
+ public boolean isForwardable()
+ {
+ return forwardable;
+ }
+
+ /**
+ * <p>
+ * Specifies whether the requested token has been marked as "forwardable" or
not. In general, this flag is used when
+ * a token is normally bound to the requestor's machine or service. Using this
flag, the returned token MAY be used
+ * from any source machine so long as the key is correctly proven.
+ * </p>
+ *
+ * @param forwardable {@code true} if the requested token has been marked as
"forwardable"; {@code false} otherwise.
+ */
+ public void setForwardable(boolean forwardable)
+ {
+ this.forwardable = forwardable;
+ this.delegate.getAny().add(this.factory.createForwardable(forwardable));
+ }
+
+ /**
+ * <p>
+ * Indicates whether the requested token has been marked as "delegatable" or
not. Using this flag, the returned token
+ * MAY be delegated to another party.
+ * </p>
+ *
+ * @return {@code true} if the requested token has been marked as
"delegatable"; {@code false} otherwise.
+ */
+ public boolean isDelegatable()
+ {
+ return delegatable;
+ }
+
+ /**
+ * <p>
+ * Specifies whether the requested token has been marked as "delegatable" or
not. Using this flag, the returned token
+ * MAY be delegated to another party.
+ * </p>
+ *
+ * @param delegatable {@code true} if the requested token has been marked as
"delegatable"; {@code false} otherwise.
+ */
+ public void setDelegatable(boolean delegatable)
+ {
+ this.delegatable = delegatable;
+ this.delegate.getAny().add(this.factory.createDelegatable(delegatable));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code Policy} that was associated with the request. The policy
specifies defaults that can be
+ * overridden by the previous properties.
+ * </p>
+ *
+ * @return a reference to the {@code Policy} that was associated with the request.
+ */
+ public Policy getPolicy()
+ {
+ return policy;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code Policy} in the response. The policy specifies defaults that can be
overridden by the previous
+ * properties.
+ * </p>
+ *
+ * @param policy the {@code Policy} instance to be set.
+ */
+ public void setPolicy(Policy policy)
+ {
+ this.policy = policy;
+ this.delegate.getAny().add(policy);
+ }
+
+ /**
+ * <p>
+ * Obtains the reference to the {@code Policy} that was associated with the request.
+ * </p>
+ *
+ * @return a {@code PolicyReference} that specifies where the {@code Policy} can be
found.
+ */
+ public PolicyReference getPolicyReference()
+ {
+ return policyReference;
+ }
+
+ /**
+ * <p>
+ * Sets the reference to the {@code Policy} that was associated with the request.
+ * </p>
+ *
+ * @param policyReference the {@code PolicyReference} object to be set.
+ */
+ public void setPolicyReference(PolicyReference policyReference)
+ {
+ this.policyReference = policyReference;
+ this.delegate.getAny().add(policyReference);
+ }
+
+ /**
+ * <p>
+ * Obtains the list of request elements that are not part of the standard content
model.
+ * </p>
+ *
+ * @return a {@code List<Object>} containing the extension elements.
+ */
+ public List<Object> getExtensionElements()
+ {
+ return Collections.unmodifiableList(this.extensionElements);
+ }
+
+ /**
+ * <p>
+ * Obtains the response context.
+ * </p>
+ *
+ * @return a {@code String} that identifies the original request.
+ */
+ public String getContext()
+ {
+ return this.delegate.getContext();
+ }
+
+ /**
+ * <p>
+ * Sets the response context.
+ * </p>
+ *
+ * @param context a {@code String} that identifies the original request.
+ */
+ public void setContext(String context)
+ {
+ this.delegate.setContext(context);
+ }
+
+ /**
+ * <p>
+ * Obtains a map that contains attributes that aren't bound to any typed property
on the response. This is a live
+ * reference, so attributes can be added/changed/removed directly. For this reason,
there is no setter method.
+ * </p>
+ *
+ * @return a {@code Map<QName, String>} that contains the attributes.
+ */
+ public Map<QName, String> getOtherAttributes()
+ {
+ return this.delegate.getOtherAttributes();
+ }
+
+ /**
+ * <p>
+ * Gets a reference to the list that holds all response element values.
+ * </p>
+ *
+ * @return a {@code List<Object>} containing all values specified in the
response.
+ */
+ public List<Object> getAny()
+ {
+ return this.delegate.getAny();
+ }
+
+ /**
+ * <p>
+ * Obtains a reference to the {@code RequestSecurityTokenResponseType} delegate.
+ * </p>
+ *
+ * @return a reference to the delegate instance.
+ */
+ public RequestSecurityTokenResponseType getDelegate()
+ {
+ return this.delegate;
+ }
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java 2009-05-31
23:25:59 UTC (rev 547)
@@ -0,0 +1,124 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import
org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseCollectionType;
+import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseType;
+
+/**
+ * <p>
+ * This class represents a WS-Trust {@code RequestSecurityTokenResponseCollection}. It
wraps the JAXB representation of
+ * the security token collection response.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class RequestSecurityTokenResponseCollection implements
BaseRequestSecurityTokenResponse
+{
+
+ private final RequestSecurityTokenResponseCollectionType delegate;
+
+ private final List<RequestSecurityTokenResponse> requestSecurityTokenResponses;
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityTokenResponseCollection}.
+ * </p>
+ */
+ public RequestSecurityTokenResponseCollection()
+ {
+ this.requestSecurityTokenResponses = new
ArrayList<RequestSecurityTokenResponse>();
+ this.delegate = new RequestSecurityTokenResponseCollectionType();
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityTokenResponseCollection} using the
specified delegate.
+ * </p>
+ *
+ * @param delegate the JAXB {@code RequestSecurityTokenResponseCollectionType} that
represents a WS-Trust request
+ * collection.
+ */
+ public
RequestSecurityTokenResponseCollection(RequestSecurityTokenResponseCollectionType
delegate)
+ {
+ this.delegate = delegate;
+ this.requestSecurityTokenResponses = new
ArrayList<RequestSecurityTokenResponse>();
+ for (RequestSecurityTokenResponseType response :
delegate.getRequestSecurityTokenResponse())
+ this.requestSecurityTokenResponses.add(new
RequestSecurityTokenResponse(response));
+ }
+
+ /**
+ * <p>
+ * Obtains the collection of {@code RequestSecurityTokenResponse} objects. The
returned collection is immutable, so
+ * addition or removal of requests must be carried by the appropriate add/remove
methods.
+ * </p>
+ *
+ * @return a {@code List<RequestSecurityToken>} containing the token requests.
+ */
+ public List<RequestSecurityTokenResponse> getRequestSecurityTokenResponses()
+ {
+ return Collections.unmodifiableList(this.requestSecurityTokenResponses);
+ }
+
+ /**
+ * <p>
+ * Adds the specified {@code RequestSecurityTokenResponse} object to the collection of
token requests.
+ * </p>
+ *
+ * @param request the {@code RequestSecurityTokenResponse} to be added.
+ */
+ public void addRequestSecurityTokenResponse(RequestSecurityTokenResponse response)
+ {
+ this.delegate.getRequestSecurityTokenResponse().add(response.getDelegate());
+ this.requestSecurityTokenResponses.add(response);
+ }
+
+ /**
+ * <p>
+ * Removes the specified {@code RequestSecurityTokenResponse} object from the
collection of token requests.
+ * </p>
+ *
+ * @param request the {@code RequestSecurityTokenResponse} to be removed.
+ */
+ public void removeRequestSecurityTokenResponse(RequestSecurityTokenResponse response)
+ {
+ this.delegate.getRequestSecurityTokenResponse().remove(response.getDelegate());
+ this.requestSecurityTokenResponses.remove(response);
+ }
+
+ /**
+ * <p>
+ * Obtains a reference to the {@code RequestSecurityTokenResponseCollectionType}
delegate.
+ * </p>
+ *
+ * @return a reference to the delegate instance.
+ */
+ public RequestSecurityTokenResponseCollectionType getDelegate()
+ {
+ return this.delegate;
+ }
+
+}
5720
days inactive
5720
days old
jboss-identity-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
jboss-identity-commits@lists.jboss.org