Author: anil.saldhana(a)jboss.com
Date: 2009-08-14 01:13:52 -0400 (Fri, 14 Aug 2009)
New Revision: 704
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/HTTPRedirectUtil.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/RedirectBindingSignatureUtil.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/RedirectBindingUtil.java
Removed:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/HTTPRedirectUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java
Modified:
identity-federation/trunk/jboss-identity-bindings/pom.xml
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java
identity-federation/trunk/jboss-identity-seam/pom.xml
identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java
identity-federation/trunk/pom.xml
Log:
refactor the util classes out of bindings
Modified: identity-federation/trunk/jboss-identity-bindings/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-bindings/pom.xml 2009-08-14 04:47:21 UTC (rev
703)
+++ identity-federation/trunk/jboss-identity-bindings/pom.xml 2009-08-14 05:13:52 UTC (rev
704)
@@ -113,6 +113,11 @@
<version>${project.version}</version>
</dependency>
<dependency>
+ <groupId>org.jboss.identity</groupId>
+ <artifactId>jboss-identity-web</artifactId>
+ <version>${project.version}</version>
+ </dependency>
+ <dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
<version>2.4</version>
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -49,8 +49,8 @@
import org.jboss.identity.federation.web.config.TrustType;
import org.jboss.identity.federation.web.interfaces.RoleGenerator;
import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
-import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil;
-import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
+import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectWithSignatureValve.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -47,7 +47,7 @@
import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
-import org.jboss.identity.federation.bindings.util.RedirectBindingSignatureUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.exceptions.ProcessingException;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -48,7 +48,8 @@
import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
-import org.jboss.identity.federation.bindings.util.RedirectBindingSignatureUtil;
+import org.jboss.identity.federation.web.util.IDPWebRequestUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
@@ -229,6 +230,9 @@
AuthnRequestType art = (AuthnRequestType) requestAbstractType;
destination = art.getAssertionConsumerServiceURL();
+ if(webRequestUtil.hasSAMLRequestInPostProfile())
+ recycle(response);
+
samlResponse =
webRequestUtil.getResponse(destination,
userPrincipal, roles,
@@ -237,6 +241,10 @@
catch (IssuerNotTrustedException e)
{
log.trace(e);
+
+ if(webRequestUtil.hasSAMLRequestInPostProfile())
+ recycle(response);
+
samlResponse =
webRequestUtil.getErrorResponse(referer,
JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(),
@@ -245,6 +253,9 @@
catch (ParsingException e)
{
log.trace(e);
+ if(webRequestUtil.hasSAMLRequestInPostProfile())
+ recycle(response);
+
samlResponse =
webRequestUtil.getErrorResponse(referer,
JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
@@ -253,6 +264,9 @@
catch (ConfigurationException e)
{
log.trace(e);
+ if(webRequestUtil.hasSAMLRequestInPostProfile())
+ recycle(response);
+
samlResponse =
webRequestUtil.getErrorResponse(referer,
JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
@@ -261,6 +275,9 @@
catch (IssueInstantMissingException e)
{
log.trace(e);
+ if(webRequestUtil.hasSAMLRequestInPostProfile())
+ recycle(response);
+
samlResponse =
webRequestUtil.getErrorResponse(referer,
JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
@@ -269,6 +286,10 @@
catch(GeneralSecurityException e)
{
log.trace(e);
+
+ if(webRequestUtil.hasSAMLRequestInPostProfile())
+ recycle(response);
+
samlResponse =
webRequestUtil.getErrorResponse(referer,
JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
@@ -278,6 +299,9 @@
{
try
{
+ if(webRequestUtil.hasSAMLRequestInPostProfile())
+ recycle(response);
+
if(this.signOutgoingMessages)
webRequestUtil.send(samlResponse, destination,relayState,
response, true,
this.keyManager.getSigningKey());
@@ -322,6 +346,9 @@
this.identityURL, this.signOutgoingMessages);
try
{
+ if(webRequestUtil.hasSAMLRequestInPostProfile())
+ recycle(response);
+
if(this.signOutgoingMessages)
webRequestUtil.send(samlResponse, referrer, relayState, response, true,
this.keyManager.getSigningKey());
@@ -521,4 +548,15 @@
this.sigAlg = alg;
}
}
+
+ private void recycle(Response response)
+ {
+ /**
+ * Since the container finished authentication, it will try to locate
+ * index.jsp or index.html. We need to recycle whatever is in the
+ * response object such that we direct it to the html that is being
+ * created as part of the HTTP/POST binding
+ */
+ response.recycle();
+ }
}
\ No newline at end of file
Deleted:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPWebRequestUtil.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -1,442 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.tomcat.idp;
-
-import java.io.ByteArrayInputStream;
-import java.io.IOException;
-import java.io.InputStream;
-import java.io.StringWriter;
-import java.net.URLEncoder;
-import java.security.GeneralSecurityException;
-import java.security.Principal;
-import java.security.PrivateKey;
-import java.util.List;
-import java.util.StringTokenizer;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.xml.bind.JAXBException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-
-import org.apache.catalina.connector.Response;
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
-import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.api.saml.v2.sig.SAML2Signature;
-import org.jboss.identity.federation.web.config.IDPType;
-import org.jboss.identity.federation.web.config.TrustType;
-import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
-import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil;
-import org.jboss.identity.federation.bindings.util.PostBindingUtil;
-import org.jboss.identity.federation.bindings.util.RedirectBindingSignatureUtil;
-import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
-import org.jboss.identity.federation.bindings.util.ValveUtil;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
-import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
-import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
-import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
-import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
-import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
-import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
-import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
-import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
-import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
-import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
-
-/**
- * Request Util
- * <b> Not thread safe</b>
- * @author Anil.Saldhana(a)redhat.com
- * @since May 18, 2009
- */
-public class IDPWebRequestUtil
-{
- private static Logger log = Logger.getLogger(IDPWebRequestUtil.class);
-
- private boolean redirectProfile = false;
- private boolean postProfile = false;
-
- private IDPType idpConfiguration;
- private TrustKeyManager keyManager;
-
- public IDPWebRequestUtil(HttpServletRequest request, IDPType idp, TrustKeyManager
keym)
- {
- this.idpConfiguration = idp;
- this.keyManager = keym;
- this.redirectProfile = "GET".equals(request.getMethod());
- this.postProfile = "POST".equals(request.getMethod());
- }
-
- public boolean hasSAMLRequestInRedirectProfile()
- {
- return redirectProfile;
- }
-
- public boolean hasSAMLRequestInPostProfile()
- {
- return postProfile;
- }
-
- public RequestAbstractType getSAMLRequest(String samlMessage)
- throws ParsingException, IOException
- {
- InputStream is = null;
- SAML2Request saml2Request = new SAML2Request();
- if(redirectProfile)
- {
- is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
- }
- else
- {
- byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage);
- log.trace("SAMLRequest=" + new String(samlBytes));
- is = new ByteArrayInputStream(samlBytes);
- }
- return saml2Request.getRequestType(is);
- }
-
-
- public Document getResponse( String assertionConsumerURL,
- Principal userPrincipal,
- List<String> roles,
- String identityURL,
- long assertionValidity,
- boolean supportSignature)
- throws ConfigurationException, IssueInstantMissingException
- {
- Document samlResponseDocument = null;
-
- log.trace("AssertionConsumerURL=" + assertionConsumerURL +
- "::assertion validity=" + assertionValidity);
- ResponseType responseType = null;
-
- SAML2Response saml2Response = new SAML2Response();
-
- //Create a response type
- String id = IDGenerator.create("ID_");
-
- IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
- issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
-
- IDPInfoHolder idp = new IDPInfoHolder();
- idp.setNameIDFormatValue(userPrincipal.getName());
- idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
-
- SPInfoHolder sp = new SPInfoHolder();
- sp.setResponseDestinationURI(assertionConsumerURL);
- responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
-
-
- //Add information on the roles
- AssertionType assertion = (AssertionType)
responseType.getAssertionOrEncryptedAssertion().get(0);
-
- AttributeStatementType attrStatement =
saml2Response.createAttributeStatement(roles);
-
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
-
- //Add timed conditions
- saml2Response.createTimedConditions(assertion, assertionValidity);
-
- //Lets see how the response looks like
- if(log.isTraceEnabled())
- {
- StringWriter sw = new StringWriter();
- try
- {
- saml2Response.marshall(responseType, sw);
- }
- catch (JAXBException e)
- {
- log.trace(e);
- }
- catch (SAXException e)
- {
- log.trace(e);
- }
- log.trace("Response="+sw.toString());
- }
-
- log.trace("Support Sig=" + supportSignature + " ::Post
Profile?=" + hasSAMLRequestInPostProfile());
- if(supportSignature && hasSAMLRequestInPostProfile())
- {
- try
- {
- SAML2Signature saml2Signature = new SAML2Signature();
- samlResponseDocument = saml2Signature.sign(responseType,
keyManager.getSigningKeyPair());
- }
- catch (Exception e)
- {
- log.trace(e);
- }
- }
- else
- try
- {
- samlResponseDocument = saml2Response.convert(responseType);
- }
- catch (Exception e)
- {
- log.trace(e);
- }
-
- return samlResponseDocument;
- }
-
-
-
- /**
- * Verify that the issuer is trusted
- * @param issuer
- * @throws IssuerNotTrustedException
- */
- public void isTrusted(String issuer) throws IssuerNotTrustedException
- {
- try
- {
- String issuerDomain = ValveUtil.getDomain(issuer);
- TrustType idpTrust = idpConfiguration.getTrust();
- if(idpTrust != null)
- {
- String domainsTrusted = idpTrust.getDomains();
- log.trace("Domains that IDP trusts="+domainsTrusted + " and
issuer domain="+issuerDomain);
- if(domainsTrusted.indexOf(issuerDomain) < 0)
- {
- //Let us do string parts checking
- StringTokenizer st = new StringTokenizer(domainsTrusted, ",");
- while(st != null && st.hasMoreTokens())
- {
- String uriBit = st.nextToken();
- log.trace("Matching uri bit="+ uriBit);
- if(issuerDomain.indexOf(uriBit) > 0)
- {
- log.trace("Matched " + uriBit + " trust for " +
issuerDomain );
- return;
- }
- }
- throw new IssuerNotTrustedException(issuer);
- }
- }
- }
- catch (Exception e)
- {
- throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
- }
- }
-
- /**
- * Send a response
- * @param responseDoc
- * @param relayState
- * @param response
- * @throws IOException
- * @throws GeneralSecurityException
- */
- public void send(Document responseDoc, String destination,
- String relayState,
- Response response,
- boolean supportSignature,
- PrivateKey signingKey) throws IOException, GeneralSecurityException
- {
- if(responseDoc == null)
- throw new IllegalArgumentException("responseType is null");
-
- byte[] responseBytes = null;
- try
- {
- responseBytes =
DocumentUtil.getDocumentAsString(responseDoc).getBytes("UTF-8");
- }
- catch (TransformerFactoryConfigurationError e)
- {
- log.trace(e);
- }
- catch (TransformerException e)
- {
- log.trace(e);
- }
-
- if(redirectProfile)
- {
- String urlEncodedResponse =
RedirectBindingUtil.deflateBase64URLEncode(responseBytes);
-
- log.trace("IDP:Destination=" + destination);
-
- if(relayState != null && relayState.length() > 0)
- relayState = RedirectBindingUtil.urlEncode(relayState);
-
- String finalDest = destination + getDestination(urlEncodedResponse, relayState,
- supportSignature);
- log.trace("Redirecting to="+ finalDest);
- HTTPRedirectUtil.sendRedirectForResponder(finalDest, response);
- }
- else
- {
- /**
- * Since the container finished authentication, it will try to locate
- * index.jsp or index.html. We need to recycle whatever is in the
- * response object such that we direct it to the html that is being
- * created as part of the HTTP/POST binding
- */
- response.recycle();
-
- String samlResponse = PostBindingUtil.base64Encode(new String(responseBytes));
-
-
- PostBindingUtil.sendPost(new DestinationInfoHolder(destination,
- samlResponse, relayState), response, false);
- }
- }
-
- /**
- * Generate a Destination URL for the HTTPRedirect binding
- * with the saml response and relay state
- * @param urlEncodedResponse
- * @param urlEncodedRelayState
- * @return
- */
- public String getDestination(String urlEncodedResponse, String urlEncodedRelayState,
- boolean supportSignature)
- {
- StringBuilder sb = new StringBuilder();
- sb.append("?");
-
- if(redirectProfile)
- {
- if(supportSignature)
- {
- try
- {
-
sb.append(RedirectBindingSignatureUtil.getSAMLResponseURLWithSignature(urlEncodedResponse,
- urlEncodedRelayState, keyManager.getSigningKey()));
- }
- catch (Exception e)
- {
- log.trace(e);
- }
- }
- else
- {
- sb.append("?SAMLResponse=").append(urlEncodedResponse);
- if(urlEncodedRelayState != null && urlEncodedRelayState.length() >
0)
- sb.append("&RelayState=").append(urlEncodedRelayState);
- }
- return sb.toString();
-
- }
- return null;
- }
-
- /**
- * Create an Error Response
- * @param responseURL
- * @param status
- * @param identityURL
- * @param supportSignature
- * @return
- * @throws ConfigurationException
- */
- public Document getErrorResponse(String responseURL, String status,
- String identityURL, boolean supportSignature)
- {
- Document samlResponse = null;
- ResponseType responseType = null;
-
- SAML2Response saml2Response = new SAML2Response();
-
- //Create a response type
- String id = IDGenerator.create("ID_");
-
- IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
- issuerHolder.setStatusCode(status);
-
- IDPInfoHolder idp = new IDPInfoHolder();
- idp.setNameIDFormatValue(null);
- idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
-
- SPInfoHolder sp = new SPInfoHolder();
- sp.setResponseDestinationURI(responseURL);
- try
- {
- responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
- }
- catch (ConfigurationException e1)
- {
- log.trace(e1);
- responseType = saml2Response.createResponseType();
- }
-
- log.debug("Error_ResponseType = ");
- //Lets see how the response looks like
- if(log.isTraceEnabled())
- {
- StringWriter sw = new StringWriter();
- try
- {
- saml2Response.marshall(responseType, sw);
- }
- catch (JAXBException e)
- {
- log.trace(e);
- }
- catch (SAXException e)
- {
- log.trace(e);
- }
- log.trace("Response="+sw.toString());
- }
-
- if(supportSignature)
- {
- try
- {
- //SigAlg
- String algo = keyManager.getSigningKey().getAlgorithm();
- String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(algo);
-
- sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
-
- SAML2Signature ss = new SAML2Signature();
- samlResponse = ss.sign(responseType, keyManager.getSigningKeyPair());
- }
- catch (Exception e)
- {
- log.trace(e);
- }
- }
- else
- try
- {
- samlResponse = saml2Response.convert(responseType);
- }
- catch (Exception e)
- {
- log.trace(e);
- }
-
- return samlResponse;
- }
-}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -46,7 +46,7 @@
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.web.config.TrustType;
import
org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
-import org.jboss.identity.federation.bindings.util.PostBindingUtil;
+import org.jboss.identity.federation.web.util.PostBindingUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -42,7 +42,7 @@
import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
-import org.jboss.identity.federation.bindings.util.PostBindingUtil;
+import org.jboss.identity.federation.web.util.PostBindingUtil;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectFormAuthenticator.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -46,8 +46,8 @@
import org.jboss.identity.federation.api.util.DeflateUtil;
import org.jboss.identity.federation.web.config.TrustType;
import
org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
-import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil;
-import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
+import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPRedirectSignatureFormAuthenticator.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -39,7 +39,7 @@
import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
-import org.jboss.identity.federation.bindings.util.RedirectBindingSignatureUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
Deleted:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/HTTPRedirectUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/HTTPRedirectUtil.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/HTTPRedirectUtil.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -1,75 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.util;
-
-import java.io.IOException;
-
-import javax.servlet.http.HttpServletResponse;
-
-
-/**
- * Utility Class for http/redirect
- * @author Anil.Saldhana(a)redhat.com
- * @since Dec 15, 2008
- */
-public class HTTPRedirectUtil
-{
- /**
- * Send the response to the redirected destination while
- * adding the character encoding of "UTF-8" as well as
- * adding headers for cache-control and Pragma
- * @param destination Destination URI where the response needs to redirect
- * @param response HttpServletResponse
- * @throws IOException
- */
- public static void sendRedirectForRequestor(String destination, HttpServletResponse
response)
- throws IOException
- {
- common(destination, response);
- response.setHeader("Cache-Control", "no-cache, no-store");
- sendRedirect(response,destination);
- }
-
- /**
- * @see #sendRedirectForRequestor(String, HttpServletResponse)
- */
- public static void sendRedirectForResponder(String destination, HttpServletResponse
response)
- throws IOException
- {
- common(destination, response);
- response.setHeader("Cache-Control", "no-cache, no-store,
must-revalidate,private");
- sendRedirect(response,destination);
- }
-
- private static void common(String destination, HttpServletResponse response)
- {
- response.setCharacterEncoding("UTF-8");
- response.setHeader("Location", destination);
- response.setHeader("Pragma", "no-cache");
- }
-
- private static void sendRedirect(HttpServletResponse response, String destination)
throws IOException
- {
- response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
- response.sendRedirect(destination);
- }
-}
\ No newline at end of file
Deleted:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/PostBindingUtil.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -1,108 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.util;
-
-import java.io.IOException;
-import java.io.PrintWriter;
-
-import javax.servlet.http.HttpServletResponse;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.util.Base64;
-import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
-
-/**
- * Utility for the HTTP/Post binding
- * @author Anil.Saldhana(a)redhat.com
- * @since May 22, 2009
- */
-public class PostBindingUtil
-{
- private static Logger log = Logger.getLogger(PostBindingUtil.class);
-
- public static String base64Encode(String stringToEncode) throws IOException
- {
- return Base64.encodeBytes(stringToEncode.getBytes("UTF-8"),
Base64.DONT_BREAK_LINES);
- }
-
- public static byte[] base64Decode(String encodedString)
- {
- return Base64.decode(encodedString);
- }
-
- /**
- * Send the response to the redirected destination while
- * adding the character encoding of "UTF-8" as well as
- * adding headers for cache-control and Pragma
- * @param destination Destination URI where the response needs to redirect
- * @param response HttpServletResponse
- * @throws IOException
- */
- public static void sendPost(DestinationInfoHolder holder,
- HttpServletResponse response,
- boolean sendToIDP)
- throws IOException
- {
- String key = sendToIDP ? "SAMLRequest" : "SAMLResponse";
-
- String relayState = holder.getRelayState();
- String destination = holder.getDestination();
- String samlMessage = holder.getSamlMessage();
-
- response.setContentType("text/html");
- PrintWriter out = response.getWriter();
- common(holder.getDestination(), response);
- StringBuilder builder = new StringBuilder();
-
- builder.append("<HTML>");
- builder.append("<HEAD>");
- if(sendToIDP)
- builder.append("<TITLE>HTTP Post Binding To Identity
Provider</TITLE>");
- else
- builder.append("<TITLE>HTTP Post Binding Response To Service
Provider</TITLE>");
-
- builder.append("</HEAD>");
- builder.append("<BODY
Onload=\"document.forms[0].submit()\">");
-
- builder.append("<FORM METHOD=\"POST\" ACTION=\"" +
destination + "\">");
- builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\""+ key
+"\"" + " VALUE=\"" + samlMessage
- + "\"/>");
- if (relayState != null && relayState.length() > 0)
- {
- builder.append("<INPUT TYPE=\"HIDDEN\"
NAME=\"RelayState\" " +
- "VALUE=\"" + relayState + "\"/>");
- }
- builder.append("</FORM></BODY></HTML>");
-
- String str = builder.toString();
- log.debug(str);
- out.println(str);
- out.close();
- }
-
- private static void common(String destination, HttpServletResponse response)
- {
- response.setCharacterEncoding("UTF-8");
- response.setHeader("Pragma", "no-cache");
- response.setHeader("Cache-Control", "no-cache, no-store");
- }
-}
\ No newline at end of file
Deleted:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingSignatureUtil.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -1,348 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.util;
-
-import java.io.IOException;
-import java.io.StringWriter;
-import java.io.UnsupportedEncodingException;
-import java.net.URLEncoder;
-import java.security.GeneralSecurityException;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
-import javax.xml.bind.JAXBException;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactoryConfigurationError;
-
-import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.exceptions.ProcessingException;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
-import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
-import org.w3c.dom.Document;
-import org.xml.sax.SAXException;
-
-
-/**
- * Signature Support for the HTTP/Redirect binding
- * @author Anil.Saldhana(a)redhat.com
- * @since Dec 16, 2008
- */
-public class RedirectBindingSignatureUtil
-{
- /**
- * Get the URL for the SAML request that contains the signature and signature
algorithm
- * @param authRequest
- * @param relayState
- * @param signingKey
- * @return
- * @throws JAXBException
- * @throws SAXException
- * @throws IOException
- * @throws GeneralSecurityException
- */
- public static String getSAMLRequestURLWithSignature(AuthnRequestType authRequest,
String relayState,
- PrivateKey signingKey) throws SAXException, JAXBException, IOException,
GeneralSecurityException
- {
- SAML2Request saml2Request = new SAML2Request();
-
- // Deal with the original request
- StringWriter sw = new StringWriter();
- saml2Request.marshall(authRequest, sw);
-
- //URL Encode the Request
- String urlEncodedRequest =
RedirectBindingUtil.deflateBase64URLEncode(sw.toString());
-
- String urlEncodedRelayState = null;
- if(relayState != null && relayState.length() > 0 )
- urlEncodedRelayState = URLEncoder.encode(relayState, "UTF-8");
-
- byte[] sigValue = computeSignature("SAMLRequest=" + urlEncodedRequest,
urlEncodedRelayState, signingKey);
-
- //Now construct the URL
- return getRequestRedirectURLWithSignature(urlEncodedRequest, urlEncodedRelayState,
sigValue, signingKey.getAlgorithm());
- }
-
- /**
- * Get the URL for the SAML request that contains the signature and signature
algorithm
- * @param responseType
- * @param relayState
- * @param signingKey
- * @return
- * @throws IOException
- * @throws GeneralSecurityException
- */
- public static String getSAMLResponseURLWithSignature(ResponseType responseType, String
relayState,
- PrivateKey signingKey) throws IOException, GeneralSecurityException
- {
- SAML2Response saml2Response = new SAML2Response();
-
- Document responseDoc = null;
-
- try
- {
- responseDoc = saml2Response.convert(responseType);
- }
- catch (JAXBException e)
- {
- throw new ParsingException(e);
- }
- catch (ParserConfigurationException e)
- {
- throw new ParsingException(e);
- }
-
- //URL Encode the Request
- String responseString;
- try
- {
- responseString = DocumentUtil.getDocumentAsString(responseDoc);
- }
- catch (TransformerFactoryConfigurationError e)
- {
- throw new ConfigurationException(e);
- }
- catch (TransformerException e)
- {
- throw new ProcessingException(e);
- }
-
- String urlEncodedResponse =
RedirectBindingUtil.deflateBase64URLEncode(responseString);
-
- String urlEncodedRelayState = null;
- if(relayState != null && relayState.length() > 0 )
- urlEncodedRelayState = URLEncoder.encode(relayState, "UTF-8");
-
- byte[] sigValue = computeSignature("SAMLResponse=" + urlEncodedResponse,
urlEncodedRelayState, signingKey);
-
- //Now construct the URL
- return getResponseRedirectURLWithSignature(urlEncodedResponse,
urlEncodedRelayState, sigValue, signingKey.getAlgorithm());
- }
-
- /**
- * Given an url-encoded saml request and relay state and a private key, compute the
url
- * @param urlEncodedRequest
- * @param urlEncodedRelayState
- * @param signingKey
- * @return
- * @throws GeneralSecurityException
- * @throws IOException
- */
- public static String getSAMLRequestURLWithSignature(String urlEncodedRequest, String
urlEncodedRelayState,
- PrivateKey signingKey) throws IOException, GeneralSecurityException
- {
- byte[] sigValue = computeSignature("SAMLRequest=" + urlEncodedRequest,
urlEncodedRelayState, signingKey);
- return getRequestRedirectURLWithSignature(urlEncodedRequest, urlEncodedRelayState,
sigValue, signingKey.getAlgorithm());
- }
-
- /**
- * Given an url-encoded saml response and relay state and a private key, compute the
url
- * @param urlEncodedResponse
- * @param urlEncodedRelayState
- * @param signingKey
- * @return
- * @throws GeneralSecurityException
- * @throws IOException
- */
- public static String getSAMLResponseURLWithSignature(String urlEncodedResponse, String
urlEncodedRelayState,
- PrivateKey signingKey) throws IOException, GeneralSecurityException
- {
- byte[] sigValue = computeSignature("SAMLResponse=" + urlEncodedResponse,
urlEncodedRelayState, signingKey);
- return getResponseRedirectURLWithSignature(urlEncodedResponse,
urlEncodedRelayState, sigValue, signingKey.getAlgorithm());
- }
-
- /**
- * From the SAML Request URL, get the Request object
- * @param signedURL
- * @return
- * @throws IOException
- * @throws SAXException
- * @throws JAXBException
- */
- public static AuthnRequestType getRequestFromSignedURL(String signedURL)
- throws JAXBException, SAXException, IOException
- {
- String samlRequestTokenValue = getTokenValue(signedURL, "SAMLRequest");
-
- SAML2Request saml2Request = new SAML2Request();
- return
saml2Request.getAuthnRequestType(RedirectBindingUtil.urlBase64DeflateDecode(samlRequestTokenValue));
- }
-
- /**
- * Get the signature value from the url
- * @param signedURL
- * @return
- * @throws IOException
- */
- public static byte[] getSignatureValueFromSignedURL(String signedURL) throws
IOException
- {
- String sigValueTokenValue = getTokenValue(signedURL,"Signature");
- if(sigValueTokenValue == null)
- throw new IllegalArgumentException("Signature Token is not present");
- return RedirectBindingUtil.urlBase64Decode(sigValueTokenValue);
- }
-
-
- /**
- * From the query string that contains key/value pairs, get the value of a key
- * <b>Note:</b> if the token is null, a null value is returned
- * @param queryString
- * @param token
- * @return
- */
- public static String getTokenValue(String queryString, String token)
- {
- return getTokenValue(getToken(queryString, token));
- }
-
- public static boolean validateSignature(String queryString,
- PublicKey validatingKey, byte[] sigValue ) throws UnsupportedEncodingException,
GeneralSecurityException
- {
- //Construct the url again
- String reqFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
"SAMLRequest");
- String relayStateFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
"RelayState");
- String sigAlgFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
"SigAlg");
-
- StringBuilder sb = new StringBuilder();
- sb.append("SAMLRequest=").append(reqFromURL);
-
- if(relayStateFromURL != null && relayStateFromURL.length() > 0)
- {
- sb.append("&RelayState=").append(relayStateFromURL);
- }
- sb.append("&SigAlg=").append(sigAlgFromURL);
-
-
- return SignatureUtil.validate(sb.toString().getBytes("UTF-8"), sigValue,
validatingKey);
- }
-
- //***************** Private Methods **************
-
- private static byte[] computeSignature(
- String requestOrResponseKeyValuePair, String urlEncodedRelayState,
- PrivateKey signingKey) throws IOException, GeneralSecurityException
- {
- StringBuilder sb = new StringBuilder();
- sb.append(requestOrResponseKeyValuePair);
- if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
- {
- sb.append("&RelayState=").append(urlEncodedRelayState);
- }
- //SigAlg
- String algo = signingKey.getAlgorithm();
- String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(algo);
-
- sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
-
- sb.append("&SigAlg=").append(sigAlg);
-
- byte[] sigValue = SignatureUtil.sign(sb.toString(), signingKey);
-
- return sigValue;
- }
-
- private static String getRequestRedirectURLWithSignature(
- String urlEncodedRequest, String urlEncodedRelayState, byte[] signature, String
sigAlgo)
- throws IOException
- {
- StringBuilder sb = new StringBuilder();
- sb.append("SAMLRequest=").append(urlEncodedRequest);
- if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
- {
-
sb.append("&").append("RelayState=").append(urlEncodedRelayState);
- }
- //SigAlg
- String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(sigAlgo);
-
- sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
-
- sb.append("&").append("SigAlg=").append(sigAlg);
-
- //Encode the signature value
- String encodedSig = RedirectBindingUtil.base64URLEncode(signature);
-
- sb.append("&").append("Signature=").append(encodedSig);
-
- return sb.toString();
- }
-
- private static String getResponseRedirectURLWithSignature(
- String urlEncodedResponse, String urlEncodedRelayState, byte[] signature, String
sigAlgo)
- throws IOException
- {
- StringBuilder sb = new StringBuilder();
- sb.append("SAMLResponse=").append(urlEncodedResponse);
- if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
- {
-
sb.append("&").append("RelayState=").append(urlEncodedRelayState);
- }
- //SigAlg
- String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(sigAlgo);
-
- sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
-
- sb.append("&").append("SigAlg=").append(sigAlg);
-
- //Encode the signature value
- String encodedSig = RedirectBindingUtil.base64URLEncode(signature);
-
- sb.append("&").append("Signature=").append(encodedSig);
-
- return sb.toString();
- }
-
- private static String getToken(String queryString, String token)
- {
- if(queryString == null)
- throw new IllegalArgumentException("queryString is null");
-
- token += "=";
-
- int start = queryString.indexOf(token);
- if(start < 0)
- return null;
-
- int end = queryString.indexOf("&",start);
-
- if(end == -1)
- return queryString.substring(start);
-
- return queryString.substring(start,end);
- }
-
- private static String getTokenValue(String token)
- {
- if(token == null)
- return token;
-
- int eq = token.indexOf('=');
- if(eq == -1)
- return token;
- else
- return token.substring(eq + 1);
- }
-}
\ No newline at end of file
Deleted:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/util/RedirectBindingUtil.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -1,130 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.bindings.util;
-
-import java.io.IOException;
-import java.io.InputStream;
-import java.net.URLDecoder;
-import java.net.URLEncoder;
-
-import org.jboss.identity.federation.api.util.Base64;
-import org.jboss.identity.federation.api.util.DeflateUtil;
-
-/**
- * Utility class for SAML HTTP/Redirect binding
- * @author Anil.Saldhana(a)redhat.com
- * @since Jan 14, 2009
- */
-public class RedirectBindingUtil
-{
- /**
- * URL encode the string
- * @param str
- * @return
- * @throws IOException
- */
- public static String urlEncode(String str) throws IOException
- {
- return URLEncoder.encode(str, "UTF-8");
- }
-
- /**
- * URL decode the string
- * @param str
- * @return
- * @throws IOException
- */
- public static String urlDecode(String str) throws IOException
- {
- return URLDecoder.decode(str, "UTF-8");
- }
-
- /**
- * On the byte array, apply base64 encoding following by URL encoding
- * @param stringToEncode
- * @return
- * @throws IOException
- */
- public static String base64URLEncode(byte[] stringToEncode) throws IOException
- {
- String base64Request = Base64.encodeBytes(stringToEncode, Base64.DONT_BREAK_LINES);
- return urlEncode(base64Request);
- }
-
- /**
- * On the byte array, apply URL decoding followed by base64 decoding
- * @param encodedString
- * @return
- * @throws IOException
- */
- public static byte[] urlBase64Decode(String encodedString) throws IOException
- {
- String decodedString = urlDecode(encodedString);
- return Base64.decode(decodedString);
- }
-
- /**
- * Apply deflate compression followed by base64 encoding and URL encoding
- * @param stringToEncode
- * @return
- * @throws IOException
- */
- public static String deflateBase64URLEncode(String stringToEncode) throws IOException
- {
- return deflateBase64URLEncode(stringToEncode.getBytes("UTF-8"));
- }
-
- /**
- * Apply deflate compression followed by base64 encoding and URL encoding
- * @param stringToEncode
- * @return
- * @throws IOException
- */
- public static String deflateBase64URLEncode(byte[] stringToEncode) throws IOException
- {
- byte[] deflatedMsg = DeflateUtil.encode(stringToEncode);
- return base64URLEncode(deflatedMsg);
- }
-
- /**
- * Apply URL decoding, followed by base64 decoding followed by deflate decompression
- * @param encodedString
- * @return
- * @throws IOException
- */
- public static InputStream urlBase64DeflateDecode(String encodedString) throws
IOException
- {
- byte[] deflatedString = urlBase64Decode(encodedString);
- return DeflateUtil.decode(deflatedString);
- }
-
- /**
- * Base64 decode followed by Deflate decoding
- * @param encodedString
- * @return
- */
- public static InputStream base64DeflateDecode(String encodedString)
- {
- byte[] base64decodedMsg = Base64.decode(encodedString);
- return DeflateUtil.decode(base64decodedMsg);
- }
-}
\ No newline at end of file
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -28,7 +28,7 @@
import junit.framework.TestCase;
import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
-import org.jboss.identity.federation.bindings.util.RedirectBindingSignatureUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
import org.jboss.identity.federation.bindings.util.cert.KeyStoreUtil;
import
org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -29,7 +29,7 @@
import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingUtil;
import
org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
Modified: identity-federation/trunk/jboss-identity-seam/pom.xml
===================================================================
--- identity-federation/trunk/jboss-identity-seam/pom.xml 2009-08-14 04:47:21 UTC (rev
703)
+++ identity-federation/trunk/jboss-identity-seam/pom.xml 2009-08-14 05:13:52 UTC (rev
704)
@@ -62,14 +62,13 @@
</dependency>
<dependency>
<groupId>org.jboss.identity</groupId>
- <artifactId>jboss-identity-bindings
- </artifactId>
+ <artifactId>jboss-identity-web</artifactId>
<version>${project.version}</version>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>servlet-api</artifactId>
- <version>2.4</version>
+ <version>2.5</version>
<scope>provided</scope>
</dependency>
<dependency>
@@ -128,4 +127,4 @@
</plugin>
</plugins>
</reporting>
-</project>
\ No newline at end of file
+</project>
Modified:
identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java
===================================================================
---
identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java 2009-08-14
04:47:21 UTC (rev 703)
+++
identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -52,13 +52,13 @@
import javax.xml.bind.JAXBElement;
import javax.xml.bind.JAXBException;
+import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.bindings.tomcat.sp.SPUtil;
-import org.jboss.identity.federation.bindings.util.HTTPRedirectUtil;
-import org.jboss.identity.federation.bindings.util.PostBindingUtil;
-import org.jboss.identity.federation.bindings.util.RedirectBindingSignatureUtil;
-import org.jboss.identity.federation.bindings.util.RedirectBindingUtil;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
+import org.jboss.identity.federation.web.util.PostBindingUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
@@ -462,7 +462,7 @@
String serviceProviderURL = request.getScheme() + "://" +
request.getServerName() + ":"
+ request.getServerPort() + request.getContextPath() +
"/SamlAuthenticationFilter.seam";
- AuthnRequestType authnRequest = new
SPUtil().createSAMLRequest(serviceProviderURL, identityProviderURL);
+ AuthnRequestType authnRequest = createSAMLRequest(serviceProviderURL,
identityProviderURL);
SAML2Request saml2Request = new SAML2Request();
ByteArrayOutputStream baos = new ByteArrayOutputStream();
@@ -502,4 +502,16 @@
throw new RuntimeException(e);
}
}
+
+ private AuthnRequestType createSAMLRequest(String serviceURL, String identityURL)
throws ConfigurationException
+ {
+ if(serviceURL == null)
+ throw new IllegalArgumentException("serviceURL is null");
+ if(identityURL == null)
+ throw new IllegalArgumentException("identityURL is null");
+
+ SAML2Request saml2Request = new SAML2Request();
+ String id = IDGenerator.create("ID_");
+ return saml2Request.createAuthnRequestType(id, serviceURL, identityURL,
serviceURL);
+ }
}
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/HTTPRedirectUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/HTTPRedirectUtil.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/HTTPRedirectUtil.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -0,0 +1,75 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.util;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletResponse;
+
+
+/**
+ * Utility Class for http/redirect
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 15, 2008
+ */
+public class HTTPRedirectUtil
+{
+ /**
+ * Send the response to the redirected destination while
+ * adding the character encoding of "UTF-8" as well as
+ * adding headers for cache-control and Pragma
+ * @param destination Destination URI where the response needs to redirect
+ * @param response HttpServletResponse
+ * @throws IOException
+ */
+ public static void sendRedirectForRequestor(String destination, HttpServletResponse
response)
+ throws IOException
+ {
+ common(destination, response);
+ response.setHeader("Cache-Control", "no-cache, no-store");
+ sendRedirect(response,destination);
+ }
+
+ /**
+ * @see #sendRedirectForRequestor(String, HttpServletResponse)
+ */
+ public static void sendRedirectForResponder(String destination, HttpServletResponse
response)
+ throws IOException
+ {
+ common(destination, response);
+ response.setHeader("Cache-Control", "no-cache, no-store,
must-revalidate,private");
+ sendRedirect(response,destination);
+ }
+
+ private static void common(String destination, HttpServletResponse response)
+ {
+ response.setCharacterEncoding("UTF-8");
+ response.setHeader("Location", destination);
+ response.setHeader("Pragma", "no-cache");
+ }
+
+ private static void sendRedirect(HttpServletResponse response, String destination)
throws IOException
+ {
+ response.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY);
+ response.sendRedirect(destination);
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -0,0 +1,445 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.util;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.StringWriter;
+import java.net.URL;
+import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
+import java.security.Principal;
+import java.security.PrivateKey;
+import java.util.List;
+import java.util.StringTokenizer;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.xml.bind.JAXBException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.api.saml.v2.sig.SAML2Signature;
+import org.jboss.identity.federation.web.config.IDPType;
+import org.jboss.identity.federation.web.config.TrustType;
+import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
+import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
+import org.jboss.identity.federation.web.util.PostBindingUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
+import org.jboss.identity.federation.web.util.RedirectBindingUtil;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
+import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.w3c.dom.Document;
+import org.xml.sax.SAXException;
+
+/**
+ * Request Util
+ * <b> Not thread safe</b>
+ * @author Anil.Saldhana(a)redhat.com
+ * @since May 18, 2009
+ */
+public class IDPWebRequestUtil
+{
+ private static Logger log = Logger.getLogger(IDPWebRequestUtil.class);
+
+ private boolean redirectProfile = false;
+ private boolean postProfile = false;
+
+ private IDPType idpConfiguration;
+ private TrustKeyManager keyManager;
+
+ public IDPWebRequestUtil(HttpServletRequest request, IDPType idp, TrustKeyManager
keym)
+ {
+ this.idpConfiguration = idp;
+ this.keyManager = keym;
+ this.redirectProfile = "GET".equals(request.getMethod());
+ this.postProfile = "POST".equals(request.getMethod());
+ }
+
+ public boolean hasSAMLRequestInRedirectProfile()
+ {
+ return redirectProfile;
+ }
+
+ public boolean hasSAMLRequestInPostProfile()
+ {
+ return postProfile;
+ }
+
+ public RequestAbstractType getSAMLRequest(String samlMessage)
+ throws ParsingException, IOException
+ {
+ InputStream is = null;
+ SAML2Request saml2Request = new SAML2Request();
+ if(redirectProfile)
+ {
+ is = RedirectBindingUtil.base64DeflateDecode(samlMessage);
+ }
+ else
+ {
+ byte[] samlBytes = PostBindingUtil.base64Decode(samlMessage);
+ log.trace("SAMLRequest=" + new String(samlBytes));
+ is = new ByteArrayInputStream(samlBytes);
+ }
+ return saml2Request.getRequestType(is);
+ }
+
+
+ public Document getResponse( String assertionConsumerURL,
+ Principal userPrincipal,
+ List<String> roles,
+ String identityURL,
+ long assertionValidity,
+ boolean supportSignature)
+ throws ConfigurationException, IssueInstantMissingException
+ {
+ Document samlResponseDocument = null;
+
+ log.trace("AssertionConsumerURL=" + assertionConsumerURL +
+ "::assertion validity=" + assertionValidity);
+ ResponseType responseType = null;
+
+ SAML2Response saml2Response = new SAML2Response();
+
+ //Create a response type
+ String id = IDGenerator.create("ID_");
+
+ IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
+ issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get());
+
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue(userPrincipal.getName());
+ idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
+
+ SPInfoHolder sp = new SPInfoHolder();
+ sp.setResponseDestinationURI(assertionConsumerURL);
+ responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
+
+
+ //Add information on the roles
+ AssertionType assertion = (AssertionType)
responseType.getAssertionOrEncryptedAssertion().get(0);
+
+ AttributeStatementType attrStatement =
saml2Response.createAttributeStatement(roles);
+
assertion.getStatementOrAuthnStatementOrAuthzDecisionStatement().add(attrStatement);
+
+ //Add timed conditions
+ saml2Response.createTimedConditions(assertion, assertionValidity);
+
+ //Lets see how the response looks like
+ if(log.isTraceEnabled())
+ {
+ StringWriter sw = new StringWriter();
+ try
+ {
+ saml2Response.marshall(responseType, sw);
+ }
+ catch (JAXBException e)
+ {
+ log.trace(e);
+ }
+ catch (SAXException e)
+ {
+ log.trace(e);
+ }
+ log.trace("Response="+sw.toString());
+ }
+
+ log.trace("Support Sig=" + supportSignature + " ::Post
Profile?=" + hasSAMLRequestInPostProfile());
+ if(supportSignature && hasSAMLRequestInPostProfile())
+ {
+ try
+ {
+ SAML2Signature saml2Signature = new SAML2Signature();
+ samlResponseDocument = saml2Signature.sign(responseType,
keyManager.getSigningKeyPair());
+ }
+ catch (Exception e)
+ {
+ log.trace(e);
+ }
+ }
+ else
+ try
+ {
+ samlResponseDocument = saml2Response.convert(responseType);
+ }
+ catch (Exception e)
+ {
+ log.trace(e);
+ }
+
+ return samlResponseDocument;
+ }
+
+
+
+ /**
+ * Verify that the issuer is trusted
+ * @param issuer
+ * @throws IssuerNotTrustedException
+ */
+ public void isTrusted(String issuer) throws IssuerNotTrustedException
+ {
+ try
+ {
+ String issuerDomain = getDomain(issuer);
+ TrustType idpTrust = idpConfiguration.getTrust();
+ if(idpTrust != null)
+ {
+ String domainsTrusted = idpTrust.getDomains();
+ log.trace("Domains that IDP trusts="+domainsTrusted + " and
issuer domain="+issuerDomain);
+ if(domainsTrusted.indexOf(issuerDomain) < 0)
+ {
+ //Let us do string parts checking
+ StringTokenizer st = new StringTokenizer(domainsTrusted, ",");
+ while(st != null && st.hasMoreTokens())
+ {
+ String uriBit = st.nextToken();
+ log.trace("Matching uri bit="+ uriBit);
+ if(issuerDomain.indexOf(uriBit) > 0)
+ {
+ log.trace("Matched " + uriBit + " trust for " +
issuerDomain );
+ return;
+ }
+ }
+ throw new IssuerNotTrustedException(issuer);
+ }
+ }
+ }
+ catch (Exception e)
+ {
+ throw new IssuerNotTrustedException(e.getLocalizedMessage(),e);
+ }
+ }
+
+ /**
+ * Send a response
+ * @param responseDoc
+ * @param relayState
+ * @param response
+ * @throws IOException
+ * @throws GeneralSecurityException
+ */
+ public void send(Document responseDoc, String destination,
+ String relayState,
+ HttpServletResponse response,
+ boolean supportSignature,
+ PrivateKey signingKey) throws IOException, GeneralSecurityException
+ {
+ if(responseDoc == null)
+ throw new IllegalArgumentException("responseType is null");
+
+ byte[] responseBytes = null;
+ try
+ {
+ responseBytes =
DocumentUtil.getDocumentAsString(responseDoc).getBytes("UTF-8");
+ }
+ catch (TransformerFactoryConfigurationError e)
+ {
+ log.trace(e);
+ }
+ catch (TransformerException e)
+ {
+ log.trace(e);
+ }
+
+ if(redirectProfile)
+ {
+ String urlEncodedResponse =
RedirectBindingUtil.deflateBase64URLEncode(responseBytes);
+
+ log.trace("IDP:Destination=" + destination);
+
+ if(relayState != null && relayState.length() > 0)
+ relayState = RedirectBindingUtil.urlEncode(relayState);
+
+ String finalDest = destination + getDestination(urlEncodedResponse, relayState,
+ supportSignature);
+ log.trace("Redirecting to="+ finalDest);
+ HTTPRedirectUtil.sendRedirectForResponder(finalDest, response);
+ }
+ else
+ {
+ String samlResponse = PostBindingUtil.base64Encode(new String(responseBytes));
+
+ PostBindingUtil.sendPost(new DestinationInfoHolder(destination,
+ samlResponse, relayState), response, false);
+ }
+ }
+
+ /**
+ * Generate a Destination URL for the HTTPRedirect binding
+ * with the saml response and relay state
+ * @param urlEncodedResponse
+ * @param urlEncodedRelayState
+ * @return
+ */
+ public String getDestination(String urlEncodedResponse, String urlEncodedRelayState,
+ boolean supportSignature)
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append("?");
+
+ if(redirectProfile)
+ {
+ if(supportSignature)
+ {
+ try
+ {
+
sb.append(RedirectBindingSignatureUtil.getSAMLResponseURLWithSignature(urlEncodedResponse,
+ urlEncodedRelayState, keyManager.getSigningKey()));
+ }
+ catch (Exception e)
+ {
+ log.trace(e);
+ }
+ }
+ else
+ {
+ sb.append("?SAMLResponse=").append(urlEncodedResponse);
+ if(urlEncodedRelayState != null && urlEncodedRelayState.length() >
0)
+ sb.append("&RelayState=").append(urlEncodedRelayState);
+ }
+ return sb.toString();
+
+ }
+ return null;
+ }
+
+ /**
+ * Create an Error Response
+ * @param responseURL
+ * @param status
+ * @param identityURL
+ * @param supportSignature
+ * @return
+ * @throws ConfigurationException
+ */
+ public Document getErrorResponse(String responseURL, String status,
+ String identityURL, boolean supportSignature)
+ {
+ Document samlResponse = null;
+ ResponseType responseType = null;
+
+ SAML2Response saml2Response = new SAML2Response();
+
+ //Create a response type
+ String id = IDGenerator.create("ID_");
+
+ IssuerInfoHolder issuerHolder = new IssuerInfoHolder(identityURL);
+ issuerHolder.setStatusCode(status);
+
+ IDPInfoHolder idp = new IDPInfoHolder();
+ idp.setNameIDFormatValue(null);
+ idp.setNameIDFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get());
+
+ SPInfoHolder sp = new SPInfoHolder();
+ sp.setResponseDestinationURI(responseURL);
+ try
+ {
+ responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder);
+ }
+ catch (ConfigurationException e1)
+ {
+ log.trace(e1);
+ responseType = saml2Response.createResponseType();
+ }
+
+ log.debug("Error_ResponseType = ");
+ //Lets see how the response looks like
+ if(log.isTraceEnabled())
+ {
+ StringWriter sw = new StringWriter();
+ try
+ {
+ saml2Response.marshall(responseType, sw);
+ }
+ catch (JAXBException e)
+ {
+ log.trace(e);
+ }
+ catch (SAXException e)
+ {
+ log.trace(e);
+ }
+ log.trace("Response="+sw.toString());
+ }
+
+ if(supportSignature)
+ {
+ try
+ {
+ //SigAlg
+ String algo = keyManager.getSigningKey().getAlgorithm();
+ String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(algo);
+
+ sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
+
+ SAML2Signature ss = new SAML2Signature();
+ samlResponse = ss.sign(responseType, keyManager.getSigningKeyPair());
+ }
+ catch (Exception e)
+ {
+ log.trace(e);
+ }
+ }
+ else
+ try
+ {
+ samlResponse = saml2Response.convert(responseType);
+ }
+ catch (Exception e)
+ {
+ log.trace(e);
+ }
+
+ return samlResponse;
+ }
+
+ /**
+ * Given a SP or IDP issuer from the assertion, return the host
+ * @param domainURL
+ * @return
+ * @throws IOException
+ */
+ private static String getDomain(String domainURL) throws IOException
+ {
+ URL url = new URL(domainURL);
+ return url.getHost();
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/PostBindingUtil.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -0,0 +1,108 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.util;
+
+import java.io.IOException;
+import java.io.PrintWriter;
+
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.api.util.Base64;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
+
+/**
+ * Utility for the HTTP/Post binding
+ * @author Anil.Saldhana(a)redhat.com
+ * @since May 22, 2009
+ */
+public class PostBindingUtil
+{
+ private static Logger log = Logger.getLogger(PostBindingUtil.class);
+
+ public static String base64Encode(String stringToEncode) throws IOException
+ {
+ return Base64.encodeBytes(stringToEncode.getBytes("UTF-8"),
Base64.DONT_BREAK_LINES);
+ }
+
+ public static byte[] base64Decode(String encodedString)
+ {
+ return Base64.decode(encodedString);
+ }
+
+ /**
+ * Send the response to the redirected destination while
+ * adding the character encoding of "UTF-8" as well as
+ * adding headers for cache-control and Pragma
+ * @param destination Destination URI where the response needs to redirect
+ * @param response HttpServletResponse
+ * @throws IOException
+ */
+ public static void sendPost(DestinationInfoHolder holder,
+ HttpServletResponse response,
+ boolean sendToIDP)
+ throws IOException
+ {
+ String key = sendToIDP ? "SAMLRequest" : "SAMLResponse";
+
+ String relayState = holder.getRelayState();
+ String destination = holder.getDestination();
+ String samlMessage = holder.getSamlMessage();
+
+ response.setContentType("text/html");
+ PrintWriter out = response.getWriter();
+ common(holder.getDestination(), response);
+ StringBuilder builder = new StringBuilder();
+
+ builder.append("<HTML>");
+ builder.append("<HEAD>");
+ if(sendToIDP)
+ builder.append("<TITLE>HTTP Post Binding To Identity
Provider</TITLE>");
+ else
+ builder.append("<TITLE>HTTP Post Binding Response To Service
Provider</TITLE>");
+
+ builder.append("</HEAD>");
+ builder.append("<BODY
Onload=\"document.forms[0].submit()\">");
+
+ builder.append("<FORM METHOD=\"POST\" ACTION=\"" +
destination + "\">");
+ builder.append("<INPUT TYPE=\"HIDDEN\" NAME=\""+ key
+"\"" + " VALUE=\"" + samlMessage
+ + "\"/>");
+ if (relayState != null && relayState.length() > 0)
+ {
+ builder.append("<INPUT TYPE=\"HIDDEN\"
NAME=\"RelayState\" " +
+ "VALUE=\"" + relayState + "\"/>");
+ }
+ builder.append("</FORM></BODY></HTML>");
+
+ String str = builder.toString();
+ log.debug(str);
+ out.println(str);
+ out.close();
+ }
+
+ private static void common(String destination, HttpServletResponse response)
+ {
+ response.setCharacterEncoding("UTF-8");
+ response.setHeader("Pragma", "no-cache");
+ response.setHeader("Cache-Control", "no-cache, no-store");
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/RedirectBindingSignatureUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/RedirectBindingSignatureUtil.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/RedirectBindingSignatureUtil.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -0,0 +1,348 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.util;
+
+import java.io.IOException;
+import java.io.StringWriter;
+import java.io.UnsupportedEncodingException;
+import java.net.URLEncoder;
+import java.security.GeneralSecurityException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+
+import javax.xml.bind.JAXBException;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactoryConfigurationError;
+
+import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.w3c.dom.Document;
+import org.xml.sax.SAXException;
+
+
+/**
+ * Signature Support for the HTTP/Redirect binding
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 16, 2008
+ */
+public class RedirectBindingSignatureUtil
+{
+ /**
+ * Get the URL for the SAML request that contains the signature and signature
algorithm
+ * @param authRequest
+ * @param relayState
+ * @param signingKey
+ * @return
+ * @throws JAXBException
+ * @throws SAXException
+ * @throws IOException
+ * @throws GeneralSecurityException
+ */
+ public static String getSAMLRequestURLWithSignature(AuthnRequestType authRequest,
String relayState,
+ PrivateKey signingKey) throws SAXException, JAXBException, IOException,
GeneralSecurityException
+ {
+ SAML2Request saml2Request = new SAML2Request();
+
+ // Deal with the original request
+ StringWriter sw = new StringWriter();
+ saml2Request.marshall(authRequest, sw);
+
+ //URL Encode the Request
+ String urlEncodedRequest =
RedirectBindingUtil.deflateBase64URLEncode(sw.toString());
+
+ String urlEncodedRelayState = null;
+ if(relayState != null && relayState.length() > 0 )
+ urlEncodedRelayState = URLEncoder.encode(relayState, "UTF-8");
+
+ byte[] sigValue = computeSignature("SAMLRequest=" + urlEncodedRequest,
urlEncodedRelayState, signingKey);
+
+ //Now construct the URL
+ return getRequestRedirectURLWithSignature(urlEncodedRequest, urlEncodedRelayState,
sigValue, signingKey.getAlgorithm());
+ }
+
+ /**
+ * Get the URL for the SAML request that contains the signature and signature
algorithm
+ * @param responseType
+ * @param relayState
+ * @param signingKey
+ * @return
+ * @throws IOException
+ * @throws GeneralSecurityException
+ */
+ public static String getSAMLResponseURLWithSignature(ResponseType responseType, String
relayState,
+ PrivateKey signingKey) throws IOException, GeneralSecurityException
+ {
+ SAML2Response saml2Response = new SAML2Response();
+
+ Document responseDoc = null;
+
+ try
+ {
+ responseDoc = saml2Response.convert(responseType);
+ }
+ catch (JAXBException e)
+ {
+ throw new ParsingException(e);
+ }
+ catch (ParserConfigurationException e)
+ {
+ throw new ParsingException(e);
+ }
+
+ //URL Encode the Request
+ String responseString;
+ try
+ {
+ responseString = DocumentUtil.getDocumentAsString(responseDoc);
+ }
+ catch (TransformerFactoryConfigurationError e)
+ {
+ throw new ConfigurationException(e);
+ }
+ catch (TransformerException e)
+ {
+ throw new ProcessingException(e);
+ }
+
+ String urlEncodedResponse =
RedirectBindingUtil.deflateBase64URLEncode(responseString);
+
+ String urlEncodedRelayState = null;
+ if(relayState != null && relayState.length() > 0 )
+ urlEncodedRelayState = URLEncoder.encode(relayState, "UTF-8");
+
+ byte[] sigValue = computeSignature("SAMLResponse=" + urlEncodedResponse,
urlEncodedRelayState, signingKey);
+
+ //Now construct the URL
+ return getResponseRedirectURLWithSignature(urlEncodedResponse,
urlEncodedRelayState, sigValue, signingKey.getAlgorithm());
+ }
+
+ /**
+ * Given an url-encoded saml request and relay state and a private key, compute the
url
+ * @param urlEncodedRequest
+ * @param urlEncodedRelayState
+ * @param signingKey
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static String getSAMLRequestURLWithSignature(String urlEncodedRequest, String
urlEncodedRelayState,
+ PrivateKey signingKey) throws IOException, GeneralSecurityException
+ {
+ byte[] sigValue = computeSignature("SAMLRequest=" + urlEncodedRequest,
urlEncodedRelayState, signingKey);
+ return getRequestRedirectURLWithSignature(urlEncodedRequest, urlEncodedRelayState,
sigValue, signingKey.getAlgorithm());
+ }
+
+ /**
+ * Given an url-encoded saml response and relay state and a private key, compute the
url
+ * @param urlEncodedResponse
+ * @param urlEncodedRelayState
+ * @param signingKey
+ * @return
+ * @throws GeneralSecurityException
+ * @throws IOException
+ */
+ public static String getSAMLResponseURLWithSignature(String urlEncodedResponse, String
urlEncodedRelayState,
+ PrivateKey signingKey) throws IOException, GeneralSecurityException
+ {
+ byte[] sigValue = computeSignature("SAMLResponse=" + urlEncodedResponse,
urlEncodedRelayState, signingKey);
+ return getResponseRedirectURLWithSignature(urlEncodedResponse,
urlEncodedRelayState, sigValue, signingKey.getAlgorithm());
+ }
+
+ /**
+ * From the SAML Request URL, get the Request object
+ * @param signedURL
+ * @return
+ * @throws IOException
+ * @throws SAXException
+ * @throws JAXBException
+ */
+ public static AuthnRequestType getRequestFromSignedURL(String signedURL)
+ throws JAXBException, SAXException, IOException
+ {
+ String samlRequestTokenValue = getTokenValue(signedURL, "SAMLRequest");
+
+ SAML2Request saml2Request = new SAML2Request();
+ return
saml2Request.getAuthnRequestType(RedirectBindingUtil.urlBase64DeflateDecode(samlRequestTokenValue));
+ }
+
+ /**
+ * Get the signature value from the url
+ * @param signedURL
+ * @return
+ * @throws IOException
+ */
+ public static byte[] getSignatureValueFromSignedURL(String signedURL) throws
IOException
+ {
+ String sigValueTokenValue = getTokenValue(signedURL,"Signature");
+ if(sigValueTokenValue == null)
+ throw new IllegalArgumentException("Signature Token is not present");
+ return RedirectBindingUtil.urlBase64Decode(sigValueTokenValue);
+ }
+
+
+ /**
+ * From the query string that contains key/value pairs, get the value of a key
+ * <b>Note:</b> if the token is null, a null value is returned
+ * @param queryString
+ * @param token
+ * @return
+ */
+ public static String getTokenValue(String queryString, String token)
+ {
+ return getTokenValue(getToken(queryString, token));
+ }
+
+ public static boolean validateSignature(String queryString,
+ PublicKey validatingKey, byte[] sigValue ) throws UnsupportedEncodingException,
GeneralSecurityException
+ {
+ //Construct the url again
+ String reqFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
"SAMLRequest");
+ String relayStateFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
"RelayState");
+ String sigAlgFromURL = RedirectBindingSignatureUtil.getTokenValue(queryString,
"SigAlg");
+
+ StringBuilder sb = new StringBuilder();
+ sb.append("SAMLRequest=").append(reqFromURL);
+
+ if(relayStateFromURL != null && relayStateFromURL.length() > 0)
+ {
+ sb.append("&RelayState=").append(relayStateFromURL);
+ }
+ sb.append("&SigAlg=").append(sigAlgFromURL);
+
+
+ return SignatureUtil.validate(sb.toString().getBytes("UTF-8"), sigValue,
validatingKey);
+ }
+
+ //***************** Private Methods **************
+
+ private static byte[] computeSignature(
+ String requestOrResponseKeyValuePair, String urlEncodedRelayState,
+ PrivateKey signingKey) throws IOException, GeneralSecurityException
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append(requestOrResponseKeyValuePair);
+ if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
+ {
+ sb.append("&RelayState=").append(urlEncodedRelayState);
+ }
+ //SigAlg
+ String algo = signingKey.getAlgorithm();
+ String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(algo);
+
+ sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
+
+ sb.append("&SigAlg=").append(sigAlg);
+
+ byte[] sigValue = SignatureUtil.sign(sb.toString(), signingKey);
+
+ return sigValue;
+ }
+
+ private static String getRequestRedirectURLWithSignature(
+ String urlEncodedRequest, String urlEncodedRelayState, byte[] signature, String
sigAlgo)
+ throws IOException
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append("SAMLRequest=").append(urlEncodedRequest);
+ if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
+ {
+
sb.append("&").append("RelayState=").append(urlEncodedRelayState);
+ }
+ //SigAlg
+ String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(sigAlgo);
+
+ sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
+
+ sb.append("&").append("SigAlg=").append(sigAlg);
+
+ //Encode the signature value
+ String encodedSig = RedirectBindingUtil.base64URLEncode(signature);
+
+ sb.append("&").append("Signature=").append(encodedSig);
+
+ return sb.toString();
+ }
+
+ private static String getResponseRedirectURLWithSignature(
+ String urlEncodedResponse, String urlEncodedRelayState, byte[] signature, String
sigAlgo)
+ throws IOException
+ {
+ StringBuilder sb = new StringBuilder();
+ sb.append("SAMLResponse=").append(urlEncodedResponse);
+ if(urlEncodedRelayState != null && urlEncodedRelayState.length() > 0)
+ {
+
sb.append("&").append("RelayState=").append(urlEncodedRelayState);
+ }
+ //SigAlg
+ String sigAlg = SignatureUtil.getXMLSignatureAlgorithmURI(sigAlgo);
+
+ sigAlg = URLEncoder.encode(sigAlg, "UTF-8");
+
+ sb.append("&").append("SigAlg=").append(sigAlg);
+
+ //Encode the signature value
+ String encodedSig = RedirectBindingUtil.base64URLEncode(signature);
+
+ sb.append("&").append("Signature=").append(encodedSig);
+
+ return sb.toString();
+ }
+
+ private static String getToken(String queryString, String token)
+ {
+ if(queryString == null)
+ throw new IllegalArgumentException("queryString is null");
+
+ token += "=";
+
+ int start = queryString.indexOf(token);
+ if(start < 0)
+ return null;
+
+ int end = queryString.indexOf("&",start);
+
+ if(end == -1)
+ return queryString.substring(start);
+
+ return queryString.substring(start,end);
+ }
+
+ private static String getTokenValue(String token)
+ {
+ if(token == null)
+ return token;
+
+ int eq = token.indexOf('=');
+ if(eq == -1)
+ return token;
+ else
+ return token.substring(eq + 1);
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/RedirectBindingUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/RedirectBindingUtil.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/RedirectBindingUtil.java 2009-08-14
05:13:52 UTC (rev 704)
@@ -0,0 +1,130 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.web.util;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.URLDecoder;
+import java.net.URLEncoder;
+
+import org.jboss.identity.federation.api.util.Base64;
+import org.jboss.identity.federation.api.util.DeflateUtil;
+
+/**
+ * Utility class for SAML HTTP/Redirect binding
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 14, 2009
+ */
+public class RedirectBindingUtil
+{
+ /**
+ * URL encode the string
+ * @param str
+ * @return
+ * @throws IOException
+ */
+ public static String urlEncode(String str) throws IOException
+ {
+ return URLEncoder.encode(str, "UTF-8");
+ }
+
+ /**
+ * URL decode the string
+ * @param str
+ * @return
+ * @throws IOException
+ */
+ public static String urlDecode(String str) throws IOException
+ {
+ return URLDecoder.decode(str, "UTF-8");
+ }
+
+ /**
+ * On the byte array, apply base64 encoding following by URL encoding
+ * @param stringToEncode
+ * @return
+ * @throws IOException
+ */
+ public static String base64URLEncode(byte[] stringToEncode) throws IOException
+ {
+ String base64Request = Base64.encodeBytes(stringToEncode, Base64.DONT_BREAK_LINES);
+ return urlEncode(base64Request);
+ }
+
+ /**
+ * On the byte array, apply URL decoding followed by base64 decoding
+ * @param encodedString
+ * @return
+ * @throws IOException
+ */
+ public static byte[] urlBase64Decode(String encodedString) throws IOException
+ {
+ String decodedString = urlDecode(encodedString);
+ return Base64.decode(decodedString);
+ }
+
+ /**
+ * Apply deflate compression followed by base64 encoding and URL encoding
+ * @param stringToEncode
+ * @return
+ * @throws IOException
+ */
+ public static String deflateBase64URLEncode(String stringToEncode) throws IOException
+ {
+ return deflateBase64URLEncode(stringToEncode.getBytes("UTF-8"));
+ }
+
+ /**
+ * Apply deflate compression followed by base64 encoding and URL encoding
+ * @param stringToEncode
+ * @return
+ * @throws IOException
+ */
+ public static String deflateBase64URLEncode(byte[] stringToEncode) throws IOException
+ {
+ byte[] deflatedMsg = DeflateUtil.encode(stringToEncode);
+ return base64URLEncode(deflatedMsg);
+ }
+
+ /**
+ * Apply URL decoding, followed by base64 decoding followed by deflate decompression
+ * @param encodedString
+ * @return
+ * @throws IOException
+ */
+ public static InputStream urlBase64DeflateDecode(String encodedString) throws
IOException
+ {
+ byte[] deflatedString = urlBase64Decode(encodedString);
+ return DeflateUtil.decode(deflatedString);
+ }
+
+ /**
+ * Base64 decode followed by Deflate decoding
+ * @param encodedString
+ * @return
+ */
+ public static InputStream base64DeflateDecode(String encodedString)
+ {
+ byte[] base64decodedMsg = Base64.decode(encodedString);
+ return DeflateUtil.decode(base64decodedMsg);
+ }
+}
\ No newline at end of file
Modified: identity-federation/trunk/pom.xml
===================================================================
--- identity-federation/trunk/pom.xml 2009-08-14 04:47:21 UTC (rev 703)
+++ identity-federation/trunk/pom.xml 2009-08-14 05:13:52 UTC (rev 704)
@@ -19,9 +19,9 @@
<module>jboss-identity-fed-model</module>
<module>jboss-identity-fed-core</module>
<module>jboss-identity-fed-api</module>
+ <module>jboss-identity-web</module>
<module>jboss-identity-bindings</module>
<module>jboss-identity-bindings-jboss</module>
- <module>jboss-identity-web</module>
<module>jboss-identity-webapps</module>
<module>jboss-identity-seam</module>
<module>assembly</module>