Author: sguilhen(a)redhat.com
Date: 2009-09-02 21:56:21 -0400 (Wed, 02 Sep 2009)
New Revision: 758
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/IDGenerator.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/SAMLDocumentHolder.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLSignatureUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityActions.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityToken.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenProvider.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenService.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardSecurityToken.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustConstants.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustException.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustJAXBFactory.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestContext.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestHandler.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustServiceFactory.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityToken.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityTokenResponse.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/Lifetime.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityToken.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenCollection.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponse.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponseCollection.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/MockSTSConfiguration.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustJAXBFactoryUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-request.xml
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-response.xml
Removed:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/common/
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityActions.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityToken.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenProvider.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenService.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustException.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustServiceFactory.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/plugins/saml/
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SpecialTokenProvider.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-request.xml
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-response.xml
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java
identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java
identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
Log:
JBID-178: moved WS-T code from api to core, leaving only WSTrustClient in api. All other
files have been updated accordingly
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTS.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -34,22 +34,22 @@
import javax.xml.ws.WebServiceException;
import javax.xml.ws.WebServiceProvider;
-import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
-import org.jboss.identity.federation.api.wstrust.STSConfiguration;
-import org.jboss.identity.federation.api.wstrust.SecurityTokenService;
-import org.jboss.identity.federation.api.wstrust.WSTrustConstants;
-import org.jboss.identity.federation.api.wstrust.WSTrustException;
-import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory;
-import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler;
import org.jboss.identity.federation.core.config.STSType;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.util.JAXBUtil;
-import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenCollection;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.core.wstrust.STSConfiguration;
+import org.jboss.identity.federation.core.wstrust.SecurityTokenService;
+import org.jboss.identity.federation.core.wstrust.WSTrustConstants;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.jboss.identity.federation.core.wstrust.WSTrustJAXBFactory;
+import org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler;
+import org.jboss.identity.federation.core.wstrust.wrappers.BaseRequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import
org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenCollection;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
+import
org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
import org.w3c.dom.Document;
/**
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/jboss/wstrust/JBossSTSConfiguration.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -26,16 +26,16 @@
import java.util.HashMap;
import java.util.Map;
-import org.jboss.identity.federation.api.wstrust.STSConfiguration;
-import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider;
-import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler;
-import org.jboss.identity.federation.api.wstrust.WSTrustServiceFactory;
import org.jboss.identity.federation.core.config.KeyProviderType;
import org.jboss.identity.federation.core.config.STSType;
import org.jboss.identity.federation.core.config.ServiceProviderType;
import org.jboss.identity.federation.core.config.ServiceProvidersType;
import org.jboss.identity.federation.core.config.TokenProviderType;
import org.jboss.identity.federation.core.config.TokenProvidersType;
+import org.jboss.identity.federation.core.wstrust.STSConfiguration;
+import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider;
+import org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler;
+import org.jboss.identity.federation.core.wstrust.WSTrustServiceFactory;
import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
/**
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/servlets/SOAPSAMLXACMLServlet.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -40,10 +40,10 @@
import javax.xml.bind.helpers.DefaultValidationEventHandler;
import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.core.factories.SOAPFactory;
import org.jboss.identity.federation.core.factories.XACMLContextFactory;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/idp/IDPRedirectValve.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -42,14 +42,16 @@
import org.apache.catalina.util.LifecycleSupport;
import org.apache.catalina.valves.ValveBase;
import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.bindings.tomcat.TomcatRoleGenerator;
import org.jboss.identity.federation.bindings.util.ValveUtil;
+import org.jboss.identity.federation.core.config.IDPType;
+import org.jboss.identity.federation.core.config.TrustType;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.exceptions.ProcessingException;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
@@ -61,8 +63,6 @@
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
-import org.jboss.identity.federation.core.config.IDPType;
-import org.jboss.identity.federation.core.config.TrustType;
import org.jboss.identity.federation.web.interfaces.RoleGenerator;
import org.jboss.identity.federation.web.util.ConfigurationUtil;
import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostFormAuthenticator.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -41,20 +41,20 @@
import org.apache.catalina.deploy.LoginConfig;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.core.config.TrustType;
import
org.jboss.identity.federation.bindings.tomcat.sp.holder.ServiceProviderSAMLContext;
-import org.jboss.identity.federation.web.util.PostBindingUtil;
import org.jboss.identity.federation.bindings.util.ValveUtil;
+import org.jboss.identity.federation.core.config.TrustType;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.jboss.identity.federation.saml.v2.assertion.EncryptedElementType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.jboss.identity.federation.web.util.PostBindingUtil;
import org.xml.sax.SAXException;
/**
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPPostSignatureFormAuthenticator.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -35,18 +35,18 @@
import org.apache.catalina.LifecycleException;
import org.apache.catalina.connector.Response;
import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.api.util.XMLSignatureUtil;
import org.jboss.identity.federation.core.config.KeyProviderType;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
+import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
+import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
+import org.jboss.identity.federation.core.util.XMLSignatureUtil;
+import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
import org.jboss.identity.federation.web.interfaces.TrustKeyProcessingException;
import org.jboss.identity.federation.web.util.PostBindingUtil;
-import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
-import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
-import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
-import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-bindings/src/main/java/org/jboss/identity/federation/bindings/tomcat/sp/SPUtil.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -30,9 +30,9 @@
import org.apache.catalina.Context;
import org.apache.catalina.connector.Request;
import org.apache.catalina.realm.GenericPrincipal;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingSignatureUtilTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -27,12 +27,12 @@
import junit.framework.TestCase;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.util.KeyStoreUtil;
-import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import
org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
/**
* Unit Test the redirect binding sig util
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/util/RedirectBindingUtilTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -27,12 +27,12 @@
import junit.framework.TestCase;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
-import org.jboss.identity.federation.web.util.RedirectBindingUtil;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import
org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
+import org.jboss.identity.federation.web.util.RedirectBindingUtil;
/**
* Unit Test the RedirectBindingUtil
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/JBossSTSUnitTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -37,23 +37,23 @@
import junit.framework.TestCase;
-import org.jboss.identity.federation.api.wstrust.STSConfiguration;
-import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider;
-import org.jboss.identity.federation.api.wstrust.StandardRequestHandler;
-import org.jboss.identity.federation.api.wstrust.WSTrustConstants;
-import org.jboss.identity.federation.api.wstrust.WSTrustException;
-import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory;
-import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler;
-import org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider;
-import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil;
import org.jboss.identity.federation.bindings.jboss.subject.JBossIdentityPrincipal;
import org.jboss.identity.federation.bindings.jboss.wstrust.JBossSTS;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
-import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse;
-import org.jboss.identity.federation.core.wstrust.Lifetime;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
-import
org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.core.wstrust.STSConfiguration;
+import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider;
+import org.jboss.identity.federation.core.wstrust.StandardRequestHandler;
+import org.jboss.identity.federation.core.wstrust.WSTrustConstants;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.jboss.identity.federation.core.wstrust.WSTrustJAXBFactory;
+import org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler;
+import org.jboss.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider;
+import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import
org.jboss.identity.federation.core.wstrust.wrappers.BaseRequestSecurityTokenResponse;
+import org.jboss.identity.federation.core.wstrust.wrappers.Lifetime;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
+import
org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType;
import org.jboss.identity.federation.saml.v2.assertion.ConditionAbstractType;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/java/org/jboss/test/identity/federation/bindings/wstrust/SpecialTokenProvider.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -26,13 +26,13 @@
import javax.xml.parsers.ParserConfigurationException;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
-import org.jboss.identity.federation.api.wstrust.SecurityToken;
-import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider;
-import org.jboss.identity.federation.api.wstrust.StandardSecurityToken;
-import org.jboss.identity.federation.api.wstrust.WSTrustException;
-import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.wstrust.SecurityToken;
+import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider;
+import org.jboss.identity.federation.core.wstrust.StandardSecurityToken;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.jboss.identity.federation.core.wstrust.WSTrustRequestContext;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
Modified:
identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml
===================================================================
---
identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-bindings/src/test/resources/jboss-sts.xml 2009-09-03
01:56:21 UTC (rev 758)
@@ -8,11 +8,11 @@
<ValidatingAlias
Key="http://services.testcorp.org/provider1"
Value="service1"/>
<ValidatingAlias
Key="http://services.testcorp.org/provider2"
Value="service2"/>
</KeyProvider>
- <RequestHandler>org.jboss.identity.federation.api.wstrust.StandardRequestHandler</RequestHandler>
+ <RequestHandler>org.jboss.identity.federation.core.wstrust.StandardRequestHandler</RequestHandler>
<TokenProviders>
<TokenProvider
ProviderClass="org.jboss.test.identity.federation.bindings.wstrust.SpecialTokenProvider"
TokenType="http://www.tokens.org/SpecialToken"/>
- <TokenProvider
ProviderClass="org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider"
+ <TokenProvider
ProviderClass="org.jboss.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider"
TokenType="http://docs.oasis-open.org/wss/oasis-wss-saml-token-profi...
</TokenProviders>
<ServiceProviders>
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/request/SAML2Request.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -34,10 +34,10 @@
import javax.xml.bind.Unmarshaller;
import javax.xml.parsers.ParserConfigurationException;
-import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import
org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLBaseFactory;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/response/SAML2Response.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -37,10 +37,10 @@
import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.parsers.ParserConfigurationException;
-import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.constants.JBossIdentityFederationConstants;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import
org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/saml/v2/sig/SAML2Signature.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -37,9 +37,9 @@
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.api.util.XMLSignatureUtil;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.util.XMLSignatureUtil;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.w3c.dom.Document;
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/util/XMLSignatureUtil.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,340 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.util;
-
-import java.io.OutputStream;
-import java.security.AccessController;
-import java.security.GeneralSecurityException;
-import java.security.Key;
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.PrivilegedAction;
-import java.security.PublicKey;
-import java.util.Collections;
-import java.util.List;
-
-import javax.security.cert.X509Certificate;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.crypto.MarshalException;
-import javax.xml.crypto.dsig.CanonicalizationMethod;
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.Reference;
-import javax.xml.crypto.dsig.SignatureMethod;
-import javax.xml.crypto.dsig.SignedInfo;
-import javax.xml.crypto.dsig.Transform;
-import javax.xml.crypto.dsig.XMLSignature;
-import javax.xml.crypto.dsig.XMLSignatureException;
-import javax.xml.crypto.dsig.XMLSignatureFactory;
-import javax.xml.crypto.dsig.dom.DOMSignContext;
-import javax.xml.crypto.dsig.dom.DOMValidateContext;
-import javax.xml.crypto.dsig.keyinfo.KeyInfo;
-import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
-import javax.xml.crypto.dsig.keyinfo.KeyValue;
-import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
-import javax.xml.crypto.dsig.spec.TransformParameterSpec;
-import javax.xml.parsers.ParserConfigurationException;
-import javax.xml.transform.Transformer;
-import javax.xml.transform.TransformerException;
-import javax.xml.transform.TransformerFactory;
-import javax.xml.transform.stream.StreamResult;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.util.JAXBUtil;
-import org.jboss.identity.xmlsec.w3.xmldsig.ObjectFactory;
-import org.jboss.identity.xmlsec.w3.xmldsig.SignatureType;
-import org.w3c.dom.Document;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-import org.xml.sax.SAXException;
-
-/**
- * Utility for XML Signature
- * @author Anil.Saldhana(a)redhat.com
- * @since Dec 15, 2008
- */
-public class XMLSignatureUtil
-{
- private static Logger log = Logger.getLogger(XMLSignatureUtil.class);
- private static boolean trace = log.isTraceEnabled();
-
- private static String pkgName = "org.jboss.identity.federation.w3.xmldsig";
- private static String schemaLocation =
"schema/saml/v2/xmldsig-core-schema.xsd";
-
- private static ObjectFactory objectFactory = new ObjectFactory();
-
- private static XMLSignatureFactory fac = getXMLSignatureFactory();
-
- private static XMLSignatureFactory getXMLSignatureFactory()
- {
- XMLSignatureFactory xsf = null;
-
- try
- {
- xsf = XMLSignatureFactory.getInstance("DOM");
- }
- catch(Exception err)
- {
- //JDK5
- xsf = XMLSignatureFactory.getInstance("DOM",
- new org.jcp.xml.dsig.internal.dom.XMLDSigRI());
- }
- return xsf;
- }
-
- //Set some system properties
- static
- {
- AccessController.doPrivileged(new PrivilegedAction<Object>()
- {
- public Object run()
- {
- System.setProperty("org.apache.xml.security.ignoreLineBreaks",
"true");
- return null;
- }
- });
- };
-
- /**
- * Precheck whether the document that will be validated
- * has the right signedinfo
- * @param doc
- * @return
- */
- public static boolean preCheckSignedInfo(Document doc)
- {
- NodeList nl = doc.getElementsByTagNameNS(JBossSAMLURIConstants.XMLDSIG_NSURI.get(),
"SignedInfo");
- return nl != null ? nl.getLength() > 0 : false;
- }
-
- /**
- * Sign a node in a document
- * @param doc Document
- * @param parentOfNodeToBeSigned Parent Node of the node to be signed
- * @param signingKey Private Key
- * @param certificate X509 Certificate holding the public key
- * @param digestMethod (Example: DigestMethod.SHA1)
- * @param signatureMethod (Example: SignatureMethod.DSA_SHA1)
- * @param referenceURI
- * @return Document that contains the signed node
- * @throws XMLSignatureException
- * @throws MarshalException
- * @throws GeneralSecurityException
- * @throws ParserConfigurationException
- */
- public static Document sign(Document doc,
- Node parentOfNodeToBeSigned,
- PrivateKey signingKey,
- X509Certificate certificate,
- String digestMethod,
- String signatureMethod,
- String referenceURI)
- throws ParserConfigurationException, GeneralSecurityException, MarshalException,
XMLSignatureException
- {
- KeyPair keyPair = new KeyPair(certificate.getPublicKey(),signingKey);
- return sign(doc,parentOfNodeToBeSigned, keyPair,
- digestMethod, signatureMethod, referenceURI);
- }
-
- /**
- * Sign a node in a document
- * @param doc
- * @param nodeToBeSigned
- * @param keyPair
- * @param publicKey
- * @param digestMethod
- * @param signatureMethod
- * @param referenceURI
- * @return
- * @throws ParserConfigurationException
- * @throws XMLSignatureException
- * @throws MarshalException
- * @throws GeneralSecurityException
- */
- public static Document sign(Document doc,
- Node nodeToBeSigned,
- KeyPair keyPair,
- String digestMethod,
- String signatureMethod,
- String referenceURI) throws ParserConfigurationException,
GeneralSecurityException, MarshalException, XMLSignatureException
- {
- if(nodeToBeSigned == null)
- throw new IllegalArgumentException("Node to be signed is null");
- if(trace)
- {
- try
- {
- log.trace("Document to be signed=" +
DocumentUtil.getDocumentAsString(doc));
- }catch (Exception e) {}
- }
-
- Node parentNode = nodeToBeSigned.getParentNode();
-
- //Let us create a new Document
- Document newDoc = DocumentUtil.createDocument();
- //Import the node
- Node signingNode = newDoc.importNode(nodeToBeSigned, true);
- newDoc.appendChild(signingNode);
-
- newDoc = sign(newDoc, keyPair, digestMethod, signatureMethod, referenceURI);
-
- //Now let us import this signed doc into the original document we got in the method
call
- Node signedNode = doc.importNode(newDoc.getFirstChild(), true);
-
- parentNode.replaceChild(signedNode, nodeToBeSigned);
- //doc.getDocumentElement().replaceChild(signedNode, nodeToBeSigned);
-
- return doc;
- }
-
-
- /**
- * Sign the root element
- * @param doc
- * @param signingKey
- * @param publicKey
- * @param digestMethod
- * @param signatureMethod
- * @param referenceURI
- * @return
- * @throws GeneralSecurityException
- * @throws XMLSignatureException
- * @throws MarshalException
- */
- public static Document sign(Document doc,
- KeyPair keyPair,
- String digestMethod,
- String signatureMethod,
- String referenceURI) throws GeneralSecurityException, MarshalException,
XMLSignatureException
- {
- if(trace)
- {
- try
- {
- log.trace("Document to be signed=" +
DocumentUtil.getDocumentAsString(doc));
- }catch (Exception e) {}
- }
- PrivateKey signingKey = keyPair.getPrivate();
- PublicKey publicKey = keyPair.getPublic();
-
- DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
- dsc.setDefaultNamespacePrefix("dsig");
-
-// dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
-
- DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
- Transform transform = fac.newTransform(Transform.ENVELOPED,
- (TransformParameterSpec) null);
-
- List<Transform> transformList = Collections.singletonList(transform);
- Reference ref = fac.newReference
- ( referenceURI, digestMethodObj,transformList,null, null);
-
- String canonicalizationMethodType = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
- CanonicalizationMethod canonicalizationMethod
- = fac.newCanonicalizationMethod
- (canonicalizationMethodType, (C14NMethodParameterSpec) null);
-
- List<Reference> referenceList = Collections.singletonList(ref);
- SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null);
- SignedInfo si = fac.newSignedInfo (canonicalizationMethod, signatureMethodObj ,
- referenceList);
-
- KeyInfoFactory kif = fac.getKeyInfoFactory();
- KeyValue kv = kif.newKeyValue(publicKey);
- KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
-
- XMLSignature signature = fac.newXMLSignature(si, ki);
-
- signature.sign(dsc);
-
- return doc;
- }
- /**
- * Validate a signed document with the given public key
- * @param signedDoc
- * @param publicKey
- * @return
- * @throws MarshalException
- * @throws XMLSignatureException
- */
- @SuppressWarnings("unchecked")
- public static boolean validate(Document signedDoc, Key publicKey) throws
MarshalException, XMLSignatureException
- {
- NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS,
"Signature");
- if (nl == null || nl.getLength() == 0)
- {
- throw new IllegalArgumentException("Cannot find Signature element");
- }
- if(publicKey == null)
- throw new IllegalArgumentException("Public Key is null");
-
- DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
- XMLSignature signature = fac.unmarshalXMLSignature(valContext);
- boolean coreValidity = signature.validate(valContext);
-
- if(trace && !coreValidity)
- {
- boolean sv = signature.getSignatureValue().validate(valContext);
- log.trace("Signature validation status: " + sv);
-
- List<Reference> references = signature.getSignedInfo().getReferences();
- for(Reference ref:references)
- {
- log.trace("[Ref id=" + ref.getId() +":uri=" +
ref.getURI() +
- "]validity status:" + ref.validate(valContext));
- }
- }
- return coreValidity;
- }
-
- /**
- * Marshall a SignatureType to output stream
- * @param signature
- * @param os
- * @throws SAXException
- * @throws JAXBException
- */
- public static void marshall(SignatureType signature, OutputStream os) throws
JAXBException, SAXException
- {
- JAXBElement<SignatureType> jsig = objectFactory.createSignature(signature);
- Marshaller marshaller = JAXBUtil.getValidatingMarshaller(pkgName, schemaLocation);
- marshaller.marshal(jsig, os);
- }
-
- /**
- * Marshall the signed document to an output stream
- * @param signedDocument
- * @param os
- * @throws TransformerException
- */
- public static void marshall(Document signedDocument, OutputStream os)
- throws TransformerException
- {
- TransformerFactory tf = TransformerFactory.newInstance();
- Transformer trans = tf.newTransformer();
- trans.transform(DocumentUtil.getXMLSource(signedDocument), new StreamResult(os));
- }
-}
\ No newline at end of file
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/STSConfiguration.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,149 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import java.security.KeyPair;
-import java.security.PublicKey;
-import java.util.Map;
-
-/**
- * <p>
- * The {@code STSConfiguration} interface allows access to the security token service
(STS) configuration attributes.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public interface STSConfiguration
-{
-
- /**
- * <p>
- * Obtains the unique name of the secure token service.
- * </p>
- *
- * @return a {@code String} representing the STS name.
- */
- public String getSTSName();
-
- /**
- * <p>
- * Indicates whether the issued token should be encrypted or not.
- * </p>
- *
- * @return {@code true} if the issued token is to be encrypted; {@code false}
otherwise.
- */
- public boolean encryptIssuedToken();
-
- /**
- * <p>
- * Indicates whether the issued token should be digitally signed or not.
- * </p>
- *
- * @return {@code true} if the issued token is to be signed; {@code false} otherwise.
- */
- public boolean signIssuedToken();
-
- /**
- * <p>
- * Obtains the timeout value (in milliseconds) for issued tokens.
- * </p>
- *
- * @return the token timeout value.
- */
- public long getIssuedTokenTimeout();
-
- /**
- * <p>
- * Obtains the WS-Trust request handler class.
- * </p>
- *
- * @return a reference to the configured {@code WSTrustRequestHandler}.
- */
- public WSTrustRequestHandler getRequestHandler();
-
- /**
- * <p>
- * Given the name of a service provider, obtains the type of the token that should be
used when issuing tokens to
- * clients of that service.
- * </p>
- *
- * @param serviceName the name of the service provider that requires a token from its
clients.
- * @return a {@code String} representing the type of the token that suits the
specified service.
- */
- public String getTokenTypeForService(String serviceName);
-
- /**
- * <p>
- * Given the name of a service provider, obtains the provider that must be used when
issuing tokens to clients of
- * that service. When requesting a token to the STS, a client can specify the service
it needs the token for using
- * the {@code AppliesTo} element. Based on the service provider name, the STS
identifies the type of the token that
- * is to be issued and then selects the appropriate token provider to handle the
request.
- * </p>
- *
- * @param serviceName the name of the service provider that requires a token from its
clients.
- * @return a reference to the {@code SecurityTokenProvider} that must be used in order
to issue tokens to clients of
- * the specified service.
- */
- public SecurityTokenProvider getProviderForService(String serviceName);
-
- /**
- * <p>
- * Given a token type, obtains the token provider that should be used to handle token
requests of that type. When a
- * client doesn't specify the service provider name through the {@code AppliesTo}
element, it must specify the token
- * type through the {@code TokenType} element. The STS uses the supplied type to
select the appropriate token
- * provider.
- * </p>
- *
- * @param tokenType a {@code String} representing the type of the token.
- * @return a reference to the {@code SecurityTokenProvider} that must be used to
handle token requests of the
- * specified type.
- */
- public SecurityTokenProvider getProviderForTokenType(String tokenType);
-
- /**
- * <p>
- * Obtains a {@code Map} that contains the non-standard configuration options.
- * </p>
- *
- * @return a {@code Map<String, Object>} containing the additional configuration
options.
- */
- public Map<String, Object> getOptions();
-
- /**
- * <p>
- * Obtains a reference to the {@code KeyPair} object that contains the STS {@code
PrivateKey} and {@code PublicKey}.
- * </p>
- *
- * @return a reference to the STS {@code KeyPair}.
- */
- public KeyPair getSTSKeyPair();
-
- /**
- * <p>
- * Obtains the public key of the specified service provider. The returned key is used
to encrypt issued tokens.
- * </p>
- *
- * @param serviceName the name of the service provider (normally the provider URL).
- * @return a reference to the provider's {@code PublicKey}
- */
- public PublicKey getServiceProviderPublicKey(String serviceName);
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityActions.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityActions.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityActions.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,108 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import java.security.AccessController;
-import java.security.PrivilegedAction;
-import java.security.PrivilegedActionException;
-import java.security.PrivilegedExceptionAction;
-
-/**
- * <p>
- * Utility class that executes actions such as creating a class in privileged blocks.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-class SecurityActions
-{
-
- /**
- * <p>
- * Gets the thread context class loader using a privileged block.
- * </p>
- *
- * @return a reference to the thread context {@code ClassLoader}.
- */
- static ClassLoader getContextClassLoader()
- {
- return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
- {
- public ClassLoader run()
- {
- return Thread.currentThread().getContextClassLoader();
- }
- });
- }
-
- /**
- * <p>
- * Loads a class using the thread context class loader in a privileged block.
- * </p>
- *
- * @param name the fully-qualified name of the class to be loaded.
- * @return a reference to the loaded {@code Class}.
- * @throws PrivilegedActionException if an error occurs while loading the class. This
exception wraps the real cause
- * of the error, so classes using this method must perform a {@code
getCause()} in order to get a
- * reference to the root of the error.
- */
- static Class<?> loadClass(final String name) throws PrivilegedActionException
- {
- return AccessController.doPrivileged(new
PrivilegedExceptionAction<Class<?>>()
- {
- public Class<?> run() throws PrivilegedActionException
- {
- try
- {
- return getContextClassLoader().loadClass(name);
- }
- catch (Exception e)
- {
- throw new PrivilegedActionException(e);
- }
- }
- });
- }
-
- /**
- * <p>
- * Creates an instance of the specified class in a privileged block. The class must
define a default constructor.
- * </p>
- *
- * @param className the fully-qualified name of the class to be instantiated.
- * @return a reference to the instantiated {@code Object}.
- * @throws PrivilegedActionException if an error occurs while instantiating the class.
This exception wraps the real
- * cause of the error, so classes using this method must perform a {@code
getCause()} in order to get a
- * reference to the root of the error.
- */
- static Object instantiateClass(final String className) throws
PrivilegedActionException
- {
- return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
- {
- public Object run() throws Exception
- {
- Class<?> objectClass = loadClass(className);
- return objectClass.newInstance();
- }
- });
- }
-}
\ No newline at end of file
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityToken.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityToken.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityToken.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,60 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-/**
- * <p>
- * Interface that represents a security token.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public interface SecurityToken
-{
-
- /**
- * <p>
- * Obtains the security token unique identifier.
- * </p>
- *
- * @return a {@code String} representing the token id.
- */
- public String getTokenID();
-
- /**
- * <p>
- * Obtains the type of the security token.
- * </p>
- *
- * @return a {@code String} representing the security token type.
- */
- public String getTokenType();
-
- /**
- * <p>
- * Obtains the value of the security token.
- * </p>
- *
- * @return an {@code Object} representing the security token value.
- */
- public Object getTokenValue();
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenProvider.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenProvider.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,76 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-/**
- * <p>
- * This interface defines the methods that must be implemented by security token
providers.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public interface SecurityTokenProvider
-{
- /**
- * <p>
- * Generates a security token using the information contained in the specified request
context and stores the
- * newly-created token in the context itself.
- * </p>
- *
- * @param context the {@code WSTrustRequestContext} to be used when generating the
token.
- * @throws WSTrustException if an error occurs while creating the security token.
- */
- public void issueToken(WSTrustRequestContext context) throws WSTrustException;
-
- /**
- * <p>
- * Renews the security token contained in the specified request context. This method
is used when a previously
- * generated token has expired, generating a new version of the same token with
different expiration semantics.
- * </p>
- *
- * @param context the {@code WSTrustRequestContext} that contains the token to be
renewed.
- * @throws WSTrustException if an error occurs while renewing the security token.
- */
- public void renewToken(WSTrustRequestContext context) throws WSTrustException;
-
- /**
- * <p>
- * Cancels the token contained in the specified request context. A security token is
usually canceled when one wants
- * to make sure that the token will not be used anymore. A security token can't be
renewed once it has been canceled.
- * </p>
- *
- * @param context the {@code WSTrustRequestContext} that contains the token to be
canceled.
- * @throws WSTrustException if an error occurs while canceling the security token.
- */
- public void cancelToken(WSTrustRequestContext context) throws WSTrustException;
-
- /**
- * <p>
- * Evaluates the validity of the token contained in the specified request context and
sets the result in the context
- * itself. The result can be a status, a new token, or both.
- * </p>
- *
- * @param context the {@code WSTrustRequestContext} that contains the token to be
validated.
- * @throws WSTrustException if an error occurs while validating the security token.
- */
- public void validateToken(WSTrustRequestContext context) throws WSTrustException;
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenService.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenService.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/SecurityTokenService.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,43 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import javax.xml.transform.Source;
-import javax.xml.ws.Provider;
-
-/**
- * <p>
- * The {@code SecurityTokenService} (STS) interface. It extends the {@code Provider}
interface so that it can be
- * dynamically invoked (as opposed to having a service endpoint interface).
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public interface SecurityTokenService extends Provider<Source>
-{
- /*
- * (non-Javadoc)
- *
- * @see javax.xml.ws.Provider#invoke(java.lang.Object)
- */
- public Source invoke(Source request);
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardRequestHandler.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,423 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import java.net.URI;
-import java.security.KeyPair;
-import java.security.Principal;
-import java.security.PublicKey;
-
-import javax.xml.crypto.dsig.DigestMethod;
-import javax.xml.crypto.dsig.SignatureMethod;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.util.XMLSignatureUtil;
-import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
-import org.jboss.identity.federation.ws.policy.AppliesTo;
-import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType;
-import org.jboss.identity.federation.ws.trust.StatusType;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-
-/**
- * <p>
- * Default implementation of the {@code WSTrustRequestHandler} interface. It creates the
request context containing the
- * original WS-Trust request as well as any information that may be relevant to the token
processing, and delegates the
- * actual token handling processing to the appropriate {@code SecurityTokenProvider}.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class StandardRequestHandler implements WSTrustRequestHandler
-{
- private static Logger log = Logger.getLogger(StandardRequestHandler.class);
- private boolean trace = log.isTraceEnabled();
-
- private STSConfiguration configuration;
-
- /*
- * (non-Javadoc)
- *
- * @see
- *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#initialize(org.jboss.identity.federation.api.wstrust
- * .STSConfiguration)
- */
- public void initialize(STSConfiguration configuration)
- {
- this.configuration = configuration;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#issue(org.jboss.identity.federation.api.wstrust
- * .protocol.RequestSecurityToken, java.security.Principal)
- */
- public RequestSecurityTokenResponse issue(RequestSecurityToken request, Principal
callerPrincipal)
- throws WSTrustException
- {
- Document rstDocument = request.getRSTDocument();
- if( rstDocument == null)
- throw new IllegalArgumentException("Request does not contain the DOM
Document");
-
- SecurityTokenProvider provider = null;
-
- // first try to obtain the security token provider using the applies-to contents.
- AppliesTo appliesTo = request.getAppliesTo();
- PublicKey providerPublicKey = null;
- if (appliesTo != null)
- {
- String serviceName = WSTrustUtil.parseAppliesTo(appliesTo);
- if (serviceName != null)
- {
- provider = this.configuration.getProviderForService(serviceName);
-
request.setTokenType(URI.create(this.configuration.getTokenTypeForService(serviceName)));
- providerPublicKey =
this.configuration.getServiceProviderPublicKey(serviceName);
- }
- }
- // if applies-to is not available or if no provider was found for the service, use
the token type.
- if (provider == null && request.getTokenType() != null)
- {
- provider =
this.configuration.getProviderForTokenType(request.getTokenType().toString());
- }
- else if (appliesTo == null && request.getTokenType() == null)
- throw new WSTrustException("Either AppliesTo or TokenType must be present
in a security token request");
-
- if (provider != null)
- {
- // create the request context and delegate token generation to the provider.
- WSTrustRequestContext requestContext = new WSTrustRequestContext(request,
callerPrincipal);
- requestContext.setTokenIssuer(this.configuration.getSTSName());
- if (request.getLifetime() == null &&
this.configuration.getIssuedTokenTimeout() != 0)
- {
- // if no lifetime has been specified, use the configured timeout value.
-
request.setLifetime(WSTrustUtil.createDefaultLifetime(this.configuration.getIssuedTokenTimeout()));
- }
- requestContext.setServiceProviderPublicKey(providerPublicKey);
- provider.issueToken(requestContext);
-
- if (requestContext.getSecurityToken() == null)
- throw new WSTrustException("Token issued by provider " +
provider.getClass().getName() + " is null");
-
- // sign the issued token if needed.
- /*if (this.configuration.signIssuedToken() &&
this.configuration.getSTSKeyPair() != null)
- {
- KeyPair keyPair = this.configuration.getSTSKeyPair();
- if (keyPair != null)
- {
- URI signatureURI = request.getSignatureAlgorithm();
- String signatureMethod = signatureURI != null ? signatureURI.toString() :
SignatureMethod.RSA_SHA1;
- try
- {
- Element tokenElement = (Element)
requestContext.getSecurityToken().getTokenValue();
- XMLSignatureUtil.sign(tokenElement.getOwnerDocument(), keyPair,
DigestMethod.SHA1, signatureMethod,
- "#" + requestContext.getSecurityToken().getTokenID());
- if(trace)
- {
- try
- {
- log.trace("Signed Token:" +
DocumentUtil.getNodeAsString(tokenElement));
-
- Document tokenDocument = DocumentUtil.createDocument();
- tokenDocument.appendChild(tokenDocument.importNode(tokenElement,
true));
- log.trace("valid=" +
XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic()));
-
- }catch(Exception ignore){}
- }
- }
- catch (Exception e)
- {
- throw new WSTrustException("Failed to sign security token",
e);
- }
- }
- }*/
-
- // construct the ws-trust security token response.
- RequestedSecurityTokenType requestedSecurityToken = new
RequestedSecurityTokenType();
-
requestedSecurityToken.setAny(requestContext.getSecurityToken().getTokenValue());
-
- // TODO: create proof token and encrypt the token if needed
-
- RequestSecurityTokenResponse response = new RequestSecurityTokenResponse();
- if (request.getContext() != null)
- response.setContext(request.getContext());
-
- response.setTokenType(request.getTokenType());
- response.setLifetime(request.getLifetime());
- response.setAppliesTo(appliesTo);
- response.setRequestedSecurityToken(requestedSecurityToken);
-
- // set the attached and unattached references.
- if (requestContext.getAttachedReference() != null)
-
response.setRequestedAttachedReference(requestContext.getAttachedReference());
- if (requestContext.getUnattachedReference() != null)
-
response.setRequestedUnattachedReference(requestContext.getUnattachedReference());
-
- return response;
- }
- else
- throw new WSTrustException("Unable to find a token provider for the token
request");
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#renew(org.jboss.identity.federation.api.wstrust
- * .protocol.RequestSecurityToken, java.security.Principal)
- */
- public RequestSecurityTokenResponse renew(RequestSecurityToken request, Principal
callerPrincipal)
- throws WSTrustException
- {
- Document rstDocument = request.getRSTDocument();
- if( rstDocument == null)
- throw new IllegalArgumentException("Request does not contain the DOM
Document");
-
- SecurityTokenProvider provider = null;
-
- // first try to obtain the security token provider using the applies-to contents.
- AppliesTo appliesTo = request.getAppliesTo();
- PublicKey providerPublicKey = null;
- if (appliesTo != null)
- {
- String serviceName = WSTrustUtil.parseAppliesTo(appliesTo);
- if (serviceName != null)
- {
- provider = this.configuration.getProviderForService(serviceName);
-
request.setTokenType(URI.create(this.configuration.getTokenTypeForService(serviceName)));
- providerPublicKey =
this.configuration.getServiceProviderPublicKey(serviceName);
- }
- }
- // if applies-to is not available or if no provider was found for the service, use
the token type.
- if (provider == null && request.getTokenType() != null)
- {
- provider =
this.configuration.getProviderForTokenType(request.getTokenType().toString());
- }
- else if (appliesTo == null && request.getTokenType() == null)
- throw new WSTrustException("Either AppliesTo or TokenType must be present
in a security token request");
-
- // TODO: get the provider using the token from the request.
- provider = this.configuration.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE);
-
- if (provider != null)
- {
- // create the request context and delegate token generation to the provider.
- WSTrustRequestContext requestContext = new WSTrustRequestContext(request,
callerPrincipal);
- requestContext.setTokenIssuer(this.configuration.getSTSName());
- if (request.getLifetime() == null &&
this.configuration.getIssuedTokenTimeout() != 0)
- {
- // if no lifetime has been specified, use the configured timeout value.
-
request.setLifetime(WSTrustUtil.createDefaultLifetime(this.configuration.getIssuedTokenTimeout()));
- }
- requestContext.setServiceProviderPublicKey(providerPublicKey);
- provider.renewToken(requestContext);
-
- if (requestContext.getSecurityToken() == null)
- throw new WSTrustException("Token issued by provider " +
provider.getClass().getName() + " is null");
-
-
- // construct the ws-trust security token response.
- RequestedSecurityTokenType requestedSecurityToken = new
RequestedSecurityTokenType();
-
requestedSecurityToken.setAny(requestContext.getSecurityToken().getTokenValue());
-
- // TODO: create proof token and encrypt the token if needed
-
- RequestSecurityTokenResponse response = new RequestSecurityTokenResponse();
- if (request.getContext() != null)
- response.setContext(request.getContext());
-
- response.setTokenType(request.getTokenType());
- response.setLifetime(request.getLifetime());
- response.setAppliesTo(appliesTo);
- response.setRequestedSecurityToken(requestedSecurityToken);
-
- // set the attached and unattached references.
- if (requestContext.getAttachedReference() != null)
-
response.setRequestedAttachedReference(requestContext.getAttachedReference());
- if (requestContext.getUnattachedReference() != null)
-
response.setRequestedUnattachedReference(requestContext.getUnattachedReference());
-
- return response;
- }
- else
- throw new WSTrustException("Unable to find a token provider for the token
request");
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#validate(org.jboss.identity.federation.api.wstrust
- * .protocol.RequestSecurityToken, java.security.Principal)
- */
- public RequestSecurityTokenResponse validate(RequestSecurityToken request, Principal
callerPrincipal)
- throws WSTrustException
- {
- Document rstDocument = request.getRSTDocument();
- if( rstDocument == null)
- throw new IllegalArgumentException("Request does not contain the DOM
Document");
-
- if (request.getValidateTarget() == null)
- throw new WSTrustException("Unable to validate token: validate target is
null");
-
- if (request.getTokenType() == null)
- request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
-
- // TODO: get the provider using the token from the request.
- SecurityTokenProvider provider =
this.configuration.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE);
- WSTrustRequestContext context = new WSTrustRequestContext(request,
callerPrincipal);
-
- StatusType status = null;
-
- // validate the security token digital signature.
- if (this.configuration.signIssuedToken() &&
this.configuration.getSTSKeyPair() != null)
- {
- KeyPair keyPair = this.configuration.getSTSKeyPair();
- try
- {
- //Element tokenElement = (Element) request.getValidateTarget().getAny();
- Element tokenElement = request.getValidateTargetElement();
-
- Node securityToken = tokenElement.getFirstChild();
-
- if(trace)
- {
- try
- {
- log.trace("Going to validate:" +
DocumentUtil.getNodeAsString(securityToken));
- }
- catch (Exception e)
- {
- }
- }
- Document tokenDocument = DocumentUtil.createDocument();
- Node importedNode = tokenDocument.importNode(securityToken, true);
- tokenDocument.appendChild(importedNode);
- if (!XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic()))
- {
- status = new StatusType();
- status.setCode(WSTrustConstants.STATUS_CODE_INVALID);
- status.setReason("Validation failure: digital signature is
invalid");
- }
- }
- catch (Exception e)
- {
- status = new StatusType();
- status.setCode(WSTrustConstants.STATUS_CODE_INVALID);
- status.setReason("Validation failure: unable to verify digital
signature: " + e.getMessage());
- }
- }
- // TODO: add logging statements alerting that signature validation was not
perfomed.
-
- // if the signature is valid, then let the provider handle perform any additional
validation checks.
- if(status == null)
- {
- provider.validateToken(context);
- status = context.getStatus();
- }
-
- // construct and return the response.
- RequestSecurityTokenResponse response = new RequestSecurityTokenResponse();
- if (request.getContext() != null)
- response.setContext(request.getContext());
- response.setTokenType(request.getTokenType());
- response.setStatus(status);
-
- return response;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
- *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#cancel(org.jboss.identity.federation.api.wstrust
- * .protocol.RequestSecurityToken, java.security.Principal)
- */
- public RequestSecurityTokenResponse cancel(RequestSecurityToken request, Principal
callerPrincipal)
- throws WSTrustException
- {
- Document rstDocument = request.getRSTDocument();
- if( rstDocument == null)
- throw new IllegalArgumentException("Request does not contain the DOM
Document");
-
- // TODO: implement cancel logic.
- throw new UnsupportedOperationException();
- }
-
- public Document postProcess(Document rstrDocument, RequestSecurityToken request)
throws WSTrustException
- {
- if(WSTrustConstants.ISSUE_REQUEST.equals(request.getRequestType().toString())
- ||
WSTrustConstants.RENEW_REQUEST.equals(request.getRequestType().toString()))
- {
- rstrDocument = DocumentUtil.normalizeNamespaces(rstrDocument);
-
- //Sign and encrypt
- if (this.configuration.signIssuedToken() &&
this.configuration.getSTSKeyPair() != null)
- {
- KeyPair keyPair = this.configuration.getSTSKeyPair();
- if (keyPair != null)
- {
- URI signatureURI = request.getSignatureAlgorithm();
- String signatureMethod = signatureURI != null ? signatureURI.toString() :
SignatureMethod.RSA_SHA1;
- try
- {
- Node rst =
rstrDocument.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE,
- "RequestedSecurityToken").item(0);
- Element tokenElement = (Element) rst.getFirstChild();
- if(trace)
- {
- log.trace("NamespaceURI of element to be signed:"
+tokenElement.getNamespaceURI() );
- }
- /* XMLSignatureUtil.sign(tokenElement.getOwnerDocument(), keyPair,
DigestMethod.SHA1, signatureMethod,
- "#" + tokenElement.getAttribute("ID"));
- */
- rstrDocument = XMLSignatureUtil.sign(rstrDocument, tokenElement,
keyPair,
- DigestMethod.SHA1, signatureMethod, "#" +
tokenElement.getAttribute("ID"));
- if(trace)
- {
- try
- {
- log.trace("Signed Token:" +
DocumentUtil.getNodeAsString(tokenElement));
-
- Document tokenDocument = DocumentUtil.createDocument();
- tokenDocument.appendChild(tokenDocument.importNode(tokenElement,
true));
- log.trace("valid=" +
XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic()));
-
- }catch(Exception ignore){}
- }
- }
- catch (Exception e)
- {
- throw new WSTrustException("Failed to sign security token",
e);
- }
- }
- }
- }
-
- return rstrDocument;
- }
-}
\ No newline at end of file
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/StandardSecurityToken.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,93 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import org.w3c.dom.Element;
-
-/**
- * <p>
- * Standard implementation of the {@code SecurityToken} interface. This implementation
stores the issued token as an
- * {@code Element}. The token providers are responsible for marshaling the security token
into an {@code Element}
- * instance because the security token marshaling process falls out of the scope of the
STS (the STS only deals with
- * WS-Trust classes and doesn't know how to marshal each specific token type).
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class StandardSecurityToken implements SecurityToken
-{
- private final String tokenType;
-
- private final String tokenId;
-
- private final Element token;
-
- /**
- * <p>
- * Creates an instance of {@code StandardSecurityToken} with the specified
parameters.
- * </p>
- *
- * @param tokenType
- * a {@code String} representing the type of the security token. This is
usually the same type as specified
- * in the WS-Trust request message.
- * @param token
- * the security token in its {@code Element} form (i.e. the marshaled
security token).
- * @param tokenID
- * a {@code String} representing the id of the security token.
- */
- public StandardSecurityToken(String tokenType, Element token, String tokenID)
- {
- this.tokenType = tokenType;
- this.tokenId = tokenID;
- this.token = token;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenType()
- */
- public String getTokenType()
- {
- return this.tokenType;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenValue()
- */
- public Object getTokenValue()
- {
- return this.token;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenID()
- */
- public String getTokenID()
- {
- return this.tokenId;
- }
-}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustClient.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -38,9 +38,12 @@
import org.jboss.identity.federation.core.exceptions.ParsingException;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
-import
org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.core.wstrust.WSTrustConstants;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.jboss.identity.federation.core.wstrust.WSTrustJAXBFactory;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
+import
org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
import org.jboss.identity.federation.ws.trust.RenewTargetType;
import org.jboss.identity.federation.ws.trust.StatusType;
import org.jboss.identity.federation.ws.trust.ValidateTargetType;
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustConstants.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,54 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-/**
- * <p>
- * This class defines the constants used throughout the WS-Trust implementation code.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class WSTrustConstants
-{
- public static final String BASE_NAMESPACE =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
-
- // WS-Trust request types.
- public static final String ISSUE_REQUEST = BASE_NAMESPACE + "Issue";
- public static final String RENEW_REQUEST = BASE_NAMESPACE + "Renew";
- public static final String CANCEL_REQUEST = BASE_NAMESPACE + "Cancel";
- public static final String VALIDATE_REQUEST = BASE_NAMESPACE + "Validate";
-
- // WS-Trust validation constants.
- public static final String STATUS_TYPE = BASE_NAMESPACE + "RSTR/Status";
- public static final String STATUS_CODE_VALID = BASE_NAMESPACE +
"status/valid";
- public static final String STATUS_CODE_INVALID = BASE_NAMESPACE +
"status/invalid";
-
- // WSS namespaces values.
- public static final String WSA_NS = "http://www.w3.org/2005/08/addressing";
- public static final String WSU_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
- public static final String WSSE_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
- public static final String WSSE11_NS =
"http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
- public static final String XENC_NS = "http://www.w3.org/2001/04/xmlenc#";
- public static final String DSIG_NS = "http://www.w3.org/2000/09/xmldsig#";
- public static final String SAML2_ASSERTION_NS =
"urn:oasis:names:tc:SAML:2.0:assertion";
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustException.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustException.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustException.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,61 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import java.security.GeneralSecurityException;
-
-/**
- * <p>
- * Exception used to convey that an error has happened when handling a WS-Trust request
message.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class WSTrustException extends GeneralSecurityException
-{
- private static final long serialVersionUID = -232066282004315310L;
-
- /**
- * <p>
- * Creates an instance of {@code WSTrustException} using the specified error message.
- * </p>
- *
- * @param message the error message.
- */
- public WSTrustException(String message)
- {
- super(message);
- }
-
- /**
- * <p>
- * Creates an instance of {@code WSTrustException} using the specified error message
and cause.
- * </p>
- *
- * @param message the error message.
- * @param cause a {@code Throwable} representing the cause of the error.
- */
- public WSTrustException(String message, Throwable cause)
- {
- super(message, cause);
- }
-}
\ No newline at end of file
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustJAXBFactory.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,412 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import javax.xml.bind.Binder;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.JAXBException;
-import javax.xml.bind.Marshaller;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.transform.Source;
-import javax.xml.transform.dom.DOMSource;
-
-import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
-import org.jboss.identity.federation.core.exceptions.ParsingException;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.util.JAXBUtil;
-import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken;
-import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
-import
org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
-import org.jboss.identity.federation.ws.trust.ObjectFactory;
-import
org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseCollectionType;
-import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.Node;
-import org.w3c.dom.NodeList;
-
-/**
- * <p>
- * This factory implements utility methods for converting between JAXB model objects and
XML source.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class WSTrustJAXBFactory
-{
- private static Logger log = Logger.getLogger(WSTrustJAXBFactory.class);
- private boolean trace = log.isTraceEnabled();
-
- private static final WSTrustJAXBFactory instance = new WSTrustJAXBFactory();
-
- private Marshaller marshaller;
-
- private Unmarshaller unmarshaller;
-
- private Binder<Node> binder;
-
- private final ObjectFactory objectFactory;
-
- private ThreadLocal<SAMLDocumentHolder> holders = new
ThreadLocal<SAMLDocumentHolder>();
-
- /**
- * <p>
- * Creates the {@code WSTrustJAXBFactory} singleton instance.
- * </p>
- */
- private WSTrustJAXBFactory()
- {
- try
- {
- this.marshaller = JAXBUtil.getMarshaller(this.getPackages());
- this.unmarshaller = JAXBUtil.getUnmarshaller(this.getPackages());
- this.binder = JAXBUtil.getJAXBContext(this.getPackages()).createBinder();
- this.objectFactory = new ObjectFactory();
- }
- catch (JAXBException e)
- {
- throw new RuntimeException(e.getMessage(), e);
- }
- }
-
- /**
- * <p>
- * Gets a reference to the singleton instance.
- * </p>
- *
- * @return a reference to the {@code WSTrustJAXBFactory} instance.
- */
- public static WSTrustJAXBFactory getInstance()
- {
- return instance;
- }
-
- private String getPackages()
- {
- StringBuilder packages = new StringBuilder();
- packages.append("org.jboss.identity.federation.ws.addressing");
- packages.append(":org.jboss.identity.federation.ws.policy");
- packages.append(":org.jboss.identity.federation.ws.trust");
- packages.append(":org.jboss.identity.federation.ws.wss.secext");
- packages.append(":org.jboss.identity.federation.ws.wss.utility");
- return packages.toString();
- }
-
- /**
- * <p>
- * Creates a {@code BaseRequestSecurityToken} from the specified XML source.
- * </p>
- *
- * @param request
- * the XML source containing the security token request message.
- * @return the constructed {@code BaseRequestSecurityToken} instance. It will be an
instance of {@code
- * RequestSecurityToken} the message contains a single token request, and an
instance of {@code
- * RequestSecurityTokenCollection} if multiples requests are being made in the
same message.
- * @throws ParsingException
- */
- @SuppressWarnings("unchecked")
- public BaseRequestSecurityToken parseRequestSecurityToken(Source request) throws
ParsingException
- {
- // if the request contains a validate, cancel, or renew target, we must preserve it
from JAXB unmarshalling.
- Node documentNode = ((DOMSource) request).getNode();
- Document document = documentNode instanceof Document ? (Document) documentNode :
documentNode.getOwnerDocument();
-
- JAXBElement<RequestSecurityTokenType> jaxbRST;
- try
- {
- Node rst = this.findNodeByNameNS(document, "RequestSecurityToken",
WSTrustConstants.BASE_NAMESPACE);
- if(rst == null)
- throw new RuntimeException("Request Security Token node not
found");
-
- jaxbRST = (JAXBElement<RequestSecurityTokenType>) binder.unmarshal(rst);
-
- RequestSecurityTokenType rstt = jaxbRST.getValue();
- holders.set(new SAMLDocumentHolder(rstt, document));
- return new RequestSecurityToken(rstt);
- }
- catch (JAXBException e)
- {
- throw new ParsingException(e);
- }
-
-
- /*Element targetElement = this.getValidateOrRenewOrCancelTarget(document);
-
- try
- {
- Object object = this.unmarshaller.unmarshal(request);
- if (object instanceof JAXBElement)
- {
- JAXBElement<?> element = (JAXBElement<?>) object;
- if (element.getDeclaredType().equals(RequestSecurityTokenType.class))
- {
- RequestSecurityToken parsedRequest = new
RequestSecurityToken((RequestSecurityTokenType) element
- .getValue());
- // insert the request target in the parsed request.
- if (targetElement != null)
- {
- if (parsedRequest.getValidateTarget() != null)
- parsedRequest.getValidateTarget().setAny(targetElement);
- else if (parsedRequest.getRenewTarget() != null)
- parsedRequest.getRenewTarget().setAny(targetElement);
- else if (parsedRequest.getCancelTarget() != null)
- parsedRequest.getCancelTarget().setAny(targetElement);
- }
- return parsedRequest;
- }
- else
- throw new RuntimeException("Invalid request type: " +
element.getDeclaredType());
- }
- else
- throw new RuntimeException("Invalid request type: " +
object.getClass().getName());
- }
- catch (Exception e)
- {
- throw new RuntimeException("Failed to unmarshall security token
request", e);
- }*/
- }
-
- /**
- * <p>
- * Creates a {@code BaseRequestSecurityTokenResponse} from the specified XML source.
- * </p>
- *
- * @param response
- * the XML source containing the security token response message.
- * @return the constructed {@code BaseRequestSecurityTokenResponse} instance.
According to the WS-Trust
- * specification, the returned object will be an instance of {@code
RequestSecurityTokenResponseCollection}.
- */
- public BaseRequestSecurityTokenResponse parseRequestSecurityTokenResponse(Source
response)
- {
- // if the response contains an issued token, we must preserve it from the JAXB
unmarshalling.
- Element tokenElement = null;
- Node documentNode = ((DOMSource) response).getNode();
- Document document = documentNode instanceof Document ? (Document) documentNode :
documentNode.getOwnerDocument();
- Node requestedTokenNode = this.findNodeByNameNS(document,
"RequestedSecurityToken",
- WSTrustConstants.BASE_NAMESPACE);
- if (requestedTokenNode != null)
- tokenElement = (Element) requestedTokenNode.getFirstChild();
-
- try
- {
- Object object = this.unmarshaller.unmarshal(response);
- if (object instanceof JAXBElement)
- {
- JAXBElement<?> element = (JAXBElement<?>)
unmarshaller.unmarshal(response);
- if
(element.getDeclaredType().equals(RequestSecurityTokenResponseCollectionType.class))
- {
- RequestSecurityTokenResponseCollection collection = new
RequestSecurityTokenResponseCollection(
- (RequestSecurityTokenResponseCollectionType) element.getValue());
- // insert the security token in the parsed response.
- if (tokenElement != null)
- {
- RequestSecurityTokenResponse parsedResponse =
collection.getRequestSecurityTokenResponses().get(0);
- parsedResponse.getRequestedSecurityToken().setAny(tokenElement);
- }
- return collection;
- }
- else
- throw new RuntimeException("Invalid response type: " +
element.getDeclaredType());
- }
- else
- throw new RuntimeException("Invalid response type: " +
object.getClass().getName());
- }
- catch (Exception e)
- {
- throw new RuntimeException("Failed to unmarshall security token
response", e);
- }
- }
-
- /**
- * <p>
- * Creates a {@code javax.xml.transform.Source} from the specified request object.
- * </p>
- *
- * @param request
- * a {@code RequestSecurityToken} representing the object model of the
security token request.
- * @return the constructed {@code Source} instance.
- */
- public Source marshallRequestSecurityToken(RequestSecurityToken request)
- {
- Element targetElement = null;
- // if the request has a validate, cancel, or renew target, we must preserve it from
JAXB marshaling.
- String requestType = request.getRequestType().toString();
- if (requestType.equalsIgnoreCase(WSTrustConstants.VALIDATE_REQUEST))
- {
- targetElement = (Element) request.getValidateTarget().getAny();
- request.getValidateTarget().setAny(null);
- }
- else if (requestType.equalsIgnoreCase(WSTrustConstants.RENEW_REQUEST))
- {
- targetElement = (Element) request.getRenewTarget().getAny();
- request.getRenewTarget().setAny(null);
- }
- else if (requestType.equalsIgnoreCase(WSTrustConstants.CANCEL_REQUEST))
- {
- targetElement = (Element) request.getCancelTarget().getAny();
- request.getCancelTarget().setAny(null);
- }
-
- Document result = null;
- try
- {
- result = DocumentUtil.createDocument();
-
this.marshaller.marshal(this.objectFactory.createRequestSecurityToken(request.getDelegate()),
result);
-
- // insert the original target in the appropriate element.
- if (targetElement != null)
- {
- Node node = null;
- if (requestType.equalsIgnoreCase(WSTrustConstants.VALIDATE_REQUEST))
- node = this.findNodeByNameNS(result, "ValidateTarget",
WSTrustConstants.BASE_NAMESPACE);
- else if (requestType.equalsIgnoreCase(WSTrustConstants.RENEW_REQUEST))
- node = this.findNodeByNameNS(result, "RenewTarget",
WSTrustConstants.BASE_NAMESPACE);
- else if (requestType.equalsIgnoreCase(WSTrustConstants.CANCEL_REQUEST))
- node = this.findNodeByNameNS(result, "CancelTarget",
WSTrustConstants.BASE_NAMESPACE);
- if(node == null)
- throw new RuntimeException("Unsupported request type:" +
requestType);
- node.appendChild(result.importNode(targetElement, true));
- }
- }
- catch (Exception e)
- {
- throw new RuntimeException("Failed to marshall security token
request", e);
- }
-
- return DocumentUtil.getXMLSource(result);
- }
-
- /**
- * <p>
- * Creates a {@code javax.xml.transform.Source} from the specified response object.
- * </p>
- *
- * @param collection
- * a {@code RequestSecurityTokenResponseCollection} representing the object
model of the security token
- * response.
- * @return the constructed {@code Source} instance.
- */
- public Source
marshallRequestSecurityTokenResponse(RequestSecurityTokenResponseCollection collection)
- {
- if (collection.getRequestSecurityTokenResponses().size() == 0)
- throw new IllegalArgumentException("The response collection must contain at
least one response");
-
- // if the response contains an issued token, we must preserve it from the JAXB
marshaling.
- Element tokenElement = null;
- RequestSecurityTokenResponse response =
collection.getRequestSecurityTokenResponses().get(0);
- if (response.getRequestedSecurityToken() != null)
- {
- tokenElement = (Element) response.getRequestedSecurityToken().getAny();
- // we don't want to marshall any token - it will be inserted in the DOM
document later.
- response.getRequestedSecurityToken().setAny(null);
- }
-
- Document result = null;
- try
- {
- // marshall the response to a document and insert the issued token directly on
the document.
- result = DocumentUtil.createDocument();
-
this.marshaller.marshal(this.objectFactory.createRequestSecurityTokenResponseCollection(collection
- .getDelegate()), result);
-
- // the document is a ws-trust template - we need to insert the token in the
appropriate element.
- if (tokenElement != null)
- {
- Node node = this.findNodeByNameNS(result, "RequestedSecurityToken",
WSTrustConstants.BASE_NAMESPACE);
- node.appendChild(result.importNode(tokenElement, true));
- }
- if(trace)
- {
- try
- {
- log.trace("Final RSTR doc:" +
DocumentUtil.getDocumentAsString(result));
-
- }catch(Exception ignore){}
- }
-
- }
- catch (Exception e)
- {
- throw new RuntimeException("Failed to marshall security token
response", e);
- }
- return DocumentUtil.getXMLSource(result);
- }
-
- /**
- * Return the {@code SAMLDocumentHolder} for the thread
- * @return
- */
- public SAMLDocumentHolder getSAMLDocumentHolderOnThread()
- {
- return holders.get();
- }
-
- /**
- * <p>
- * Finds in the specified document a node that matches the specified name and
namespace.
- * </p>
- *
- * @param document
- * the {@code Document} instance upon which the search is made.
- * @param localName
- * a {@code String} containing the local name of the searched node.
- * @param namespace
- * a {@code String} containing the namespace of the searched node.
- * @return a {@code Node} representing the searched node. If more than one node is
found in the document, the first
- * one will be returned. If no nodes were found according to the search
parameters, then {@code null} is
- * returned.
- */
- private Node findNodeByNameNS(Document document, String localName, String namespace)
- {
- NodeList list = document.getElementsByTagNameNS(namespace, localName);
- if (list == null || list.getLength() == 0)
- // log("Unable to locate element " + localName + " with namespace
" + namespace);
- return null;
- return list.item(0);
- }
-
- /**
- * <p>
- * Searches the specified document for an element that represents a validate, renew,
or cancel target.
- * </p>
- *
- * @param document
- * the {@code Document} upon which the search is to be made.
- * @return an {@code Element} representing the validate, renew, or cancel target.
- */
- /*private Element getValidateOrRenewOrCancelTarget(Document document)
- {
- Node target = this.findNodeByNameNS(document, "ValidateTarget",
WSTrustConstants.BASE_NAMESPACE);
- if (target != null)
- return (Element) target.getFirstChild();
- target = this.findNodeByNameNS(document, "RenewTarget",
WSTrustConstants.BASE_NAMESPACE);
- if (target != null)
- return (Element) target.getFirstChild();
- target = this.findNodeByNameNS(document, "CancelTarget",
WSTrustConstants.BASE_NAMESPACE);
- if (target != null)
- return (Element) target.getFirstChild();
- return null;
- }*/
-}
\ No newline at end of file
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestContext.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,247 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import java.security.Principal;
-import java.security.PublicKey;
-
-import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
-import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
-import org.jboss.identity.federation.ws.trust.StatusType;
-
-/**
- * <p>
- * The {@code WSTrustRequestContext} contains all the information that is relevant for
the security token request
- * processing. Its attributes are divided into two groups: attributes set by the request
handler before calling a token
- * provider, and attributes set by the token provider after processing the token
request.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class WSTrustRequestContext
-{
-
- // information supplied by the request handler.
- private String tokenIssuer;
-
- private PublicKey providerPublicKey;
-
- private final Principal callerPrincipal;
-
- private final RequestSecurityToken request;
-
- // information supplied by the token provider.
- private SecurityToken securityToken;
-
- private StatusType status;
-
- private RequestedReferenceType attachedReference;
-
- private RequestedReferenceType unattachedReference;
-
- /**
- * <p>
- * Creates an instance of {@code WSTrustRequestContext} using the specified request.
- * </p>
- *
- * @param request a {@code RequestSecurityToken} object that contains the information
about the security token
- * request.
- * @param callerPrincipal the {@code Principal} of the security token requester.
- */
- public WSTrustRequestContext(RequestSecurityToken request, Principal callerPrincipal)
- {
- this.request = request;
- this.callerPrincipal = callerPrincipal;
- }
-
- /**
- * <p>
- * Obtains the name of the token issuer (security token service name).
- * </p>
- *
- * @return a {@code String} representing the token issuer name.
- */
- public String getTokenIssuer()
- {
- return tokenIssuer;
- }
-
- /**
- * <p>
- * Sets the name of the token issuer.
- * </p>
- *
- * @param tokenIssuer a {@code String} representing the token issuer name.
- */
- public void setTokenIssuer(String tokenIssuer)
- {
- this.tokenIssuer = tokenIssuer;
- }
-
- /**
- * <p>
- * Obtains the {@code PublicKey} of the service provider that requires a security
token.
- * </p>
- *
- * @return the service provider's {@code PublicKey}.
- */
- public PublicKey getServiceProviderPublicKey()
- {
- return this.providerPublicKey;
- }
-
- /**
- * <p>
- * Sets the {@code PublicKey} of the service provider that requires a security token.
- * </p>
- *
- * @param providerPublicKey the service provider's {@code PublicKey}.
- */
- public void setServiceProviderPublicKey(PublicKey providerPublicKey)
- {
- this.providerPublicKey = providerPublicKey;
- }
-
- /**
- * <p>
- * Obtains the principal of the WS-Trust token requester.
- * </p>
- *
- * @return a reference to the caller {@code Principal} object.
- */
- public Principal getCallerPrincipal()
- {
- return this.callerPrincipal;
- }
-
- /**
- * <p>
- * Obtains the object the contains the information about the security token request.
- * </p>
- *
- * @return a reference to the {@code RequestSecurityToken} instance.
- */
- public RequestSecurityToken getRequestSecurityToken()
- {
- return this.request;
- }
-
- /**
- * <p>
- * Obtains the security token contained in this context.
- * </p>
- *
- * @return a reference to the {@code SecurityToken} instance.
- */
- public SecurityToken getSecurityToken()
- {
- return this.securityToken;
- }
-
- /**
- * <p>
- * Sets the security token in the context.
- * </p>
- *
- * @param token the {@code SecurityToken} instance to be set.
- */
- public void setSecurityToken(SecurityToken token)
- {
- this.securityToken = token;
- }
-
- /**
- * <p>
- * Obtains the status of the security token validation.
- * </p>
- *
- * @return a reference to the resulting {@code StatusType}.
- */
- public StatusType getStatus()
- {
- return this.status;
- }
-
- /**
- * <p>
- * Sets the status of the security token validation.
- * </p>
- *
- * @param status a reference to the {@code StatusType} that represents the validation
status.
- */
- public void setStatus(StatusType status)
- {
- this.status = status;
- }
-
- /**
- * <p>
- * Obtains the security token attached reference. This reference is used to locate the
token inside the WS-Trust
- * response message when that token doesn't support references using URI
fragments.
- * </p>
- *
- * @return a {@code RequestedReferenceType} representing the attached reference.
- */
- public RequestedReferenceType getAttachedReference()
- {
- return this.attachedReference;
- }
-
- /**
- * <p>
- * Sets the security token attached reference. This reference is used to locate the
token inside the WS-Trust
- * response message when that token doesn't support references using URI
fragments.
- * </p>
- *
- * @param attachedReference a {@code RequestedReferenceType} representing the attached
reference.
- */
- public void setAttachedReference(RequestedReferenceType attachedReference)
- {
- this.attachedReference = attachedReference;
- }
-
- /**
- * <p>
- * Obtains the security token unattached reference. This reference is used to locate
the token when it is not placed
- * inside the WS-Trust response message.
- * </p>
- *
- * @return a {@code RequestedReferenceType} representing the unattached reference.
- */
- public RequestedReferenceType getUnattachedReference()
- {
- return this.unattachedReference;
- }
-
- /**
- * <p>
- * Sets the security token unattached reference. This reference is used to locate the
token when it is not placed
- * inside the WS-Trust response message.
- * </p>
- *
- * @param unattachedReference a {@code RequestedReferenceType} representing the
unattached reference.
- */
- public void setUnattachedReference(RequestedReferenceType unattachedReference)
- {
- this.unattachedReference = unattachedReference;
- }
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustRequestHandler.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,111 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import java.security.Principal;
-
-import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
-import org.w3c.dom.Document;
-
-/**
- * <p>
- * The {@code WSTrustRequestHandler} interface defines the methods that will be
responsible for handling the different
- * types of WS-Trust request messages.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public interface WSTrustRequestHandler
-{
- /**
- * <p>
- * Initializes the concrete {@code WSTrustRequestHandler} instance.
- * </p>
- *
- * @param configuration a reference to object that contains the STS configuration.
- */
- public void initialize(STSConfiguration configuration);
-
- /**
- * <p>
- * Generates a security token according to the information specified in the request
message and returns the created
- * token in the response.
- * </p>
- *
- * @param request the security token request message.
- * @param callerPrincipal the {@code Principal} of the ws-trust token requester.
- * @return a {@code RequestSecurityTokenResponse} containing the generated token.
- * @throws WSTrustException if an error occurs while handling the request message.
- */
- public RequestSecurityTokenResponse issue(RequestSecurityToken request, Principal
callerPrincipal)
- throws WSTrustException;
-
- /**
- * <p>
- * Renews the security token as specified in the request message, returning the
renewed token in the response.
- * </p>
- *
- * @param request the request message that contains the token to be renewed.
- * @param callerPrincipal the {@code Principal} of the ws-trust token requester.
- * @return a {@code RequestSecurityTokenResponse} containing the renewed token.
- * @throws WSTrustException if an error occurs while handling the renewal process.
- */
- public RequestSecurityTokenResponse renew(RequestSecurityToken request, Principal
callerPrincipal)
- throws WSTrustException;
-
- /**
- * <p>
- * Cancels the security token as specified in the request message.
- * </p>
- *
- * @param request the request message that contains the token to be canceled.
- * @param callerPrincipal the {@code Principal} of the ws-trust token requester.
- * @return a {@code RequestSecurityTokenResponse} indicating whether the token has
been canceled or not.
- * @throws WSTrustException if an error occurs while handling the cancellation
process.
- */
- public RequestSecurityTokenResponse cancel(RequestSecurityToken request, Principal
callerPrincipal)
- throws WSTrustException;
-
- /**
- * <p>
- * Validates the security token as specified in the request message.
- * </p>
- *
- * @param request the request message that contains the token to be validated.
- * @param callerPrincipal the {@code Principal} of the ws-trust token requester.
- * @return a {@code RequestSecurityTokenResponse} containing the validation status or
a new token.
- * @throws WSTrustException if an error occurs while handling the validation process.
- */
- public RequestSecurityTokenResponse validate(RequestSecurityToken request, Principal
callerPrincipal)
- throws WSTrustException;
-
- /**
- * Perform Post Processing on the generated RSTR Collection Document
- * Steps such as signing and encryption need to be done here.
- * @param rstrDocument
- * @param request
- * @return
- * @throws WSTrustException
- */
- public Document postProcess(Document rstrDocument, RequestSecurityToken request)
throws WSTrustException;
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustServiceFactory.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustServiceFactory.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustServiceFactory.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,102 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import java.security.PrivilegedActionException;
-
-/**
- * <p>
- * Factory class used for instantiating pluggable services, such as the {@code
WSTrustRequestHandler} and
- * {@code SecurityTokenProvider} implementations.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class WSTrustServiceFactory
-{
-
- private static final WSTrustServiceFactory factory = new WSTrustServiceFactory();
-
- /**
- * <p>
- * Creates the {@code WSTrustConfigurationFactory} singleton instance.
- * </p>
- */
- private WSTrustServiceFactory()
- {
- }
-
- /**
- * <p>
- * Obtains a reference to the singleton instance.
- * </p>
- *
- * @return the {@code WSTrustConfigurationFactory} singleton.
- */
- public static WSTrustServiceFactory getInstance()
- {
- return factory;
- }
-
- /**
- * <p>
- * Constructs and returns the {@code WSTrustRequestHandler} that will be used to
handle WS-Trust requests.
- * </p>
- *
- * @param configuration a reference to the {@code STSConfiguration}.
- * @return a reference to the constructed {@code WSTrustRequestHandler} object.
- */
- public WSTrustRequestHandler createRequestHandler(String handlerClassName,
STSConfiguration configuration)
- {
- try
- {
- WSTrustRequestHandler handler = (WSTrustRequestHandler)
SecurityActions.instantiateClass(handlerClassName);
- handler.initialize(configuration);
- return handler;
- }
- catch (Exception e)
- {
- throw new RuntimeException(e.getMessage(), e);
- }
- }
-
- /**
- * <p>
- * Constructs and returns a {@code SecurityTokenProvider} from the specified class
name.
- * </p>
- *
- * @param providerClass the FQN of the {@code SecurityTokenProvider} to be
instantiated.
- * @return a reference to the constructed {@code SecurityTokenProvider} object.
- */
- public SecurityTokenProvider createTokenProvider(String providerClass)
- {
- try
- {
- SecurityTokenProvider tokenProvider = (SecurityTokenProvider)
SecurityActions.instantiateClass(providerClass);
- return tokenProvider;
- }
- catch (PrivilegedActionException pae)
- {
- throw new RuntimeException("Unable to instantiate token provider " +
providerClass, pae);
- }
- }
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/main/java/org/jboss/identity/federation/api/wstrust/WSTrustUtil.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,157 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.api.wstrust;
-
-import java.util.GregorianCalendar;
-import java.util.Map;
-
-import javax.xml.bind.JAXBElement;
-import javax.xml.namespace.QName;
-
-import org.jboss.identity.federation.core.wstrust.Lifetime;
-import org.jboss.identity.federation.ws.addressing.AttributedURIType;
-import org.jboss.identity.federation.ws.addressing.EndpointReferenceType;
-import org.jboss.identity.federation.ws.addressing.ObjectFactory;
-import org.jboss.identity.federation.ws.policy.AppliesTo;
-import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
-import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType;
-import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType;
-
-/**
- * <p>
- * Utility class that provides methods for parsing/creating WS-Trust elements.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class WSTrustUtil
-{
-
- /**
- * <p>
- * Creates an instance of {@code KeyIdentifierType} with the specified values.
- * </p>
- *
- * @param valueType a {@code String} representing the identifier value type.
- * @param value a {@code String} representing the identifier value.
- * @return the constructed {@code KeyIdentifierType} instance.
- */
- public static KeyIdentifierType createKeyIdentifier(String valueType, String value)
- {
- KeyIdentifierType keyIdentifier = new KeyIdentifierType();
- keyIdentifier.setValueType(valueType);
- keyIdentifier.setValue(value);
- return keyIdentifier;
- }
-
- /**
- * <p>
- * Creates an instance of {@code RequestedReferenceType} with the specified values.
This method first creates a
- * {@code SecurityTokenReferenceType} with the specified key identifier and attributes
and then use this reference
- * to construct the {@code RequestedReferenceType} that is returned.
- * </p>
- *
- * @param keyIdentifier the key identifier of the security token reference.
- * @param attributes the attributes to be set on the security token reference.
- * @return the constructed {@code RequestedReferenceType} instance.
- */
- public static RequestedReferenceType createRequestedReference(KeyIdentifierType
keyIdentifier,
- Map<QName, String> attributes)
- {
- SecurityTokenReferenceType securityTokenReference = new
SecurityTokenReferenceType();
- securityTokenReference.getAny().add(
- new
org.jboss.identity.federation.ws.wss.secext.ObjectFactory().createKeyIdentifier(keyIdentifier));
- securityTokenReference.getOtherAttributes().putAll(attributes);
- RequestedReferenceType reference = new RequestedReferenceType();
- reference.setSecurityTokenReference(securityTokenReference);
-
- return reference;
- }
-
- /**
- * <p>
- * Creates an instance of {@code AppliesTo} using the specified endpoint address.
- * </p>
- *
- * @param endpointURI a {@code String} representing the endpoint URI.
- * @return the constructed {@code AppliesTo} instance.
- */
- public static AppliesTo createAppliesTo(String endpointURI)
- {
- AttributedURIType attributedURI = new AttributedURIType();
- attributedURI.setValue(endpointURI);
- EndpointReferenceType reference = new EndpointReferenceType();
- reference.setAddress(attributedURI);
- AppliesTo appliesTo = new AppliesTo();
- appliesTo.getAny().add(new ObjectFactory().createEndpointReference(reference));
-
- return appliesTo;
- }
-
- /**
- * <p>
- * Parses the contents of the {@code AppliesTo} element and returns the address the
uniquely identify the service
- * provider.
- * </p>
- *
- * @param appliesTo the {@code AppliesTo} instance to be parsed.
- * @return the address of the service provider.
- */
- public static String parseAppliesTo(AppliesTo appliesTo)
- {
- EndpointReferenceType reference = null;
- for (Object obj : appliesTo.getAny())
- {
- if (obj instanceof EndpointReferenceType)
- reference = (EndpointReferenceType) obj;
- else if (obj instanceof JAXBElement)
- {
- JAXBElement<?> element = (JAXBElement<?>) obj;
- if
(element.getName().getLocalPart().equalsIgnoreCase("EndpointReference"))
- reference = (EndpointReferenceType) element.getValue();
- }
-
- if (reference != null && reference.getAddress() != null)
- return reference.getAddress().getValue();
- }
- return null;
- }
-
- /**
- * <p>
- * Creates a {@code Lifetime} instance that specifies a range of time that starts at
the current GMT time and has
- * the specified duration in milliseconds.
- * </p>
- *
- * @param tokenTimeout the token timeout value (in milliseconds).
- * @return the constructed {@code Lifetime} instance.
- */
- public static Lifetime createDefaultLifetime(long tokenTimeout)
- {
- GregorianCalendar created = new GregorianCalendar();
- GregorianCalendar expires = new GregorianCalendar();
- expires.setTimeInMillis(created.getTimeInMillis() + tokenTimeout);
-
- return new Lifetime(created, expires);
- }
-
-}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/DeflateEncodingDecodingUnitTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -28,10 +28,10 @@
import junit.framework.TestCase;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.util.Base64;
import org.jboss.identity.federation.api.util.DeflateUtil;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import
org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnRequestFactory;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnRequestUnitTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -28,8 +28,8 @@
import junit.framework.TestCase;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType;
import org.jboss.identity.federation.saml.v2.assertion.ConditionAbstractType;
import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SAML2AuthnResponseUnitTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -25,8 +25,8 @@
import junit.framework.TestCase;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import
org.jboss.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -32,16 +32,16 @@
import javax.xml.bind.JAXBElement;
import javax.xml.crypto.dsig.SignatureMethod;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.api.saml.v2.sig.SAML2Signature;
-import org.jboss.identity.federation.api.util.XMLSignatureUtil;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
import org.jboss.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.jboss.identity.federation.core.util.XMLSignatureUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AuthnStatementType;
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -36,8 +36,8 @@
import junit.framework.TestCase;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.holders.IDPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/MockSTSConfiguration.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,152 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.test.identity.federation.api.wstrust;
-
-import java.security.KeyPair;
-import java.security.PublicKey;
-import java.util.Map;
-
-import org.jboss.identity.federation.api.wstrust.STSConfiguration;
-import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider;
-import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler;
-
-/**
- * <p>
- * Mock implementation of {@code STSConfiguration} used in the test scenarios.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- * @version $Revision$
- */
-public class MockSTSConfiguration implements STSConfiguration
-{
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getEncryptIssuedToken()
- */
- public boolean encryptIssuedToken()
- {
- return false;
- }
-
- /*
- * (non-Javadoc)
- * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#signIssuedToken()
- */
- public boolean signIssuedToken()
- {
- return true;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getIssuedTokenTimeout()
- */
- public long getIssuedTokenTimeout()
- {
- return 0;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getOptions()
- */
- public Map<String, Object> getOptions()
- {
- return null;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getProviderForService(java.lang.String)
- */
- public SecurityTokenProvider getProviderForService(String serviceName)
- {
- return null;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getProviderForTokenType(java.lang.String)
- */
- public SecurityTokenProvider getProviderForTokenType(String tokenType)
- {
- return null;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getTokenTypeForService(java.lang.String)
- */
- public String getTokenTypeForService(String serviceName)
- {
- return null;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getRequestHandler()
- */
- public WSTrustRequestHandler getRequestHandler()
- {
- return null;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSName()
- */
- public String getSTSName()
- {
- return null;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getServiceProviderPublicKey(java.lang.String)
- */
- public PublicKey getServiceProviderPublicKey(String serviceName)
- {
- return null;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSKeyPair()
- */
- public KeyPair getSTSKeyPair()
- {
- return null;
- }
-
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SAML20TokenProviderUnitTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,275 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.test.identity.federation.api.wstrust;
-
-import java.net.URI;
-import java.security.Principal;
-import java.util.GregorianCalendar;
-
-import javax.xml.bind.JAXBContext;
-import javax.xml.bind.JAXBElement;
-import javax.xml.bind.Unmarshaller;
-import javax.xml.namespace.QName;
-
-import junit.framework.TestCase;
-
-import org.jboss.identity.federation.api.wstrust.StandardSecurityToken;
-import org.jboss.identity.federation.api.wstrust.WSTrustConstants;
-import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext;
-import org.jboss.identity.federation.api.wstrust.WSTrustUtil;
-import org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider;
-import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil;
-import org.jboss.identity.federation.core.wstrust.Lifetime;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
-import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
-import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType;
-import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
-import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
-import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType;
-import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
-import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
-import org.jboss.identity.federation.ws.trust.StatusType;
-import org.jboss.identity.federation.ws.trust.ValidateTargetType;
-import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType;
-import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType;
-import org.w3c.dom.Element;
-
-/**
- * <p>
- * This {@code TestCase} tests the functionalities of the {@code SAML20TokenProvider}
class.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class SAML20TokenProviderUnitTestCase extends TestCase
-{
-
- /**
- * <p>
- * Tests the issuance of a SAMLV2.0 Assertion.
- * </p>
- *
- * @throws Exception if an error occurs while running the test.
- */
- public void testIssueSAMLV20Token() throws Exception
- {
- // create a WSTrustRequestContext with a simple WS-Trust request.
- RequestSecurityToken request = new RequestSecurityToken();
- request.setLifetime(WSTrustUtil.createDefaultLifetime(3600000));
-
request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.te...;
- request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
-
- WSTrustRequestContext context = new WSTrustRequestContext(request, new
TestPrincipal("sguilhen"));
- context.setTokenIssuer("JBossSTS");
-
- // call the SAML token provider and check the generated token.
- new SAML20TokenProvider().issueToken(context);
- assertNotNull("Unexpected null security token",
context.getSecurityToken());
-
- JAXBContext jaxbContext =
JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion");
- Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
- JAXBElement<?> parsedElement = (JAXBElement<?>)
unmarshaller.unmarshal((Element) context.getSecurityToken()
- .getTokenValue());
- assertNotNull("Unexpected null element", parsedElement);
- assertEquals("Unexpected element type", AssertionType.class,
parsedElement.getDeclaredType());
-
- AssertionType assertion = (AssertionType) parsedElement.getValue();
- StandardSecurityToken securityToken = (StandardSecurityToken)
context.getSecurityToken();
- assertEquals("Unexpected token id", securityToken.getTokenID(),
assertion.getID());
- assertEquals("Unexpected token issuer", "JBossSTS",
assertion.getIssuer().getValue());
-
- // check the contents of the assertion conditions.
- ConditionsType conditions = assertion.getConditions();
- assertNotNull("Unexpected null conditions", conditions);
- assertNotNull("Unexpected null value for NotBefore attribute",
conditions.getNotBefore());
- assertNotNull("Unexpected null value for NotOnOrAfter attribute",
conditions.getNotOnOrAfter());
- assertEquals("Unexpected number of conditions", 1,
conditions.getConditionOrAudienceRestrictionOrOneTimeUse()
- .size());
- assertTrue("Unexpected condition type",
- conditions.getConditionOrAudienceRestrictionOrOneTimeUse().get(0) instanceof
AudienceRestrictionType);
- AudienceRestrictionType restrictionType = (AudienceRestrictionType) conditions
- .getConditionOrAudienceRestrictionOrOneTimeUse().get(0);
- assertNotNull("Unexpected null audience list",
restrictionType.getAudience());
- assertEquals("Unexpected number of audience elements", 1,
restrictionType.getAudience().size());
- assertEquals("Unexpected audience value",
"http://services.testcorp.org/provider2", restrictionType.getAudience()
- .get(0));
-
- // check the contents of the assertion subject.
- SubjectType subject = assertion.getSubject();
- assertNotNull("Unexpected null subject", subject);
- assertEquals("Unexpected subject content size", 2,
subject.getContent().size());
- JAXBElement<?> content = subject.getContent().get(0);
- assertEquals("Unexpected content type", NameIDType.class,
content.getDeclaredType());
- NameIDType nameID = (NameIDType) content.getValue();
- assertEquals("Unexpected name id qualifier",
"urn:jboss:identity-federation", nameID.getNameQualifier());
- assertEquals("Unexpected name id", "sguilhen",
nameID.getValue());
- content = subject.getContent().get(1);
- assertEquals("Unexpected content type", SubjectConfirmationType.class,
content.getDeclaredType());
- SubjectConfirmationType confirmation = (SubjectConfirmationType)
content.getValue();
- assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_BEARER_URI,
confirmation.getMethod());
-
- // validate the attached token reference created by the SAML provider.
- RequestedReferenceType reference = context.getAttachedReference();
- assertNotNull("Unexpected null attached reference", reference);
- SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
- assertNotNull("Unexpected null security reference", securityRef);
- String tokenTypeAttr = securityRef.getOtherAttributes().get(new
QName(WSTrustConstants.WSSE11_NS, "TokenType"));
- assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
- assertEquals("TokenType attribute has an unexpected value",
SAMLUtil.SAML2_TOKEN_TYPE, tokenTypeAttr);
- JAXBElement<?> keyIdElement = (JAXBElement<?>)
securityRef.getAny().get(0);
- KeyIdentifierType keyId = (KeyIdentifierType) keyIdElement.getValue();
- assertEquals("Unexpected key value type", SAMLUtil.SAML2_VALUE_TYPE,
keyId.getValueType());
- assertNotNull("Unexpected null key identifier value", keyId.getValue());
- assertEquals(assertion.getID(), keyId.getValue().substring(1));
- }
-
- /**
- * <p>
- * Tests the validation of a SAMLV2.0 Assertion.
- * </p>
- *
- * @throws Exception if an error occurs while running the test.
- */
- public void testValidateSAMLV20Token() throws Exception
- {
-
- // issue a SAMLV2.0 assertion.
- WSTrustRequestContext context =
this.createIssuingContext(WSTrustUtil.createDefaultLifetime(3600000));
- SAML20TokenProvider provider = new SAML20TokenProvider();
- provider.issueToken(context);
-
- // get the issued SAMLV2.0 assertion.
- Element assertion = (Element) context.getSecurityToken().getTokenValue();
-
- // now create a WS-Trust validate context.
- context = this.createValidatingContext(assertion);
-
- // validate the SAMLV2.0 assertion.
- provider.validateToken(context);
- StatusType status = context.getStatus();
- assertNotNull("Unexpected null status type", status);
- assertEquals("Unexpected status code",
WSTrustConstants.STATUS_CODE_VALID, status.getCode());
- assertEquals("Unexpected status reason", "SAMLV2.0 Assertion
successfuly validated", status.getReason());
-
- // now let's create a new SAMLV2.0 assertion with an expired lifetime.
- long currentTimeMillis = System.currentTimeMillis();
- GregorianCalendar created = new GregorianCalendar();
- created.setTimeInMillis(currentTimeMillis - 3600000);
- GregorianCalendar expires = new GregorianCalendar();
- expires.setTimeInMillis(currentTimeMillis - 1800000);
- context = this.createIssuingContext(new Lifetime(created, expires));
-
- provider.issueToken(context);
- assertion = (Element) context.getSecurityToken().getTokenValue();
-
- // try to validate the expired token.
- context = this.createValidatingContext(assertion);
- provider.validateToken(context);
- status = context.getStatus();
- assertNotNull("Unexpected null status type", status);
- assertEquals("Unexpected status code",
WSTrustConstants.STATUS_CODE_INVALID, status.getCode());
- assertEquals("Unexpected status reason",
- "Validation failure: assertion expired or used before its lifetime
period", status.getReason());
- }
-
- /**
- * <p>
- * Creates a {@code WSTrustRequestContext} using the specified lifetime. The created
context is used in the issuing
- * test scenarios.
- * </p>
- *
- * @param lifetime the {@code Lifetime} of the assertion to be issued.
- * @return the constructed {@code WSTrustRequestHandler} instance.
- * @throws Exception if an error occurs while creating the context.
- */
- private WSTrustRequestContext createIssuingContext(Lifetime lifetime) throws
Exception
- {
- // create a WSTrustRequestContext with a simple WS-Trust issue request.
- RequestSecurityToken request = new RequestSecurityToken();
- request.setLifetime(lifetime);
-
request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.te...;
- request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
- request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
-
- WSTrustRequestContext context = new WSTrustRequestContext(request, new
TestPrincipal("sguilhen"));
- context.setTokenIssuer("JBossSTS");
-
- return context;
- }
-
- /**
- * <p>
- * Creates a {@code WSTrustRequestContext} for validating the specified assertion.
- * </p>
- *
- * @param assertion an {@code Element} representing the SAMLV2.0 assertion to be
validated.
- * @return the constructed {@code WSTrustRequestContext} instance.
- * @throws Exception if an error occurs while creating the validating context.
- */
- private WSTrustRequestContext createValidatingContext(Element assertion) throws
Exception
- {
- RequestSecurityToken request = new RequestSecurityToken();
- request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST));
- request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
- ValidateTargetType validateTarget = new ValidateTargetType();
- validateTarget.setAny(assertion);
- request.setValidateTarget(validateTarget);
-
- WSTrustRequestContext context = new WSTrustRequestContext(request, new
TestPrincipal("sguilhen"));
-
- return context;
- }
-
- /**
- * <p>
- * Simple {@code Principal} implementation used in the test scenarios.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan
Guilhen</a>
- */
- private class TestPrincipal implements Principal
- {
- private final String name;
-
- /**
- * <p>
- * Creates an instance of {@code TestPrincipal} with the specified name.
- * </p>
- *
- * @param name a {@code String} representing the principal name.
- */
- public TestPrincipal(String name)
- {
- this.name = name;
- }
-
- /*
- * (non-Javadoc)
- *
- * @see java.security.Principal#getName()
- */
- public String getName()
- {
- return this.name;
- }
- }
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SpecialTokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SpecialTokenProvider.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/SpecialTokenProvider.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,74 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.test.identity.federation.api.wstrust;
-
-import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider;
-import org.jboss.identity.federation.api.wstrust.WSTrustException;
-import org.jboss.identity.federation.api.wstrust.WSTrustRequestContext;
-
-/**
- * <p>
- * Mock {@code SecurityTokenProvider} used in the test scenarios.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class SpecialTokenProvider implements SecurityTokenProvider
-{
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void cancelToken(WSTrustRequestContext context) throws WSTrustException
- {
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void issueToken(WSTrustRequestContext context) throws WSTrustException
- {
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void renewToken(WSTrustRequestContext context) throws WSTrustException
- {
- }
-
- /*
- * (non-Javadoc)
- *
- * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
- */
- public void validateToken(WSTrustRequestContext context) throws WSTrustException
- {
- }
-
-}
Modified:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustClientUnitTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -48,16 +48,16 @@
import junit.framework.TestCase;
import org.jboss.identity.federation.api.util.KeyStoreUtil;
-import org.jboss.identity.federation.api.util.XMLSignatureUtil;
import org.jboss.identity.federation.api.wstrust.WSTrustClient;
-import org.jboss.identity.federation.api.wstrust.WSTrustConstants;
-import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory;
import org.jboss.identity.federation.api.wstrust.WSTrustClient.SecurityInfo;
-import org.jboss.identity.federation.api.wstrust.plugins.saml.SAMLUtil;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
-import
org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.core.util.XMLSignatureUtil;
+import org.jboss.identity.federation.core.wstrust.WSTrustConstants;
+import org.jboss.identity.federation.core.wstrust.WSTrustJAXBFactory;
+import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
+import
org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
import org.jboss.identity.federation.ws.trust.StatusType;
import org.jboss.identity.federation.ws.trust.ValidateTargetType;
import org.w3c.dom.Document;
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustJAXBFactoryUnitTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,186 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.test.identity.federation.api.wstrust;
-
-import java.net.URI;
-
-import javax.xml.transform.Source;
-import javax.xml.transform.dom.DOMSource;
-
-import junit.framework.TestCase;
-
-import org.jboss.identity.federation.api.wstrust.WSTrustJAXBFactory;
-import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityToken;
-import org.jboss.identity.federation.core.wstrust.BaseRequestSecurityTokenResponse;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityToken;
-import org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponse;
-import
org.jboss.identity.federation.core.wstrust.RequestSecurityTokenResponseCollection;
-import org.w3c.dom.Document;
-
-/**
- * <p>
- * This {@code TestCase} tests the methods of the {@code WSTrustJAXBFactory}.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class WSTrustJAXBFactoryUnitTestCase extends TestCase
-{
-
- /**
- * <p>
- * Tests parsing a WS-Trust request message.
- * </p>
- *
- * @throws Exception
- * if an error occurs while running the test.
- */
- public void testParseRequestSecurityToken() throws Exception
- {
- // load a sample ws-trust request from a test file.
- Document document = DocumentUtil
-
.getDocument(this.getClass().getResourceAsStream("/wstrust/ws-trust-request.xml"));
-
- // encapsulate the request in a source object.
- Source source = new DOMSource(document);
-
- // parse the request using the WSTrustJAXBFactory.
- WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
- BaseRequestSecurityToken baseRequest = factory.parseRequestSecurityToken(source);
- assertNotNull("Unexpected null request message", baseRequest);
-
- // check the contents of the parsed request.
- assertTrue("Unexpected request message type", baseRequest instanceof
RequestSecurityToken);
- RequestSecurityToken parsedRequest = (RequestSecurityToken) baseRequest;
- assertEquals("Unexpected context name", "testcontext",
parsedRequest.getContext());
- assertEquals("Unexpected token type",
"http://www.tokens.org/SpecialToken", parsedRequest.getTokenType().toString());
- assertEquals("Unexpected request type",
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue", parsedRequest
- .getRequestType().toString());
- }
-
- /**
- * <p>
- * Tests parsing a WS-Trust response message.
- * </p>
- *
- * @throws Exception
- * if an error occurs while running the test.
- */
- public void testParseRequestSecurityTokenResponse() throws Exception
- {
- // load a ws-trust response from a file.
- Document document = DocumentUtil.getDocument(this.getClass()
- .getResourceAsStream("/wstrust/ws-trust-response.xml"));
-
- // encapsulate the response in a source object.
- Source source = new DOMSource(document);
-
- // parse the response using the WSTrustJAXBFactory.
- WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
- BaseRequestSecurityTokenResponse baseResponse =
factory.parseRequestSecurityTokenResponse(source);
- assertNotNull("Unexpected null response message", baseResponse);
-
- // check the contents of the parsed response.
- assertTrue("Unexpected response message type", baseResponse instanceof
RequestSecurityTokenResponseCollection);
- RequestSecurityTokenResponseCollection parsedCollection =
(RequestSecurityTokenResponseCollection) baseResponse;
- assertNotNull("Unexpected null response list",
parsedCollection.getRequestSecurityTokenResponses());
- assertEquals("Unexpected number of responses", 1,
parsedCollection.getRequestSecurityTokenResponses().size());
-
- RequestSecurityTokenResponse parsedResponse =
parsedCollection.getRequestSecurityTokenResponses().get(0);
- assertEquals("Unexpected context name", "testcontext",
parsedResponse.getContext());
- assertEquals("Unexpected token type",
"http://www.tokens.org/SpecialToken", parsedResponse.getTokenType()
- .toString());
- assertFalse(parsedResponse.isForwardable());
- }
-
- /**
- * <p>
- * Tests the marshalling of a WS-Trust request.
- * </p>
- *
- * @throws Exception
- * if an error occurs while running the test.
- */
- public void testMarshallRequestSecurityToken() throws Exception
- {
- // create a request object.
- RequestSecurityToken request = new RequestSecurityToken();
- request.setContext("testcontext");
- request.setTokenType(new
URI("http://www.tokens.org/SpecialToken"));
- request.setRequestType(new
URI("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"));
-
- // use the factory to marshall the request.
- WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
- Source source = factory.marshallRequestSecurityToken(request);
- assertNotNull("Unexpected null source", source);
- assertTrue("Unexpected source type", source instanceof DOMSource);
-
- // at this point we know that the parsing works, so parse the generated source and
compare to the original request.
- BaseRequestSecurityToken baseRequest = factory.parseRequestSecurityToken(source);
- assertNotNull("Unexpected null value for the parsed request",
baseRequest);
- assertTrue("Unexpected parsed request type", baseRequest instanceof
RequestSecurityToken);
- RequestSecurityToken parsedRequest = (RequestSecurityToken) baseRequest;
- assertEquals("Unexpected context value", request.getContext(),
parsedRequest.getContext());
- assertTrue("Unexpected token type",
request.getTokenType().equals(parsedRequest.getTokenType()));
- assertTrue("Unexpected request type",
request.getRequestType().equals(parsedRequest.getRequestType()));
- }
-
- /**
- * <p>
- * Tests the marshalling of a WS-Trust response.
- * </p>
- *
- * @throws Exception
- * if an error occurs while running the test.
- */
- public void testMarshallRequestSecurityTokenResponse() throws Exception
- {
- // create a sample ws-trust response message.
- RequestSecurityTokenResponse response = new RequestSecurityTokenResponse();
- response.setContext("testcontext");
- response.setTokenType(new
URI("http://www.tokens.org/SpecialToken"));
- response.setForwardable(false);
-
- RequestSecurityTokenResponseCollection collection = new
RequestSecurityTokenResponseCollection();
- collection.addRequestSecurityTokenResponse(response);
-
- // use the factory to marshall the response.
- WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
- Source source = factory.marshallRequestSecurityTokenResponse(collection);
- assertNotNull("Unexpected null source", source);
- assertTrue("Unexpected source type", source instanceof DOMSource);
-
- // at this point we know that the parsing works, so parse the generated source and
compare to the original response.
- BaseRequestSecurityTokenResponse baseResponse =
factory.parseRequestSecurityTokenResponse(source);
- assertNotNull("Unexpected null value for the parsed response",
baseResponse);
- assertTrue("Unexpected parsed request type", baseResponse instanceof
RequestSecurityTokenResponseCollection);
- RequestSecurityTokenResponseCollection parsedCollection =
(RequestSecurityTokenResponseCollection) baseResponse;
- assertNotNull("Unexpected null response list",
parsedCollection.getRequestSecurityTokenResponses());
- assertEquals("Unexpected number of responses", 1,
parsedCollection.getRequestSecurityTokenResponses().size());
-
- RequestSecurityTokenResponse parsedResponse =
parsedCollection.getRequestSecurityTokenResponses().get(0);
- assertEquals("Unexpected context value", response.getContext(),
parsedResponse.getContext());
- assertTrue("Unexpected token type",
response.getTokenType().equals(parsedResponse.getTokenType()));
- assertFalse(parsedResponse.isForwardable());
- }
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/java/org/jboss/test/identity/federation/api/wstrust/WSTrustServiceFactoryUnitTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,106 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.test.identity.federation.api.wstrust;
-
-import java.security.PrivilegedActionException;
-
-import junit.framework.TestCase;
-
-import org.jboss.identity.federation.api.wstrust.STSConfiguration;
-import org.jboss.identity.federation.api.wstrust.SecurityTokenProvider;
-import org.jboss.identity.federation.api.wstrust.StandardRequestHandler;
-import org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler;
-import org.jboss.identity.federation.api.wstrust.WSTrustServiceFactory;
-import org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider;
-
-/**
- * <p>
- * This {@code TestCase} tests the behavior of the {@code WSTrustServiceFactory} class.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class WSTrustServiceFactoryUnitTestCase extends TestCase
-{
-
- /**
- * <p>
- * Tests the creation of a {@code WSTrustRequestHandler} instance.
- * </p>
- *
- * @throws Exception if an error occurs while running the test.
- */
- public void testCreateRequestHandler() throws Exception
- {
- STSConfiguration config = new MockSTSConfiguration();
- WSTrustServiceFactory factory = WSTrustServiceFactory.getInstance();
-
- // tests the creation of the request handler.
- WSTrustRequestHandler handler = factory.createRequestHandler(
- "org.jboss.identity.federation.api.wstrust.StandardRequestHandler",
config);
- assertNotNull("Unexpected null request handler", handler);
- assertTrue("Unexpected request handler type", handler instanceof
StandardRequestHandler);
-
- // try to create an invalid instance of request handler.
- try
- {
- factory.createRequestHandler("InvalidHandler", config);
- fail("An exception should have been raised");
- }
- catch (RuntimeException re)
- {
- assertTrue(re.getCause() instanceof PrivilegedActionException);
- }
- }
-
- /**
- * <p>
- * Tests the creation of {@code SecurityTokenProvider}s.
- * </p>
- *
- * @throws Exception if an error occurs while running the test.
- */
- public void testCreateTokenProvider() throws Exception
- {
- WSTrustServiceFactory factory = WSTrustServiceFactory.getInstance();
- SecurityTokenProvider provider = factory
-
.createTokenProvider("org.jboss.test.identity.federation.api.wstrust.SpecialTokenProvider");
- assertNotNull("Unexpected null token provider", provider);
- assertTrue("Unexpected token provider type", provider instanceof
SpecialTokenProvider);
- provider = factory
-
.createTokenProvider("org.jboss.identity.federation.api.wstrust.plugins.saml.SAML20TokenProvider");
- assertNotNull("Unexpected null token provider", provider);
- assertTrue("Unexpected token provider type", provider instanceof
SAML20TokenProvider);
-
- // try to create an invalid token provider.
- try
- {
- factory.createTokenProvider("InvalidTokenProvider");
- fail("An exception should have been raised");
- }
- catch (RuntimeException re)
- {
- assertTrue(re.getCause() instanceof PrivilegedActionException);
- }
-
- }
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-request.xml
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-request.xml 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-request.xml 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,4 +0,0 @@
-<wst:RequestSecurityToken
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
Context="testcontext">
- <
wst:TokenType>http://www.tokens.org/SpecialToken</wst:TokenType>
-
<
wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue...
-</wst:RequestSecurityToken>
\ No newline at end of file
Deleted:
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-response.xml
===================================================================
---
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-response.xml 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-api/src/test/resources/wstrust/ws-trust-response.xml 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,7 +0,0 @@
-<wst:RequestSecurityTokenResponseCollection
-
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/">
- <wst:RequestSecurityTokenResponse Context="testcontext">
- <
wst:TokenType>http://www.tokens.org/SpecialToken</wst:TokenType>
- <wst:Forwardable>false</wst:Forwardable>
- </wst:RequestSecurityTokenResponse>
-</wst:RequestSecurityTokenResponseCollection>
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/IDGenerator.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/IDGenerator.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/IDGenerator.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,55 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.common;
+
+import java.util.UUID;
+
+/**
+ * Utility class that generates unique IDs
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jan 5, 2009
+ */
+public class IDGenerator
+{
+ /*
+ * Create a basic unique ID
+ */
+ public static String create()
+ {
+ return UUID.randomUUID().toString();
+ }
+
+ /**
+ * Create an id that is prefixed by a string
+ * @param prefix
+ * @return an id
+ * @throws IllegalArgumentException when prefix is null
+ */
+ public static String create(String prefix)
+ {
+ if(prefix == null)
+ throw new IllegalArgumentException("prefix is null");
+ StringBuilder sb = new StringBuilder(prefix);
+ sb.append(IDGenerator.create());
+ return sb.toString();
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/SAMLDocumentHolder.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/SAMLDocumentHolder.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/saml/v2/common/SAMLDocumentHolder.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,74 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.saml.v2.common;
+
+import org.w3c.dom.Document;
+
+/**
+ * A Holder class that can store
+ * the SAML object as well as the corresponding
+ * DOM object.
+ * It is thread safe because each thread
+ * can have only one instance of this class
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Aug 13, 2009
+ */
+public class SAMLDocumentHolder
+{
+ private Object samlObject;
+ private Document samlDocument;
+
+ public SAMLDocumentHolder(Object samlObject)
+ {
+ this.samlObject = samlObject;
+ }
+
+ public SAMLDocumentHolder(Document samlDocument)
+ {
+ this.samlDocument = samlDocument;
+ }
+
+ public SAMLDocumentHolder(Object samlObject, Document samlDocument)
+ {
+ this.samlObject = samlObject;
+ this.samlDocument = samlDocument;
+ }
+ public Object getSamlObject()
+ {
+ return samlObject;
+ }
+
+ public void setSamlObject(Object samlObject)
+ {
+ this.samlObject = samlObject;
+ }
+
+ public Document getSamlDocument()
+ {
+ return samlDocument;
+ }
+
+ public void setSamlDocument(Document samlDocument)
+ {
+ this.samlDocument = samlDocument;
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLSignatureUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLSignatureUtil.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/util/XMLSignatureUtil.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,340 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.util;
+
+import java.io.OutputStream;
+import java.security.AccessController;
+import java.security.GeneralSecurityException;
+import java.security.Key;
+import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.PrivilegedAction;
+import java.security.PublicKey;
+import java.util.Collections;
+import java.util.List;
+
+import javax.security.cert.X509Certificate;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.crypto.MarshalException;
+import javax.xml.crypto.dsig.CanonicalizationMethod;
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.Reference;
+import javax.xml.crypto.dsig.SignatureMethod;
+import javax.xml.crypto.dsig.SignedInfo;
+import javax.xml.crypto.dsig.Transform;
+import javax.xml.crypto.dsig.XMLSignature;
+import javax.xml.crypto.dsig.XMLSignatureException;
+import javax.xml.crypto.dsig.XMLSignatureFactory;
+import javax.xml.crypto.dsig.dom.DOMSignContext;
+import javax.xml.crypto.dsig.dom.DOMValidateContext;
+import javax.xml.crypto.dsig.keyinfo.KeyInfo;
+import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
+import javax.xml.crypto.dsig.keyinfo.KeyValue;
+import javax.xml.crypto.dsig.spec.C14NMethodParameterSpec;
+import javax.xml.crypto.dsig.spec.TransformParameterSpec;
+import javax.xml.parsers.ParserConfigurationException;
+import javax.xml.transform.Transformer;
+import javax.xml.transform.TransformerException;
+import javax.xml.transform.TransformerFactory;
+import javax.xml.transform.stream.StreamResult;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.util.JAXBUtil;
+import org.jboss.identity.xmlsec.w3.xmldsig.ObjectFactory;
+import org.jboss.identity.xmlsec.w3.xmldsig.SignatureType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+import org.xml.sax.SAXException;
+
+/**
+ * Utility for XML Signature
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Dec 15, 2008
+ */
+public class XMLSignatureUtil
+{
+ private static Logger log = Logger.getLogger(XMLSignatureUtil.class);
+ private static boolean trace = log.isTraceEnabled();
+
+ private static String pkgName = "org.jboss.identity.federation.w3.xmldsig";
+ private static String schemaLocation =
"schema/saml/v2/xmldsig-core-schema.xsd";
+
+ private static ObjectFactory objectFactory = new ObjectFactory();
+
+ private static XMLSignatureFactory fac = getXMLSignatureFactory();
+
+ private static XMLSignatureFactory getXMLSignatureFactory()
+ {
+ XMLSignatureFactory xsf = null;
+
+ try
+ {
+ xsf = XMLSignatureFactory.getInstance("DOM");
+ }
+ catch(Exception err)
+ {
+ //JDK5
+ xsf = XMLSignatureFactory.getInstance("DOM",
+ new org.jcp.xml.dsig.internal.dom.XMLDSigRI());
+ }
+ return xsf;
+ }
+
+ //Set some system properties
+ static
+ {
+ AccessController.doPrivileged(new PrivilegedAction<Object>()
+ {
+ public Object run()
+ {
+ System.setProperty("org.apache.xml.security.ignoreLineBreaks",
"true");
+ return null;
+ }
+ });
+ };
+
+ /**
+ * Precheck whether the document that will be validated
+ * has the right signedinfo
+ * @param doc
+ * @return
+ */
+ public static boolean preCheckSignedInfo(Document doc)
+ {
+ NodeList nl = doc.getElementsByTagNameNS(JBossSAMLURIConstants.XMLDSIG_NSURI.get(),
"SignedInfo");
+ return nl != null ? nl.getLength() > 0 : false;
+ }
+
+ /**
+ * Sign a node in a document
+ * @param doc Document
+ * @param parentOfNodeToBeSigned Parent Node of the node to be signed
+ * @param signingKey Private Key
+ * @param certificate X509 Certificate holding the public key
+ * @param digestMethod (Example: DigestMethod.SHA1)
+ * @param signatureMethod (Example: SignatureMethod.DSA_SHA1)
+ * @param referenceURI
+ * @return Document that contains the signed node
+ * @throws XMLSignatureException
+ * @throws MarshalException
+ * @throws GeneralSecurityException
+ * @throws ParserConfigurationException
+ */
+ public static Document sign(Document doc,
+ Node parentOfNodeToBeSigned,
+ PrivateKey signingKey,
+ X509Certificate certificate,
+ String digestMethod,
+ String signatureMethod,
+ String referenceURI)
+ throws ParserConfigurationException, GeneralSecurityException, MarshalException,
XMLSignatureException
+ {
+ KeyPair keyPair = new KeyPair(certificate.getPublicKey(),signingKey);
+ return sign(doc,parentOfNodeToBeSigned, keyPair,
+ digestMethod, signatureMethod, referenceURI);
+ }
+
+ /**
+ * Sign a node in a document
+ * @param doc
+ * @param nodeToBeSigned
+ * @param keyPair
+ * @param publicKey
+ * @param digestMethod
+ * @param signatureMethod
+ * @param referenceURI
+ * @return
+ * @throws ParserConfigurationException
+ * @throws XMLSignatureException
+ * @throws MarshalException
+ * @throws GeneralSecurityException
+ */
+ public static Document sign(Document doc,
+ Node nodeToBeSigned,
+ KeyPair keyPair,
+ String digestMethod,
+ String signatureMethod,
+ String referenceURI) throws ParserConfigurationException,
GeneralSecurityException, MarshalException, XMLSignatureException
+ {
+ if(nodeToBeSigned == null)
+ throw new IllegalArgumentException("Node to be signed is null");
+ if(trace)
+ {
+ try
+ {
+ log.trace("Document to be signed=" +
DocumentUtil.getDocumentAsString(doc));
+ }catch (Exception e) {}
+ }
+
+ Node parentNode = nodeToBeSigned.getParentNode();
+
+ //Let us create a new Document
+ Document newDoc = DocumentUtil.createDocument();
+ //Import the node
+ Node signingNode = newDoc.importNode(nodeToBeSigned, true);
+ newDoc.appendChild(signingNode);
+
+ newDoc = sign(newDoc, keyPair, digestMethod, signatureMethod, referenceURI);
+
+ //Now let us import this signed doc into the original document we got in the method
call
+ Node signedNode = doc.importNode(newDoc.getFirstChild(), true);
+
+ parentNode.replaceChild(signedNode, nodeToBeSigned);
+ //doc.getDocumentElement().replaceChild(signedNode, nodeToBeSigned);
+
+ return doc;
+ }
+
+
+ /**
+ * Sign the root element
+ * @param doc
+ * @param signingKey
+ * @param publicKey
+ * @param digestMethod
+ * @param signatureMethod
+ * @param referenceURI
+ * @return
+ * @throws GeneralSecurityException
+ * @throws XMLSignatureException
+ * @throws MarshalException
+ */
+ public static Document sign(Document doc,
+ KeyPair keyPair,
+ String digestMethod,
+ String signatureMethod,
+ String referenceURI) throws GeneralSecurityException, MarshalException,
XMLSignatureException
+ {
+ if(trace)
+ {
+ try
+ {
+ log.trace("Document to be signed=" +
DocumentUtil.getDocumentAsString(doc));
+ }catch (Exception e) {}
+ }
+ PrivateKey signingKey = keyPair.getPrivate();
+ PublicKey publicKey = keyPair.getPublic();
+
+ DOMSignContext dsc = new DOMSignContext(signingKey, doc.getDocumentElement());
+ dsc.setDefaultNamespacePrefix("dsig");
+
+// dsc.putNamespacePrefix(XMLSignature.XMLNS, "ds");
+
+ DigestMethod digestMethodObj = fac.newDigestMethod(digestMethod, null);
+ Transform transform = fac.newTransform(Transform.ENVELOPED,
+ (TransformParameterSpec) null);
+
+ List<Transform> transformList = Collections.singletonList(transform);
+ Reference ref = fac.newReference
+ ( referenceURI, digestMethodObj,transformList,null, null);
+
+ String canonicalizationMethodType = CanonicalizationMethod.EXCLUSIVE_WITH_COMMENTS;
+ CanonicalizationMethod canonicalizationMethod
+ = fac.newCanonicalizationMethod
+ (canonicalizationMethodType, (C14NMethodParameterSpec) null);
+
+ List<Reference> referenceList = Collections.singletonList(ref);
+ SignatureMethod signatureMethodObj = fac.newSignatureMethod(signatureMethod, null);
+ SignedInfo si = fac.newSignedInfo (canonicalizationMethod, signatureMethodObj ,
+ referenceList);
+
+ KeyInfoFactory kif = fac.getKeyInfoFactory();
+ KeyValue kv = kif.newKeyValue(publicKey);
+ KeyInfo ki = kif.newKeyInfo(Collections.singletonList(kv));
+
+ XMLSignature signature = fac.newXMLSignature(si, ki);
+
+ signature.sign(dsc);
+
+ return doc;
+ }
+ /**
+ * Validate a signed document with the given public key
+ * @param signedDoc
+ * @param publicKey
+ * @return
+ * @throws MarshalException
+ * @throws XMLSignatureException
+ */
+ @SuppressWarnings("unchecked")
+ public static boolean validate(Document signedDoc, Key publicKey) throws
MarshalException, XMLSignatureException
+ {
+ NodeList nl = signedDoc.getElementsByTagNameNS(XMLSignature.XMLNS,
"Signature");
+ if (nl == null || nl.getLength() == 0)
+ {
+ throw new IllegalArgumentException("Cannot find Signature element");
+ }
+ if(publicKey == null)
+ throw new IllegalArgumentException("Public Key is null");
+
+ DOMValidateContext valContext = new DOMValidateContext(publicKey, nl.item(0));
+ XMLSignature signature = fac.unmarshalXMLSignature(valContext);
+ boolean coreValidity = signature.validate(valContext);
+
+ if(trace && !coreValidity)
+ {
+ boolean sv = signature.getSignatureValue().validate(valContext);
+ log.trace("Signature validation status: " + sv);
+
+ List<Reference> references = signature.getSignedInfo().getReferences();
+ for(Reference ref:references)
+ {
+ log.trace("[Ref id=" + ref.getId() +":uri=" +
ref.getURI() +
+ "]validity status:" + ref.validate(valContext));
+ }
+ }
+ return coreValidity;
+ }
+
+ /**
+ * Marshall a SignatureType to output stream
+ * @param signature
+ * @param os
+ * @throws SAXException
+ * @throws JAXBException
+ */
+ public static void marshall(SignatureType signature, OutputStream os) throws
JAXBException, SAXException
+ {
+ JAXBElement<SignatureType> jsig = objectFactory.createSignature(signature);
+ Marshaller marshaller = JAXBUtil.getValidatingMarshaller(pkgName, schemaLocation);
+ marshaller.marshal(jsig, os);
+ }
+
+ /**
+ * Marshall the signed document to an output stream
+ * @param signedDocument
+ * @param os
+ * @throws TransformerException
+ */
+ public static void marshall(Document signedDocument, OutputStream os)
+ throws TransformerException
+ {
+ TransformerFactory tf = TransformerFactory.newInstance();
+ Transformer trans = tf.newTransformer();
+ trans.transform(DocumentUtil.getXMLSource(signedDocument), new StreamResult(os));
+ }
+}
\ No newline at end of file
Deleted:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,33 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.wstrust;
-
-/**
- * <p>
- * Marker interface for the request security token types.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public interface BaseRequestSecurityToken
-{
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,33 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.wstrust;
-
-/**
- * <p>
- * Marker interface for the security token response types.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public interface BaseRequestSecurityTokenResponse
-{
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,236 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.wstrust;
-
-import java.util.GregorianCalendar;
-
-import javax.xml.datatype.DatatypeConfigurationException;
-import javax.xml.datatype.DatatypeFactory;
-import javax.xml.datatype.XMLGregorianCalendar;
-
-import org.jboss.identity.federation.ws.trust.LifetimeType;
-import org.jboss.identity.federation.ws.wss.utility.AttributedDateTime;
-
-/**
- * <p>
- * This class represents a WS-Trust {@code Lifetime}. It wraps the JAXB {@code
LifetimeType} and offer methods that
- * allows for easy retrieval of the creation and expiration times as {@code
XMLGregorianCalendar} and
- * {@code GregorianCalendar} objects.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class Lifetime
-{
-
- private final LifetimeType delegate;
-
- private XMLGregorianCalendar created;
-
- private XMLGregorianCalendar expires;
-
- private DatatypeFactory factory;
-
- /**
- * <p>
- * Creates an instance of {@code Lifetime} with the specified parameters.
- * </p>
- *
- * @param created a {@code GregorianCalendar} representing the token creation time.
- * @param expires a {@code GregorianCalendar} representing the token expiration time.
- */
- public Lifetime(GregorianCalendar created, GregorianCalendar expires)
- {
- try
- {
- this.factory = DatatypeFactory.newInstance();
- }
- catch (DatatypeConfigurationException dce)
- {
- throw new RuntimeException("Unable to get DatatypeFactory instance",
dce);
- }
-
- // normalize the parameters (convert to UTC).
- this.created = factory.newXMLGregorianCalendar(created).normalize();
- this.expires = factory.newXMLGregorianCalendar(expires).normalize();
-
- // set the delegate fields.
- this.delegate = new LifetimeType();
- AttributedDateTime dateTime = new AttributedDateTime();
- dateTime.setValue(this.created.toXMLFormat());
- this.delegate.setCreated(dateTime);
- dateTime = new AttributedDateTime();
- dateTime.setValue(this.expires.toXMLFormat());
- this.delegate.setExpires(dateTime);
-
- }
-
- /**
- * <p>
- * Creates a {@code Lifetime} instance using the specified {@code LifetimeType}.
- * </p>
- *
- * @param lifetime a reference to the {@code LifetimeType} instance that contains the
information used in the
- * {@code Lifetime} construction.
- */
- public Lifetime(LifetimeType lifetime)
- {
- if (lifetime == null)
- throw new IllegalArgumentException("Unable to create a Lifetime object from
a null LifetimeType");
-
- try
- {
- this.factory = DatatypeFactory.newInstance();
- }
- catch (DatatypeConfigurationException dce)
- {
- throw new RuntimeException("Unable to get DatatypeFactory instance",
dce);
- }
- this.delegate = lifetime;
-
- // construct the created and expires instances from the lifetime object.
- this.created = factory.newXMLGregorianCalendar(lifetime.getCreated().getValue());
- this.expires = factory.newXMLGregorianCalendar(lifetime.getExpires().getValue());
-
- // check if the supplied lifetime needs to be normalized.
- if (this.created.getTimezone() != 0)
- {
- this.created = this.created.normalize();
- this.delegate.getCreated().setValue(this.created.toXMLFormat());
- }
- if (this.expires.getTimezone() != 0)
- {
- this.expires = this.expires.normalize();
- this.delegate.getExpires().setValue(this.expires.toXMLFormat());
- }
- }
-
- /**
- * <p>
- * Obtains the creation time as a {@code XMLGregorianCalendar}.
- * </p>
- *
- * @return a reference to the {@code XMLGregorianCalendar} that represents the
creation time.
- */
- public XMLGregorianCalendar getCreated()
- {
- return this.created;
- }
-
- /**
- * <p>
- * Sets the creation time.
- * </p>
- *
- * @param created a reference to the {@code XMLGregorianCalendar} that represents the
creation time to be set.
- */
- public void setCreated(XMLGregorianCalendar created)
- {
- this.created = created.normalize();
- this.delegate.getCreated().setValue(this.created.toXMLFormat());
- }
-
- /**
- * <p>
- * Obtains the creation time as a {@code GregorianCalendar}.
- * </p>
- *
- * @return a reference to the {@code GregorianCalendar} that represents the creation
time.
- */
- public GregorianCalendar getCreatedCalendar()
- {
- return this.created.toGregorianCalendar();
- }
-
- /**
- * <p>
- * Sets the creation time.
- * </p>
- *
- * @param created a reference to the {@code GregorianCalendar} that represents the
creation time to be set.
- */
- public void setCreatedCalendar(GregorianCalendar created)
- {
- this.setCreated(this.factory.newXMLGregorianCalendar(created));
- }
-
- /**
- * <p>
- * Obtains the expiration time as a {@code XMLGregorianCalendar}.
- * </p>
- *
- * @return a reference to the {@code XMLGregorianCalendar} that represents the
expiration time.
- */
- public XMLGregorianCalendar getExpires()
- {
- return this.expires;
- }
-
- /**
- * <p>
- * Sets the expiration time.
- * </p>
- *
- * @param expires a reference to the {@code XMLGregorianCalendar} that represents the
expiration time.
- */
- public void setExpires(XMLGregorianCalendar expires)
- {
- this.expires = expires.normalize();
- this.delegate.getExpires().setValue(this.expires.toXMLFormat());
- }
-
- /**
- * <p>
- * Obtains the expiration time as a {@code GregorianCalendar}.
- * </p>
- *
- * @return a reference to the {@code GregorianCalendar} that represents the expiration
time.
- */
- public GregorianCalendar getExpiresCalendar()
- {
- return this.expires.toGregorianCalendar();
- }
-
- /**
- * <p>
- * Sets the expiration time.
- * </p>
- *
- * @param expires a reference to the {@code GregorianCalendar} that represents the
expiration time.
- */
- public void setExpiresCalendar(GregorianCalendar expires)
- {
- this.setExpires(this.factory.newXMLGregorianCalendar(expires));
- }
-
- /**
- * <p>
- * Obtains a reference to the {@code LifetimeType} delegate.
- * </p>
- *
- * @return a reference to the delegate instance.
- */
- public LifetimeType getDelegate()
- {
- return this.delegate;
- }
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,1139 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.wstrust;
-
-import java.net.URI;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-
-import javax.xml.bind.JAXBElement;
-import javax.xml.namespace.QName;
-
-import org.jboss.identity.federation.ws.addressing.EndpointReferenceType;
-import org.jboss.identity.federation.ws.policy.AppliesTo;
-import org.jboss.identity.federation.ws.policy.Policy;
-import org.jboss.identity.federation.ws.policy.PolicyReference;
-import org.jboss.identity.federation.ws.trust.AllowPostdatingType;
-import org.jboss.identity.federation.ws.trust.CancelTargetType;
-import org.jboss.identity.federation.ws.trust.ClaimsType;
-import org.jboss.identity.federation.ws.trust.DelegateToType;
-import org.jboss.identity.federation.ws.trust.EncryptionType;
-import org.jboss.identity.federation.ws.trust.EntropyType;
-import org.jboss.identity.federation.ws.trust.LifetimeType;
-import org.jboss.identity.federation.ws.trust.ObjectFactory;
-import org.jboss.identity.federation.ws.trust.OnBehalfOfType;
-import org.jboss.identity.federation.ws.trust.ProofEncryptionType;
-import org.jboss.identity.federation.ws.trust.RenewTargetType;
-import org.jboss.identity.federation.ws.trust.RenewingType;
-import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType;
-import org.jboss.identity.federation.ws.trust.UseKeyType;
-import org.jboss.identity.federation.ws.trust.ValidateTargetType;
-import org.w3c.dom.Document;
-import org.w3c.dom.Element;
-import org.w3c.dom.NodeList;
-
-/**
- * <p>
- * This class represents a WS-Trust {@code RequestSecurityToken}. It wraps the JAXB
representation of the security
- * token request and offers a series of getter/setter methods that make it easy to work
with elements that are
- * represented by the {@code Any} XML type.
- * </p>
- * <p>
- * The following shows the intended content model of a {@code RequestSecurityToken}:
- *
- * <pre>
- * <xs:element ref='wst:TokenType' minOccurs='0' />
- * <xs:element ref='wst:RequestType' />
- * <xs:element ref='wsp:AppliesTo' minOccurs='0' />
- * <xs:element ref='wst:Claims' minOccurs='0' />
- * <xs:element ref='wst:Entropy' minOccurs='0' />
- * <xs:element ref='wst:Lifetime' minOccurs='0' />
- * <xs:element ref='wst:AllowPostdating' minOccurs='0'
/>
- * <xs:element ref='wst:Renewing' minOccurs='0' />
- * <xs:element ref='wst:OnBehalfOf' minOccurs='0' />
- * <xs:element ref='wst:Issuer' minOccurs='0' />
- * <xs:element ref='wst:AuthenticationType' minOccurs='0'
/>
- * <xs:element ref='wst:KeyType' minOccurs='0' />
- * <xs:element ref='wst:KeySize' minOccurs='0' />
- * <xs:element ref='wst:SignatureAlgorithm' minOccurs='0'
/>
- * <xs:element ref='wst:Encryption' minOccurs='0' />
- * <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0'
/>
- * <xs:element ref='wst:CanonicalizationAlgorithm'
minOccurs='0' />
- * <xs:element ref='wst:ProofEncryption' minOccurs='0'
/>
- * <xs:element ref='wst:UseKey' minOccurs='0' />
- * <xs:element ref='wst:SignWith' minOccurs='0' />
- * <xs:element ref='wst:EncryptWith' minOccurs='0' />
- * <xs:element ref='wst:DelegateTo' minOccurs='0' />
- * <xs:element ref='wst:Forwardable' minOccurs='0' />
- * <xs:element ref='wst:Delegatable' minOccurs='0' />
- * <xs:element ref='wsp:Policy' minOccurs='0' />
- * <xs:element ref='wsp:PolicyReference' minOccurs='0'
/>
- * <xs:any namespace='##other' processContents='lax'
minOccurs='0' maxOccurs='unbounded' />
- * </pre>
- *
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class RequestSecurityToken implements BaseRequestSecurityToken
-{
-
- private final RequestSecurityTokenType delegate;
-
- private URI tokenType;
-
- private URI requestType;
-
- private AppliesTo appliesTo;
-
- private ClaimsType claims;
-
- private EntropyType entropy;
-
- private Lifetime lifetime;
-
- private AllowPostdatingType allowPostDating;
-
- private RenewingType renewing;
-
- private OnBehalfOfType onBehalfOf;
-
- private EndpointReferenceType issuer;
-
- private URI authenticationType;
-
- private URI keyType;
-
- private long keySize;
-
- private URI signatureAlgorithm;
-
- private EncryptionType encryption;
-
- private URI encryptionAlgorithm;
-
- private URI canonicalizationAlgorithm;
-
- private ProofEncryptionType proofEncryption;
-
- private UseKeyType useKey;
-
- private URI signWith;
-
- private URI encryptWith;
-
- private DelegateToType delegateTo;
-
- private boolean forwardable;
-
- private boolean delegatable;
-
- private Policy policy;
-
- private PolicyReference policyReference;
-
- private ValidateTargetType validateTarget;
-
- private RenewTargetType renewTarget;
-
- private CancelTargetType cancelTarget;
-
- private final List<Object> extensionElements = new ArrayList<Object>();
-
- private final ObjectFactory factory = new ObjectFactory();
-
- private Document rstDocument;
-
- /**
- * <p>
- * Creates an instance of {@code RequestSecurityToken}.
- * </p>
- */
- public RequestSecurityToken()
- {
- this.delegate = new RequestSecurityTokenType();
- }
-
- /**
- * <p>
- * Creates an instance of {@code RequestSecurityToken} using the specified delegate.
- * </p>
- *
- * @param delegate the JAXB {@code RequestSecurityTokenType} that represents a
WS-Trust token request.
- */
- public RequestSecurityToken(RequestSecurityTokenType delegate)
- {
- this.delegate = delegate;
- // parse the delegate's Any contents.
- for (Object obj : this.delegate.getAny())
- {
- if (obj instanceof AppliesTo)
- {
- this.appliesTo = (AppliesTo) obj;
- }
- else if (obj instanceof Policy)
- {
- this.policy = (Policy) obj;
- }
- else if (obj instanceof PolicyReference)
- {
- this.policyReference = (PolicyReference) obj;
- }
- else if (obj instanceof JAXBElement)
- {
- JAXBElement<?> element = (JAXBElement<?>) obj;
- String localName = element.getName().getLocalPart();
- if (localName.equalsIgnoreCase("TokenType"))
- this.tokenType = URI.create((String) element.getValue());
- else if (localName.equalsIgnoreCase("RequestType"))
- this.requestType = URI.create((String) element.getValue());
- else if (localName.equalsIgnoreCase("Claims"))
- this.claims = (ClaimsType) element.getValue();
- else if (localName.equalsIgnoreCase("Entropy"))
- this.entropy = (EntropyType) element.getValue();
- else if (localName.equalsIgnoreCase("Lifetime"))
- this.lifetime = new Lifetime((LifetimeType) element.getValue());
- else if (localName.equalsIgnoreCase("AllowPostdating"))
- this.allowPostDating = (AllowPostdatingType) element.getValue();
- else if (localName.equalsIgnoreCase("Renewing"))
- this.renewing = (RenewingType) element.getValue();
- else if (localName.equalsIgnoreCase("OnBehalfOf"))
- this.onBehalfOf = (OnBehalfOfType) element.getValue();
- else if (localName.equalsIgnoreCase("Issuer"))
- this.issuer = (EndpointReferenceType) element.getValue();
- else if (localName.equalsIgnoreCase("AuthenticationType"))
- this.authenticationType = URI.create((String) element.getValue());
- else if (localName.equalsIgnoreCase("KeyType"))
- this.keyType = URI.create((String) element.getValue());
- else if (localName.equalsIgnoreCase("KeySize"))
- this.keySize = (Long) element.getValue();
- else if (localName.equalsIgnoreCase("SignatureAlgorithm"))
- this.signatureAlgorithm = URI.create((String) element.getValue());
- else if (localName.equalsIgnoreCase("Encryption"))
- this.encryption = (EncryptionType) element.getValue();
- else if (localName.equalsIgnoreCase("EntropyAlgorithm"))
- this.encryptionAlgorithm = URI.create((String) element.getValue());
- else if (localName.equalsIgnoreCase("CanonicalizationAlgorithm"))
- this.canonicalizationAlgorithm = URI.create((String) element.getValue());
- else if (localName.equalsIgnoreCase("ProofEncryption"))
- this.proofEncryption = (ProofEncryptionType) element.getValue();
- else if (localName.equalsIgnoreCase("UseKey"))
- this.useKey = (UseKeyType) element.getValue();
- else if (localName.equalsIgnoreCase("SignWith"))
- this.signWith = URI.create((String) element.getValue());
- else if (localName.equalsIgnoreCase("EncryptWith"))
- this.encryptWith = URI.create((String) element.getValue());
- else if (localName.equalsIgnoreCase("DelegateTo"))
- this.delegateTo = (DelegateToType) element.getValue();
- else if (localName.equalsIgnoreCase("Forwardable"))
- this.forwardable = (Boolean) element.getValue();
- else if (localName.equalsIgnoreCase("Delegatable"))
- this.delegatable = (Boolean) element.getValue();
- else if (localName.equalsIgnoreCase("CancelTarget"))
- this.cancelTarget = (CancelTargetType) element.getValue();
- else if (localName.equalsIgnoreCase("RenewTarget"))
- this.renewTarget = (RenewTargetType) element.getValue();
- else if (localName.equalsIgnoreCase("ValidateTarget"))
- this.validateTarget = (ValidateTargetType) element.getValue();
- else
- this.extensionElements.add(element.getValue());
- }
- else
- {
- this.extensionElements.add(obj);
- }
- }
- }
-
- /**
- * Creates an instance of {@code RequestSecurityTokenType} and {@code Document}
- * @param delegate
- * @param rstDocument
- */
- public RequestSecurityToken(RequestSecurityTokenType delegate, Document rstDocument)
- {
- this(delegate);
- this.rstDocument = rstDocument;
- }
-
- /**
- * <p>
- * Obtains the {@code URI} that identifies the token type.
- * </p>
- *
- * @return a {@code URI} that represents the token type.
- */
- public URI getTokenType()
- {
- return this.tokenType;
- }
-
- /**
- * <p>
- * Sets the token type.
- * </p>
- *
- * @param tokenType a {@code URI} that identifies the token type.
- */
- public void setTokenType(URI tokenType)
- {
- this.tokenType = tokenType;
- this.delegate.getAny().add(this.factory.createTokenType(tokenType.toString()));
-
- }
-
- /**
- * <p>
- * Obtains the request type.
- * </p>
- *
- * @return a {@code URI} that identifies the request type.
- */
- public URI getRequestType()
- {
- return this.requestType;
- }
-
- /**
- * <p>
- * Sets the request type. The type must be one of the request types described in the
WS-Trust specification.
- * </p>
- *
- * @param requestType a {@code URI} that identifies the request type.
- */
- public void setRequestType(URI requestType)
- {
- this.requestType = requestType;
-
this.delegate.getAny().add(this.factory.createRequestType(requestType.toString()));
- }
-
- /**
- * <p>
- * Obtains the {@code AppliesTo} value of this request. The {@code AppliesTo} object
identifies the service provider
- * (web service) that requires a token to be presented by clients. A STS uses this
object to find the type of the
- * token that is accepted by the service provider so that it can issue appropriate
tokens to clients.
- * </p>
- *
- * @return the reference to the {@code AppliesTo} object.
- */
- public AppliesTo getAppliesTo()
- {
- return this.appliesTo;
- }
-
- /**
- * <p>
- * Sets the {@code AppliesTo} value of this request. The {@code AppliesTo} object
identifies the service provider
- * (web service) that requires a token to be presented by clients. A STS uses this
object to find the type of the
- * token that is accepted by the service provider so that it can issue appropriate
tokens to clients.
- * </p>
- *
- * @param appliesTo a reference to the {@code AppliesTo} object that identifies the
service provider.
- */
- public void setAppliesTo(AppliesTo appliesTo)
- {
- this.appliesTo = appliesTo;
- this.delegate.getAny().add(appliesTo);
- }
-
- /**
- * <p>
- * Obtains the set of claims of this request.
- * </p>
- *
- * @return a reference to the {@code ClaimsType} object that represents the
request's claims.
- */
- public ClaimsType getClaims()
- {
- return this.claims;
- }
-
- /**
- * <p>
- * Sets the claims of this request.
- * </p>
- *
- * @param claims the {@code ClaimsType} object that represents the claims to be set.
- */
- public void setClaims(ClaimsType claims)
- {
- this.claims = claims;
- this.delegate.getAny().add(this.factory.createClaims(claims));
- }
-
- /**
- * <p>
- * Obtains the entropy that will be used in creating the key.
- * </p>
- *
- * @return a reference to the {@code EntropyType} that represents the entropy.
- */
- public EntropyType getEntropy()
- {
- return this.entropy;
- }
-
- /**
- * <p>
- * Sets the entropy that must be used when creating the key.
- * </p>
- *
- * @param entropy the {@code EntropyType} representing the entropy to be set.
- */
- public void setEntropy(EntropyType entropy)
- {
- this.entropy = entropy;
- this.delegate.getAny().add(this.factory.createEntropy(entropy));
- }
-
- /**
- * <p>
- * Obtains the desired lifetime of the requested token.
- * </p>
- *
- * @return a reference to the {@code Lifetime} that represents the lifetime.
- */
- public Lifetime getLifetime()
- {
- return this.lifetime;
- }
-
- /**
- * <p>
- * Sets the desired lifetime of the requested token.
- * </p>
- *
- * @param lifetime the {@code Lifetime} object representing the lifetime to be set.
- */
- public void setLifetime(Lifetime lifetime)
- {
- this.lifetime = lifetime;
- this.delegate.getAny().add(this.factory.createLifetime(lifetime.getDelegate()));
- }
-
- /**
- * <p>
- * Checks whether a request for a postdated token should be allowed or not.
- * </p>
- *
- * @return {@code null} if the token can't have a future lifetime (e.g. a token to
be used the next day); a
- * {@code AllowPostdatingType} otherwise.
- */
- public AllowPostdatingType getAllowPostDating()
- {
- return this.allowPostDating;
- }
-
- /**
- * <p>
- * Specifies whether a request for a postdated token should be allowed or not.
- * </p>
- *
- * @param allowPostDating {@code null} if the token can't have a future lifetime
(e.g. a token to be used the next
- * day); a {@code AllowPostdatingType} otherwise.
- */
- public void setAllowPostDating(AllowPostdatingType allowPostDating)
- {
- this.allowPostDating = allowPostDating;
- this.delegate.getAny().add(this.factory.createAllowPostdating(allowPostDating));
- }
-
- /**
- * <p>
- * Obtains the renew semantics for this request.
- * </p>
- *
- * @return a reference to the {@code RenewingType} that represents the renew semantics
for this request.
- */
- public RenewingType getRenewing()
- {
- return this.renewing;
- }
-
- /**
- * <p>
- * Sets the renew semantics for this request.
- * </p>
- *
- * @param renewing the {@code RenewingType} object representing the semantics to be
set.
- */
- public void setRenewing(RenewingType renewing)
- {
- this.renewing = renewing;
- this.delegate.getAny().add(this.factory.createRenewing(renewing));
- }
-
- /**
- * <p>
- * Obtains the identity on whose behalf this request was made.
- * </p>
- *
- * @return a reference to the {@code OnBehalfOfType} that represents the identity on
whose behalf this request was
- * made.
- */
- public OnBehalfOfType getOnBehalfOf()
- {
- return this.onBehalfOf;
- }
-
- /**
- * <p>
- * Specifies the identity on whose behalf this request is being made.
- * </p>
- *
- * @param onBehalfOf the {@code OnBehalfOfType} object representing the identity to be
set.
- */
- public void setOnBehalfOf(OnBehalfOfType onBehalfOf)
- {
- this.onBehalfOf = onBehalfOf;
- this.delegate.getAny().add(this.factory.createOnBehalfOf(onBehalfOf));
- }
-
- /**
- * <p>
- * Obtains the issuer of the token included in the request in the scenarios where the
requestor is obtaining a token
- * on behalf of another party.
- * </p>
- *
- * @return a reference to the {@code EndpointReferenceType} that represents the
issuer.
- */
- public EndpointReferenceType getIssuer()
- {
- return this.issuer;
- }
-
- /**
- * <p>
- * Sets the issuer of the token included in the request in scenarios where the
requestor is obtaining a token on
- * behalf of another party.
- * </p>
- *
- * @param issuer the {@code EndpointReferenceType} object representing the issuer to
be set.
- */
- public void setIssuer(EndpointReferenceType issuer)
- {
- this.issuer = issuer;
- this.delegate.getAny().add(this.factory.createIssuer(issuer));
- }
-
- /**
- * <p>
- * Obtains the type of authentication that has been set as part of the request.
- * </p>
- *
- * @return a {@code URI} that identifies the desired authentication type.
- */
- public URI getAuthenticationType()
- {
- return this.authenticationType;
- }
-
- /**
- * <p>
- * Sets the authentication type in the request.
- * </p>
- *
- * @param authenticationType a {@code URI} that identifies the authentication type to
be set.
- */
- public void setAuthenticationType(URI authenticationType)
- {
- this.authenticationType = authenticationType;
-
this.delegate.getAny().add(this.factory.createAuthenticationType(authenticationType.toString()));
- }
-
- /**
- * <p>
- * Obtains the type of the key that has been set in the request.
- * </p>
- *
- * @return a {@code URI} that identifies the key type.
- */
- public URI getKeyType()
- {
- return this.keyType;
- }
-
- /**
- * <p>
- * Sets the key type in the request.
- * </p>
- *
- * @param keyType a {@code URI} that specifies the key type.
- */
- public void setKeyType(URI keyType)
- {
- this.keyType = keyType;
- this.delegate.getAny().add(this.factory.createKeyType(keyType.toString()));
- }
-
- /**
- * <p>
- * Obtains the size of they key that has been set in the request.
- * </p>
- *
- * @return a {@code long} representing the key size in bytes.
- */
- public long getKeySize()
- {
- return this.keySize;
- }
-
- /**
- * <p>
- * Sets the size of the key in the request.
- * </p>
- *
- * @param keySize a {@code long} representing the key size in bytes.
- */
- public void setKeySize(long keySize)
- {
- this.keySize = keySize;
- this.delegate.getAny().add(this.factory.createKeySize(keySize));
- }
-
- /**
- * <p>
- * Obtains the signature algorithm that has been set in the request.
- * </p>
- *
- * @return a {@code URI} that represents the signature algorithm.
- */
- public URI getSignatureAlgorithm()
- {
- return this.signatureAlgorithm;
- }
-
- /**
- * <p>
- * Sets the signature algorithm in the request.
- * </p>
- *
- * @param signatureAlgorithm a {@code URI} that represents the algorithm to be set.
- */
- public void setSignatureAlgorithm(URI signatureAlgorithm)
- {
- this.signatureAlgorithm = signatureAlgorithm;
-
this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signatureAlgorithm.toString()));
- }
-
- /**
- * <p>
- * Obtains the {@code Encryption} section of the request. The {@code Encryption}
element indicates that the requestor
- * desires any returned secrets in issued security tokens to be encrypted.
- * </p>
- *
- * @return a reference to the {@code EncryptionType} object.
- */
- public EncryptionType getEncryption()
- {
- return this.encryption;
- }
-
- /**
- * <p>
- * Sets the {@code Encryption} section of the request. The {@code Encryption} element
indicates that the requestor
- * desires any returned secrets in issued security tokens to be encrypted.
- * </p>
- *
- * @param encryption the {@code EncryptionType} to be set.
- */
- public void setEncryption(EncryptionType encryption)
- {
- this.encryption = encryption;
- this.delegate.getAny().add(this.factory.createEncryption(encryption));
- }
-
- /**
- * <p>
- * Obtains the encryption algorithm that has been set in the request.
- * </p>
- *
- * @return a {@code URI} that represents the encryption algorithm.
- */
- public URI getEncryptionAlgorithm()
- {
- return this.encryptionAlgorithm;
- }
-
- /**
- * <p>
- * Sets the encryption algorithm in the request.
- * </p>
- *
- * @param encryptionAlgorithm a {@code URI} that represents the encryption algorithm
to be set.
- */
- public void setEncryptionAlgorithm(URI encryptionAlgorithm)
- {
- this.encryptionAlgorithm = encryptionAlgorithm;
-
this.delegate.getAny().add(this.factory.createEncryptionAlgorithm(encryptionAlgorithm.toString()));
- }
-
- /**
- * <p>
- * Obtains the canonicalization algorithm that has been set in the request.
- * </p>
- *
- * @return a {@code URI} that represents the canonicalization algorithm.
- */
- public URI getCanonicalizationAlgorithm()
- {
- return this.canonicalizationAlgorithm;
- }
-
- /**
- * <p>
- * Sets the canonicalization algorithm in the request.
- * </p>
- *
- * @param canonicalizationAlgorithm a {@code URI} that represents the algorithm to be
set.
- */
- public void setCanonicalizationAlgorithm(URI canonicalizationAlgorithm)
- {
- this.canonicalizationAlgorithm = canonicalizationAlgorithm;
-
this.delegate.getAny().add(this.factory.createCanonicalizationAlgorithm(canonicalizationAlgorithm.toString()));
- }
-
- /**
- * <p>
- * Obtains the {@code ProofEncryption} section of the request. The {@code
ProofEncryption} indicates that the
- * requester desires any returned secrets in issued security tokens to be encrypted.
- * </p>
- *
- * @return a reference to the {@code ProofEncryptionType} object.
- */
- public ProofEncryptionType getProofEncryption()
- {
- return this.proofEncryption;
- }
-
- /**
- * <p>
- * Sets the {@code ProofEncryption} section of the request. The {@code
ProofEncryption} indicates that the requester
- * desires any returned secrets in issued security tokens to be encrypted.
- * </p>
- *
- * @param proofEncryption the {@code ProofEncryptionType} to be set.
- */
- public void setProofEncryption(ProofEncryptionType proofEncryption)
- {
- this.proofEncryption = proofEncryption;
- this.delegate.getAny().add(this.factory.createProofEncryption(proofEncryption));
- }
-
- /**
- * <p>
- * Obtains the key that should be used in the returned token.
- * </p>
- *
- * @return a reference to the {@code UseKeyType} instance that represents the key to
be used.
- */
- public UseKeyType getUseKey()
- {
- return this.useKey;
- }
-
- /**
- * <p>
- * Sets the key that should be used in the returned token.
- * </p>
- *
- * @param useKey the {@code UseKeyType} instance to be set.
- */
- public void setUseKey(UseKeyType useKey)
- {
- this.useKey = useKey;
- this.delegate.getAny().add(this.factory.createUseKey(useKey));
- }
-
- /**
- * <p>
- * Obtains the signature algorithm that should be used with the issued security
token.
- * </p>
- *
- * @return a {@code URI} representing the algorithm that should be used.
- */
- public URI getSignWith()
- {
- return this.signWith;
- }
-
- /**
- * <p>
- * Sets the signature algorithm that should be used with the issued security token.
- * </p>
- *
- * @param signWith a {@code URI} representing the algorithm to be used.
- */
- public void setSignWith(URI signWith)
- {
- this.signWith = signWith;
-
this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signWith.toString()));
- }
-
- /**
- * <p>
- * Obtains the encryption algorithm that should be used with the issued security
token.
- * </p>
- *
- * @return a {@code URI} representing the encryption algorithm that should be used.
- */
- public URI getEncryptWith()
- {
- return this.encryptWith;
- }
-
- /**
- * <p>
- * Sets the encryption algorithm that should be used with the issued security token.
- * </p>
- *
- * @param encryptWith a {@code URI} representing the algorithm to be used.
- */
- public void setEncryptWith(URI encryptWith)
- {
- this.encryptWith = encryptWith;
-
this.delegate.getAny().add(this.factory.createEncryptWith(encryptWith.toString()));
- }
-
- /**
- * <p>
- * Obtains the identity to which the requested token should be delegated.
- * </p>
- *
- * @return a reference to the {@code DelegateToType} instance that represents the
identity.
- */
- public DelegateToType getDelegateTo()
- {
- return this.delegateTo;
- }
-
- /**
- * <p>
- * Sets the identity to which the requested token should be delegated.
- * </p>
- *
- * @param delegateTo the {@code DelegateToType} object representing the identity to be
set.
- */
- public void setDelegateTo(DelegateToType delegateTo)
- {
- this.delegateTo = delegateTo;
- this.delegate.getAny().add(this.factory.createDelegateTo(delegateTo));
- }
-
- /**
- * <p>
- * Indicates whether the requested token should be marked as "forwardable"
or not. In general, this flag is used when
- * a token is normally bound to the requestor's machine or service. Using this
flag, the returned token MAY be used
- * from any source machine so long as the key is correctly proven.
- * </p>
- *
- * @return {@code true} if the requested token should be marked as
"forwardable"; {@code false} otherwise.
- */
- public boolean isForwardable()
- {
- return this.forwardable;
- }
-
- /**
- * <p>
- * Specifies whether the requested token should be marked as "forwardable"
or not. In general, this flag is used when
- * a token is normally bound to the requestor's machine or service. Using this
flag, the returned token MAY be used
- * from any source machine so long as the key is correctly proven.
- * </p>
- *
- * @param forwardable {@code true} if the requested token should be marked as
"forwardable"; {@code false} otherwise.
- */
- public void setForwardable(boolean forwardable)
- {
- this.forwardable = forwardable;
- this.delegate.getAny().add(this.factory.createForwardable(forwardable));
- }
-
- /**
- * <p>
- * Indicates whether the requested token should be marked as "delegatable"
or not. Using this flag, the returned
- * token MAY be delegated to another party.
- * </p>
- *
- * @return {@code true} if the requested token should be marked as
"delegatable"; {@code false} otherwise.
- */
- public boolean isDelegatable()
- {
- return this.delegatable;
- }
-
- /**
- * <p>
- * Specifies whether the requested token should be marked as "delegatable"
or not. Using this flag, the returned
- * token MAY be delegated to another party.
- * </p>
- *
- * @param delegatable {@code true} if the requested token should be marked as
"delegatable"; {@code false} otherwise.
- */
- public void setDelegatable(boolean delegatable)
- {
- this.delegatable = delegatable;
- this.delegate.getAny().add(this.factory.createDelegatable(delegatable));
- }
-
- /**
- * <p>
- * Obtains the {@code Policy} associated with the request. The policy specifies
defaults that can be overridden by
- * the previous properties.
- * </p>
- *
- * @return a reference to the {@code Policy} that has been set in the request.
- */
- public Policy getPolicy()
- {
- return this.policy;
- }
-
- /**
- * <p>
- * Sets the {@code Policy} in the request. The policy specifies defaults that can be
overridden by the previous
- * properties.
- * </p>
- *
- * @param policy the {@code Policy} instance to be set.
- */
- public void setPolicy(Policy policy)
- {
- this.policy = policy;
- this.delegate.getAny().add(policy);
- }
-
- /**
- * <p>
- * Obtains the reference to the {@code Policy} that should be used.
- * </p>
- *
- * @return a {@code PolicyReference} that specifies where the {@code Policy} can be
found.
- */
- public PolicyReference getPolicyReference()
- {
- return this.policyReference;
- }
-
- /**
- * <p>
- * Sets the reference to the {@code Policy} that should be used.
- * </p>
- *
- * @param policyReference the {@code PolicyReference} object to be set.
- */
- public void setPolicyReference(PolicyReference policyReference)
- {
- this.policyReference = policyReference;
- this.delegate.getAny().add(policyReference);
- }
-
- /**
- * <p>
- * Obtains the list of request elements that are not part of the standard content
model.
- * </p>
- *
- * @return a {@code List<Object>} containing the extension elements.
- */
- public List<Object> getExtensionElements()
- {
- return Collections.unmodifiableList(this.extensionElements);
- }
-
- /**
- * <p>
- * Obtains the request context.
- * </p>
- *
- * @return a {@code String} that identifies the request.
- */
- public String getContext()
- {
- return this.delegate.getContext();
- }
-
- /**
- * <p>
- * Sets the request context.
- * </p>
- *
- * @param context a {@code String} that identifies the request.
- */
- public void setContext(String context)
- {
- this.delegate.setContext(context);
- }
-
- /**
- * <p>
- * Obtains the {@code CancelTarget} section of the request. This element identifies
the token that is to be canceled.
- * </p>
- *
- * @return a reference to the {@code CancelTargetType} that represents the {@code
CancelTarget} section of the
- * WS-Trust cancel request.
- */
- public CancelTargetType getCancelTarget()
- {
- return this.cancelTarget;
- }
-
- /**
- * <p>
- * Sets the {@code CancelTarget} section of the request. This element identifies the
token that is to be canceled.
- * </p>
- *
- * @param cancelTarget a reference to the {@code CancelTargetType} that identifies the
token that must be canceled.
- */
- public void setCancelTarget(CancelTargetType cancelTarget)
- {
- this.cancelTarget = cancelTarget;
- this.delegate.getAny().add(this.factory.createCancelTarget(cancelTarget));
- }
-
- /**
- * <p>
- * Obtains the {@code RenewTarget} section of the request. This element identifies the
token that is to be renewed.
- * </p>
- *
- * @return a reference to the {@code RenewTargetType} that represents the {@code
RenewTarget} section of the WS-Trust
- * renew request.
- */
- public RenewTargetType getRenewTarget()
- {
- return this.renewTarget;
- }
-
- /**
- * <p>
- * Sets the {@code RenewTarget} section of the request. This element identifies the
token that is to be renewed.
- * </p>
- *
- * @param renewTarget a reference to the {@code RenewTargetType} that identifies the
token that must be renewed.
- */
- public void setRenewTarget(RenewTargetType renewTarget)
- {
- this.renewTarget = renewTarget;
- this.delegate.getAny().add(this.factory.createRenewTarget(renewTarget));
- }
-
- /**
- * <p>
- * Obtains the {@code ValidateTarget} section of the request. This element identifies
the token that is to be
- * validated.
- * </p>
- *
- * @return a reference to the {@code ValidateTargetType} that represents the {@code
ValidateTarget} section of the
- * WS-Trust validate request.
- */
- public ValidateTargetType getValidateTarget()
- {
- return this.validateTarget;
- }
-
- /**
- * Return the element in the document that represents
- * the validate type
- * @return
- */
- public Element getValidateTargetElement()
- {
- if(rstDocument == null)
- throw new IllegalStateException("RST Document is null");
-
- String ns = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
- String localPart = "ValidateTarget";
-
- NodeList nodeList = rstDocument.getElementsByTagNameNS(ns,localPart);
- if(nodeList != null && nodeList.getLength() > 0)
- return (Element) nodeList.item(0);
- else
- return null;
- }
-
- /**
- * <p>
- * Sets the {@code ValidateTarged} section of the request. This elements identifies
the token that is to be
- * validated.
- * </p>
- *
- * @param validateTarget a reference to the {@code ValidateTargetType} that identifies
the token that must be
- * validated.
- */
- public void setValidateTarget(ValidateTargetType validateTarget)
- {
- this.validateTarget = validateTarget;
- this.delegate.getAny().add(this.factory.createValidateTarget(validateTarget));
- }
-
- /**
- * <p>
- * Obtains a map that contains attributes that aren't bound to any typed property
on the request. This is a live
- * reference, so attributes can be added/changed/removed directly. For this reason,
there is no setter method.
- * </p>
- *
- * @return a {@code Map<QName, String>} that contains the attributes.
- */
- public Map<QName, String> getOtherAttributes()
- {
- return this.delegate.getOtherAttributes();
- }
-
- /**
- * <p>
- * Gets a reference to the list that holds all request element values.
- * </p>
- *
- * @return a {@code List<Object>} containing all values specified in the
request.
- */
- public List<Object> getAny()
- {
- return this.delegate.getAny();
- }
-
- /**
- * <p>
- * Obtains a reference to the {@code RequestSecurityTokenType} delegate.
- * </p>
- *
- * @return a reference to the delegate instance.
- */
- public RequestSecurityTokenType getDelegate()
- {
- return this.delegate;
- }
-
- /**
- * Get the {@code Document} document representing the request
- * @return
- */
- public Document getRSTDocument()
- {
- return this.rstDocument;
- }
-
- public void setRSTDocument(Document rstDocument)
- {
- this.rstDocument = rstDocument;
- }
-}
\ No newline at end of file
Deleted:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,122 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.wstrust;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import org.jboss.identity.federation.ws.trust.RequestSecurityTokenCollectionType;
-import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType;
-
-/**
- * <p>
- * This class represents a WS-Trust {@code RequestSecurityTokenCollection}. It wraps the
JAXB representation of the
- * security token collection request.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class RequestSecurityTokenCollection implements BaseRequestSecurityToken
-{
-
- private final RequestSecurityTokenCollectionType delegate;
-
- private final List<RequestSecurityToken> requestSecurityTokens;
-
- /**
- * <p>
- * Creates an instance of {@code RequestSecurityTokenCollection}.
- * </p>
- */
- public RequestSecurityTokenCollection()
- {
- this.requestSecurityTokens = new ArrayList<RequestSecurityToken>();
- this.delegate = new RequestSecurityTokenCollectionType();
- }
-
- /**
- * <p>
- * Creates an instance of {@code RequestSecurityTokenCollection} using the specified
delegate.
- * </p>
- *
- * @param delegate the JAXB {@code RequestSecurityTokenCollectionType} that represents
a WS-Trust request collection.
- */
- public RequestSecurityTokenCollection(RequestSecurityTokenCollectionType delegate)
- {
- this.delegate = delegate;
- this.requestSecurityTokens = new ArrayList<RequestSecurityToken>();
- for (RequestSecurityTokenType request : delegate.getRequestSecurityToken())
- this.requestSecurityTokens.add(new RequestSecurityToken(request));
- }
-
- /**
- * <p>
- * Obtains the collection of {@code RequestSecurityToken} objects. The returned
collection is immutable, so addition
- * or removal of requests must be carried by the appropriate add/remove methods.
- * </p>
- *
- * @return a {@code List<RequestSecurityToken>} containing the token requests.
- */
- public List<RequestSecurityToken> getRequestSecurityTokens()
- {
- return Collections.unmodifiableList(this.requestSecurityTokens);
- }
-
- /**
- * <p>
- * Adds the specified {@code RequestSecurityToken} object to the collection of token
requests.
- * </p>
- *
- * @param request the {@code RequestSecurityToken} to be added.
- */
- public void addRequestSecurityToken(RequestSecurityToken request)
- {
- this.delegate.getRequestSecurityToken().add(request.getDelegate());
- this.requestSecurityTokens.add(request);
- }
-
- /**
- * <p>
- * Removes the specified {@code RequestSecurityToken} object from the collection of
token requests.
- * </p>
- *
- * @param request the {@code RequestSecurityToken} to be removed.
- */
- public void removeRequestSecurityToken(RequestSecurityToken request)
- {
- this.delegate.getRequestSecurityToken().remove(request.getDelegate());
- this.requestSecurityTokens.remove(request);
- }
-
- /**
- * <p>
- * Obtains a reference to the {@code RequestSecurityTokenCollectionType} delegate.
- * </p>
- *
- * @return a reference to the delegate instance.
- */
- public RequestSecurityTokenCollectionType getDelegate()
- {
- return this.delegate;
- }
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,1159 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.wstrust;
-
-import java.net.URI;
-import java.net.URISyntaxException;
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-import java.util.Map;
-
-import javax.xml.bind.JAXBElement;
-import javax.xml.namespace.QName;
-
-import org.jboss.identity.federation.ws.addressing.EndpointReferenceType;
-import org.jboss.identity.federation.ws.policy.AppliesTo;
-import org.jboss.identity.federation.ws.policy.Policy;
-import org.jboss.identity.federation.ws.policy.PolicyReference;
-import org.jboss.identity.federation.ws.trust.AllowPostdatingType;
-import org.jboss.identity.federation.ws.trust.AuthenticatorType;
-import org.jboss.identity.federation.ws.trust.DelegateToType;
-import org.jboss.identity.federation.ws.trust.EncryptionType;
-import org.jboss.identity.federation.ws.trust.EntropyType;
-import org.jboss.identity.federation.ws.trust.LifetimeType;
-import org.jboss.identity.federation.ws.trust.ObjectFactory;
-import org.jboss.identity.federation.ws.trust.OnBehalfOfType;
-import org.jboss.identity.federation.ws.trust.ProofEncryptionType;
-import org.jboss.identity.federation.ws.trust.RenewingType;
-import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseType;
-import org.jboss.identity.federation.ws.trust.RequestedProofTokenType;
-import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
-import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType;
-import org.jboss.identity.federation.ws.trust.StatusType;
-import org.jboss.identity.federation.ws.trust.UseKeyType;
-
-/**
- * <p>
- * This class represents a WS-Trust {@code RequestSecurityTokenResponse}. It wraps the
JAXB representation of the
- * security token response and offers a series of getter/setter methods that make it easy
to work with elements that are
- * represented by the {@code Any} XML type.
- * </p>
- * <p>
- * The following shows the intended content model of a {@code
RequestSecurityTokenResponse}:
- *
- * <pre>
- * <xs:element ref='wst:TokenType' minOccurs='0' />
- * <xs:element ref='wst:RequestType' />
- * <xs:element ref='wst:RequestedSecurityToken' minOccurs='0'
/>
- * <xs:element ref='wsp:AppliesTo' minOccurs='0' />
- * <xs:element ref='wst:RequestedAttachedReference'
minOccurs='0' />
- * <xs:element ref='wst:RequestedUnattachedReference'
minOccurs='0' />
- * <xs:element ref='wst:RequestedProofToken' minOccurs='0'
/>
- * <xs:element ref='wst:Entropy' minOccurs='0' />
- * <xs:element ref='wst:Lifetime' minOccurs='0' />
- * <xs:element ref='wst:Status' minOccurs='0' />
- * <xs:element ref='wst:AllowPostdating' minOccurs='0'
/>
- * <xs:element ref='wst:Renewing' minOccurs='0' />
- * <xs:element ref='wst:OnBehalfOf' minOccurs='0' />
- * <xs:element ref='wst:Issuer' minOccurs='0' />
- * <xs:element ref='wst:AuthenticationType' minOccurs='0'
/>
- * <xs:element ref='wst:Authenticator' minOccurs='0' />
- * <xs:element ref='wst:KeyType' minOccurs='0' />
- * <xs:element ref='wst:KeySize' minOccurs='0' />
- * <xs:element ref='wst:SignatureAlgorithm' minOccurs='0'
/>
- * <xs:element ref='wst:Encryption' minOccurs='0' />
- * <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0'
/>
- * <xs:element ref='wst:CanonicalizationAlgorithm'
minOccurs='0' />
- * <xs:element ref='wst:ProofEncryption' minOccurs='0'
/>
- * <xs:element ref='wst:UseKey' minOccurs='0' />
- * <xs:element ref='wst:SignWith' minOccurs='0' />
- * <xs:element ref='wst:EncryptWith' minOccurs='0' />
- * <xs:element ref='wst:DelegateTo' minOccurs='0' />
- * <xs:element ref='wst:Forwardable' minOccurs='0' />
- * <xs:element ref='wst:Delegatable' minOccurs='0' />
- * <xs:element ref='wsp:Policy' minOccurs='0' />
- * <xs:element ref='wsp:PolicyReference' minOccurs='0'
/>
- * <xs:any namespace='##other' processContents='lax'
minOccurs='0' maxOccurs='unbounded' />
- * </pre>
- *
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-/**
- * <p>
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class RequestSecurityTokenResponse implements BaseRequestSecurityTokenResponse
-{
-
- private final RequestSecurityTokenResponseType delegate;
-
- private URI tokenType;
-
- private URI requestType;
-
- private RequestedSecurityTokenType requestedSecurityToken;
-
- private AppliesTo appliesTo;
-
- private RequestedReferenceType requestedAttachedReference;
-
- private RequestedReferenceType requestedUnattachedReference;
-
- private RequestedProofTokenType requestedProofToken;
-
- private EntropyType entropy;
-
- private Lifetime lifetime;
-
- private StatusType status;
-
- private AllowPostdatingType allowPostDating;
-
- private RenewingType renewing;
-
- private OnBehalfOfType onBehalfOf;
-
- private EndpointReferenceType issuer;
-
- private URI authenticationType;
-
- private AuthenticatorType authenticator;
-
- private URI keyType;
-
- private long keySize;
-
- private URI signatureAlgorithm;
-
- private EncryptionType encryption;
-
- private URI encryptionAlgorithm;
-
- private URI canonicalizationAlgorithm;
-
- private ProofEncryptionType proofEncryption;
-
- private UseKeyType useKey;
-
- private URI signWith;
-
- private URI encryptWith;
-
- private DelegateToType delegateTo;
-
- private boolean forwardable;
-
- private boolean delegatable;
-
- private Policy policy;
-
- private PolicyReference policyReference;
-
- private final List<Object> extensionElements = new ArrayList<Object>();
-
- private final ObjectFactory factory = new ObjectFactory();
-
- /**
- * <p>
- * Creates an instance of {@code RequestSecurityTokenResponse}.
- * </p>
- */
- public RequestSecurityTokenResponse()
- {
- this.delegate = new RequestSecurityTokenResponseType();
- }
-
- /**
- * <p>
- * Creates an instance of {@code RequestSecurityTokenResponse} using the specified
delegate.
- * </p>
- *
- * @param delegate the JAXB {@code RequestSecurityTokenResponseType} that represents a
WS-Trust response.
- */
- public RequestSecurityTokenResponse(RequestSecurityTokenResponseType delegate)
- {
- this.delegate = delegate;
- // parse the delegate's Any contents.
- try
- {
- for (Object obj : this.delegate.getAny())
- {
- if (obj instanceof AppliesTo)
- {
- this.appliesTo = (AppliesTo) obj;
- }
- else if (obj instanceof Policy)
- {
- this.policy = (Policy) obj;
- }
- else if (obj instanceof PolicyReference)
- {
- this.policyReference = (PolicyReference) obj;
- }
- else if (obj instanceof JAXBElement)
- {
- JAXBElement<?> element = (JAXBElement<?>) obj;
- String localName = element.getName().getLocalPart();
- if (localName.equalsIgnoreCase("TokenType"))
- this.tokenType = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("RequestType"))
- this.requestType = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("RequestedSecurityToken"))
- this.requestedSecurityToken = (RequestedSecurityTokenType)
element.getValue();
- else if
(localName.equalsIgnoreCase("RequestedAttachedReference"))
- this.requestedAttachedReference = (RequestedReferenceType)
element.getValue();
- else if
(localName.equalsIgnoreCase("RequestedUnattachedReference"))
- this.requestedUnattachedReference = (RequestedReferenceType)
element.getValue();
- else if (localName.equalsIgnoreCase("RequestedProofToken"))
- this.requestedProofToken = (RequestedProofTokenType)
element.getValue();
- else if (localName.equalsIgnoreCase("Entropy"))
- this.entropy = (EntropyType) element.getValue();
- else if (localName.equalsIgnoreCase("Lifetime"))
- this.lifetime = new Lifetime((LifetimeType) element.getValue());
- else if (localName.equalsIgnoreCase("Status"))
- this.status = (StatusType) element.getValue();
- else if (localName.equalsIgnoreCase("AllowPostdating"))
- this.allowPostDating = (AllowPostdatingType) element.getValue();
- else if (localName.equalsIgnoreCase("Renewing"))
- this.renewing = (RenewingType) element.getValue();
- else if (localName.equalsIgnoreCase("OnBehalfOf"))
- this.onBehalfOf = (OnBehalfOfType) element.getValue();
- else if (localName.equalsIgnoreCase("Issuer"))
- this.issuer = (EndpointReferenceType) element.getValue();
- else if (localName.equalsIgnoreCase("AuthenticationType"))
- this.authenticationType = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("Authenticator"))
- this.authenticator = (AuthenticatorType) element.getValue();
- else if (localName.equalsIgnoreCase("KeyType"))
- this.keyType = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("KeySize"))
- this.keySize = (Long) element.getValue();
- else if (localName.equalsIgnoreCase("SignatureAlgorithm"))
- this.signatureAlgorithm = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("Encryption"))
- this.encryption = (EncryptionType) element.getValue();
- else if (localName.equalsIgnoreCase("EntropyAlgorithm"))
- this.encryptionAlgorithm = new URI((String) element.getValue());
- else if
(localName.equalsIgnoreCase("CanonicalizationAlgorithm"))
- this.canonicalizationAlgorithm = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("ProofEncryption"))
- this.proofEncryption = (ProofEncryptionType) element.getValue();
- else if (localName.equalsIgnoreCase("UseKey"))
- this.useKey = (UseKeyType) element.getValue();
- else if (localName.equalsIgnoreCase("SignWith"))
- this.signWith = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("EncryptWith"))
- this.encryptWith = new URI((String) element.getValue());
- else if (localName.equalsIgnoreCase("DelegateTo"))
- this.delegateTo = (DelegateToType) element.getValue();
- else if (localName.equalsIgnoreCase("Forwardable"))
- this.forwardable = (Boolean) element.getValue();
- else if (localName.equalsIgnoreCase("Delegatable"))
- this.delegatable = (Boolean) element.getValue();
- else
- this.extensionElements.add(element.getValue());
- }
- else
- {
- this.extensionElements.add(obj);
- }
- }
- }
- catch (URISyntaxException e)
- {
- throw new RuntimeException(e.getMessage(), e);
- }
- }
-
- /**
- * <p>
- * Obtains the {@code URI} that identifies the token type.
- * </p>
- *
- * @return a {@code URI} that represents the token type.
- */
- public URI getTokenType()
- {
- return tokenType;
- }
-
- /**
- * <p>
- * Sets the token type.
- * </p>
- *
- * @param tokenType a {@code URI} that identifies the token type.
- */
- public void setTokenType(URI tokenType)
- {
- this.tokenType = tokenType;
- this.delegate.getAny().add(this.factory.createTokenType(tokenType.toString()));
-
- }
-
- /**
- * <p>
- * Obtains the request type.
- * </p>
- *
- * @return a {@code URI} that identifies the request type.
- */
- public URI getRequestType()
- {
- return requestType;
- }
-
- /**
- * <p>
- * Sets the request type. The type must be one of the request types described in the
WS-Trust specification.
- * </p>
- *
- * @param requestType a {@code URI} that identifies the request type.
- */
- public void setRequestType(URI requestType)
- {
- this.requestType = requestType;
-
this.delegate.getAny().add(this.factory.createRequestType(requestType.toString()));
- }
-
- /**
- * <p>
- * Obtains the requested security token that has been set in the response.
- * </p>
- *
- * @return a reference to the {@code RequestedSecurityTokenType} that contains the
token.
- */
- public RequestedSecurityTokenType getRequestedSecurityToken()
- {
- return requestedSecurityToken;
- }
-
- /**
- * <p>
- * Sets the requested security token in the response.
- * </p>
- *
- * @param requestedSecurityToken the {@code RequestedSecurityTokenType} instance to be
set.
- */
- public void setRequestedSecurityToken(RequestedSecurityTokenType
requestedSecurityToken)
- {
- this.requestedSecurityToken = requestedSecurityToken;
-
this.delegate.getAny().add(this.factory.createRequestedSecurityToken(requestedSecurityToken));
- }
-
- /**
- * <p>
- * Obtains the scope to which the security token applies.
- * </p>
- *
- * @return a reference to the {@code AppliesTo} instance that represents the token
scope.
- */
- public AppliesTo getAppliesTo()
- {
- return appliesTo;
- }
-
- /**
- * <p>
- * Sets the scope to which the security token applies.
- * </p>
- *
- * @param appliesTo a reference to the {@code AppliesTo} object that represents the
scope to be set.
- */
- public void setAppliesTo(AppliesTo appliesTo)
- {
- this.appliesTo = appliesTo;
- this.delegate.getAny().add(appliesTo);
- }
-
- /**
- * <p>
- * Obtains the {@code RequestedAttachedReference} that indicate how to reference the
returned token when that token
- * doesn't support references using URI fragments (XML ID).
- * </p>
- *
- * @return a {@code RequestedReferenceType} that represents the token reference.
- */
- public RequestedReferenceType getRequestedAttachedReference()
- {
- return requestedAttachedReference;
- }
-
- /**
- * <p>
- * Sets the {@code RequestedAttachedReference} that indicate how to reference the
returned token when that token
- * doesn't support references using URI fragments (XML ID).
- * </p>
- *
- * @param requestedAttachedReference the {@code RequestedReferenceType} instance to be
set.
- */
- public void setRequestedAttachedReference(RequestedReferenceType
requestedAttachedReference)
- {
- this.requestedAttachedReference = requestedAttachedReference;
-
this.delegate.getAny().add(this.factory.createRequestedAttachedReference(requestedAttachedReference));
- }
-
- /**
- * <p>
- * Obtains the {@code RequestedUnattachedReference} that specifies to indicate how to
reference the token when it is
- * not placed inside the message.
- * </p>
- *
- * @return a {@code RequestedReferenceType} that represents the unattached reference.
- */
- public RequestedReferenceType getRequestedUnattachedReference()
- {
- return requestedUnattachedReference;
- }
-
- /**
- * <p>
- * Sets the {@code RequestedUnattachedReference} that specifies to indicate how to
reference the token when it is not
- * placed inside the message.
- * </p>
- *
- * @param requestedUnattachedReference the {@code RequestedReferenceType} instance to
be set.
- */
- public void setRequestedUnattachedReference(RequestedReferenceType
requestedUnattachedReference)
- {
- this.requestedUnattachedReference = requestedUnattachedReference;
-
this.delegate.getAny().add(this.factory.createRequestedUnattachedReference(requestedUnattachedReference));
- }
-
- /**
- * <p>
- * Obtains the proof of possession token that has been set in the response.
- * </p>
- *
- * @return a reference to the {@code RequestedProofTokenType} that contains the
token.
- */
- public RequestedProofTokenType getRequestedProofToken()
- {
- return requestedProofToken;
- }
-
- /**
- * <p>
- * Sets the proof of possesion token in the response.
- * </p>
- *
- * @param requestedProofToken the {@code RequestedProofTokenType} instance to be set.
- */
- public void setRequestedProofToken(RequestedProofTokenType requestedProofToken)
- {
- this.requestedProofToken = requestedProofToken;
-
this.delegate.getAny().add(this.factory.createRequestedProofToken(requestedProofToken));
- }
-
- /**
- * <p>
- * Obtains the entropy that has been used in creating the key.
- * </p>
- *
- * @return a reference to the {@code EntropyType} that represents the entropy.
- */
- public EntropyType getEntropy()
- {
- return entropy;
- }
-
- /**
- * <p>
- * Sets the entropy that has been used in creating the key.
- * </p>
- *
- * @param entropy the {@code EntropyType} representing the entropy to be set.
- */
- public void setEntropy(EntropyType entropy)
- {
- this.entropy = entropy;
- this.delegate.getAny().add(this.factory.createEntropy(entropy));
- }
-
- /**
- * <p>
- * Obtains the lifetime of the security token.
- * </p>
- *
- * @return a reference to the {@code Lifetime} that represents the lifetime of the
security token.
- */
- public Lifetime getLifetime()
- {
- return lifetime;
- }
-
- /**
- * <p>
- * Sets the lifetime of the security token.
- * </p>
- *
- * @param lifetime the {@code Lifetime} object representing the lifetime to be set.
- */
- public void setLifetime(Lifetime lifetime)
- {
- this.lifetime = lifetime;
- this.delegate.getAny().add(this.factory.createLifetime(lifetime.getDelegate()));
- }
-
- /**
- * <p>
- * Obtains the result of a security token validation.
- * </p>
- *
- * @return a referece to the {@code StatusType} instance that represents the status of
the validation.
- */
- public StatusType getStatus()
- {
- return status;
- }
-
- /**
- * <p>
- * Sets the result of a security token validation.
- * </p>
- *
- * @param status the {@code StatusType} instance to be set.
- */
- public void setStatus(StatusType status)
- {
- this.status = status;
- this.delegate.getAny().add(this.factory.createStatus(status));
- }
-
- /**
- * <p>
- * Checks whether the returned token is a postdated token or not.
- * </p>
- *
- * @return {@code null} if the token is not postdated; a {@code AllowPostdatingType}
otherwise.
- */
- public AllowPostdatingType getAllowPostDating()
- {
- return allowPostDating;
- }
-
- /**
- * <p>
- * Specifies whether the returned token is a postdated token or not.
- * </p>
- *
- * @param allowPostDating {@code null} if the token is not postdated; a {@code
AllowPostdatingType} otherwise.
- */
- public void setAllowPostDating(AllowPostdatingType allowPostDating)
- {
- this.allowPostDating = allowPostDating;
- this.delegate.getAny().add(this.factory.createAllowPostdating(allowPostDating));
- }
-
- /**
- * <p>
- * Obtains the renew semantics for the token request.
- * </p>
- *
- * @return a reference to the {@code RenewingType} that represents the renew semantics
for the request.
- */
- public RenewingType getRenewing()
- {
- return renewing;
- }
-
- /**
- * <p>
- * Sets the renew semantics for the token request.
- * </p>
- *
- * @param renewing the {@code RenewingType} object representing the semantics to be
set.
- */
- public void setRenewing(RenewingType renewing)
- {
- this.renewing = renewing;
- this.delegate.getAny().add(this.factory.createRenewing(renewing));
- }
-
- /**
- * <p>
- * Obtains the identity on whose behalf the token request was made.
- * </p>
- *
- * @return a reference to the {@code OnBehalfOfType} that represents the identity on
whose behalf the token request
- * was made.
- */
- public OnBehalfOfType getOnBehalfOf()
- {
- return onBehalfOf;
- }
-
- /**
- * <p>
- * Specifies the identity on whose behalf the token request was made.
- * </p>
- *
- * @param onBehalfOf the {@code OnBehalfOfType} object representing the identity to be
set.
- */
- public void setOnBehalfOf(OnBehalfOfType onBehalfOf)
- {
- this.onBehalfOf = onBehalfOf;
- this.delegate.getAny().add(this.factory.createOnBehalfOf(onBehalfOf));
- }
-
- /**
- * <p>
- * Obtains the issuer of the token included in the request in the scenarios where the
requestor is obtaining a token
- * on behalf of another party.
- * </p>
- *
- * @return a reference to the {@code EndpointReferenceType} that represents the
issuer.
- */
- public EndpointReferenceType getIssuer()
- {
- return this.issuer;
- }
-
- /**
- * <p>
- * Sets the issuer of the token included in the request in scenarios where the
requestor is obtaining a token on
- * behalf of another party.
- * </p>
- *
- * @param issuer the {@code EndpointReferenceType} object representing the issuer to
be set.
- */
- public void setIssuer(EndpointReferenceType issuer)
- {
- this.issuer = issuer;
- this.delegate.getAny().add(this.factory.createIssuer(issuer));
- }
-
- /**
- * <p>
- * Obtains the type of authentication that is to be conducted.
- * </p>
- *
- * @return a {@code URI} that identifies the authentication type.
- */
- public URI getAuthenticationType()
- {
- return authenticationType;
- }
-
- /**
- * <p>
- * Sets the authentication type in the response.
- * </p>
- *
- * @param authenticationType a {@code URI} that identifies the authentication type to
be set.
- */
- public void setAuthenticationType(URI authenticationType)
- {
- this.authenticationType = authenticationType;
-
this.delegate.getAny().add(this.factory.createAuthenticationType(authenticationType.toString()));
- }
-
- /**
- * <p>
- * Obtains the authenticator that must be used in authenticating exchanges.
- * </p>
- *
- * @return a reference to the {@code AuthenticatorType} that represents the
authenticator.
- */
- public AuthenticatorType getAuthenticator()
- {
- return authenticator;
- }
-
- /**
- * <p>
- * Sets the authenticator that must be used in authenticating exchanges.
- * </p>
- *
- * @param authenticator the {@code AuthenticatorType} instance to be set.
- */
- public void setAuthenticator(AuthenticatorType authenticator)
- {
- this.authenticator = authenticator;
- this.delegate.getAny().add(this.factory.createAuthenticator(authenticator));
- }
-
- /**
- * <p>
- * Obtains the type of the key that has been set in the response.
- * </p>
- *
- * @return a {@code URI} that identifies the key type.
- */
- public URI getKeyType()
- {
- return keyType;
- }
-
- /**
- * <p>
- * Sets the key type in the response.
- * </p>
- *
- * @param keyType a {@code URI} that specifies the key type.
- */
- public void setKeyType(URI keyType)
- {
- this.keyType = keyType;
- this.delegate.getAny().add(this.factory.createKeyType(keyType.toString()));
- }
-
- /**
- * <p>
- * Obtains the size of they key that has been set in the response.
- * </p>
- *
- * @return a {@code long} representing the key size in bytes.
- */
- public long getKeySize()
- {
- return keySize;
- }
-
- /**
- * <p>
- * Sets the size of the key in the response.
- * </p>
- *
- * @param keySize a {@code long} representing the key size in bytes.
- */
- public void setKeySize(long keySize)
- {
- this.keySize = keySize;
- this.delegate.getAny().add(this.factory.createKeySize(keySize));
- }
-
- /**
- * <p>
- * Obtains the signature algorithm that has been set in the response.
- * </p>
- *
- * @return a {@code URI} that represents the signature algorithm.
- */
- public URI getSignatureAlgorithm()
- {
- return signatureAlgorithm;
- }
-
- /**
- * <p>
- * Sets the signature algorithm in the response.
- * </p>
- *
- * @param signatureAlgorithm a {@code URI} that represents the algorithm to be set.
- */
- public void setSignatureAlgorithm(URI signatureAlgorithm)
- {
- this.signatureAlgorithm = signatureAlgorithm;
-
this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signatureAlgorithm.toString()));
- }
-
- /**
- * <p>
- * Obtains the {@code Encryption} section of the response. The {@code Encryption}
element indicates that the
- * requestor desires any returned secrets in issued security tokens to be encrypted.
- * </p>
- *
- * @return a reference to the {@code EncryptionType} object.
- */
- public EncryptionType getEncryption()
- {
- return encryption;
- }
-
- /**
- * <p>
- * Sets the {@code Encryption} section of the response. The {@code Encryption} element
indicates that the requestor
- * desires any returned secrets in issued security tokens to be encrypted.
- * </p>
- *
- * @param encryption the {@code EncryptionType} to be set.
- */
- public void setEncryption(EncryptionType encryption)
- {
- this.encryption = encryption;
- this.delegate.getAny().add(this.factory.createEncryption(encryption));
- }
-
- /**
- * <p>
- * Obtains the encryption algorithm that has been set in the response.
- * </p>
- *
- * @return a {@code URI} that represents the encryption algorithm.
- */
- public URI getEncryptionAlgorithm()
- {
- return encryptionAlgorithm;
- }
-
- /**
- * <p>
- * Sets the encryption algorithm in the response.
- * </p>
- *
- * @param encryptionAlgorithm a {@code URI} that represents the encryption algorithm
to be set.
- */
- public void setEncryptionAlgorithm(URI encryptionAlgorithm)
- {
- this.encryptionAlgorithm = encryptionAlgorithm;
-
this.delegate.getAny().add(this.factory.createEncryptionAlgorithm(encryptionAlgorithm.toString()));
- }
-
- /**
- * <p>
- * Obtains the canonicalization algorithm that has been set in the response.
- * </p>
- *
- * @return a {@code URI} that represents the canonicalization algorithm.
- */
- public URI getCanonicalizationAlgorithm()
- {
- return canonicalizationAlgorithm;
- }
-
- /**
- * <p>
- * Sets the canonicalization algorithm in the response.
- * </p>
- *
- * @param canonicalizationAlgorithm a {@code URI} that represents the algorithm to be
set.
- */
- public void setCanonicalizationAlgorithm(URI canonicalizationAlgorithm)
- {
- this.canonicalizationAlgorithm = canonicalizationAlgorithm;
-
this.delegate.getAny().add(this.factory.createCanonicalizationAlgorithm(canonicalizationAlgorithm.toString()));
- }
-
- /**
- * <p>
- * Obtains the {@code ProofEncryption} section of the response. The {@code
ProofEncryption} indicates that the
- * requestor desires any returned secrets in issued security tokens to be encrypted.
- * </p>
- *
- * @return a reference to the {@code ProofEncryptionType} object.
- */
- public ProofEncryptionType getProofEncryption()
- {
- return proofEncryption;
- }
-
- /**
- * <p>
- * Sets the {@code ProofEncryption} section of the response. The {@code
ProofEncryption} indicates that the requestor
- * desires any returned secrets in issued security tokens to be encrypted.
- * </p>
- *
- * @param proofEncryption the {@code ProofEncryptionType} to be set.
- */
- public void setProofEncryption(ProofEncryptionType proofEncryption)
- {
- this.proofEncryption = proofEncryption;
- this.delegate.getAny().add(this.factory.createProofEncryption(proofEncryption));
- }
-
- /**
- * <p>
- * Obtains the key that used in the returned token.
- * </p>
- *
- * @return a reference to the {@code UseKeyType} instance that represents the key
used.
- */
- public UseKeyType getUseKey()
- {
- return useKey;
- }
-
- /**
- * <p>
- * Sets the key that used in the returned token.
- * </p>
- *
- * @param useKey the {@code UseKeyType} instance to be set.
- */
- public void setUseKey(UseKeyType useKey)
- {
- this.useKey = useKey;
- this.delegate.getAny().add(this.factory.createUseKey(useKey));
- }
-
- /**
- * <p>
- * Obtains the signature algorithm used with the issued security token.
- * </p>
- *
- * @return a {@code URI} representing the algorithm used.
- */
- public URI getSignWith()
- {
- return signWith;
- }
-
- /**
- * <p>
- * Sets the signature algorithm used with the issued security token.
- * </p>
- *
- * @param signWith a {@code URI} representing the algorithm used.
- */
- public void setSignWith(URI signWith)
- {
- this.signWith = signWith;
-
this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signWith.toString()));
- }
-
- /**
- * <p>
- * Obtains the encryption algorithm used with the issued security token.
- * </p>
- *
- * @return a {@code URI} representing the encryption algorithm used.
- */
- public URI getEncryptWith()
- {
- return encryptWith;
- }
-
- /**
- * <p>
- * Sets the encryption algorithm used with the issued security token.
- * </p>
- *
- * @param encryptWith a {@code URI} representing the algorithm used.
- */
- public void setEncryptWith(URI encryptWith)
- {
- this.encryptWith = encryptWith;
-
this.delegate.getAny().add(this.factory.createEncryptWith(encryptWith.toString()));
- }
-
- /**
- * <p>
- * Obtains the identity to which the requested token should be delegated.
- * </p>
- *
- * @return a reference to the {@code DelegateToType} instance that represents the
identity.
- */
- public DelegateToType getDelegateTo()
- {
- return delegateTo;
- }
-
- /**
- * <p>
- * Sets the identity to which the requested token should be delegated.
- * </p>
- *
- * @param delegateTo the {@code DelegateToType} object representing the identity to be
set.
- */
- public void setDelegateTo(DelegateToType delegateTo)
- {
- this.delegateTo = delegateTo;
- this.delegate.getAny().add(this.factory.createDelegateTo(delegateTo));
- }
-
- /**
- * <p>
- * Indicates whether the requested token has been marked as "forwardable" or
not. In general, this flag is used when
- * a token is normally bound to the requestor's machine or service. Using this
flag, the returned token MAY be used
- * from any source machine so long as the key is correctly proven.
- * </p>
- *
- * @return {@code true} if the requested token has been marked as
"forwardable"; {@code false} otherwise.
- */
- public boolean isForwardable()
- {
- return forwardable;
- }
-
- /**
- * <p>
- * Specifies whether the requested token has been marked as "forwardable" or
not. In general, this flag is used when
- * a token is normally bound to the requestor's machine or service. Using this
flag, the returned token MAY be used
- * from any source machine so long as the key is correctly proven.
- * </p>
- *
- * @param forwardable {@code true} if the requested token has been marked as
"forwardable"; {@code false} otherwise.
- */
- public void setForwardable(boolean forwardable)
- {
- this.forwardable = forwardable;
- this.delegate.getAny().add(this.factory.createForwardable(forwardable));
- }
-
- /**
- * <p>
- * Indicates whether the requested token has been marked as "delegatable" or
not. Using this flag, the returned token
- * MAY be delegated to another party.
- * </p>
- *
- * @return {@code true} if the requested token has been marked as
"delegatable"; {@code false} otherwise.
- */
- public boolean isDelegatable()
- {
- return delegatable;
- }
-
- /**
- * <p>
- * Specifies whether the requested token has been marked as "delegatable" or
not. Using this flag, the returned token
- * MAY be delegated to another party.
- * </p>
- *
- * @param delegatable {@code true} if the requested token has been marked as
"delegatable"; {@code false} otherwise.
- */
- public void setDelegatable(boolean delegatable)
- {
- this.delegatable = delegatable;
- this.delegate.getAny().add(this.factory.createDelegatable(delegatable));
- }
-
- /**
- * <p>
- * Obtains the {@code Policy} that was associated with the request. The policy
specifies defaults that can be
- * overridden by the previous properties.
- * </p>
- *
- * @return a reference to the {@code Policy} that was associated with the request.
- */
- public Policy getPolicy()
- {
- return policy;
- }
-
- /**
- * <p>
- * Sets the {@code Policy} in the response. The policy specifies defaults that can be
overridden by the previous
- * properties.
- * </p>
- *
- * @param policy the {@code Policy} instance to be set.
- */
- public void setPolicy(Policy policy)
- {
- this.policy = policy;
- this.delegate.getAny().add(policy);
- }
-
- /**
- * <p>
- * Obtains the reference to the {@code Policy} that was associated with the request.
- * </p>
- *
- * @return a {@code PolicyReference} that specifies where the {@code Policy} can be
found.
- */
- public PolicyReference getPolicyReference()
- {
- return policyReference;
- }
-
- /**
- * <p>
- * Sets the reference to the {@code Policy} that was associated with the request.
- * </p>
- *
- * @param policyReference the {@code PolicyReference} object to be set.
- */
- public void setPolicyReference(PolicyReference policyReference)
- {
- this.policyReference = policyReference;
- this.delegate.getAny().add(policyReference);
- }
-
- /**
- * <p>
- * Obtains the list of request elements that are not part of the standard content
model.
- * </p>
- *
- * @return a {@code List<Object>} containing the extension elements.
- */
- public List<Object> getExtensionElements()
- {
- return Collections.unmodifiableList(this.extensionElements);
- }
-
- /**
- * <p>
- * Obtains the response context.
- * </p>
- *
- * @return a {@code String} that identifies the original request.
- */
- public String getContext()
- {
- return this.delegate.getContext();
- }
-
- /**
- * <p>
- * Sets the response context.
- * </p>
- *
- * @param context a {@code String} that identifies the original request.
- */
- public void setContext(String context)
- {
- this.delegate.setContext(context);
- }
-
- /**
- * <p>
- * Obtains a map that contains attributes that aren't bound to any typed property
on the response. This is a live
- * reference, so attributes can be added/changed/removed directly. For this reason,
there is no setter method.
- * </p>
- *
- * @return a {@code Map<QName, String>} that contains the attributes.
- */
- public Map<QName, String> getOtherAttributes()
- {
- return this.delegate.getOtherAttributes();
- }
-
- /**
- * <p>
- * Gets a reference to the list that holds all response element values.
- * </p>
- *
- * @return a {@code List<Object>} containing all values specified in the
response.
- */
- public List<Object> getAny()
- {
- return this.delegate.getAny();
- }
-
- /**
- * <p>
- * Obtains a reference to the {@code RequestSecurityTokenResponseType} delegate.
- * </p>
- *
- * @return a reference to the delegate instance.
- */
- public RequestSecurityTokenResponseType getDelegate()
- {
- return this.delegate;
- }
-}
Deleted:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -1,124 +0,0 @@
-/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
- */
-package org.jboss.identity.federation.core.wstrust;
-
-import java.util.ArrayList;
-import java.util.Collections;
-import java.util.List;
-
-import
org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseCollectionType;
-import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseType;
-
-/**
- * <p>
- * This class represents a WS-Trust {@code RequestSecurityTokenResponseCollection}. It
wraps the JAXB representation of
- * the security token collection response.
- * </p>
- *
- * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
- */
-public class RequestSecurityTokenResponseCollection implements
BaseRequestSecurityTokenResponse
-{
-
- private final RequestSecurityTokenResponseCollectionType delegate;
-
- private final List<RequestSecurityTokenResponse> requestSecurityTokenResponses;
-
- /**
- * <p>
- * Creates an instance of {@code RequestSecurityTokenResponseCollection}.
- * </p>
- */
- public RequestSecurityTokenResponseCollection()
- {
- this.requestSecurityTokenResponses = new
ArrayList<RequestSecurityTokenResponse>();
- this.delegate = new RequestSecurityTokenResponseCollectionType();
- }
-
- /**
- * <p>
- * Creates an instance of {@code RequestSecurityTokenResponseCollection} using the
specified delegate.
- * </p>
- *
- * @param delegate the JAXB {@code RequestSecurityTokenResponseCollectionType} that
represents a WS-Trust request
- * collection.
- */
- public
RequestSecurityTokenResponseCollection(RequestSecurityTokenResponseCollectionType
delegate)
- {
- this.delegate = delegate;
- this.requestSecurityTokenResponses = new
ArrayList<RequestSecurityTokenResponse>();
- for (RequestSecurityTokenResponseType response :
delegate.getRequestSecurityTokenResponse())
- this.requestSecurityTokenResponses.add(new
RequestSecurityTokenResponse(response));
- }
-
- /**
- * <p>
- * Obtains the collection of {@code RequestSecurityTokenResponse} objects. The
returned collection is immutable, so
- * addition or removal of requests must be carried by the appropriate add/remove
methods.
- * </p>
- *
- * @return a {@code List<RequestSecurityToken>} containing the token requests.
- */
- public List<RequestSecurityTokenResponse> getRequestSecurityTokenResponses()
- {
- return Collections.unmodifiableList(this.requestSecurityTokenResponses);
- }
-
- /**
- * <p>
- * Adds the specified {@code RequestSecurityTokenResponse} object to the collection of
token requests.
- * </p>
- *
- * @param request the {@code RequestSecurityTokenResponse} to be added.
- */
- public void addRequestSecurityTokenResponse(RequestSecurityTokenResponse response)
- {
- this.delegate.getRequestSecurityTokenResponse().add(response.getDelegate());
- this.requestSecurityTokenResponses.add(response);
- }
-
- /**
- * <p>
- * Removes the specified {@code RequestSecurityTokenResponse} object from the
collection of token requests.
- * </p>
- *
- * @param request the {@code RequestSecurityTokenResponse} to be removed.
- */
- public void removeRequestSecurityTokenResponse(RequestSecurityTokenResponse response)
- {
- this.delegate.getRequestSecurityTokenResponse().remove(response.getDelegate());
- this.requestSecurityTokenResponses.remove(response);
- }
-
- /**
- * <p>
- * Obtains a reference to the {@code RequestSecurityTokenResponseCollectionType}
delegate.
- * </p>
- *
- * @return a reference to the delegate instance.
- */
- public RequestSecurityTokenResponseCollectionType getDelegate()
- {
- return this.delegate;
- }
-
-}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/STSConfiguration.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,149 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.security.KeyPair;
+import java.security.PublicKey;
+import java.util.Map;
+
+/**
+ * <p>
+ * The {@code STSConfiguration} interface allows access to the security token service
(STS) configuration attributes.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public interface STSConfiguration
+{
+
+ /**
+ * <p>
+ * Obtains the unique name of the secure token service.
+ * </p>
+ *
+ * @return a {@code String} representing the STS name.
+ */
+ public String getSTSName();
+
+ /**
+ * <p>
+ * Indicates whether the issued token should be encrypted or not.
+ * </p>
+ *
+ * @return {@code true} if the issued token is to be encrypted; {@code false}
otherwise.
+ */
+ public boolean encryptIssuedToken();
+
+ /**
+ * <p>
+ * Indicates whether the issued token should be digitally signed or not.
+ * </p>
+ *
+ * @return {@code true} if the issued token is to be signed; {@code false} otherwise.
+ */
+ public boolean signIssuedToken();
+
+ /**
+ * <p>
+ * Obtains the timeout value (in milliseconds) for issued tokens.
+ * </p>
+ *
+ * @return the token timeout value.
+ */
+ public long getIssuedTokenTimeout();
+
+ /**
+ * <p>
+ * Obtains the WS-Trust request handler class.
+ * </p>
+ *
+ * @return a reference to the configured {@code WSTrustRequestHandler}.
+ */
+ public WSTrustRequestHandler getRequestHandler();
+
+ /**
+ * <p>
+ * Given the name of a service provider, obtains the type of the token that should be
used when issuing tokens to
+ * clients of that service.
+ * </p>
+ *
+ * @param serviceName the name of the service provider that requires a token from its
clients.
+ * @return a {@code String} representing the type of the token that suits the
specified service.
+ */
+ public String getTokenTypeForService(String serviceName);
+
+ /**
+ * <p>
+ * Given the name of a service provider, obtains the provider that must be used when
issuing tokens to clients of
+ * that service. When requesting a token to the STS, a client can specify the service
it needs the token for using
+ * the {@code AppliesTo} element. Based on the service provider name, the STS
identifies the type of the token that
+ * is to be issued and then selects the appropriate token provider to handle the
request.
+ * </p>
+ *
+ * @param serviceName the name of the service provider that requires a token from its
clients.
+ * @return a reference to the {@code SecurityTokenProvider} that must be used in order
to issue tokens to clients of
+ * the specified service.
+ */
+ public SecurityTokenProvider getProviderForService(String serviceName);
+
+ /**
+ * <p>
+ * Given a token type, obtains the token provider that should be used to handle token
requests of that type. When a
+ * client doesn't specify the service provider name through the {@code AppliesTo}
element, it must specify the token
+ * type through the {@code TokenType} element. The STS uses the supplied type to
select the appropriate token
+ * provider.
+ * </p>
+ *
+ * @param tokenType a {@code String} representing the type of the token.
+ * @return a reference to the {@code SecurityTokenProvider} that must be used to
handle token requests of the
+ * specified type.
+ */
+ public SecurityTokenProvider getProviderForTokenType(String tokenType);
+
+ /**
+ * <p>
+ * Obtains a {@code Map} that contains the non-standard configuration options.
+ * </p>
+ *
+ * @return a {@code Map<String, Object>} containing the additional configuration
options.
+ */
+ public Map<String, Object> getOptions();
+
+ /**
+ * <p>
+ * Obtains a reference to the {@code KeyPair} object that contains the STS {@code
PrivateKey} and {@code PublicKey}.
+ * </p>
+ *
+ * @return a reference to the STS {@code KeyPair}.
+ */
+ public KeyPair getSTSKeyPair();
+
+ /**
+ * <p>
+ * Obtains the public key of the specified service provider. The returned key is used
to encrypt issued tokens.
+ * </p>
+ *
+ * @param serviceName the name of the service provider (normally the provider URL).
+ * @return a reference to the provider's {@code PublicKey}
+ */
+ public PublicKey getServiceProviderPublicKey(String serviceName);
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityActions.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityActions.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityActions.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,108 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.security.AccessController;
+import java.security.PrivilegedAction;
+import java.security.PrivilegedActionException;
+import java.security.PrivilegedExceptionAction;
+
+/**
+ * <p>
+ * Utility class that executes actions such as creating a class in privileged blocks.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+class SecurityActions
+{
+
+ /**
+ * <p>
+ * Gets the thread context class loader using a privileged block.
+ * </p>
+ *
+ * @return a reference to the thread context {@code ClassLoader}.
+ */
+ static ClassLoader getContextClassLoader()
+ {
+ return AccessController.doPrivileged(new PrivilegedAction<ClassLoader>()
+ {
+ public ClassLoader run()
+ {
+ return Thread.currentThread().getContextClassLoader();
+ }
+ });
+ }
+
+ /**
+ * <p>
+ * Loads a class using the thread context class loader in a privileged block.
+ * </p>
+ *
+ * @param name the fully-qualified name of the class to be loaded.
+ * @return a reference to the loaded {@code Class}.
+ * @throws PrivilegedActionException if an error occurs while loading the class. This
exception wraps the real cause
+ * of the error, so classes using this method must perform a {@code
getCause()} in order to get a
+ * reference to the root of the error.
+ */
+ static Class<?> loadClass(final String name) throws PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new
PrivilegedExceptionAction<Class<?>>()
+ {
+ public Class<?> run() throws PrivilegedActionException
+ {
+ try
+ {
+ return getContextClassLoader().loadClass(name);
+ }
+ catch (Exception e)
+ {
+ throw new PrivilegedActionException(e);
+ }
+ }
+ });
+ }
+
+ /**
+ * <p>
+ * Creates an instance of the specified class in a privileged block. The class must
define a default constructor.
+ * </p>
+ *
+ * @param className the fully-qualified name of the class to be instantiated.
+ * @return a reference to the instantiated {@code Object}.
+ * @throws PrivilegedActionException if an error occurs while instantiating the class.
This exception wraps the real
+ * cause of the error, so classes using this method must perform a {@code
getCause()} in order to get a
+ * reference to the root of the error.
+ */
+ static Object instantiateClass(final String className) throws
PrivilegedActionException
+ {
+ return AccessController.doPrivileged(new PrivilegedExceptionAction<Object>()
+ {
+ public Object run() throws Exception
+ {
+ Class<?> objectClass = loadClass(className);
+ return objectClass.newInstance();
+ }
+ });
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityToken.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityToken.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityToken.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,60 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+/**
+ * <p>
+ * Interface that represents a security token.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public interface SecurityToken
+{
+
+ /**
+ * <p>
+ * Obtains the security token unique identifier.
+ * </p>
+ *
+ * @return a {@code String} representing the token id.
+ */
+ public String getTokenID();
+
+ /**
+ * <p>
+ * Obtains the type of the security token.
+ * </p>
+ *
+ * @return a {@code String} representing the security token type.
+ */
+ public String getTokenType();
+
+ /**
+ * <p>
+ * Obtains the value of the security token.
+ * </p>
+ *
+ * @return an {@code Object} representing the security token value.
+ */
+ public Object getTokenValue();
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenProvider.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenProvider.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,77 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+
+/**
+ * <p>
+ * This interface defines the methods that must be implemented by security token
providers.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public interface SecurityTokenProvider
+{
+ /**
+ * <p>
+ * Generates a security token using the information contained in the specified request
context and stores the
+ * newly-created token in the context itself.
+ * </p>
+ *
+ * @param context the {@code WSTrustRequestContext} to be used when generating the
token.
+ * @throws WSTrustException if an error occurs while creating the security token.
+ */
+ public void issueToken(WSTrustRequestContext context) throws WSTrustException;
+
+ /**
+ * <p>
+ * Renews the security token contained in the specified request context. This method
is used when a previously
+ * generated token has expired, generating a new version of the same token with
different expiration semantics.
+ * </p>
+ *
+ * @param context the {@code WSTrustRequestContext} that contains the token to be
renewed.
+ * @throws WSTrustException if an error occurs while renewing the security token.
+ */
+ public void renewToken(WSTrustRequestContext context) throws WSTrustException;
+
+ /**
+ * <p>
+ * Cancels the token contained in the specified request context. A security token is
usually canceled when one wants
+ * to make sure that the token will not be used anymore. A security token can't be
renewed once it has been canceled.
+ * </p>
+ *
+ * @param context the {@code WSTrustRequestContext} that contains the token to be
canceled.
+ * @throws WSTrustException if an error occurs while canceling the security token.
+ */
+ public void cancelToken(WSTrustRequestContext context) throws WSTrustException;
+
+ /**
+ * <p>
+ * Evaluates the validity of the token contained in the specified request context and
sets the result in the context
+ * itself. The result can be a status, a new token, or both.
+ * </p>
+ *
+ * @param context the {@code WSTrustRequestContext} that contains the token to be
validated.
+ * @throws WSTrustException if an error occurs while validating the security token.
+ */
+ public void validateToken(WSTrustRequestContext context) throws WSTrustException;
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenService.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenService.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/SecurityTokenService.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,43 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import javax.xml.transform.Source;
+import javax.xml.ws.Provider;
+
+/**
+ * <p>
+ * The {@code SecurityTokenService} (STS) interface. It extends the {@code Provider}
interface so that it can be
+ * dynamically invoked (as opposed to having a service endpoint interface).
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public interface SecurityTokenService extends Provider<Source>
+{
+ /*
+ * (non-Javadoc)
+ *
+ * @see javax.xml.ws.Provider#invoke(java.lang.Object)
+ */
+ public Source invoke(Source request);
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardRequestHandler.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,423 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.net.URI;
+import java.security.KeyPair;
+import java.security.Principal;
+import java.security.PublicKey;
+
+import javax.xml.crypto.dsig.DigestMethod;
+import javax.xml.crypto.dsig.SignatureMethod;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.util.XMLSignatureUtil;
+import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
+import org.jboss.identity.federation.ws.policy.AppliesTo;
+import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+
+/**
+ * <p>
+ * Default implementation of the {@code WSTrustRequestHandler} interface. It creates the
request context containing the
+ * original WS-Trust request as well as any information that may be relevant to the token
processing, and delegates the
+ * actual token handling processing to the appropriate {@code SecurityTokenProvider}.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class StandardRequestHandler implements WSTrustRequestHandler
+{
+ private static Logger log = Logger.getLogger(StandardRequestHandler.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private STSConfiguration configuration;
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#initialize(org.jboss.identity.federation.api.wstrust
+ * .STSConfiguration)
+ */
+ public void initialize(STSConfiguration configuration)
+ {
+ this.configuration = configuration;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#issue(org.jboss.identity.federation.api.wstrust
+ * .protocol.RequestSecurityToken, java.security.Principal)
+ */
+ public RequestSecurityTokenResponse issue(RequestSecurityToken request, Principal
callerPrincipal)
+ throws WSTrustException
+ {
+ Document rstDocument = request.getRSTDocument();
+ if( rstDocument == null)
+ throw new IllegalArgumentException("Request does not contain the DOM
Document");
+
+ SecurityTokenProvider provider = null;
+
+ // first try to obtain the security token provider using the applies-to contents.
+ AppliesTo appliesTo = request.getAppliesTo();
+ PublicKey providerPublicKey = null;
+ if (appliesTo != null)
+ {
+ String serviceName = WSTrustUtil.parseAppliesTo(appliesTo);
+ if (serviceName != null)
+ {
+ provider = this.configuration.getProviderForService(serviceName);
+
request.setTokenType(URI.create(this.configuration.getTokenTypeForService(serviceName)));
+ providerPublicKey =
this.configuration.getServiceProviderPublicKey(serviceName);
+ }
+ }
+ // if applies-to is not available or if no provider was found for the service, use
the token type.
+ if (provider == null && request.getTokenType() != null)
+ {
+ provider =
this.configuration.getProviderForTokenType(request.getTokenType().toString());
+ }
+ else if (appliesTo == null && request.getTokenType() == null)
+ throw new WSTrustException("Either AppliesTo or TokenType must be present
in a security token request");
+
+ if (provider != null)
+ {
+ // create the request context and delegate token generation to the provider.
+ WSTrustRequestContext requestContext = new WSTrustRequestContext(request,
callerPrincipal);
+ requestContext.setTokenIssuer(this.configuration.getSTSName());
+ if (request.getLifetime() == null &&
this.configuration.getIssuedTokenTimeout() != 0)
+ {
+ // if no lifetime has been specified, use the configured timeout value.
+
request.setLifetime(WSTrustUtil.createDefaultLifetime(this.configuration.getIssuedTokenTimeout()));
+ }
+ requestContext.setServiceProviderPublicKey(providerPublicKey);
+ provider.issueToken(requestContext);
+
+ if (requestContext.getSecurityToken() == null)
+ throw new WSTrustException("Token issued by provider " +
provider.getClass().getName() + " is null");
+
+ // sign the issued token if needed.
+ /*if (this.configuration.signIssuedToken() &&
this.configuration.getSTSKeyPair() != null)
+ {
+ KeyPair keyPair = this.configuration.getSTSKeyPair();
+ if (keyPair != null)
+ {
+ URI signatureURI = request.getSignatureAlgorithm();
+ String signatureMethod = signatureURI != null ? signatureURI.toString() :
SignatureMethod.RSA_SHA1;
+ try
+ {
+ Element tokenElement = (Element)
requestContext.getSecurityToken().getTokenValue();
+ XMLSignatureUtil.sign(tokenElement.getOwnerDocument(), keyPair,
DigestMethod.SHA1, signatureMethod,
+ "#" + requestContext.getSecurityToken().getTokenID());
+ if(trace)
+ {
+ try
+ {
+ log.trace("Signed Token:" +
DocumentUtil.getNodeAsString(tokenElement));
+
+ Document tokenDocument = DocumentUtil.createDocument();
+ tokenDocument.appendChild(tokenDocument.importNode(tokenElement,
true));
+ log.trace("valid=" +
XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic()));
+
+ }catch(Exception ignore){}
+ }
+ }
+ catch (Exception e)
+ {
+ throw new WSTrustException("Failed to sign security token",
e);
+ }
+ }
+ }*/
+
+ // construct the ws-trust security token response.
+ RequestedSecurityTokenType requestedSecurityToken = new
RequestedSecurityTokenType();
+
requestedSecurityToken.setAny(requestContext.getSecurityToken().getTokenValue());
+
+ // TODO: create proof token and encrypt the token if needed
+
+ RequestSecurityTokenResponse response = new RequestSecurityTokenResponse();
+ if (request.getContext() != null)
+ response.setContext(request.getContext());
+
+ response.setTokenType(request.getTokenType());
+ response.setLifetime(request.getLifetime());
+ response.setAppliesTo(appliesTo);
+ response.setRequestedSecurityToken(requestedSecurityToken);
+
+ // set the attached and unattached references.
+ if (requestContext.getAttachedReference() != null)
+
response.setRequestedAttachedReference(requestContext.getAttachedReference());
+ if (requestContext.getUnattachedReference() != null)
+
response.setRequestedUnattachedReference(requestContext.getUnattachedReference());
+
+ return response;
+ }
+ else
+ throw new WSTrustException("Unable to find a token provider for the token
request");
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#renew(org.jboss.identity.federation.api.wstrust
+ * .protocol.RequestSecurityToken, java.security.Principal)
+ */
+ public RequestSecurityTokenResponse renew(RequestSecurityToken request, Principal
callerPrincipal)
+ throws WSTrustException
+ {
+ Document rstDocument = request.getRSTDocument();
+ if( rstDocument == null)
+ throw new IllegalArgumentException("Request does not contain the DOM
Document");
+
+ SecurityTokenProvider provider = null;
+
+ // first try to obtain the security token provider using the applies-to contents.
+ AppliesTo appliesTo = request.getAppliesTo();
+ PublicKey providerPublicKey = null;
+ if (appliesTo != null)
+ {
+ String serviceName = WSTrustUtil.parseAppliesTo(appliesTo);
+ if (serviceName != null)
+ {
+ provider = this.configuration.getProviderForService(serviceName);
+
request.setTokenType(URI.create(this.configuration.getTokenTypeForService(serviceName)));
+ providerPublicKey =
this.configuration.getServiceProviderPublicKey(serviceName);
+ }
+ }
+ // if applies-to is not available or if no provider was found for the service, use
the token type.
+ if (provider == null && request.getTokenType() != null)
+ {
+ provider =
this.configuration.getProviderForTokenType(request.getTokenType().toString());
+ }
+ else if (appliesTo == null && request.getTokenType() == null)
+ throw new WSTrustException("Either AppliesTo or TokenType must be present
in a security token request");
+
+ // TODO: get the provider using the token from the request.
+ provider = this.configuration.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE);
+
+ if (provider != null)
+ {
+ // create the request context and delegate token generation to the provider.
+ WSTrustRequestContext requestContext = new WSTrustRequestContext(request,
callerPrincipal);
+ requestContext.setTokenIssuer(this.configuration.getSTSName());
+ if (request.getLifetime() == null &&
this.configuration.getIssuedTokenTimeout() != 0)
+ {
+ // if no lifetime has been specified, use the configured timeout value.
+
request.setLifetime(WSTrustUtil.createDefaultLifetime(this.configuration.getIssuedTokenTimeout()));
+ }
+ requestContext.setServiceProviderPublicKey(providerPublicKey);
+ provider.renewToken(requestContext);
+
+ if (requestContext.getSecurityToken() == null)
+ throw new WSTrustException("Token issued by provider " +
provider.getClass().getName() + " is null");
+
+
+ // construct the ws-trust security token response.
+ RequestedSecurityTokenType requestedSecurityToken = new
RequestedSecurityTokenType();
+
requestedSecurityToken.setAny(requestContext.getSecurityToken().getTokenValue());
+
+ // TODO: create proof token and encrypt the token if needed
+
+ RequestSecurityTokenResponse response = new RequestSecurityTokenResponse();
+ if (request.getContext() != null)
+ response.setContext(request.getContext());
+
+ response.setTokenType(request.getTokenType());
+ response.setLifetime(request.getLifetime());
+ response.setAppliesTo(appliesTo);
+ response.setRequestedSecurityToken(requestedSecurityToken);
+
+ // set the attached and unattached references.
+ if (requestContext.getAttachedReference() != null)
+
response.setRequestedAttachedReference(requestContext.getAttachedReference());
+ if (requestContext.getUnattachedReference() != null)
+
response.setRequestedUnattachedReference(requestContext.getUnattachedReference());
+
+ return response;
+ }
+ else
+ throw new WSTrustException("Unable to find a token provider for the token
request");
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#validate(org.jboss.identity.federation.api.wstrust
+ * .protocol.RequestSecurityToken, java.security.Principal)
+ */
+ public RequestSecurityTokenResponse validate(RequestSecurityToken request, Principal
callerPrincipal)
+ throws WSTrustException
+ {
+ Document rstDocument = request.getRSTDocument();
+ if( rstDocument == null)
+ throw new IllegalArgumentException("Request does not contain the DOM
Document");
+
+ if (request.getValidateTarget() == null)
+ throw new WSTrustException("Unable to validate token: validate target is
null");
+
+ if (request.getTokenType() == null)
+ request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
+
+ // TODO: get the provider using the token from the request.
+ SecurityTokenProvider provider =
this.configuration.getProviderForTokenType(SAMLUtil.SAML2_TOKEN_TYPE);
+ WSTrustRequestContext context = new WSTrustRequestContext(request,
callerPrincipal);
+
+ StatusType status = null;
+
+ // validate the security token digital signature.
+ if (this.configuration.signIssuedToken() &&
this.configuration.getSTSKeyPair() != null)
+ {
+ KeyPair keyPair = this.configuration.getSTSKeyPair();
+ try
+ {
+ //Element tokenElement = (Element) request.getValidateTarget().getAny();
+ Element tokenElement = request.getValidateTargetElement();
+
+ Node securityToken = tokenElement.getFirstChild();
+
+ if(trace)
+ {
+ try
+ {
+ log.trace("Going to validate:" +
DocumentUtil.getNodeAsString(securityToken));
+ }
+ catch (Exception e)
+ {
+ }
+ }
+ Document tokenDocument = DocumentUtil.createDocument();
+ Node importedNode = tokenDocument.importNode(securityToken, true);
+ tokenDocument.appendChild(importedNode);
+ if (!XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic()))
+ {
+ status = new StatusType();
+ status.setCode(WSTrustConstants.STATUS_CODE_INVALID);
+ status.setReason("Validation failure: digital signature is
invalid");
+ }
+ }
+ catch (Exception e)
+ {
+ status = new StatusType();
+ status.setCode(WSTrustConstants.STATUS_CODE_INVALID);
+ status.setReason("Validation failure: unable to verify digital
signature: " + e.getMessage());
+ }
+ }
+ // TODO: add logging statements alerting that signature validation was not
perfomed.
+
+ // if the signature is valid, then let the provider handle perform any additional
validation checks.
+ if(status == null)
+ {
+ provider.validateToken(context);
+ status = context.getStatus();
+ }
+
+ // construct and return the response.
+ RequestSecurityTokenResponse response = new RequestSecurityTokenResponse();
+ if (request.getContext() != null)
+ response.setContext(request.getContext());
+ response.setTokenType(request.getTokenType());
+ response.setStatus(status);
+
+ return response;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
+ *
org.jboss.identity.federation.api.wstrust.WSTrustRequestHandler#cancel(org.jboss.identity.federation.api.wstrust
+ * .protocol.RequestSecurityToken, java.security.Principal)
+ */
+ public RequestSecurityTokenResponse cancel(RequestSecurityToken request, Principal
callerPrincipal)
+ throws WSTrustException
+ {
+ Document rstDocument = request.getRSTDocument();
+ if( rstDocument == null)
+ throw new IllegalArgumentException("Request does not contain the DOM
Document");
+
+ // TODO: implement cancel logic.
+ throw new UnsupportedOperationException();
+ }
+
+ public Document postProcess(Document rstrDocument, RequestSecurityToken request)
throws WSTrustException
+ {
+ if(WSTrustConstants.ISSUE_REQUEST.equals(request.getRequestType().toString())
+ ||
WSTrustConstants.RENEW_REQUEST.equals(request.getRequestType().toString()))
+ {
+ rstrDocument = DocumentUtil.normalizeNamespaces(rstrDocument);
+
+ //Sign and encrypt
+ if (this.configuration.signIssuedToken() &&
this.configuration.getSTSKeyPair() != null)
+ {
+ KeyPair keyPair = this.configuration.getSTSKeyPair();
+ if (keyPair != null)
+ {
+ URI signatureURI = request.getSignatureAlgorithm();
+ String signatureMethod = signatureURI != null ? signatureURI.toString() :
SignatureMethod.RSA_SHA1;
+ try
+ {
+ Node rst =
rstrDocument.getElementsByTagNameNS(WSTrustConstants.BASE_NAMESPACE,
+ "RequestedSecurityToken").item(0);
+ Element tokenElement = (Element) rst.getFirstChild();
+ if(trace)
+ {
+ log.trace("NamespaceURI of element to be signed:"
+tokenElement.getNamespaceURI() );
+ }
+ /* XMLSignatureUtil.sign(tokenElement.getOwnerDocument(), keyPair,
DigestMethod.SHA1, signatureMethod,
+ "#" + tokenElement.getAttribute("ID"));
+ */
+ rstrDocument = XMLSignatureUtil.sign(rstrDocument, tokenElement,
keyPair,
+ DigestMethod.SHA1, signatureMethod, "#" +
tokenElement.getAttribute("ID"));
+ if(trace)
+ {
+ try
+ {
+ log.trace("Signed Token:" +
DocumentUtil.getNodeAsString(tokenElement));
+
+ Document tokenDocument = DocumentUtil.createDocument();
+ tokenDocument.appendChild(tokenDocument.importNode(tokenElement,
true));
+ log.trace("valid=" +
XMLSignatureUtil.validate(tokenDocument, keyPair.getPublic()));
+
+ }catch(Exception ignore){}
+ }
+ }
+ catch (Exception e)
+ {
+ throw new WSTrustException("Failed to sign security token",
e);
+ }
+ }
+ }
+ }
+
+ return rstrDocument;
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardSecurityToken.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardSecurityToken.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/StandardSecurityToken.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,93 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import org.w3c.dom.Element;
+
+/**
+ * <p>
+ * Standard implementation of the {@code SecurityToken} interface. This implementation
stores the issued token as an
+ * {@code Element}. The token providers are responsible for marshaling the security token
into an {@code Element}
+ * instance because the security token marshaling process falls out of the scope of the
STS (the STS only deals with
+ * WS-Trust classes and doesn't know how to marshal each specific token type).
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class StandardSecurityToken implements SecurityToken
+{
+ private final String tokenType;
+
+ private final String tokenId;
+
+ private final Element token;
+
+ /**
+ * <p>
+ * Creates an instance of {@code StandardSecurityToken} with the specified
parameters.
+ * </p>
+ *
+ * @param tokenType
+ * a {@code String} representing the type of the security token. This is
usually the same type as specified
+ * in the WS-Trust request message.
+ * @param token
+ * the security token in its {@code Element} form (i.e. the marshaled
security token).
+ * @param tokenID
+ * a {@code String} representing the id of the security token.
+ */
+ public StandardSecurityToken(String tokenType, Element token, String tokenID)
+ {
+ this.tokenType = tokenType;
+ this.tokenId = tokenID;
+ this.token = token;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenType()
+ */
+ public String getTokenType()
+ {
+ return this.tokenType;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenValue()
+ */
+ public Object getTokenValue()
+ {
+ return this.token;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.identity.federation.api.wstrust.SecurityToken#getTokenID()
+ */
+ public String getTokenID()
+ {
+ return this.tokenId;
+ }
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustConstants.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustConstants.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustConstants.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,54 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+/**
+ * <p>
+ * This class defines the constants used throughout the WS-Trust implementation code.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class WSTrustConstants
+{
+ public static final String BASE_NAMESPACE =
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
+
+ // WS-Trust request types.
+ public static final String ISSUE_REQUEST = BASE_NAMESPACE + "Issue";
+ public static final String RENEW_REQUEST = BASE_NAMESPACE + "Renew";
+ public static final String CANCEL_REQUEST = BASE_NAMESPACE + "Cancel";
+ public static final String VALIDATE_REQUEST = BASE_NAMESPACE + "Validate";
+
+ // WS-Trust validation constants.
+ public static final String STATUS_TYPE = BASE_NAMESPACE + "RSTR/Status";
+ public static final String STATUS_CODE_VALID = BASE_NAMESPACE +
"status/valid";
+ public static final String STATUS_CODE_INVALID = BASE_NAMESPACE +
"status/invalid";
+
+ // WSS namespaces values.
+ public static final String WSA_NS = "http://www.w3.org/2005/08/addressing";
+ public static final String WSU_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd";
+ public static final String WSSE_NS =
"http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd";
+ public static final String WSSE11_NS =
"http://docs.oasis-open.org/wss/oasis-wss-wssecurity-secext-1.1.xsd";
+ public static final String XENC_NS = "http://www.w3.org/2001/04/xmlenc#";
+ public static final String DSIG_NS = "http://www.w3.org/2000/09/xmldsig#";
+ public static final String SAML2_ASSERTION_NS =
"urn:oasis:names:tc:SAML:2.0:assertion";
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustException.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustException.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustException.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,61 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.security.GeneralSecurityException;
+
+/**
+ * <p>
+ * Exception used to convey that an error has happened when handling a WS-Trust request
message.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class WSTrustException extends GeneralSecurityException
+{
+ private static final long serialVersionUID = -232066282004315310L;
+
+ /**
+ * <p>
+ * Creates an instance of {@code WSTrustException} using the specified error message.
+ * </p>
+ *
+ * @param message the error message.
+ */
+ public WSTrustException(String message)
+ {
+ super(message);
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code WSTrustException} using the specified error message
and cause.
+ * </p>
+ *
+ * @param message the error message.
+ * @param cause a {@code Throwable} representing the cause of the error.
+ */
+ public WSTrustException(String message, Throwable cause)
+ {
+ super(message, cause);
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustJAXBFactory.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustJAXBFactory.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustJAXBFactory.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,412 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import javax.xml.bind.Binder;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.transform.Source;
+import javax.xml.transform.dom.DOMSource;
+
+import org.apache.log4j.Logger;
+import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.util.JAXBUtil;
+import org.jboss.identity.federation.core.wstrust.wrappers.BaseRequestSecurityToken;
+import
org.jboss.identity.federation.core.wstrust.wrappers.BaseRequestSecurityTokenResponse;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
+import
org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
+import org.jboss.identity.federation.ws.trust.ObjectFactory;
+import
org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseCollectionType;
+import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.Node;
+import org.w3c.dom.NodeList;
+
+/**
+ * <p>
+ * This factory implements utility methods for converting between JAXB model objects and
XML source.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class WSTrustJAXBFactory
+{
+ private static Logger log = Logger.getLogger(WSTrustJAXBFactory.class);
+ private boolean trace = log.isTraceEnabled();
+
+ private static final WSTrustJAXBFactory instance = new WSTrustJAXBFactory();
+
+ private Marshaller marshaller;
+
+ private Unmarshaller unmarshaller;
+
+ private Binder<Node> binder;
+
+ private final ObjectFactory objectFactory;
+
+ private ThreadLocal<SAMLDocumentHolder> holders = new
ThreadLocal<SAMLDocumentHolder>();
+
+ /**
+ * <p>
+ * Creates the {@code WSTrustJAXBFactory} singleton instance.
+ * </p>
+ */
+ private WSTrustJAXBFactory()
+ {
+ try
+ {
+ this.marshaller = JAXBUtil.getMarshaller(this.getPackages());
+ this.unmarshaller = JAXBUtil.getUnmarshaller(this.getPackages());
+ this.binder = JAXBUtil.getJAXBContext(this.getPackages()).createBinder();
+ this.objectFactory = new ObjectFactory();
+ }
+ catch (JAXBException e)
+ {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ }
+
+ /**
+ * <p>
+ * Gets a reference to the singleton instance.
+ * </p>
+ *
+ * @return a reference to the {@code WSTrustJAXBFactory} instance.
+ */
+ public static WSTrustJAXBFactory getInstance()
+ {
+ return instance;
+ }
+
+ private String getPackages()
+ {
+ StringBuilder packages = new StringBuilder();
+ packages.append("org.jboss.identity.federation.ws.addressing");
+ packages.append(":org.jboss.identity.federation.ws.policy");
+ packages.append(":org.jboss.identity.federation.ws.trust");
+ packages.append(":org.jboss.identity.federation.ws.wss.secext");
+ packages.append(":org.jboss.identity.federation.ws.wss.utility");
+ return packages.toString();
+ }
+
+ /**
+ * <p>
+ * Creates a {@code BaseRequestSecurityToken} from the specified XML source.
+ * </p>
+ *
+ * @param request
+ * the XML source containing the security token request message.
+ * @return the constructed {@code BaseRequestSecurityToken} instance. It will be an
instance of {@code
+ * RequestSecurityToken} the message contains a single token request, and an
instance of {@code
+ * RequestSecurityTokenCollection} if multiples requests are being made in the
same message.
+ * @throws ParsingException
+ */
+ @SuppressWarnings("unchecked")
+ public BaseRequestSecurityToken parseRequestSecurityToken(Source request) throws
ParsingException
+ {
+ // if the request contains a validate, cancel, or renew target, we must preserve it
from JAXB unmarshalling.
+ Node documentNode = ((DOMSource) request).getNode();
+ Document document = documentNode instanceof Document ? (Document) documentNode :
documentNode.getOwnerDocument();
+
+ JAXBElement<RequestSecurityTokenType> jaxbRST;
+ try
+ {
+ Node rst = this.findNodeByNameNS(document, "RequestSecurityToken",
WSTrustConstants.BASE_NAMESPACE);
+ if(rst == null)
+ throw new RuntimeException("Request Security Token node not
found");
+
+ jaxbRST = (JAXBElement<RequestSecurityTokenType>) binder.unmarshal(rst);
+
+ RequestSecurityTokenType rstt = jaxbRST.getValue();
+ holders.set(new SAMLDocumentHolder(rstt, document));
+ return new RequestSecurityToken(rstt);
+ }
+ catch (JAXBException e)
+ {
+ throw new ParsingException(e);
+ }
+
+
+ /*Element targetElement = this.getValidateOrRenewOrCancelTarget(document);
+
+ try
+ {
+ Object object = this.unmarshaller.unmarshal(request);
+ if (object instanceof JAXBElement)
+ {
+ JAXBElement<?> element = (JAXBElement<?>) object;
+ if (element.getDeclaredType().equals(RequestSecurityTokenType.class))
+ {
+ RequestSecurityToken parsedRequest = new
RequestSecurityToken((RequestSecurityTokenType) element
+ .getValue());
+ // insert the request target in the parsed request.
+ if (targetElement != null)
+ {
+ if (parsedRequest.getValidateTarget() != null)
+ parsedRequest.getValidateTarget().setAny(targetElement);
+ else if (parsedRequest.getRenewTarget() != null)
+ parsedRequest.getRenewTarget().setAny(targetElement);
+ else if (parsedRequest.getCancelTarget() != null)
+ parsedRequest.getCancelTarget().setAny(targetElement);
+ }
+ return parsedRequest;
+ }
+ else
+ throw new RuntimeException("Invalid request type: " +
element.getDeclaredType());
+ }
+ else
+ throw new RuntimeException("Invalid request type: " +
object.getClass().getName());
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException("Failed to unmarshall security token
request", e);
+ }*/
+ }
+
+ /**
+ * <p>
+ * Creates a {@code BaseRequestSecurityTokenResponse} from the specified XML source.
+ * </p>
+ *
+ * @param response
+ * the XML source containing the security token response message.
+ * @return the constructed {@code BaseRequestSecurityTokenResponse} instance.
According to the WS-Trust
+ * specification, the returned object will be an instance of {@code
RequestSecurityTokenResponseCollection}.
+ */
+ public BaseRequestSecurityTokenResponse parseRequestSecurityTokenResponse(Source
response)
+ {
+ // if the response contains an issued token, we must preserve it from the JAXB
unmarshalling.
+ Element tokenElement = null;
+ Node documentNode = ((DOMSource) response).getNode();
+ Document document = documentNode instanceof Document ? (Document) documentNode :
documentNode.getOwnerDocument();
+ Node requestedTokenNode = this.findNodeByNameNS(document,
"RequestedSecurityToken",
+ WSTrustConstants.BASE_NAMESPACE);
+ if (requestedTokenNode != null)
+ tokenElement = (Element) requestedTokenNode.getFirstChild();
+
+ try
+ {
+ Object object = this.unmarshaller.unmarshal(response);
+ if (object instanceof JAXBElement)
+ {
+ JAXBElement<?> element = (JAXBElement<?>)
unmarshaller.unmarshal(response);
+ if
(element.getDeclaredType().equals(RequestSecurityTokenResponseCollectionType.class))
+ {
+ RequestSecurityTokenResponseCollection collection = new
RequestSecurityTokenResponseCollection(
+ (RequestSecurityTokenResponseCollectionType) element.getValue());
+ // insert the security token in the parsed response.
+ if (tokenElement != null)
+ {
+ RequestSecurityTokenResponse parsedResponse =
collection.getRequestSecurityTokenResponses().get(0);
+ parsedResponse.getRequestedSecurityToken().setAny(tokenElement);
+ }
+ return collection;
+ }
+ else
+ throw new RuntimeException("Invalid response type: " +
element.getDeclaredType());
+ }
+ else
+ throw new RuntimeException("Invalid response type: " +
object.getClass().getName());
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException("Failed to unmarshall security token
response", e);
+ }
+ }
+
+ /**
+ * <p>
+ * Creates a {@code javax.xml.transform.Source} from the specified request object.
+ * </p>
+ *
+ * @param request
+ * a {@code RequestSecurityToken} representing the object model of the
security token request.
+ * @return the constructed {@code Source} instance.
+ */
+ public Source marshallRequestSecurityToken(RequestSecurityToken request)
+ {
+ Element targetElement = null;
+ // if the request has a validate, cancel, or renew target, we must preserve it from
JAXB marshaling.
+ String requestType = request.getRequestType().toString();
+ if (requestType.equalsIgnoreCase(WSTrustConstants.VALIDATE_REQUEST))
+ {
+ targetElement = (Element) request.getValidateTarget().getAny();
+ request.getValidateTarget().setAny(null);
+ }
+ else if (requestType.equalsIgnoreCase(WSTrustConstants.RENEW_REQUEST))
+ {
+ targetElement = (Element) request.getRenewTarget().getAny();
+ request.getRenewTarget().setAny(null);
+ }
+ else if (requestType.equalsIgnoreCase(WSTrustConstants.CANCEL_REQUEST))
+ {
+ targetElement = (Element) request.getCancelTarget().getAny();
+ request.getCancelTarget().setAny(null);
+ }
+
+ Document result = null;
+ try
+ {
+ result = DocumentUtil.createDocument();
+
this.marshaller.marshal(this.objectFactory.createRequestSecurityToken(request.getDelegate()),
result);
+
+ // insert the original target in the appropriate element.
+ if (targetElement != null)
+ {
+ Node node = null;
+ if (requestType.equalsIgnoreCase(WSTrustConstants.VALIDATE_REQUEST))
+ node = this.findNodeByNameNS(result, "ValidateTarget",
WSTrustConstants.BASE_NAMESPACE);
+ else if (requestType.equalsIgnoreCase(WSTrustConstants.RENEW_REQUEST))
+ node = this.findNodeByNameNS(result, "RenewTarget",
WSTrustConstants.BASE_NAMESPACE);
+ else if (requestType.equalsIgnoreCase(WSTrustConstants.CANCEL_REQUEST))
+ node = this.findNodeByNameNS(result, "CancelTarget",
WSTrustConstants.BASE_NAMESPACE);
+ if(node == null)
+ throw new RuntimeException("Unsupported request type:" +
requestType);
+ node.appendChild(result.importNode(targetElement, true));
+ }
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException("Failed to marshall security token
request", e);
+ }
+
+ return DocumentUtil.getXMLSource(result);
+ }
+
+ /**
+ * <p>
+ * Creates a {@code javax.xml.transform.Source} from the specified response object.
+ * </p>
+ *
+ * @param collection
+ * a {@code RequestSecurityTokenResponseCollection} representing the object
model of the security token
+ * response.
+ * @return the constructed {@code Source} instance.
+ */
+ public Source
marshallRequestSecurityTokenResponse(RequestSecurityTokenResponseCollection collection)
+ {
+ if (collection.getRequestSecurityTokenResponses().size() == 0)
+ throw new IllegalArgumentException("The response collection must contain at
least one response");
+
+ // if the response contains an issued token, we must preserve it from the JAXB
marshaling.
+ Element tokenElement = null;
+ RequestSecurityTokenResponse response =
collection.getRequestSecurityTokenResponses().get(0);
+ if (response.getRequestedSecurityToken() != null)
+ {
+ tokenElement = (Element) response.getRequestedSecurityToken().getAny();
+ // we don't want to marshall any token - it will be inserted in the DOM
document later.
+ response.getRequestedSecurityToken().setAny(null);
+ }
+
+ Document result = null;
+ try
+ {
+ // marshall the response to a document and insert the issued token directly on
the document.
+ result = DocumentUtil.createDocument();
+
this.marshaller.marshal(this.objectFactory.createRequestSecurityTokenResponseCollection(collection
+ .getDelegate()), result);
+
+ // the document is a ws-trust template - we need to insert the token in the
appropriate element.
+ if (tokenElement != null)
+ {
+ Node node = this.findNodeByNameNS(result, "RequestedSecurityToken",
WSTrustConstants.BASE_NAMESPACE);
+ node.appendChild(result.importNode(tokenElement, true));
+ }
+ if(trace)
+ {
+ try
+ {
+ log.trace("Final RSTR doc:" +
DocumentUtil.getDocumentAsString(result));
+
+ }catch(Exception ignore){}
+ }
+
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException("Failed to marshall security token
response", e);
+ }
+ return DocumentUtil.getXMLSource(result);
+ }
+
+ /**
+ * Return the {@code SAMLDocumentHolder} for the thread
+ * @return
+ */
+ public SAMLDocumentHolder getSAMLDocumentHolderOnThread()
+ {
+ return holders.get();
+ }
+
+ /**
+ * <p>
+ * Finds in the specified document a node that matches the specified name and
namespace.
+ * </p>
+ *
+ * @param document
+ * the {@code Document} instance upon which the search is made.
+ * @param localName
+ * a {@code String} containing the local name of the searched node.
+ * @param namespace
+ * a {@code String} containing the namespace of the searched node.
+ * @return a {@code Node} representing the searched node. If more than one node is
found in the document, the first
+ * one will be returned. If no nodes were found according to the search
parameters, then {@code null} is
+ * returned.
+ */
+ private Node findNodeByNameNS(Document document, String localName, String namespace)
+ {
+ NodeList list = document.getElementsByTagNameNS(namespace, localName);
+ if (list == null || list.getLength() == 0)
+ // log("Unable to locate element " + localName + " with namespace
" + namespace);
+ return null;
+ return list.item(0);
+ }
+
+ /**
+ * <p>
+ * Searches the specified document for an element that represents a validate, renew,
or cancel target.
+ * </p>
+ *
+ * @param document
+ * the {@code Document} upon which the search is to be made.
+ * @return an {@code Element} representing the validate, renew, or cancel target.
+ */
+ /*private Element getValidateOrRenewOrCancelTarget(Document document)
+ {
+ Node target = this.findNodeByNameNS(document, "ValidateTarget",
WSTrustConstants.BASE_NAMESPACE);
+ if (target != null)
+ return (Element) target.getFirstChild();
+ target = this.findNodeByNameNS(document, "RenewTarget",
WSTrustConstants.BASE_NAMESPACE);
+ if (target != null)
+ return (Element) target.getFirstChild();
+ target = this.findNodeByNameNS(document, "CancelTarget",
WSTrustConstants.BASE_NAMESPACE);
+ if (target != null)
+ return (Element) target.getFirstChild();
+ return null;
+ }*/
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestContext.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestContext.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestContext.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,247 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.security.Principal;
+import java.security.PublicKey;
+
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
+import org.jboss.identity.federation.ws.trust.StatusType;
+
+/**
+ * <p>
+ * The {@code WSTrustRequestContext} contains all the information that is relevant for
the security token request
+ * processing. Its attributes are divided into two groups: attributes set by the request
handler before calling a token
+ * provider, and attributes set by the token provider after processing the token
request.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class WSTrustRequestContext
+{
+
+ // information supplied by the request handler.
+ private String tokenIssuer;
+
+ private PublicKey providerPublicKey;
+
+ private final Principal callerPrincipal;
+
+ private final RequestSecurityToken request;
+
+ // information supplied by the token provider.
+ private SecurityToken securityToken;
+
+ private StatusType status;
+
+ private RequestedReferenceType attachedReference;
+
+ private RequestedReferenceType unattachedReference;
+
+ /**
+ * <p>
+ * Creates an instance of {@code WSTrustRequestContext} using the specified request.
+ * </p>
+ *
+ * @param request a {@code RequestSecurityToken} object that contains the information
about the security token
+ * request.
+ * @param callerPrincipal the {@code Principal} of the security token requester.
+ */
+ public WSTrustRequestContext(RequestSecurityToken request, Principal callerPrincipal)
+ {
+ this.request = request;
+ this.callerPrincipal = callerPrincipal;
+ }
+
+ /**
+ * <p>
+ * Obtains the name of the token issuer (security token service name).
+ * </p>
+ *
+ * @return a {@code String} representing the token issuer name.
+ */
+ public String getTokenIssuer()
+ {
+ return tokenIssuer;
+ }
+
+ /**
+ * <p>
+ * Sets the name of the token issuer.
+ * </p>
+ *
+ * @param tokenIssuer a {@code String} representing the token issuer name.
+ */
+ public void setTokenIssuer(String tokenIssuer)
+ {
+ this.tokenIssuer = tokenIssuer;
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code PublicKey} of the service provider that requires a security
token.
+ * </p>
+ *
+ * @return the service provider's {@code PublicKey}.
+ */
+ public PublicKey getServiceProviderPublicKey()
+ {
+ return this.providerPublicKey;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code PublicKey} of the service provider that requires a security token.
+ * </p>
+ *
+ * @param providerPublicKey the service provider's {@code PublicKey}.
+ */
+ public void setServiceProviderPublicKey(PublicKey providerPublicKey)
+ {
+ this.providerPublicKey = providerPublicKey;
+ }
+
+ /**
+ * <p>
+ * Obtains the principal of the WS-Trust token requester.
+ * </p>
+ *
+ * @return a reference to the caller {@code Principal} object.
+ */
+ public Principal getCallerPrincipal()
+ {
+ return this.callerPrincipal;
+ }
+
+ /**
+ * <p>
+ * Obtains the object the contains the information about the security token request.
+ * </p>
+ *
+ * @return a reference to the {@code RequestSecurityToken} instance.
+ */
+ public RequestSecurityToken getRequestSecurityToken()
+ {
+ return this.request;
+ }
+
+ /**
+ * <p>
+ * Obtains the security token contained in this context.
+ * </p>
+ *
+ * @return a reference to the {@code SecurityToken} instance.
+ */
+ public SecurityToken getSecurityToken()
+ {
+ return this.securityToken;
+ }
+
+ /**
+ * <p>
+ * Sets the security token in the context.
+ * </p>
+ *
+ * @param token the {@code SecurityToken} instance to be set.
+ */
+ public void setSecurityToken(SecurityToken token)
+ {
+ this.securityToken = token;
+ }
+
+ /**
+ * <p>
+ * Obtains the status of the security token validation.
+ * </p>
+ *
+ * @return a reference to the resulting {@code StatusType}.
+ */
+ public StatusType getStatus()
+ {
+ return this.status;
+ }
+
+ /**
+ * <p>
+ * Sets the status of the security token validation.
+ * </p>
+ *
+ * @param status a reference to the {@code StatusType} that represents the validation
status.
+ */
+ public void setStatus(StatusType status)
+ {
+ this.status = status;
+ }
+
+ /**
+ * <p>
+ * Obtains the security token attached reference. This reference is used to locate the
token inside the WS-Trust
+ * response message when that token doesn't support references using URI
fragments.
+ * </p>
+ *
+ * @return a {@code RequestedReferenceType} representing the attached reference.
+ */
+ public RequestedReferenceType getAttachedReference()
+ {
+ return this.attachedReference;
+ }
+
+ /**
+ * <p>
+ * Sets the security token attached reference. This reference is used to locate the
token inside the WS-Trust
+ * response message when that token doesn't support references using URI
fragments.
+ * </p>
+ *
+ * @param attachedReference a {@code RequestedReferenceType} representing the attached
reference.
+ */
+ public void setAttachedReference(RequestedReferenceType attachedReference)
+ {
+ this.attachedReference = attachedReference;
+ }
+
+ /**
+ * <p>
+ * Obtains the security token unattached reference. This reference is used to locate
the token when it is not placed
+ * inside the WS-Trust response message.
+ * </p>
+ *
+ * @return a {@code RequestedReferenceType} representing the unattached reference.
+ */
+ public RequestedReferenceType getUnattachedReference()
+ {
+ return this.unattachedReference;
+ }
+
+ /**
+ * <p>
+ * Sets the security token unattached reference. This reference is used to locate the
token when it is not placed
+ * inside the WS-Trust response message.
+ * </p>
+ *
+ * @param unattachedReference a {@code RequestedReferenceType} representing the
unattached reference.
+ */
+ public void setUnattachedReference(RequestedReferenceType unattachedReference)
+ {
+ this.unattachedReference = unattachedReference;
+ }
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestHandler.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestHandler.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustRequestHandler.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,111 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.security.Principal;
+
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
+import org.w3c.dom.Document;
+
+/**
+ * <p>
+ * The {@code WSTrustRequestHandler} interface defines the methods that will be
responsible for handling the different
+ * types of WS-Trust request messages.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public interface WSTrustRequestHandler
+{
+ /**
+ * <p>
+ * Initializes the concrete {@code WSTrustRequestHandler} instance.
+ * </p>
+ *
+ * @param configuration a reference to object that contains the STS configuration.
+ */
+ public void initialize(STSConfiguration configuration);
+
+ /**
+ * <p>
+ * Generates a security token according to the information specified in the request
message and returns the created
+ * token in the response.
+ * </p>
+ *
+ * @param request the security token request message.
+ * @param callerPrincipal the {@code Principal} of the ws-trust token requester.
+ * @return a {@code RequestSecurityTokenResponse} containing the generated token.
+ * @throws WSTrustException if an error occurs while handling the request message.
+ */
+ public RequestSecurityTokenResponse issue(RequestSecurityToken request, Principal
callerPrincipal)
+ throws WSTrustException;
+
+ /**
+ * <p>
+ * Renews the security token as specified in the request message, returning the
renewed token in the response.
+ * </p>
+ *
+ * @param request the request message that contains the token to be renewed.
+ * @param callerPrincipal the {@code Principal} of the ws-trust token requester.
+ * @return a {@code RequestSecurityTokenResponse} containing the renewed token.
+ * @throws WSTrustException if an error occurs while handling the renewal process.
+ */
+ public RequestSecurityTokenResponse renew(RequestSecurityToken request, Principal
callerPrincipal)
+ throws WSTrustException;
+
+ /**
+ * <p>
+ * Cancels the security token as specified in the request message.
+ * </p>
+ *
+ * @param request the request message that contains the token to be canceled.
+ * @param callerPrincipal the {@code Principal} of the ws-trust token requester.
+ * @return a {@code RequestSecurityTokenResponse} indicating whether the token has
been canceled or not.
+ * @throws WSTrustException if an error occurs while handling the cancellation
process.
+ */
+ public RequestSecurityTokenResponse cancel(RequestSecurityToken request, Principal
callerPrincipal)
+ throws WSTrustException;
+
+ /**
+ * <p>
+ * Validates the security token as specified in the request message.
+ * </p>
+ *
+ * @param request the request message that contains the token to be validated.
+ * @param callerPrincipal the {@code Principal} of the ws-trust token requester.
+ * @return a {@code RequestSecurityTokenResponse} containing the validation status or
a new token.
+ * @throws WSTrustException if an error occurs while handling the validation process.
+ */
+ public RequestSecurityTokenResponse validate(RequestSecurityToken request, Principal
callerPrincipal)
+ throws WSTrustException;
+
+ /**
+ * Perform Post Processing on the generated RSTR Collection Document
+ * Steps such as signing and encryption need to be done here.
+ * @param rstrDocument
+ * @param request
+ * @return
+ * @throws WSTrustException
+ */
+ public Document postProcess(Document rstrDocument, RequestSecurityToken request)
throws WSTrustException;
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustServiceFactory.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustServiceFactory.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustServiceFactory.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,102 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.security.PrivilegedActionException;
+
+/**
+ * <p>
+ * Factory class used for instantiating pluggable services, such as the {@code
WSTrustRequestHandler} and
+ * {@code SecurityTokenProvider} implementations.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class WSTrustServiceFactory
+{
+
+ private static final WSTrustServiceFactory factory = new WSTrustServiceFactory();
+
+ /**
+ * <p>
+ * Creates the {@code WSTrustConfigurationFactory} singleton instance.
+ * </p>
+ */
+ private WSTrustServiceFactory()
+ {
+ }
+
+ /**
+ * <p>
+ * Obtains a reference to the singleton instance.
+ * </p>
+ *
+ * @return the {@code WSTrustConfigurationFactory} singleton.
+ */
+ public static WSTrustServiceFactory getInstance()
+ {
+ return factory;
+ }
+
+ /**
+ * <p>
+ * Constructs and returns the {@code WSTrustRequestHandler} that will be used to
handle WS-Trust requests.
+ * </p>
+ *
+ * @param configuration a reference to the {@code STSConfiguration}.
+ * @return a reference to the constructed {@code WSTrustRequestHandler} object.
+ */
+ public WSTrustRequestHandler createRequestHandler(String handlerClassName,
STSConfiguration configuration)
+ {
+ try
+ {
+ WSTrustRequestHandler handler = (WSTrustRequestHandler)
SecurityActions.instantiateClass(handlerClassName);
+ handler.initialize(configuration);
+ return handler;
+ }
+ catch (Exception e)
+ {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ }
+
+ /**
+ * <p>
+ * Constructs and returns a {@code SecurityTokenProvider} from the specified class
name.
+ * </p>
+ *
+ * @param providerClass the FQN of the {@code SecurityTokenProvider} to be
instantiated.
+ * @return a reference to the constructed {@code SecurityTokenProvider} object.
+ */
+ public SecurityTokenProvider createTokenProvider(String providerClass)
+ {
+ try
+ {
+ SecurityTokenProvider tokenProvider = (SecurityTokenProvider)
SecurityActions.instantiateClass(providerClass);
+ return tokenProvider;
+ }
+ catch (PrivilegedActionException pae)
+ {
+ throw new RuntimeException("Unable to instantiate token provider " +
providerClass, pae);
+ }
+ }
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustUtil.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/WSTrustUtil.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,157 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust;
+
+import java.util.GregorianCalendar;
+import java.util.Map;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.namespace.QName;
+
+import org.jboss.identity.federation.core.wstrust.wrappers.Lifetime;
+import org.jboss.identity.federation.ws.addressing.AttributedURIType;
+import org.jboss.identity.federation.ws.addressing.EndpointReferenceType;
+import org.jboss.identity.federation.ws.addressing.ObjectFactory;
+import org.jboss.identity.federation.ws.policy.AppliesTo;
+import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
+import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType;
+import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType;
+
+/**
+ * <p>
+ * Utility class that provides methods for parsing/creating WS-Trust elements.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class WSTrustUtil
+{
+
+ /**
+ * <p>
+ * Creates an instance of {@code KeyIdentifierType} with the specified values.
+ * </p>
+ *
+ * @param valueType a {@code String} representing the identifier value type.
+ * @param value a {@code String} representing the identifier value.
+ * @return the constructed {@code KeyIdentifierType} instance.
+ */
+ public static KeyIdentifierType createKeyIdentifier(String valueType, String value)
+ {
+ KeyIdentifierType keyIdentifier = new KeyIdentifierType();
+ keyIdentifier.setValueType(valueType);
+ keyIdentifier.setValue(value);
+ return keyIdentifier;
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestedReferenceType} with the specified values.
This method first creates a
+ * {@code SecurityTokenReferenceType} with the specified key identifier and attributes
and then use this reference
+ * to construct the {@code RequestedReferenceType} that is returned.
+ * </p>
+ *
+ * @param keyIdentifier the key identifier of the security token reference.
+ * @param attributes the attributes to be set on the security token reference.
+ * @return the constructed {@code RequestedReferenceType} instance.
+ */
+ public static RequestedReferenceType createRequestedReference(KeyIdentifierType
keyIdentifier,
+ Map<QName, String> attributes)
+ {
+ SecurityTokenReferenceType securityTokenReference = new
SecurityTokenReferenceType();
+ securityTokenReference.getAny().add(
+ new
org.jboss.identity.federation.ws.wss.secext.ObjectFactory().createKeyIdentifier(keyIdentifier));
+ securityTokenReference.getOtherAttributes().putAll(attributes);
+ RequestedReferenceType reference = new RequestedReferenceType();
+ reference.setSecurityTokenReference(securityTokenReference);
+
+ return reference;
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code AppliesTo} using the specified endpoint address.
+ * </p>
+ *
+ * @param endpointURI a {@code String} representing the endpoint URI.
+ * @return the constructed {@code AppliesTo} instance.
+ */
+ public static AppliesTo createAppliesTo(String endpointURI)
+ {
+ AttributedURIType attributedURI = new AttributedURIType();
+ attributedURI.setValue(endpointURI);
+ EndpointReferenceType reference = new EndpointReferenceType();
+ reference.setAddress(attributedURI);
+ AppliesTo appliesTo = new AppliesTo();
+ appliesTo.getAny().add(new ObjectFactory().createEndpointReference(reference));
+
+ return appliesTo;
+ }
+
+ /**
+ * <p>
+ * Parses the contents of the {@code AppliesTo} element and returns the address the
uniquely identify the service
+ * provider.
+ * </p>
+ *
+ * @param appliesTo the {@code AppliesTo} instance to be parsed.
+ * @return the address of the service provider.
+ */
+ public static String parseAppliesTo(AppliesTo appliesTo)
+ {
+ EndpointReferenceType reference = null;
+ for (Object obj : appliesTo.getAny())
+ {
+ if (obj instanceof EndpointReferenceType)
+ reference = (EndpointReferenceType) obj;
+ else if (obj instanceof JAXBElement)
+ {
+ JAXBElement<?> element = (JAXBElement<?>) obj;
+ if
(element.getName().getLocalPart().equalsIgnoreCase("EndpointReference"))
+ reference = (EndpointReferenceType) element.getValue();
+ }
+
+ if (reference != null && reference.getAddress() != null)
+ return reference.getAddress().getValue();
+ }
+ return null;
+ }
+
+ /**
+ * <p>
+ * Creates a {@code Lifetime} instance that specifies a range of time that starts at
the current GMT time and has
+ * the specified duration in milliseconds.
+ * </p>
+ *
+ * @param tokenTimeout the token timeout value (in milliseconds).
+ * @return the constructed {@code Lifetime} instance.
+ */
+ public static Lifetime createDefaultLifetime(long tokenTimeout)
+ {
+ GregorianCalendar created = new GregorianCalendar();
+ GregorianCalendar expires = new GregorianCalendar();
+ expires.setTimeInMillis(created.getTimeInMillis() + tokenTimeout);
+
+ return new Lifetime(created, expires);
+ }
+
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAML20TokenProvider.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,242 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.plugins.saml;
+
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.namespace.QName;
+
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
+import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.jboss.identity.federation.core.wstrust.SecurityToken;
+import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider;
+import org.jboss.identity.federation.core.wstrust.StandardSecurityToken;
+import org.jboss.identity.federation.core.wstrust.WSTrustConstants;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.jboss.identity.federation.core.wstrust.WSTrustRequestContext;
+import org.jboss.identity.federation.core.wstrust.WSTrustUtil;
+import org.jboss.identity.federation.core.wstrust.wrappers.Lifetime;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType;
+import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
+import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
+import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType;
+import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
+import org.jboss.identity.federation.ws.policy.AppliesTo;
+import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.jboss.identity.federation.ws.trust.ValidateTargetType;
+import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType;
+import org.w3c.dom.Element;
+
+/**
+ * <p>
+ * A {@code SecurityTokenProvider} implementation that handles WS-Trust SAML 2.0 token
requests.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class SAML20TokenProvider implements SecurityTokenProvider
+{
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
+ */
+ public void cancelToken(WSTrustRequestContext context) throws WSTrustException
+ {
+ // TODO: implement cancel logic.
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
+ */
+ public void issueToken(WSTrustRequestContext context) throws WSTrustException
+ {
+ // generate an id for the new assertion.
+ String assertionID = IDGenerator.create("ID_");
+
+ issueToken(context, assertionID);
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
+ */
+ public void renewToken(WSTrustRequestContext context) throws WSTrustException
+ {
+ Element assertion = (Element)
context.getRequestSecurityToken().getRenewTarget().getAny();
+
+ String id = assertion.getAttribute("ID");
+
+ issueToken(context, id); //Just reissue
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
+ */
+ @SuppressWarnings("unchecked")
+ public void validateToken(WSTrustRequestContext context) throws WSTrustException
+ {
+ // get the SAML assertion that must be validated.
+ ValidateTargetType validateTarget =
context.getRequestSecurityToken().getValidateTarget();
+ if(validateTarget == null)
+ throw new WSTrustException("Invalid validate message: missing required
ValidateTarget");
+
+ String code = WSTrustConstants.STATUS_CODE_VALID;
+ String reason = "SAMLV2.0 Assertion successfuly validated";
+
+ AssertionType assertion = null;
+
+ Object assertionObj = validateTarget.getAny();
+ if(assertionObj instanceof JAXBElement)
+ {
+ JAXBElement<AssertionType> assertionType =
(JAXBElement<AssertionType>) validateTarget.getAny();
+ assertion = assertionType.getValue();
+ }
+ else if(assertionObj instanceof Element)
+ {
+ Element assertionElement = (Element) assertionObj;
+
+ if(!this.isAssertion(assertionElement))
+ {
+ code = WSTrustConstants.STATUS_CODE_INVALID;
+ reason = "Validation failure: supplied token is not a SAMLV2.0
Assertion";
+ }
+ else
+ {
+ try
+ {
+ assertion = SAMLUtil.fromElement((Element) assertionObj);
+ }
+ catch (JAXBException e)
+ {
+ throw new WSTrustException("Unmarshalling error:",e);
+ }
+ }
+ }
+
+ // check the assertion lifetime.
+ try
+ {
+ if(AssertionUtil.hasExpired(assertion))
+ {
+ code = WSTrustConstants.STATUS_CODE_INVALID;
+ reason = "Validation failure: assertion expired or used before its
lifetime period";
+ }
+ }
+ catch(Exception ce)
+ {
+ code = WSTrustConstants.STATUS_CODE_INVALID;
+ reason = "Validation failure: unable to verify assertion lifetime: " +
ce.getMessage();
+ }
+
+ // construct the status and set it on the request context.
+ StatusType status = new StatusType();
+ status.setCode(code);
+ status.setReason(reason);
+ context.setStatus(status);
+ }
+
+ /**
+ * <p>
+ * Checks whether the specified element is a SAMLV2.0 assertion or not.
+ * </p>
+ *
+ * @param element the {@code Element} being verified.
+ * @return {@code true} if the element is a SAMLV2.0 assertion; {@code false}
otherwise.
+ */
+ private boolean isAssertion(Element element)
+ {
+ return element == null ? false :
"Assertion".equals(element.getLocalName())
+ &&
WSTrustConstants.SAML2_ASSERTION_NS.equals(element.getNamespaceURI());
+ }
+
+ /**
+ * Issue a SAML assertion token with the provided ID
+ * @param context
+ * @param assertionID
+ * @throws WSTrustException
+ */
+ private void issueToken(WSTrustRequestContext context, String assertionID) throws
WSTrustException
+ {
+ // lifetime and audience restrictions.
+ Lifetime lifetime = context.getRequestSecurityToken().getLifetime();
+ AudienceRestrictionType restriction = null;
+ AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo();
+ if (appliesTo != null)
+ restriction =
SAMLAssertionFactory.createAudienceRestriction(WSTrustUtil.parseAppliesTo(appliesTo));
+ ConditionsType conditions =
SAMLAssertionFactory.createConditions(lifetime.getCreated(), lifetime.getExpires(),
+ restriction);
+
+ // TODO: implement support for the other confirmation methods.
+ String confirmationMethod = SAMLUtil.SAML2_BEARER_URI;
+ SubjectConfirmationType subjectConfirmation =
SAMLAssertionFactory.createSubjectConfirmation(null,
+ confirmationMethod, null);
+
+ // create a subject using the caller principal.
+ Principal principal = context.getCallerPrincipal();
+ String subjectName = principal == null ? "ANONYMOUS" :
principal.getName();
+ NameIDType nameID = SAMLAssertionFactory.createNameID(null,
"urn:jboss:identity-federation", subjectName);
+ SubjectType subject = SAMLAssertionFactory.createSubject(nameID,
subjectConfirmation);
+
+ // TODO: add SAML statements that corresponds to the claims provided by the
requester.
+
+ // create the SAML assertion.
+ NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null,
context.getTokenIssuer());
+ AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID,
issuerID, lifetime.getCreated(),
+ conditions, subject, null);
+
+ // convert the constructed assertion to element.
+ Element assertionElement = null;
+ try
+ {
+ assertionElement = SAMLUtil.toElement(assertion);
+ }
+ catch (Exception e)
+ {
+ throw new WSTrustException("Failed to marshall SAMLV2 assertion", e);
+ }
+
+ SecurityToken token = new
StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(),
+ assertionElement, assertionID);
+ context.setSecurityToken(token);
+
+ // set the SAML assertion attached reference.
+ KeyIdentifierType keyIdentifier =
WSTrustUtil.createKeyIdentifier(SAMLUtil.SAML2_VALUE_TYPE, "#" + assertionID);
+ Map<QName, String> attributes = new HashMap<QName, String>();
+ attributes.put(new QName(WSTrustConstants.WSSE11_NS, "TokenType"),
SAMLUtil.SAML2_TOKEN_TYPE);
+ RequestedReferenceType attachedReference =
WSTrustUtil.createRequestedReference(keyIdentifier, attributes);
+ context.setAttachedReference(attachedReference);
+ }
+}
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,105 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.plugins.saml;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.JAXBException;
+import javax.xml.bind.Marshaller;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.transform.dom.DOMResult;
+
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.util.JAXBUtil;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.ObjectFactory;
+import org.w3c.dom.DOMConfiguration;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+
+/**
+ * <p>
+ * This class contains utility methods and constants that are used by the SAML token
providers.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class SAMLUtil
+{
+
+ public static final String SAML2_BEARER_URI =
"urn:oasis:names:tc:SAML:2.0:cm:bearer";
+
+ public static final String SAML2_TOKEN_TYPE =
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0";
+
+ public static final String SAML2_VALUE_TYPE =
"http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID";
+
+ /**
+ * <p>
+ * Utility method that marshals the specified {@code AssertionType} object into an
{@code Element} instance.
+ * </p>
+ *
+ * @param assertion
+ * an {@code AssertionType} object representing the SAML assertion to be
marshaled.
+ * @return a reference to the {@code Element} that contains the marshaled SAML
assertion.
+ * @throws Exception
+ * if an error occurs while marshaling the assertion.
+ */
+ public static Element toElement(AssertionType assertion) throws Exception
+ {
+ Document document = DocumentUtil.createDocument();
+ DOMResult result = new DOMResult(document);
+ Marshaller marshaller =
JAXBUtil.getMarshaller("org.jboss.identity.federation.saml.v2.assertion");
+ marshaller.marshal(new ObjectFactory().createAssertion(assertion), result);
+
+ // normalize the document to remove unused namespaces.
+ DOMConfiguration docConfig = document.getDomConfig();
+ docConfig.setParameter("namespaces", Boolean.TRUE);
+ docConfig.setParameter("namespace-declarations", Boolean.FALSE);
+ document.normalizeDocument();
+
+ return document.getDocumentElement();
+ }
+
+ /**
+ * <p>
+ * Utility method that unmarshals the specified {@code Element} into an {@code
AssertionType} instance.
+ * </p>
+ *
+ * @param assertionElement
+ * the {@code Element} that contains the marshaled SAMLV2.0 assertion.
+ * @return a reference to the unmarshaled {@code AssertionType} instance.
+ * @throws JAXBException if an error occurs while unmarshalling the document.
+ */
+ public static AssertionType fromElement(Element assertionElement) throws
JAXBException
+ {
+ Unmarshaller unmarshaller =
JAXBUtil.getUnmarshaller("org.jboss.identity.federation.saml.v2.assertion");
+ Object object = unmarshaller.unmarshal(assertionElement);
+ if (object instanceof AssertionType)
+ return (AssertionType) object;
+ else if (object instanceof JAXBElement)
+ {
+ JAXBElement<?> element = (JAXBElement<?>) object;
+ if (element.getDeclaredType().equals(AssertionType.class))
+ return (AssertionType) element.getValue();
+ }
+ throw new IllegalArgumentException("Supplied document does not contain a
SAMLV2.0 Assertion");
+ }
+}
Copied:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityToken.java
(from rev 757,
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityToken.java)
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityToken.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityToken.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,33 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.wrappers;
+
+/**
+ * <p>
+ * Marker interface for the request security token types.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public interface BaseRequestSecurityToken
+{
+}
Copied:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityTokenResponse.java
(from rev 757,
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/BaseRequestSecurityTokenResponse.java)
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityTokenResponse.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/BaseRequestSecurityTokenResponse.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,33 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.wrappers;
+
+/**
+ * <p>
+ * Marker interface for the security token response types.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public interface BaseRequestSecurityTokenResponse
+{
+}
Copied:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/Lifetime.java
(from rev 757,
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/Lifetime.java)
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/Lifetime.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/Lifetime.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,236 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.wrappers;
+
+import java.util.GregorianCalendar;
+
+import javax.xml.datatype.DatatypeConfigurationException;
+import javax.xml.datatype.DatatypeFactory;
+import javax.xml.datatype.XMLGregorianCalendar;
+
+import org.jboss.identity.federation.ws.trust.LifetimeType;
+import org.jboss.identity.federation.ws.wss.utility.AttributedDateTime;
+
+/**
+ * <p>
+ * This class represents a WS-Trust {@code Lifetime}. It wraps the JAXB {@code
LifetimeType} and offer methods that
+ * allows for easy retrieval of the creation and expiration times as {@code
XMLGregorianCalendar} and
+ * {@code GregorianCalendar} objects.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class Lifetime
+{
+
+ private final LifetimeType delegate;
+
+ private XMLGregorianCalendar created;
+
+ private XMLGregorianCalendar expires;
+
+ private DatatypeFactory factory;
+
+ /**
+ * <p>
+ * Creates an instance of {@code Lifetime} with the specified parameters.
+ * </p>
+ *
+ * @param created a {@code GregorianCalendar} representing the token creation time.
+ * @param expires a {@code GregorianCalendar} representing the token expiration time.
+ */
+ public Lifetime(GregorianCalendar created, GregorianCalendar expires)
+ {
+ try
+ {
+ this.factory = DatatypeFactory.newInstance();
+ }
+ catch (DatatypeConfigurationException dce)
+ {
+ throw new RuntimeException("Unable to get DatatypeFactory instance",
dce);
+ }
+
+ // normalize the parameters (convert to UTC).
+ this.created = factory.newXMLGregorianCalendar(created).normalize();
+ this.expires = factory.newXMLGregorianCalendar(expires).normalize();
+
+ // set the delegate fields.
+ this.delegate = new LifetimeType();
+ AttributedDateTime dateTime = new AttributedDateTime();
+ dateTime.setValue(this.created.toXMLFormat());
+ this.delegate.setCreated(dateTime);
+ dateTime = new AttributedDateTime();
+ dateTime.setValue(this.expires.toXMLFormat());
+ this.delegate.setExpires(dateTime);
+
+ }
+
+ /**
+ * <p>
+ * Creates a {@code Lifetime} instance using the specified {@code LifetimeType}.
+ * </p>
+ *
+ * @param lifetime a reference to the {@code LifetimeType} instance that contains the
information used in the
+ * {@code Lifetime} construction.
+ */
+ public Lifetime(LifetimeType lifetime)
+ {
+ if (lifetime == null)
+ throw new IllegalArgumentException("Unable to create a Lifetime object from
a null LifetimeType");
+
+ try
+ {
+ this.factory = DatatypeFactory.newInstance();
+ }
+ catch (DatatypeConfigurationException dce)
+ {
+ throw new RuntimeException("Unable to get DatatypeFactory instance",
dce);
+ }
+ this.delegate = lifetime;
+
+ // construct the created and expires instances from the lifetime object.
+ this.created = factory.newXMLGregorianCalendar(lifetime.getCreated().getValue());
+ this.expires = factory.newXMLGregorianCalendar(lifetime.getExpires().getValue());
+
+ // check if the supplied lifetime needs to be normalized.
+ if (this.created.getTimezone() != 0)
+ {
+ this.created = this.created.normalize();
+ this.delegate.getCreated().setValue(this.created.toXMLFormat());
+ }
+ if (this.expires.getTimezone() != 0)
+ {
+ this.expires = this.expires.normalize();
+ this.delegate.getExpires().setValue(this.expires.toXMLFormat());
+ }
+ }
+
+ /**
+ * <p>
+ * Obtains the creation time as a {@code XMLGregorianCalendar}.
+ * </p>
+ *
+ * @return a reference to the {@code XMLGregorianCalendar} that represents the
creation time.
+ */
+ public XMLGregorianCalendar getCreated()
+ {
+ return this.created;
+ }
+
+ /**
+ * <p>
+ * Sets the creation time.
+ * </p>
+ *
+ * @param created a reference to the {@code XMLGregorianCalendar} that represents the
creation time to be set.
+ */
+ public void setCreated(XMLGregorianCalendar created)
+ {
+ this.created = created.normalize();
+ this.delegate.getCreated().setValue(this.created.toXMLFormat());
+ }
+
+ /**
+ * <p>
+ * Obtains the creation time as a {@code GregorianCalendar}.
+ * </p>
+ *
+ * @return a reference to the {@code GregorianCalendar} that represents the creation
time.
+ */
+ public GregorianCalendar getCreatedCalendar()
+ {
+ return this.created.toGregorianCalendar();
+ }
+
+ /**
+ * <p>
+ * Sets the creation time.
+ * </p>
+ *
+ * @param created a reference to the {@code GregorianCalendar} that represents the
creation time to be set.
+ */
+ public void setCreatedCalendar(GregorianCalendar created)
+ {
+ this.setCreated(this.factory.newXMLGregorianCalendar(created));
+ }
+
+ /**
+ * <p>
+ * Obtains the expiration time as a {@code XMLGregorianCalendar}.
+ * </p>
+ *
+ * @return a reference to the {@code XMLGregorianCalendar} that represents the
expiration time.
+ */
+ public XMLGregorianCalendar getExpires()
+ {
+ return this.expires;
+ }
+
+ /**
+ * <p>
+ * Sets the expiration time.
+ * </p>
+ *
+ * @param expires a reference to the {@code XMLGregorianCalendar} that represents the
expiration time.
+ */
+ public void setExpires(XMLGregorianCalendar expires)
+ {
+ this.expires = expires.normalize();
+ this.delegate.getExpires().setValue(this.expires.toXMLFormat());
+ }
+
+ /**
+ * <p>
+ * Obtains the expiration time as a {@code GregorianCalendar}.
+ * </p>
+ *
+ * @return a reference to the {@code GregorianCalendar} that represents the expiration
time.
+ */
+ public GregorianCalendar getExpiresCalendar()
+ {
+ return this.expires.toGregorianCalendar();
+ }
+
+ /**
+ * <p>
+ * Sets the expiration time.
+ * </p>
+ *
+ * @param expires a reference to the {@code GregorianCalendar} that represents the
expiration time.
+ */
+ public void setExpiresCalendar(GregorianCalendar expires)
+ {
+ this.setExpires(this.factory.newXMLGregorianCalendar(expires));
+ }
+
+ /**
+ * <p>
+ * Obtains a reference to the {@code LifetimeType} delegate.
+ * </p>
+ *
+ * @return a reference to the delegate instance.
+ */
+ public LifetimeType getDelegate()
+ {
+ return this.delegate;
+ }
+}
Copied:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityToken.java
(from rev 757,
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityToken.java)
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityToken.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityToken.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,1139 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.wrappers;
+
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.namespace.QName;
+
+import org.jboss.identity.federation.ws.addressing.EndpointReferenceType;
+import org.jboss.identity.federation.ws.policy.AppliesTo;
+import org.jboss.identity.federation.ws.policy.Policy;
+import org.jboss.identity.federation.ws.policy.PolicyReference;
+import org.jboss.identity.federation.ws.trust.AllowPostdatingType;
+import org.jboss.identity.federation.ws.trust.CancelTargetType;
+import org.jboss.identity.federation.ws.trust.ClaimsType;
+import org.jboss.identity.federation.ws.trust.DelegateToType;
+import org.jboss.identity.federation.ws.trust.EncryptionType;
+import org.jboss.identity.federation.ws.trust.EntropyType;
+import org.jboss.identity.federation.ws.trust.LifetimeType;
+import org.jboss.identity.federation.ws.trust.ObjectFactory;
+import org.jboss.identity.federation.ws.trust.OnBehalfOfType;
+import org.jboss.identity.federation.ws.trust.ProofEncryptionType;
+import org.jboss.identity.federation.ws.trust.RenewTargetType;
+import org.jboss.identity.federation.ws.trust.RenewingType;
+import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType;
+import org.jboss.identity.federation.ws.trust.UseKeyType;
+import org.jboss.identity.federation.ws.trust.ValidateTargetType;
+import org.w3c.dom.Document;
+import org.w3c.dom.Element;
+import org.w3c.dom.NodeList;
+
+/**
+ * <p>
+ * This class represents a WS-Trust {@code RequestSecurityToken}. It wraps the JAXB
representation of the security
+ * token request and offers a series of getter/setter methods that make it easy to work
with elements that are
+ * represented by the {@code Any} XML type.
+ * </p>
+ * <p>
+ * The following shows the intended content model of a {@code RequestSecurityToken}:
+ *
+ * <pre>
+ * <xs:element ref='wst:TokenType' minOccurs='0' />
+ * <xs:element ref='wst:RequestType' />
+ * <xs:element ref='wsp:AppliesTo' minOccurs='0' />
+ * <xs:element ref='wst:Claims' minOccurs='0' />
+ * <xs:element ref='wst:Entropy' minOccurs='0' />
+ * <xs:element ref='wst:Lifetime' minOccurs='0' />
+ * <xs:element ref='wst:AllowPostdating' minOccurs='0'
/>
+ * <xs:element ref='wst:Renewing' minOccurs='0' />
+ * <xs:element ref='wst:OnBehalfOf' minOccurs='0' />
+ * <xs:element ref='wst:Issuer' minOccurs='0' />
+ * <xs:element ref='wst:AuthenticationType' minOccurs='0'
/>
+ * <xs:element ref='wst:KeyType' minOccurs='0' />
+ * <xs:element ref='wst:KeySize' minOccurs='0' />
+ * <xs:element ref='wst:SignatureAlgorithm' minOccurs='0'
/>
+ * <xs:element ref='wst:Encryption' minOccurs='0' />
+ * <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0'
/>
+ * <xs:element ref='wst:CanonicalizationAlgorithm'
minOccurs='0' />
+ * <xs:element ref='wst:ProofEncryption' minOccurs='0'
/>
+ * <xs:element ref='wst:UseKey' minOccurs='0' />
+ * <xs:element ref='wst:SignWith' minOccurs='0' />
+ * <xs:element ref='wst:EncryptWith' minOccurs='0' />
+ * <xs:element ref='wst:DelegateTo' minOccurs='0' />
+ * <xs:element ref='wst:Forwardable' minOccurs='0' />
+ * <xs:element ref='wst:Delegatable' minOccurs='0' />
+ * <xs:element ref='wsp:Policy' minOccurs='0' />
+ * <xs:element ref='wsp:PolicyReference' minOccurs='0'
/>
+ * <xs:any namespace='##other' processContents='lax'
minOccurs='0' maxOccurs='unbounded' />
+ * </pre>
+ *
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class RequestSecurityToken implements BaseRequestSecurityToken
+{
+
+ private final RequestSecurityTokenType delegate;
+
+ private URI tokenType;
+
+ private URI requestType;
+
+ private AppliesTo appliesTo;
+
+ private ClaimsType claims;
+
+ private EntropyType entropy;
+
+ private Lifetime lifetime;
+
+ private AllowPostdatingType allowPostDating;
+
+ private RenewingType renewing;
+
+ private OnBehalfOfType onBehalfOf;
+
+ private EndpointReferenceType issuer;
+
+ private URI authenticationType;
+
+ private URI keyType;
+
+ private long keySize;
+
+ private URI signatureAlgorithm;
+
+ private EncryptionType encryption;
+
+ private URI encryptionAlgorithm;
+
+ private URI canonicalizationAlgorithm;
+
+ private ProofEncryptionType proofEncryption;
+
+ private UseKeyType useKey;
+
+ private URI signWith;
+
+ private URI encryptWith;
+
+ private DelegateToType delegateTo;
+
+ private boolean forwardable;
+
+ private boolean delegatable;
+
+ private Policy policy;
+
+ private PolicyReference policyReference;
+
+ private ValidateTargetType validateTarget;
+
+ private RenewTargetType renewTarget;
+
+ private CancelTargetType cancelTarget;
+
+ private final List<Object> extensionElements = new ArrayList<Object>();
+
+ private final ObjectFactory factory = new ObjectFactory();
+
+ private Document rstDocument;
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityToken}.
+ * </p>
+ */
+ public RequestSecurityToken()
+ {
+ this.delegate = new RequestSecurityTokenType();
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityToken} using the specified delegate.
+ * </p>
+ *
+ * @param delegate the JAXB {@code RequestSecurityTokenType} that represents a
WS-Trust token request.
+ */
+ public RequestSecurityToken(RequestSecurityTokenType delegate)
+ {
+ this.delegate = delegate;
+ // parse the delegate's Any contents.
+ for (Object obj : this.delegate.getAny())
+ {
+ if (obj instanceof AppliesTo)
+ {
+ this.appliesTo = (AppliesTo) obj;
+ }
+ else if (obj instanceof Policy)
+ {
+ this.policy = (Policy) obj;
+ }
+ else if (obj instanceof PolicyReference)
+ {
+ this.policyReference = (PolicyReference) obj;
+ }
+ else if (obj instanceof JAXBElement)
+ {
+ JAXBElement<?> element = (JAXBElement<?>) obj;
+ String localName = element.getName().getLocalPart();
+ if (localName.equalsIgnoreCase("TokenType"))
+ this.tokenType = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("RequestType"))
+ this.requestType = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("Claims"))
+ this.claims = (ClaimsType) element.getValue();
+ else if (localName.equalsIgnoreCase("Entropy"))
+ this.entropy = (EntropyType) element.getValue();
+ else if (localName.equalsIgnoreCase("Lifetime"))
+ this.lifetime = new Lifetime((LifetimeType) element.getValue());
+ else if (localName.equalsIgnoreCase("AllowPostdating"))
+ this.allowPostDating = (AllowPostdatingType) element.getValue();
+ else if (localName.equalsIgnoreCase("Renewing"))
+ this.renewing = (RenewingType) element.getValue();
+ else if (localName.equalsIgnoreCase("OnBehalfOf"))
+ this.onBehalfOf = (OnBehalfOfType) element.getValue();
+ else if (localName.equalsIgnoreCase("Issuer"))
+ this.issuer = (EndpointReferenceType) element.getValue();
+ else if (localName.equalsIgnoreCase("AuthenticationType"))
+ this.authenticationType = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("KeyType"))
+ this.keyType = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("KeySize"))
+ this.keySize = (Long) element.getValue();
+ else if (localName.equalsIgnoreCase("SignatureAlgorithm"))
+ this.signatureAlgorithm = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("Encryption"))
+ this.encryption = (EncryptionType) element.getValue();
+ else if (localName.equalsIgnoreCase("EntropyAlgorithm"))
+ this.encryptionAlgorithm = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("CanonicalizationAlgorithm"))
+ this.canonicalizationAlgorithm = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("ProofEncryption"))
+ this.proofEncryption = (ProofEncryptionType) element.getValue();
+ else if (localName.equalsIgnoreCase("UseKey"))
+ this.useKey = (UseKeyType) element.getValue();
+ else if (localName.equalsIgnoreCase("SignWith"))
+ this.signWith = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("EncryptWith"))
+ this.encryptWith = URI.create((String) element.getValue());
+ else if (localName.equalsIgnoreCase("DelegateTo"))
+ this.delegateTo = (DelegateToType) element.getValue();
+ else if (localName.equalsIgnoreCase("Forwardable"))
+ this.forwardable = (Boolean) element.getValue();
+ else if (localName.equalsIgnoreCase("Delegatable"))
+ this.delegatable = (Boolean) element.getValue();
+ else if (localName.equalsIgnoreCase("CancelTarget"))
+ this.cancelTarget = (CancelTargetType) element.getValue();
+ else if (localName.equalsIgnoreCase("RenewTarget"))
+ this.renewTarget = (RenewTargetType) element.getValue();
+ else if (localName.equalsIgnoreCase("ValidateTarget"))
+ this.validateTarget = (ValidateTargetType) element.getValue();
+ else
+ this.extensionElements.add(element.getValue());
+ }
+ else
+ {
+ this.extensionElements.add(obj);
+ }
+ }
+ }
+
+ /**
+ * Creates an instance of {@code RequestSecurityTokenType} and {@code Document}
+ * @param delegate
+ * @param rstDocument
+ */
+ public RequestSecurityToken(RequestSecurityTokenType delegate, Document rstDocument)
+ {
+ this(delegate);
+ this.rstDocument = rstDocument;
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code URI} that identifies the token type.
+ * </p>
+ *
+ * @return a {@code URI} that represents the token type.
+ */
+ public URI getTokenType()
+ {
+ return this.tokenType;
+ }
+
+ /**
+ * <p>
+ * Sets the token type.
+ * </p>
+ *
+ * @param tokenType a {@code URI} that identifies the token type.
+ */
+ public void setTokenType(URI tokenType)
+ {
+ this.tokenType = tokenType;
+ this.delegate.getAny().add(this.factory.createTokenType(tokenType.toString()));
+
+ }
+
+ /**
+ * <p>
+ * Obtains the request type.
+ * </p>
+ *
+ * @return a {@code URI} that identifies the request type.
+ */
+ public URI getRequestType()
+ {
+ return this.requestType;
+ }
+
+ /**
+ * <p>
+ * Sets the request type. The type must be one of the request types described in the
WS-Trust specification.
+ * </p>
+ *
+ * @param requestType a {@code URI} that identifies the request type.
+ */
+ public void setRequestType(URI requestType)
+ {
+ this.requestType = requestType;
+
this.delegate.getAny().add(this.factory.createRequestType(requestType.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code AppliesTo} value of this request. The {@code AppliesTo} object
identifies the service provider
+ * (web service) that requires a token to be presented by clients. A STS uses this
object to find the type of the
+ * token that is accepted by the service provider so that it can issue appropriate
tokens to clients.
+ * </p>
+ *
+ * @return the reference to the {@code AppliesTo} object.
+ */
+ public AppliesTo getAppliesTo()
+ {
+ return this.appliesTo;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code AppliesTo} value of this request. The {@code AppliesTo} object
identifies the service provider
+ * (web service) that requires a token to be presented by clients. A STS uses this
object to find the type of the
+ * token that is accepted by the service provider so that it can issue appropriate
tokens to clients.
+ * </p>
+ *
+ * @param appliesTo a reference to the {@code AppliesTo} object that identifies the
service provider.
+ */
+ public void setAppliesTo(AppliesTo appliesTo)
+ {
+ this.appliesTo = appliesTo;
+ this.delegate.getAny().add(appliesTo);
+ }
+
+ /**
+ * <p>
+ * Obtains the set of claims of this request.
+ * </p>
+ *
+ * @return a reference to the {@code ClaimsType} object that represents the
request's claims.
+ */
+ public ClaimsType getClaims()
+ {
+ return this.claims;
+ }
+
+ /**
+ * <p>
+ * Sets the claims of this request.
+ * </p>
+ *
+ * @param claims the {@code ClaimsType} object that represents the claims to be set.
+ */
+ public void setClaims(ClaimsType claims)
+ {
+ this.claims = claims;
+ this.delegate.getAny().add(this.factory.createClaims(claims));
+ }
+
+ /**
+ * <p>
+ * Obtains the entropy that will be used in creating the key.
+ * </p>
+ *
+ * @return a reference to the {@code EntropyType} that represents the entropy.
+ */
+ public EntropyType getEntropy()
+ {
+ return this.entropy;
+ }
+
+ /**
+ * <p>
+ * Sets the entropy that must be used when creating the key.
+ * </p>
+ *
+ * @param entropy the {@code EntropyType} representing the entropy to be set.
+ */
+ public void setEntropy(EntropyType entropy)
+ {
+ this.entropy = entropy;
+ this.delegate.getAny().add(this.factory.createEntropy(entropy));
+ }
+
+ /**
+ * <p>
+ * Obtains the desired lifetime of the requested token.
+ * </p>
+ *
+ * @return a reference to the {@code Lifetime} that represents the lifetime.
+ */
+ public Lifetime getLifetime()
+ {
+ return this.lifetime;
+ }
+
+ /**
+ * <p>
+ * Sets the desired lifetime of the requested token.
+ * </p>
+ *
+ * @param lifetime the {@code Lifetime} object representing the lifetime to be set.
+ */
+ public void setLifetime(Lifetime lifetime)
+ {
+ this.lifetime = lifetime;
+ this.delegate.getAny().add(this.factory.createLifetime(lifetime.getDelegate()));
+ }
+
+ /**
+ * <p>
+ * Checks whether a request for a postdated token should be allowed or not.
+ * </p>
+ *
+ * @return {@code null} if the token can't have a future lifetime (e.g. a token to
be used the next day); a
+ * {@code AllowPostdatingType} otherwise.
+ */
+ public AllowPostdatingType getAllowPostDating()
+ {
+ return this.allowPostDating;
+ }
+
+ /**
+ * <p>
+ * Specifies whether a request for a postdated token should be allowed or not.
+ * </p>
+ *
+ * @param allowPostDating {@code null} if the token can't have a future lifetime
(e.g. a token to be used the next
+ * day); a {@code AllowPostdatingType} otherwise.
+ */
+ public void setAllowPostDating(AllowPostdatingType allowPostDating)
+ {
+ this.allowPostDating = allowPostDating;
+ this.delegate.getAny().add(this.factory.createAllowPostdating(allowPostDating));
+ }
+
+ /**
+ * <p>
+ * Obtains the renew semantics for this request.
+ * </p>
+ *
+ * @return a reference to the {@code RenewingType} that represents the renew semantics
for this request.
+ */
+ public RenewingType getRenewing()
+ {
+ return this.renewing;
+ }
+
+ /**
+ * <p>
+ * Sets the renew semantics for this request.
+ * </p>
+ *
+ * @param renewing the {@code RenewingType} object representing the semantics to be
set.
+ */
+ public void setRenewing(RenewingType renewing)
+ {
+ this.renewing = renewing;
+ this.delegate.getAny().add(this.factory.createRenewing(renewing));
+ }
+
+ /**
+ * <p>
+ * Obtains the identity on whose behalf this request was made.
+ * </p>
+ *
+ * @return a reference to the {@code OnBehalfOfType} that represents the identity on
whose behalf this request was
+ * made.
+ */
+ public OnBehalfOfType getOnBehalfOf()
+ {
+ return this.onBehalfOf;
+ }
+
+ /**
+ * <p>
+ * Specifies the identity on whose behalf this request is being made.
+ * </p>
+ *
+ * @param onBehalfOf the {@code OnBehalfOfType} object representing the identity to be
set.
+ */
+ public void setOnBehalfOf(OnBehalfOfType onBehalfOf)
+ {
+ this.onBehalfOf = onBehalfOf;
+ this.delegate.getAny().add(this.factory.createOnBehalfOf(onBehalfOf));
+ }
+
+ /**
+ * <p>
+ * Obtains the issuer of the token included in the request in the scenarios where the
requestor is obtaining a token
+ * on behalf of another party.
+ * </p>
+ *
+ * @return a reference to the {@code EndpointReferenceType} that represents the
issuer.
+ */
+ public EndpointReferenceType getIssuer()
+ {
+ return this.issuer;
+ }
+
+ /**
+ * <p>
+ * Sets the issuer of the token included in the request in scenarios where the
requestor is obtaining a token on
+ * behalf of another party.
+ * </p>
+ *
+ * @param issuer the {@code EndpointReferenceType} object representing the issuer to
be set.
+ */
+ public void setIssuer(EndpointReferenceType issuer)
+ {
+ this.issuer = issuer;
+ this.delegate.getAny().add(this.factory.createIssuer(issuer));
+ }
+
+ /**
+ * <p>
+ * Obtains the type of authentication that has been set as part of the request.
+ * </p>
+ *
+ * @return a {@code URI} that identifies the desired authentication type.
+ */
+ public URI getAuthenticationType()
+ {
+ return this.authenticationType;
+ }
+
+ /**
+ * <p>
+ * Sets the authentication type in the request.
+ * </p>
+ *
+ * @param authenticationType a {@code URI} that identifies the authentication type to
be set.
+ */
+ public void setAuthenticationType(URI authenticationType)
+ {
+ this.authenticationType = authenticationType;
+
this.delegate.getAny().add(this.factory.createAuthenticationType(authenticationType.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the type of the key that has been set in the request.
+ * </p>
+ *
+ * @return a {@code URI} that identifies the key type.
+ */
+ public URI getKeyType()
+ {
+ return this.keyType;
+ }
+
+ /**
+ * <p>
+ * Sets the key type in the request.
+ * </p>
+ *
+ * @param keyType a {@code URI} that specifies the key type.
+ */
+ public void setKeyType(URI keyType)
+ {
+ this.keyType = keyType;
+ this.delegate.getAny().add(this.factory.createKeyType(keyType.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the size of they key that has been set in the request.
+ * </p>
+ *
+ * @return a {@code long} representing the key size in bytes.
+ */
+ public long getKeySize()
+ {
+ return this.keySize;
+ }
+
+ /**
+ * <p>
+ * Sets the size of the key in the request.
+ * </p>
+ *
+ * @param keySize a {@code long} representing the key size in bytes.
+ */
+ public void setKeySize(long keySize)
+ {
+ this.keySize = keySize;
+ this.delegate.getAny().add(this.factory.createKeySize(keySize));
+ }
+
+ /**
+ * <p>
+ * Obtains the signature algorithm that has been set in the request.
+ * </p>
+ *
+ * @return a {@code URI} that represents the signature algorithm.
+ */
+ public URI getSignatureAlgorithm()
+ {
+ return this.signatureAlgorithm;
+ }
+
+ /**
+ * <p>
+ * Sets the signature algorithm in the request.
+ * </p>
+ *
+ * @param signatureAlgorithm a {@code URI} that represents the algorithm to be set.
+ */
+ public void setSignatureAlgorithm(URI signatureAlgorithm)
+ {
+ this.signatureAlgorithm = signatureAlgorithm;
+
this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signatureAlgorithm.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code Encryption} section of the request. The {@code Encryption}
element indicates that the requestor
+ * desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @return a reference to the {@code EncryptionType} object.
+ */
+ public EncryptionType getEncryption()
+ {
+ return this.encryption;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code Encryption} section of the request. The {@code Encryption} element
indicates that the requestor
+ * desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @param encryption the {@code EncryptionType} to be set.
+ */
+ public void setEncryption(EncryptionType encryption)
+ {
+ this.encryption = encryption;
+ this.delegate.getAny().add(this.factory.createEncryption(encryption));
+ }
+
+ /**
+ * <p>
+ * Obtains the encryption algorithm that has been set in the request.
+ * </p>
+ *
+ * @return a {@code URI} that represents the encryption algorithm.
+ */
+ public URI getEncryptionAlgorithm()
+ {
+ return this.encryptionAlgorithm;
+ }
+
+ /**
+ * <p>
+ * Sets the encryption algorithm in the request.
+ * </p>
+ *
+ * @param encryptionAlgorithm a {@code URI} that represents the encryption algorithm
to be set.
+ */
+ public void setEncryptionAlgorithm(URI encryptionAlgorithm)
+ {
+ this.encryptionAlgorithm = encryptionAlgorithm;
+
this.delegate.getAny().add(this.factory.createEncryptionAlgorithm(encryptionAlgorithm.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the canonicalization algorithm that has been set in the request.
+ * </p>
+ *
+ * @return a {@code URI} that represents the canonicalization algorithm.
+ */
+ public URI getCanonicalizationAlgorithm()
+ {
+ return this.canonicalizationAlgorithm;
+ }
+
+ /**
+ * <p>
+ * Sets the canonicalization algorithm in the request.
+ * </p>
+ *
+ * @param canonicalizationAlgorithm a {@code URI} that represents the algorithm to be
set.
+ */
+ public void setCanonicalizationAlgorithm(URI canonicalizationAlgorithm)
+ {
+ this.canonicalizationAlgorithm = canonicalizationAlgorithm;
+
this.delegate.getAny().add(this.factory.createCanonicalizationAlgorithm(canonicalizationAlgorithm.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code ProofEncryption} section of the request. The {@code
ProofEncryption} indicates that the
+ * requester desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @return a reference to the {@code ProofEncryptionType} object.
+ */
+ public ProofEncryptionType getProofEncryption()
+ {
+ return this.proofEncryption;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code ProofEncryption} section of the request. The {@code
ProofEncryption} indicates that the requester
+ * desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @param proofEncryption the {@code ProofEncryptionType} to be set.
+ */
+ public void setProofEncryption(ProofEncryptionType proofEncryption)
+ {
+ this.proofEncryption = proofEncryption;
+ this.delegate.getAny().add(this.factory.createProofEncryption(proofEncryption));
+ }
+
+ /**
+ * <p>
+ * Obtains the key that should be used in the returned token.
+ * </p>
+ *
+ * @return a reference to the {@code UseKeyType} instance that represents the key to
be used.
+ */
+ public UseKeyType getUseKey()
+ {
+ return this.useKey;
+ }
+
+ /**
+ * <p>
+ * Sets the key that should be used in the returned token.
+ * </p>
+ *
+ * @param useKey the {@code UseKeyType} instance to be set.
+ */
+ public void setUseKey(UseKeyType useKey)
+ {
+ this.useKey = useKey;
+ this.delegate.getAny().add(this.factory.createUseKey(useKey));
+ }
+
+ /**
+ * <p>
+ * Obtains the signature algorithm that should be used with the issued security
token.
+ * </p>
+ *
+ * @return a {@code URI} representing the algorithm that should be used.
+ */
+ public URI getSignWith()
+ {
+ return this.signWith;
+ }
+
+ /**
+ * <p>
+ * Sets the signature algorithm that should be used with the issued security token.
+ * </p>
+ *
+ * @param signWith a {@code URI} representing the algorithm to be used.
+ */
+ public void setSignWith(URI signWith)
+ {
+ this.signWith = signWith;
+
this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signWith.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the encryption algorithm that should be used with the issued security
token.
+ * </p>
+ *
+ * @return a {@code URI} representing the encryption algorithm that should be used.
+ */
+ public URI getEncryptWith()
+ {
+ return this.encryptWith;
+ }
+
+ /**
+ * <p>
+ * Sets the encryption algorithm that should be used with the issued security token.
+ * </p>
+ *
+ * @param encryptWith a {@code URI} representing the algorithm to be used.
+ */
+ public void setEncryptWith(URI encryptWith)
+ {
+ this.encryptWith = encryptWith;
+
this.delegate.getAny().add(this.factory.createEncryptWith(encryptWith.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the identity to which the requested token should be delegated.
+ * </p>
+ *
+ * @return a reference to the {@code DelegateToType} instance that represents the
identity.
+ */
+ public DelegateToType getDelegateTo()
+ {
+ return this.delegateTo;
+ }
+
+ /**
+ * <p>
+ * Sets the identity to which the requested token should be delegated.
+ * </p>
+ *
+ * @param delegateTo the {@code DelegateToType} object representing the identity to be
set.
+ */
+ public void setDelegateTo(DelegateToType delegateTo)
+ {
+ this.delegateTo = delegateTo;
+ this.delegate.getAny().add(this.factory.createDelegateTo(delegateTo));
+ }
+
+ /**
+ * <p>
+ * Indicates whether the requested token should be marked as "forwardable"
or not. In general, this flag is used when
+ * a token is normally bound to the requestor's machine or service. Using this
flag, the returned token MAY be used
+ * from any source machine so long as the key is correctly proven.
+ * </p>
+ *
+ * @return {@code true} if the requested token should be marked as
"forwardable"; {@code false} otherwise.
+ */
+ public boolean isForwardable()
+ {
+ return this.forwardable;
+ }
+
+ /**
+ * <p>
+ * Specifies whether the requested token should be marked as "forwardable"
or not. In general, this flag is used when
+ * a token is normally bound to the requestor's machine or service. Using this
flag, the returned token MAY be used
+ * from any source machine so long as the key is correctly proven.
+ * </p>
+ *
+ * @param forwardable {@code true} if the requested token should be marked as
"forwardable"; {@code false} otherwise.
+ */
+ public void setForwardable(boolean forwardable)
+ {
+ this.forwardable = forwardable;
+ this.delegate.getAny().add(this.factory.createForwardable(forwardable));
+ }
+
+ /**
+ * <p>
+ * Indicates whether the requested token should be marked as "delegatable"
or not. Using this flag, the returned
+ * token MAY be delegated to another party.
+ * </p>
+ *
+ * @return {@code true} if the requested token should be marked as
"delegatable"; {@code false} otherwise.
+ */
+ public boolean isDelegatable()
+ {
+ return this.delegatable;
+ }
+
+ /**
+ * <p>
+ * Specifies whether the requested token should be marked as "delegatable"
or not. Using this flag, the returned
+ * token MAY be delegated to another party.
+ * </p>
+ *
+ * @param delegatable {@code true} if the requested token should be marked as
"delegatable"; {@code false} otherwise.
+ */
+ public void setDelegatable(boolean delegatable)
+ {
+ this.delegatable = delegatable;
+ this.delegate.getAny().add(this.factory.createDelegatable(delegatable));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code Policy} associated with the request. The policy specifies
defaults that can be overridden by
+ * the previous properties.
+ * </p>
+ *
+ * @return a reference to the {@code Policy} that has been set in the request.
+ */
+ public Policy getPolicy()
+ {
+ return this.policy;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code Policy} in the request. The policy specifies defaults that can be
overridden by the previous
+ * properties.
+ * </p>
+ *
+ * @param policy the {@code Policy} instance to be set.
+ */
+ public void setPolicy(Policy policy)
+ {
+ this.policy = policy;
+ this.delegate.getAny().add(policy);
+ }
+
+ /**
+ * <p>
+ * Obtains the reference to the {@code Policy} that should be used.
+ * </p>
+ *
+ * @return a {@code PolicyReference} that specifies where the {@code Policy} can be
found.
+ */
+ public PolicyReference getPolicyReference()
+ {
+ return this.policyReference;
+ }
+
+ /**
+ * <p>
+ * Sets the reference to the {@code Policy} that should be used.
+ * </p>
+ *
+ * @param policyReference the {@code PolicyReference} object to be set.
+ */
+ public void setPolicyReference(PolicyReference policyReference)
+ {
+ this.policyReference = policyReference;
+ this.delegate.getAny().add(policyReference);
+ }
+
+ /**
+ * <p>
+ * Obtains the list of request elements that are not part of the standard content
model.
+ * </p>
+ *
+ * @return a {@code List<Object>} containing the extension elements.
+ */
+ public List<Object> getExtensionElements()
+ {
+ return Collections.unmodifiableList(this.extensionElements);
+ }
+
+ /**
+ * <p>
+ * Obtains the request context.
+ * </p>
+ *
+ * @return a {@code String} that identifies the request.
+ */
+ public String getContext()
+ {
+ return this.delegate.getContext();
+ }
+
+ /**
+ * <p>
+ * Sets the request context.
+ * </p>
+ *
+ * @param context a {@code String} that identifies the request.
+ */
+ public void setContext(String context)
+ {
+ this.delegate.setContext(context);
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code CancelTarget} section of the request. This element identifies
the token that is to be canceled.
+ * </p>
+ *
+ * @return a reference to the {@code CancelTargetType} that represents the {@code
CancelTarget} section of the
+ * WS-Trust cancel request.
+ */
+ public CancelTargetType getCancelTarget()
+ {
+ return this.cancelTarget;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code CancelTarget} section of the request. This element identifies the
token that is to be canceled.
+ * </p>
+ *
+ * @param cancelTarget a reference to the {@code CancelTargetType} that identifies the
token that must be canceled.
+ */
+ public void setCancelTarget(CancelTargetType cancelTarget)
+ {
+ this.cancelTarget = cancelTarget;
+ this.delegate.getAny().add(this.factory.createCancelTarget(cancelTarget));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code RenewTarget} section of the request. This element identifies the
token that is to be renewed.
+ * </p>
+ *
+ * @return a reference to the {@code RenewTargetType} that represents the {@code
RenewTarget} section of the WS-Trust
+ * renew request.
+ */
+ public RenewTargetType getRenewTarget()
+ {
+ return this.renewTarget;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code RenewTarget} section of the request. This element identifies the
token that is to be renewed.
+ * </p>
+ *
+ * @param renewTarget a reference to the {@code RenewTargetType} that identifies the
token that must be renewed.
+ */
+ public void setRenewTarget(RenewTargetType renewTarget)
+ {
+ this.renewTarget = renewTarget;
+ this.delegate.getAny().add(this.factory.createRenewTarget(renewTarget));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code ValidateTarget} section of the request. This element identifies
the token that is to be
+ * validated.
+ * </p>
+ *
+ * @return a reference to the {@code ValidateTargetType} that represents the {@code
ValidateTarget} section of the
+ * WS-Trust validate request.
+ */
+ public ValidateTargetType getValidateTarget()
+ {
+ return this.validateTarget;
+ }
+
+ /**
+ * Return the element in the document that represents
+ * the validate type
+ * @return
+ */
+ public Element getValidateTargetElement()
+ {
+ if(rstDocument == null)
+ throw new IllegalStateException("RST Document is null");
+
+ String ns = "http://docs.oasis-open.org/ws-sx/ws-trust/200512/";
+ String localPart = "ValidateTarget";
+
+ NodeList nodeList = rstDocument.getElementsByTagNameNS(ns,localPart);
+ if(nodeList != null && nodeList.getLength() > 0)
+ return (Element) nodeList.item(0);
+ else
+ return null;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code ValidateTarged} section of the request. This elements identifies
the token that is to be
+ * validated.
+ * </p>
+ *
+ * @param validateTarget a reference to the {@code ValidateTargetType} that identifies
the token that must be
+ * validated.
+ */
+ public void setValidateTarget(ValidateTargetType validateTarget)
+ {
+ this.validateTarget = validateTarget;
+ this.delegate.getAny().add(this.factory.createValidateTarget(validateTarget));
+ }
+
+ /**
+ * <p>
+ * Obtains a map that contains attributes that aren't bound to any typed property
on the request. This is a live
+ * reference, so attributes can be added/changed/removed directly. For this reason,
there is no setter method.
+ * </p>
+ *
+ * @return a {@code Map<QName, String>} that contains the attributes.
+ */
+ public Map<QName, String> getOtherAttributes()
+ {
+ return this.delegate.getOtherAttributes();
+ }
+
+ /**
+ * <p>
+ * Gets a reference to the list that holds all request element values.
+ * </p>
+ *
+ * @return a {@code List<Object>} containing all values specified in the
request.
+ */
+ public List<Object> getAny()
+ {
+ return this.delegate.getAny();
+ }
+
+ /**
+ * <p>
+ * Obtains a reference to the {@code RequestSecurityTokenType} delegate.
+ * </p>
+ *
+ * @return a reference to the delegate instance.
+ */
+ public RequestSecurityTokenType getDelegate()
+ {
+ return this.delegate;
+ }
+
+ /**
+ * Get the {@code Document} document representing the request
+ * @return
+ */
+ public Document getRSTDocument()
+ {
+ return this.rstDocument;
+ }
+
+ public void setRSTDocument(Document rstDocument)
+ {
+ this.rstDocument = rstDocument;
+ }
+}
\ No newline at end of file
Copied:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenCollection.java
(from rev 757,
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenCollection.java)
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenCollection.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenCollection.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,122 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.wrappers;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import org.jboss.identity.federation.ws.trust.RequestSecurityTokenCollectionType;
+import org.jboss.identity.federation.ws.trust.RequestSecurityTokenType;
+
+/**
+ * <p>
+ * This class represents a WS-Trust {@code RequestSecurityTokenCollection}. It wraps the
JAXB representation of the
+ * security token collection request.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class RequestSecurityTokenCollection implements BaseRequestSecurityToken
+{
+
+ private final RequestSecurityTokenCollectionType delegate;
+
+ private final List<RequestSecurityToken> requestSecurityTokens;
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityTokenCollection}.
+ * </p>
+ */
+ public RequestSecurityTokenCollection()
+ {
+ this.requestSecurityTokens = new ArrayList<RequestSecurityToken>();
+ this.delegate = new RequestSecurityTokenCollectionType();
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityTokenCollection} using the specified
delegate.
+ * </p>
+ *
+ * @param delegate the JAXB {@code RequestSecurityTokenCollectionType} that represents
a WS-Trust request collection.
+ */
+ public RequestSecurityTokenCollection(RequestSecurityTokenCollectionType delegate)
+ {
+ this.delegate = delegate;
+ this.requestSecurityTokens = new ArrayList<RequestSecurityToken>();
+ for (RequestSecurityTokenType request : delegate.getRequestSecurityToken())
+ this.requestSecurityTokens.add(new RequestSecurityToken(request));
+ }
+
+ /**
+ * <p>
+ * Obtains the collection of {@code RequestSecurityToken} objects. The returned
collection is immutable, so addition
+ * or removal of requests must be carried by the appropriate add/remove methods.
+ * </p>
+ *
+ * @return a {@code List<RequestSecurityToken>} containing the token requests.
+ */
+ public List<RequestSecurityToken> getRequestSecurityTokens()
+ {
+ return Collections.unmodifiableList(this.requestSecurityTokens);
+ }
+
+ /**
+ * <p>
+ * Adds the specified {@code RequestSecurityToken} object to the collection of token
requests.
+ * </p>
+ *
+ * @param request the {@code RequestSecurityToken} to be added.
+ */
+ public void addRequestSecurityToken(RequestSecurityToken request)
+ {
+ this.delegate.getRequestSecurityToken().add(request.getDelegate());
+ this.requestSecurityTokens.add(request);
+ }
+
+ /**
+ * <p>
+ * Removes the specified {@code RequestSecurityToken} object from the collection of
token requests.
+ * </p>
+ *
+ * @param request the {@code RequestSecurityToken} to be removed.
+ */
+ public void removeRequestSecurityToken(RequestSecurityToken request)
+ {
+ this.delegate.getRequestSecurityToken().remove(request.getDelegate());
+ this.requestSecurityTokens.remove(request);
+ }
+
+ /**
+ * <p>
+ * Obtains a reference to the {@code RequestSecurityTokenCollectionType} delegate.
+ * </p>
+ *
+ * @return a reference to the delegate instance.
+ */
+ public RequestSecurityTokenCollectionType getDelegate()
+ {
+ return this.delegate;
+ }
+}
Copied:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponse.java
(from rev 757,
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponse.java)
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponse.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponse.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,1159 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.wrappers;
+
+import java.net.URI;
+import java.net.URISyntaxException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+import java.util.Map;
+
+import javax.xml.bind.JAXBElement;
+import javax.xml.namespace.QName;
+
+import org.jboss.identity.federation.ws.addressing.EndpointReferenceType;
+import org.jboss.identity.federation.ws.policy.AppliesTo;
+import org.jboss.identity.federation.ws.policy.Policy;
+import org.jboss.identity.federation.ws.policy.PolicyReference;
+import org.jboss.identity.federation.ws.trust.AllowPostdatingType;
+import org.jboss.identity.federation.ws.trust.AuthenticatorType;
+import org.jboss.identity.federation.ws.trust.DelegateToType;
+import org.jboss.identity.federation.ws.trust.EncryptionType;
+import org.jboss.identity.federation.ws.trust.EntropyType;
+import org.jboss.identity.federation.ws.trust.LifetimeType;
+import org.jboss.identity.federation.ws.trust.ObjectFactory;
+import org.jboss.identity.federation.ws.trust.OnBehalfOfType;
+import org.jboss.identity.federation.ws.trust.ProofEncryptionType;
+import org.jboss.identity.federation.ws.trust.RenewingType;
+import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseType;
+import org.jboss.identity.federation.ws.trust.RequestedProofTokenType;
+import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
+import org.jboss.identity.federation.ws.trust.RequestedSecurityTokenType;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.jboss.identity.federation.ws.trust.UseKeyType;
+
+/**
+ * <p>
+ * This class represents a WS-Trust {@code RequestSecurityTokenResponse}. It wraps the
JAXB representation of the
+ * security token response and offers a series of getter/setter methods that make it easy
to work with elements that are
+ * represented by the {@code Any} XML type.
+ * </p>
+ * <p>
+ * The following shows the intended content model of a {@code
RequestSecurityTokenResponse}:
+ *
+ * <pre>
+ * <xs:element ref='wst:TokenType' minOccurs='0' />
+ * <xs:element ref='wst:RequestType' />
+ * <xs:element ref='wst:RequestedSecurityToken' minOccurs='0'
/>
+ * <xs:element ref='wsp:AppliesTo' minOccurs='0' />
+ * <xs:element ref='wst:RequestedAttachedReference'
minOccurs='0' />
+ * <xs:element ref='wst:RequestedUnattachedReference'
minOccurs='0' />
+ * <xs:element ref='wst:RequestedProofToken' minOccurs='0'
/>
+ * <xs:element ref='wst:Entropy' minOccurs='0' />
+ * <xs:element ref='wst:Lifetime' minOccurs='0' />
+ * <xs:element ref='wst:Status' minOccurs='0' />
+ * <xs:element ref='wst:AllowPostdating' minOccurs='0'
/>
+ * <xs:element ref='wst:Renewing' minOccurs='0' />
+ * <xs:element ref='wst:OnBehalfOf' minOccurs='0' />
+ * <xs:element ref='wst:Issuer' minOccurs='0' />
+ * <xs:element ref='wst:AuthenticationType' minOccurs='0'
/>
+ * <xs:element ref='wst:Authenticator' minOccurs='0' />
+ * <xs:element ref='wst:KeyType' minOccurs='0' />
+ * <xs:element ref='wst:KeySize' minOccurs='0' />
+ * <xs:element ref='wst:SignatureAlgorithm' minOccurs='0'
/>
+ * <xs:element ref='wst:Encryption' minOccurs='0' />
+ * <xs:element ref='wst:EncryptionAlgorithm' minOccurs='0'
/>
+ * <xs:element ref='wst:CanonicalizationAlgorithm'
minOccurs='0' />
+ * <xs:element ref='wst:ProofEncryption' minOccurs='0'
/>
+ * <xs:element ref='wst:UseKey' minOccurs='0' />
+ * <xs:element ref='wst:SignWith' minOccurs='0' />
+ * <xs:element ref='wst:EncryptWith' minOccurs='0' />
+ * <xs:element ref='wst:DelegateTo' minOccurs='0' />
+ * <xs:element ref='wst:Forwardable' minOccurs='0' />
+ * <xs:element ref='wst:Delegatable' minOccurs='0' />
+ * <xs:element ref='wsp:Policy' minOccurs='0' />
+ * <xs:element ref='wsp:PolicyReference' minOccurs='0'
/>
+ * <xs:any namespace='##other' processContents='lax'
minOccurs='0' maxOccurs='unbounded' />
+ * </pre>
+ *
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+/**
+ * <p>
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class RequestSecurityTokenResponse implements BaseRequestSecurityTokenResponse
+{
+
+ private final RequestSecurityTokenResponseType delegate;
+
+ private URI tokenType;
+
+ private URI requestType;
+
+ private RequestedSecurityTokenType requestedSecurityToken;
+
+ private AppliesTo appliesTo;
+
+ private RequestedReferenceType requestedAttachedReference;
+
+ private RequestedReferenceType requestedUnattachedReference;
+
+ private RequestedProofTokenType requestedProofToken;
+
+ private EntropyType entropy;
+
+ private Lifetime lifetime;
+
+ private StatusType status;
+
+ private AllowPostdatingType allowPostDating;
+
+ private RenewingType renewing;
+
+ private OnBehalfOfType onBehalfOf;
+
+ private EndpointReferenceType issuer;
+
+ private URI authenticationType;
+
+ private AuthenticatorType authenticator;
+
+ private URI keyType;
+
+ private long keySize;
+
+ private URI signatureAlgorithm;
+
+ private EncryptionType encryption;
+
+ private URI encryptionAlgorithm;
+
+ private URI canonicalizationAlgorithm;
+
+ private ProofEncryptionType proofEncryption;
+
+ private UseKeyType useKey;
+
+ private URI signWith;
+
+ private URI encryptWith;
+
+ private DelegateToType delegateTo;
+
+ private boolean forwardable;
+
+ private boolean delegatable;
+
+ private Policy policy;
+
+ private PolicyReference policyReference;
+
+ private final List<Object> extensionElements = new ArrayList<Object>();
+
+ private final ObjectFactory factory = new ObjectFactory();
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityTokenResponse}.
+ * </p>
+ */
+ public RequestSecurityTokenResponse()
+ {
+ this.delegate = new RequestSecurityTokenResponseType();
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityTokenResponse} using the specified
delegate.
+ * </p>
+ *
+ * @param delegate the JAXB {@code RequestSecurityTokenResponseType} that represents a
WS-Trust response.
+ */
+ public RequestSecurityTokenResponse(RequestSecurityTokenResponseType delegate)
+ {
+ this.delegate = delegate;
+ // parse the delegate's Any contents.
+ try
+ {
+ for (Object obj : this.delegate.getAny())
+ {
+ if (obj instanceof AppliesTo)
+ {
+ this.appliesTo = (AppliesTo) obj;
+ }
+ else if (obj instanceof Policy)
+ {
+ this.policy = (Policy) obj;
+ }
+ else if (obj instanceof PolicyReference)
+ {
+ this.policyReference = (PolicyReference) obj;
+ }
+ else if (obj instanceof JAXBElement)
+ {
+ JAXBElement<?> element = (JAXBElement<?>) obj;
+ String localName = element.getName().getLocalPart();
+ if (localName.equalsIgnoreCase("TokenType"))
+ this.tokenType = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("RequestType"))
+ this.requestType = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("RequestedSecurityToken"))
+ this.requestedSecurityToken = (RequestedSecurityTokenType)
element.getValue();
+ else if
(localName.equalsIgnoreCase("RequestedAttachedReference"))
+ this.requestedAttachedReference = (RequestedReferenceType)
element.getValue();
+ else if
(localName.equalsIgnoreCase("RequestedUnattachedReference"))
+ this.requestedUnattachedReference = (RequestedReferenceType)
element.getValue();
+ else if (localName.equalsIgnoreCase("RequestedProofToken"))
+ this.requestedProofToken = (RequestedProofTokenType)
element.getValue();
+ else if (localName.equalsIgnoreCase("Entropy"))
+ this.entropy = (EntropyType) element.getValue();
+ else if (localName.equalsIgnoreCase("Lifetime"))
+ this.lifetime = new Lifetime((LifetimeType) element.getValue());
+ else if (localName.equalsIgnoreCase("Status"))
+ this.status = (StatusType) element.getValue();
+ else if (localName.equalsIgnoreCase("AllowPostdating"))
+ this.allowPostDating = (AllowPostdatingType) element.getValue();
+ else if (localName.equalsIgnoreCase("Renewing"))
+ this.renewing = (RenewingType) element.getValue();
+ else if (localName.equalsIgnoreCase("OnBehalfOf"))
+ this.onBehalfOf = (OnBehalfOfType) element.getValue();
+ else if (localName.equalsIgnoreCase("Issuer"))
+ this.issuer = (EndpointReferenceType) element.getValue();
+ else if (localName.equalsIgnoreCase("AuthenticationType"))
+ this.authenticationType = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("Authenticator"))
+ this.authenticator = (AuthenticatorType) element.getValue();
+ else if (localName.equalsIgnoreCase("KeyType"))
+ this.keyType = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("KeySize"))
+ this.keySize = (Long) element.getValue();
+ else if (localName.equalsIgnoreCase("SignatureAlgorithm"))
+ this.signatureAlgorithm = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("Encryption"))
+ this.encryption = (EncryptionType) element.getValue();
+ else if (localName.equalsIgnoreCase("EntropyAlgorithm"))
+ this.encryptionAlgorithm = new URI((String) element.getValue());
+ else if
(localName.equalsIgnoreCase("CanonicalizationAlgorithm"))
+ this.canonicalizationAlgorithm = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("ProofEncryption"))
+ this.proofEncryption = (ProofEncryptionType) element.getValue();
+ else if (localName.equalsIgnoreCase("UseKey"))
+ this.useKey = (UseKeyType) element.getValue();
+ else if (localName.equalsIgnoreCase("SignWith"))
+ this.signWith = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("EncryptWith"))
+ this.encryptWith = new URI((String) element.getValue());
+ else if (localName.equalsIgnoreCase("DelegateTo"))
+ this.delegateTo = (DelegateToType) element.getValue();
+ else if (localName.equalsIgnoreCase("Forwardable"))
+ this.forwardable = (Boolean) element.getValue();
+ else if (localName.equalsIgnoreCase("Delegatable"))
+ this.delegatable = (Boolean) element.getValue();
+ else
+ this.extensionElements.add(element.getValue());
+ }
+ else
+ {
+ this.extensionElements.add(obj);
+ }
+ }
+ }
+ catch (URISyntaxException e)
+ {
+ throw new RuntimeException(e.getMessage(), e);
+ }
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code URI} that identifies the token type.
+ * </p>
+ *
+ * @return a {@code URI} that represents the token type.
+ */
+ public URI getTokenType()
+ {
+ return tokenType;
+ }
+
+ /**
+ * <p>
+ * Sets the token type.
+ * </p>
+ *
+ * @param tokenType a {@code URI} that identifies the token type.
+ */
+ public void setTokenType(URI tokenType)
+ {
+ this.tokenType = tokenType;
+ this.delegate.getAny().add(this.factory.createTokenType(tokenType.toString()));
+
+ }
+
+ /**
+ * <p>
+ * Obtains the request type.
+ * </p>
+ *
+ * @return a {@code URI} that identifies the request type.
+ */
+ public URI getRequestType()
+ {
+ return requestType;
+ }
+
+ /**
+ * <p>
+ * Sets the request type. The type must be one of the request types described in the
WS-Trust specification.
+ * </p>
+ *
+ * @param requestType a {@code URI} that identifies the request type.
+ */
+ public void setRequestType(URI requestType)
+ {
+ this.requestType = requestType;
+
this.delegate.getAny().add(this.factory.createRequestType(requestType.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the requested security token that has been set in the response.
+ * </p>
+ *
+ * @return a reference to the {@code RequestedSecurityTokenType} that contains the
token.
+ */
+ public RequestedSecurityTokenType getRequestedSecurityToken()
+ {
+ return requestedSecurityToken;
+ }
+
+ /**
+ * <p>
+ * Sets the requested security token in the response.
+ * </p>
+ *
+ * @param requestedSecurityToken the {@code RequestedSecurityTokenType} instance to be
set.
+ */
+ public void setRequestedSecurityToken(RequestedSecurityTokenType
requestedSecurityToken)
+ {
+ this.requestedSecurityToken = requestedSecurityToken;
+
this.delegate.getAny().add(this.factory.createRequestedSecurityToken(requestedSecurityToken));
+ }
+
+ /**
+ * <p>
+ * Obtains the scope to which the security token applies.
+ * </p>
+ *
+ * @return a reference to the {@code AppliesTo} instance that represents the token
scope.
+ */
+ public AppliesTo getAppliesTo()
+ {
+ return appliesTo;
+ }
+
+ /**
+ * <p>
+ * Sets the scope to which the security token applies.
+ * </p>
+ *
+ * @param appliesTo a reference to the {@code AppliesTo} object that represents the
scope to be set.
+ */
+ public void setAppliesTo(AppliesTo appliesTo)
+ {
+ this.appliesTo = appliesTo;
+ this.delegate.getAny().add(appliesTo);
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code RequestedAttachedReference} that indicate how to reference the
returned token when that token
+ * doesn't support references using URI fragments (XML ID).
+ * </p>
+ *
+ * @return a {@code RequestedReferenceType} that represents the token reference.
+ */
+ public RequestedReferenceType getRequestedAttachedReference()
+ {
+ return requestedAttachedReference;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code RequestedAttachedReference} that indicate how to reference the
returned token when that token
+ * doesn't support references using URI fragments (XML ID).
+ * </p>
+ *
+ * @param requestedAttachedReference the {@code RequestedReferenceType} instance to be
set.
+ */
+ public void setRequestedAttachedReference(RequestedReferenceType
requestedAttachedReference)
+ {
+ this.requestedAttachedReference = requestedAttachedReference;
+
this.delegate.getAny().add(this.factory.createRequestedAttachedReference(requestedAttachedReference));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code RequestedUnattachedReference} that specifies to indicate how to
reference the token when it is
+ * not placed inside the message.
+ * </p>
+ *
+ * @return a {@code RequestedReferenceType} that represents the unattached reference.
+ */
+ public RequestedReferenceType getRequestedUnattachedReference()
+ {
+ return requestedUnattachedReference;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code RequestedUnattachedReference} that specifies to indicate how to
reference the token when it is not
+ * placed inside the message.
+ * </p>
+ *
+ * @param requestedUnattachedReference the {@code RequestedReferenceType} instance to
be set.
+ */
+ public void setRequestedUnattachedReference(RequestedReferenceType
requestedUnattachedReference)
+ {
+ this.requestedUnattachedReference = requestedUnattachedReference;
+
this.delegate.getAny().add(this.factory.createRequestedUnattachedReference(requestedUnattachedReference));
+ }
+
+ /**
+ * <p>
+ * Obtains the proof of possession token that has been set in the response.
+ * </p>
+ *
+ * @return a reference to the {@code RequestedProofTokenType} that contains the
token.
+ */
+ public RequestedProofTokenType getRequestedProofToken()
+ {
+ return requestedProofToken;
+ }
+
+ /**
+ * <p>
+ * Sets the proof of possesion token in the response.
+ * </p>
+ *
+ * @param requestedProofToken the {@code RequestedProofTokenType} instance to be set.
+ */
+ public void setRequestedProofToken(RequestedProofTokenType requestedProofToken)
+ {
+ this.requestedProofToken = requestedProofToken;
+
this.delegate.getAny().add(this.factory.createRequestedProofToken(requestedProofToken));
+ }
+
+ /**
+ * <p>
+ * Obtains the entropy that has been used in creating the key.
+ * </p>
+ *
+ * @return a reference to the {@code EntropyType} that represents the entropy.
+ */
+ public EntropyType getEntropy()
+ {
+ return entropy;
+ }
+
+ /**
+ * <p>
+ * Sets the entropy that has been used in creating the key.
+ * </p>
+ *
+ * @param entropy the {@code EntropyType} representing the entropy to be set.
+ */
+ public void setEntropy(EntropyType entropy)
+ {
+ this.entropy = entropy;
+ this.delegate.getAny().add(this.factory.createEntropy(entropy));
+ }
+
+ /**
+ * <p>
+ * Obtains the lifetime of the security token.
+ * </p>
+ *
+ * @return a reference to the {@code Lifetime} that represents the lifetime of the
security token.
+ */
+ public Lifetime getLifetime()
+ {
+ return lifetime;
+ }
+
+ /**
+ * <p>
+ * Sets the lifetime of the security token.
+ * </p>
+ *
+ * @param lifetime the {@code Lifetime} object representing the lifetime to be set.
+ */
+ public void setLifetime(Lifetime lifetime)
+ {
+ this.lifetime = lifetime;
+ this.delegate.getAny().add(this.factory.createLifetime(lifetime.getDelegate()));
+ }
+
+ /**
+ * <p>
+ * Obtains the result of a security token validation.
+ * </p>
+ *
+ * @return a referece to the {@code StatusType} instance that represents the status of
the validation.
+ */
+ public StatusType getStatus()
+ {
+ return status;
+ }
+
+ /**
+ * <p>
+ * Sets the result of a security token validation.
+ * </p>
+ *
+ * @param status the {@code StatusType} instance to be set.
+ */
+ public void setStatus(StatusType status)
+ {
+ this.status = status;
+ this.delegate.getAny().add(this.factory.createStatus(status));
+ }
+
+ /**
+ * <p>
+ * Checks whether the returned token is a postdated token or not.
+ * </p>
+ *
+ * @return {@code null} if the token is not postdated; a {@code AllowPostdatingType}
otherwise.
+ */
+ public AllowPostdatingType getAllowPostDating()
+ {
+ return allowPostDating;
+ }
+
+ /**
+ * <p>
+ * Specifies whether the returned token is a postdated token or not.
+ * </p>
+ *
+ * @param allowPostDating {@code null} if the token is not postdated; a {@code
AllowPostdatingType} otherwise.
+ */
+ public void setAllowPostDating(AllowPostdatingType allowPostDating)
+ {
+ this.allowPostDating = allowPostDating;
+ this.delegate.getAny().add(this.factory.createAllowPostdating(allowPostDating));
+ }
+
+ /**
+ * <p>
+ * Obtains the renew semantics for the token request.
+ * </p>
+ *
+ * @return a reference to the {@code RenewingType} that represents the renew semantics
for the request.
+ */
+ public RenewingType getRenewing()
+ {
+ return renewing;
+ }
+
+ /**
+ * <p>
+ * Sets the renew semantics for the token request.
+ * </p>
+ *
+ * @param renewing the {@code RenewingType} object representing the semantics to be
set.
+ */
+ public void setRenewing(RenewingType renewing)
+ {
+ this.renewing = renewing;
+ this.delegate.getAny().add(this.factory.createRenewing(renewing));
+ }
+
+ /**
+ * <p>
+ * Obtains the identity on whose behalf the token request was made.
+ * </p>
+ *
+ * @return a reference to the {@code OnBehalfOfType} that represents the identity on
whose behalf the token request
+ * was made.
+ */
+ public OnBehalfOfType getOnBehalfOf()
+ {
+ return onBehalfOf;
+ }
+
+ /**
+ * <p>
+ * Specifies the identity on whose behalf the token request was made.
+ * </p>
+ *
+ * @param onBehalfOf the {@code OnBehalfOfType} object representing the identity to be
set.
+ */
+ public void setOnBehalfOf(OnBehalfOfType onBehalfOf)
+ {
+ this.onBehalfOf = onBehalfOf;
+ this.delegate.getAny().add(this.factory.createOnBehalfOf(onBehalfOf));
+ }
+
+ /**
+ * <p>
+ * Obtains the issuer of the token included in the request in the scenarios where the
requestor is obtaining a token
+ * on behalf of another party.
+ * </p>
+ *
+ * @return a reference to the {@code EndpointReferenceType} that represents the
issuer.
+ */
+ public EndpointReferenceType getIssuer()
+ {
+ return this.issuer;
+ }
+
+ /**
+ * <p>
+ * Sets the issuer of the token included in the request in scenarios where the
requestor is obtaining a token on
+ * behalf of another party.
+ * </p>
+ *
+ * @param issuer the {@code EndpointReferenceType} object representing the issuer to
be set.
+ */
+ public void setIssuer(EndpointReferenceType issuer)
+ {
+ this.issuer = issuer;
+ this.delegate.getAny().add(this.factory.createIssuer(issuer));
+ }
+
+ /**
+ * <p>
+ * Obtains the type of authentication that is to be conducted.
+ * </p>
+ *
+ * @return a {@code URI} that identifies the authentication type.
+ */
+ public URI getAuthenticationType()
+ {
+ return authenticationType;
+ }
+
+ /**
+ * <p>
+ * Sets the authentication type in the response.
+ * </p>
+ *
+ * @param authenticationType a {@code URI} that identifies the authentication type to
be set.
+ */
+ public void setAuthenticationType(URI authenticationType)
+ {
+ this.authenticationType = authenticationType;
+
this.delegate.getAny().add(this.factory.createAuthenticationType(authenticationType.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the authenticator that must be used in authenticating exchanges.
+ * </p>
+ *
+ * @return a reference to the {@code AuthenticatorType} that represents the
authenticator.
+ */
+ public AuthenticatorType getAuthenticator()
+ {
+ return authenticator;
+ }
+
+ /**
+ * <p>
+ * Sets the authenticator that must be used in authenticating exchanges.
+ * </p>
+ *
+ * @param authenticator the {@code AuthenticatorType} instance to be set.
+ */
+ public void setAuthenticator(AuthenticatorType authenticator)
+ {
+ this.authenticator = authenticator;
+ this.delegate.getAny().add(this.factory.createAuthenticator(authenticator));
+ }
+
+ /**
+ * <p>
+ * Obtains the type of the key that has been set in the response.
+ * </p>
+ *
+ * @return a {@code URI} that identifies the key type.
+ */
+ public URI getKeyType()
+ {
+ return keyType;
+ }
+
+ /**
+ * <p>
+ * Sets the key type in the response.
+ * </p>
+ *
+ * @param keyType a {@code URI} that specifies the key type.
+ */
+ public void setKeyType(URI keyType)
+ {
+ this.keyType = keyType;
+ this.delegate.getAny().add(this.factory.createKeyType(keyType.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the size of they key that has been set in the response.
+ * </p>
+ *
+ * @return a {@code long} representing the key size in bytes.
+ */
+ public long getKeySize()
+ {
+ return keySize;
+ }
+
+ /**
+ * <p>
+ * Sets the size of the key in the response.
+ * </p>
+ *
+ * @param keySize a {@code long} representing the key size in bytes.
+ */
+ public void setKeySize(long keySize)
+ {
+ this.keySize = keySize;
+ this.delegate.getAny().add(this.factory.createKeySize(keySize));
+ }
+
+ /**
+ * <p>
+ * Obtains the signature algorithm that has been set in the response.
+ * </p>
+ *
+ * @return a {@code URI} that represents the signature algorithm.
+ */
+ public URI getSignatureAlgorithm()
+ {
+ return signatureAlgorithm;
+ }
+
+ /**
+ * <p>
+ * Sets the signature algorithm in the response.
+ * </p>
+ *
+ * @param signatureAlgorithm a {@code URI} that represents the algorithm to be set.
+ */
+ public void setSignatureAlgorithm(URI signatureAlgorithm)
+ {
+ this.signatureAlgorithm = signatureAlgorithm;
+
this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signatureAlgorithm.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code Encryption} section of the response. The {@code Encryption}
element indicates that the
+ * requestor desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @return a reference to the {@code EncryptionType} object.
+ */
+ public EncryptionType getEncryption()
+ {
+ return encryption;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code Encryption} section of the response. The {@code Encryption} element
indicates that the requestor
+ * desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @param encryption the {@code EncryptionType} to be set.
+ */
+ public void setEncryption(EncryptionType encryption)
+ {
+ this.encryption = encryption;
+ this.delegate.getAny().add(this.factory.createEncryption(encryption));
+ }
+
+ /**
+ * <p>
+ * Obtains the encryption algorithm that has been set in the response.
+ * </p>
+ *
+ * @return a {@code URI} that represents the encryption algorithm.
+ */
+ public URI getEncryptionAlgorithm()
+ {
+ return encryptionAlgorithm;
+ }
+
+ /**
+ * <p>
+ * Sets the encryption algorithm in the response.
+ * </p>
+ *
+ * @param encryptionAlgorithm a {@code URI} that represents the encryption algorithm
to be set.
+ */
+ public void setEncryptionAlgorithm(URI encryptionAlgorithm)
+ {
+ this.encryptionAlgorithm = encryptionAlgorithm;
+
this.delegate.getAny().add(this.factory.createEncryptionAlgorithm(encryptionAlgorithm.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the canonicalization algorithm that has been set in the response.
+ * </p>
+ *
+ * @return a {@code URI} that represents the canonicalization algorithm.
+ */
+ public URI getCanonicalizationAlgorithm()
+ {
+ return canonicalizationAlgorithm;
+ }
+
+ /**
+ * <p>
+ * Sets the canonicalization algorithm in the response.
+ * </p>
+ *
+ * @param canonicalizationAlgorithm a {@code URI} that represents the algorithm to be
set.
+ */
+ public void setCanonicalizationAlgorithm(URI canonicalizationAlgorithm)
+ {
+ this.canonicalizationAlgorithm = canonicalizationAlgorithm;
+
this.delegate.getAny().add(this.factory.createCanonicalizationAlgorithm(canonicalizationAlgorithm.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code ProofEncryption} section of the response. The {@code
ProofEncryption} indicates that the
+ * requestor desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @return a reference to the {@code ProofEncryptionType} object.
+ */
+ public ProofEncryptionType getProofEncryption()
+ {
+ return proofEncryption;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code ProofEncryption} section of the response. The {@code
ProofEncryption} indicates that the requestor
+ * desires any returned secrets in issued security tokens to be encrypted.
+ * </p>
+ *
+ * @param proofEncryption the {@code ProofEncryptionType} to be set.
+ */
+ public void setProofEncryption(ProofEncryptionType proofEncryption)
+ {
+ this.proofEncryption = proofEncryption;
+ this.delegate.getAny().add(this.factory.createProofEncryption(proofEncryption));
+ }
+
+ /**
+ * <p>
+ * Obtains the key that used in the returned token.
+ * </p>
+ *
+ * @return a reference to the {@code UseKeyType} instance that represents the key
used.
+ */
+ public UseKeyType getUseKey()
+ {
+ return useKey;
+ }
+
+ /**
+ * <p>
+ * Sets the key that used in the returned token.
+ * </p>
+ *
+ * @param useKey the {@code UseKeyType} instance to be set.
+ */
+ public void setUseKey(UseKeyType useKey)
+ {
+ this.useKey = useKey;
+ this.delegate.getAny().add(this.factory.createUseKey(useKey));
+ }
+
+ /**
+ * <p>
+ * Obtains the signature algorithm used with the issued security token.
+ * </p>
+ *
+ * @return a {@code URI} representing the algorithm used.
+ */
+ public URI getSignWith()
+ {
+ return signWith;
+ }
+
+ /**
+ * <p>
+ * Sets the signature algorithm used with the issued security token.
+ * </p>
+ *
+ * @param signWith a {@code URI} representing the algorithm used.
+ */
+ public void setSignWith(URI signWith)
+ {
+ this.signWith = signWith;
+
this.delegate.getAny().add(this.factory.createSignatureAlgorithm(signWith.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the encryption algorithm used with the issued security token.
+ * </p>
+ *
+ * @return a {@code URI} representing the encryption algorithm used.
+ */
+ public URI getEncryptWith()
+ {
+ return encryptWith;
+ }
+
+ /**
+ * <p>
+ * Sets the encryption algorithm used with the issued security token.
+ * </p>
+ *
+ * @param encryptWith a {@code URI} representing the algorithm used.
+ */
+ public void setEncryptWith(URI encryptWith)
+ {
+ this.encryptWith = encryptWith;
+
this.delegate.getAny().add(this.factory.createEncryptWith(encryptWith.toString()));
+ }
+
+ /**
+ * <p>
+ * Obtains the identity to which the requested token should be delegated.
+ * </p>
+ *
+ * @return a reference to the {@code DelegateToType} instance that represents the
identity.
+ */
+ public DelegateToType getDelegateTo()
+ {
+ return delegateTo;
+ }
+
+ /**
+ * <p>
+ * Sets the identity to which the requested token should be delegated.
+ * </p>
+ *
+ * @param delegateTo the {@code DelegateToType} object representing the identity to be
set.
+ */
+ public void setDelegateTo(DelegateToType delegateTo)
+ {
+ this.delegateTo = delegateTo;
+ this.delegate.getAny().add(this.factory.createDelegateTo(delegateTo));
+ }
+
+ /**
+ * <p>
+ * Indicates whether the requested token has been marked as "forwardable" or
not. In general, this flag is used when
+ * a token is normally bound to the requestor's machine or service. Using this
flag, the returned token MAY be used
+ * from any source machine so long as the key is correctly proven.
+ * </p>
+ *
+ * @return {@code true} if the requested token has been marked as
"forwardable"; {@code false} otherwise.
+ */
+ public boolean isForwardable()
+ {
+ return forwardable;
+ }
+
+ /**
+ * <p>
+ * Specifies whether the requested token has been marked as "forwardable" or
not. In general, this flag is used when
+ * a token is normally bound to the requestor's machine or service. Using this
flag, the returned token MAY be used
+ * from any source machine so long as the key is correctly proven.
+ * </p>
+ *
+ * @param forwardable {@code true} if the requested token has been marked as
"forwardable"; {@code false} otherwise.
+ */
+ public void setForwardable(boolean forwardable)
+ {
+ this.forwardable = forwardable;
+ this.delegate.getAny().add(this.factory.createForwardable(forwardable));
+ }
+
+ /**
+ * <p>
+ * Indicates whether the requested token has been marked as "delegatable" or
not. Using this flag, the returned token
+ * MAY be delegated to another party.
+ * </p>
+ *
+ * @return {@code true} if the requested token has been marked as
"delegatable"; {@code false} otherwise.
+ */
+ public boolean isDelegatable()
+ {
+ return delegatable;
+ }
+
+ /**
+ * <p>
+ * Specifies whether the requested token has been marked as "delegatable" or
not. Using this flag, the returned token
+ * MAY be delegated to another party.
+ * </p>
+ *
+ * @param delegatable {@code true} if the requested token has been marked as
"delegatable"; {@code false} otherwise.
+ */
+ public void setDelegatable(boolean delegatable)
+ {
+ this.delegatable = delegatable;
+ this.delegate.getAny().add(this.factory.createDelegatable(delegatable));
+ }
+
+ /**
+ * <p>
+ * Obtains the {@code Policy} that was associated with the request. The policy
specifies defaults that can be
+ * overridden by the previous properties.
+ * </p>
+ *
+ * @return a reference to the {@code Policy} that was associated with the request.
+ */
+ public Policy getPolicy()
+ {
+ return policy;
+ }
+
+ /**
+ * <p>
+ * Sets the {@code Policy} in the response. The policy specifies defaults that can be
overridden by the previous
+ * properties.
+ * </p>
+ *
+ * @param policy the {@code Policy} instance to be set.
+ */
+ public void setPolicy(Policy policy)
+ {
+ this.policy = policy;
+ this.delegate.getAny().add(policy);
+ }
+
+ /**
+ * <p>
+ * Obtains the reference to the {@code Policy} that was associated with the request.
+ * </p>
+ *
+ * @return a {@code PolicyReference} that specifies where the {@code Policy} can be
found.
+ */
+ public PolicyReference getPolicyReference()
+ {
+ return policyReference;
+ }
+
+ /**
+ * <p>
+ * Sets the reference to the {@code Policy} that was associated with the request.
+ * </p>
+ *
+ * @param policyReference the {@code PolicyReference} object to be set.
+ */
+ public void setPolicyReference(PolicyReference policyReference)
+ {
+ this.policyReference = policyReference;
+ this.delegate.getAny().add(policyReference);
+ }
+
+ /**
+ * <p>
+ * Obtains the list of request elements that are not part of the standard content
model.
+ * </p>
+ *
+ * @return a {@code List<Object>} containing the extension elements.
+ */
+ public List<Object> getExtensionElements()
+ {
+ return Collections.unmodifiableList(this.extensionElements);
+ }
+
+ /**
+ * <p>
+ * Obtains the response context.
+ * </p>
+ *
+ * @return a {@code String} that identifies the original request.
+ */
+ public String getContext()
+ {
+ return this.delegate.getContext();
+ }
+
+ /**
+ * <p>
+ * Sets the response context.
+ * </p>
+ *
+ * @param context a {@code String} that identifies the original request.
+ */
+ public void setContext(String context)
+ {
+ this.delegate.setContext(context);
+ }
+
+ /**
+ * <p>
+ * Obtains a map that contains attributes that aren't bound to any typed property
on the response. This is a live
+ * reference, so attributes can be added/changed/removed directly. For this reason,
there is no setter method.
+ * </p>
+ *
+ * @return a {@code Map<QName, String>} that contains the attributes.
+ */
+ public Map<QName, String> getOtherAttributes()
+ {
+ return this.delegate.getOtherAttributes();
+ }
+
+ /**
+ * <p>
+ * Gets a reference to the list that holds all response element values.
+ * </p>
+ *
+ * @return a {@code List<Object>} containing all values specified in the
response.
+ */
+ public List<Object> getAny()
+ {
+ return this.delegate.getAny();
+ }
+
+ /**
+ * <p>
+ * Obtains a reference to the {@code RequestSecurityTokenResponseType} delegate.
+ * </p>
+ *
+ * @return a reference to the delegate instance.
+ */
+ public RequestSecurityTokenResponseType getDelegate()
+ {
+ return this.delegate;
+ }
+}
Copied:
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponseCollection.java
(from rev 757,
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/RequestSecurityTokenResponseCollection.java)
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponseCollection.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/main/java/org/jboss/identity/federation/core/wstrust/wrappers/RequestSecurityTokenResponseCollection.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,124 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.identity.federation.core.wstrust.wrappers;
+
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.List;
+
+import
org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseCollectionType;
+import org.jboss.identity.federation.ws.trust.RequestSecurityTokenResponseType;
+
+/**
+ * <p>
+ * This class represents a WS-Trust {@code RequestSecurityTokenResponseCollection}. It
wraps the JAXB representation of
+ * the security token collection response.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class RequestSecurityTokenResponseCollection implements
BaseRequestSecurityTokenResponse
+{
+
+ private final RequestSecurityTokenResponseCollectionType delegate;
+
+ private final List<RequestSecurityTokenResponse> requestSecurityTokenResponses;
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityTokenResponseCollection}.
+ * </p>
+ */
+ public RequestSecurityTokenResponseCollection()
+ {
+ this.requestSecurityTokenResponses = new
ArrayList<RequestSecurityTokenResponse>();
+ this.delegate = new RequestSecurityTokenResponseCollectionType();
+ }
+
+ /**
+ * <p>
+ * Creates an instance of {@code RequestSecurityTokenResponseCollection} using the
specified delegate.
+ * </p>
+ *
+ * @param delegate the JAXB {@code RequestSecurityTokenResponseCollectionType} that
represents a WS-Trust request
+ * collection.
+ */
+ public
RequestSecurityTokenResponseCollection(RequestSecurityTokenResponseCollectionType
delegate)
+ {
+ this.delegate = delegate;
+ this.requestSecurityTokenResponses = new
ArrayList<RequestSecurityTokenResponse>();
+ for (RequestSecurityTokenResponseType response :
delegate.getRequestSecurityTokenResponse())
+ this.requestSecurityTokenResponses.add(new
RequestSecurityTokenResponse(response));
+ }
+
+ /**
+ * <p>
+ * Obtains the collection of {@code RequestSecurityTokenResponse} objects. The
returned collection is immutable, so
+ * addition or removal of requests must be carried by the appropriate add/remove
methods.
+ * </p>
+ *
+ * @return a {@code List<RequestSecurityToken>} containing the token requests.
+ */
+ public List<RequestSecurityTokenResponse> getRequestSecurityTokenResponses()
+ {
+ return Collections.unmodifiableList(this.requestSecurityTokenResponses);
+ }
+
+ /**
+ * <p>
+ * Adds the specified {@code RequestSecurityTokenResponse} object to the collection of
token requests.
+ * </p>
+ *
+ * @param request the {@code RequestSecurityTokenResponse} to be added.
+ */
+ public void addRequestSecurityTokenResponse(RequestSecurityTokenResponse response)
+ {
+ this.delegate.getRequestSecurityTokenResponse().add(response.getDelegate());
+ this.requestSecurityTokenResponses.add(response);
+ }
+
+ /**
+ * <p>
+ * Removes the specified {@code RequestSecurityTokenResponse} object from the
collection of token requests.
+ * </p>
+ *
+ * @param request the {@code RequestSecurityTokenResponse} to be removed.
+ */
+ public void removeRequestSecurityTokenResponse(RequestSecurityTokenResponse response)
+ {
+ this.delegate.getRequestSecurityTokenResponse().remove(response.getDelegate());
+ this.requestSecurityTokenResponses.remove(response);
+ }
+
+ /**
+ * <p>
+ * Obtains a reference to the {@code RequestSecurityTokenResponseCollectionType}
delegate.
+ * </p>
+ *
+ * @return a reference to the delegate instance.
+ */
+ public RequestSecurityTokenResponseCollectionType getDelegate()
+ {
+ return this.delegate;
+ }
+
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/MockSTSConfiguration.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/MockSTSConfiguration.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/MockSTSConfiguration.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,152 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.core.wstrust;
+
+import java.security.KeyPair;
+import java.security.PublicKey;
+import java.util.Map;
+
+import org.jboss.identity.federation.core.wstrust.STSConfiguration;
+import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider;
+import org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler;
+
+/**
+ * <p>
+ * Mock implementation of {@code STSConfiguration} used in the test scenarios.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ * @version $Revision: 631 $
+ */
+public class MockSTSConfiguration implements STSConfiguration
+{
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getEncryptIssuedToken()
+ */
+ public boolean encryptIssuedToken()
+ {
+ return false;
+ }
+
+ /*
+ * (non-Javadoc)
+ * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#signIssuedToken()
+ */
+ public boolean signIssuedToken()
+ {
+ return true;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getIssuedTokenTimeout()
+ */
+ public long getIssuedTokenTimeout()
+ {
+ return 0;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getOptions()
+ */
+ public Map<String, Object> getOptions()
+ {
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getProviderForService(java.lang.String)
+ */
+ public SecurityTokenProvider getProviderForService(String serviceName)
+ {
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getProviderForTokenType(java.lang.String)
+ */
+ public SecurityTokenProvider getProviderForTokenType(String tokenType)
+ {
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getTokenTypeForService(java.lang.String)
+ */
+ public String getTokenTypeForService(String serviceName)
+ {
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getRequestHandler()
+ */
+ public WSTrustRequestHandler getRequestHandler()
+ {
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSName()
+ */
+ public String getSTSName()
+ {
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.STSConfiguration#getServiceProviderPublicKey(java.lang.String)
+ */
+ public PublicKey getServiceProviderPublicKey(String serviceName)
+ {
+ return null;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see org.jboss.identity.federation.api.wstrust.STSConfiguration#getSTSKeyPair()
+ */
+ public KeyPair getSTSKeyPair()
+ {
+ return null;
+ }
+
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,275 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.core.wstrust;
+
+import java.net.URI;
+import java.security.Principal;
+import java.util.GregorianCalendar;
+
+import javax.xml.bind.JAXBContext;
+import javax.xml.bind.JAXBElement;
+import javax.xml.bind.Unmarshaller;
+import javax.xml.namespace.QName;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.core.wstrust.StandardSecurityToken;
+import org.jboss.identity.federation.core.wstrust.WSTrustConstants;
+import org.jboss.identity.federation.core.wstrust.WSTrustRequestContext;
+import org.jboss.identity.federation.core.wstrust.WSTrustUtil;
+import org.jboss.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider;
+import org.jboss.identity.federation.core.wstrust.plugins.saml.SAMLUtil;
+import org.jboss.identity.federation.core.wstrust.wrappers.Lifetime;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
+import org.jboss.identity.federation.saml.v2.assertion.AudienceRestrictionType;
+import org.jboss.identity.federation.saml.v2.assertion.ConditionsType;
+import org.jboss.identity.federation.saml.v2.assertion.NameIDType;
+import org.jboss.identity.federation.saml.v2.assertion.SubjectConfirmationType;
+import org.jboss.identity.federation.saml.v2.assertion.SubjectType;
+import org.jboss.identity.federation.ws.trust.RequestedReferenceType;
+import org.jboss.identity.federation.ws.trust.StatusType;
+import org.jboss.identity.federation.ws.trust.ValidateTargetType;
+import org.jboss.identity.federation.ws.wss.secext.KeyIdentifierType;
+import org.jboss.identity.federation.ws.wss.secext.SecurityTokenReferenceType;
+import org.w3c.dom.Element;
+
+/**
+ * <p>
+ * This {@code TestCase} tests the functionalities of the {@code SAML20TokenProvider}
class.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class SAML20TokenProviderUnitTestCase extends TestCase
+{
+
+ /**
+ * <p>
+ * Tests the issuance of a SAMLV2.0 Assertion.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testIssueSAMLV20Token() throws Exception
+ {
+ // create a WSTrustRequestContext with a simple WS-Trust request.
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setLifetime(WSTrustUtil.createDefaultLifetime(3600000));
+
request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.te...;
+ request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
+
+ WSTrustRequestContext context = new WSTrustRequestContext(request, new
TestPrincipal("sguilhen"));
+ context.setTokenIssuer("JBossSTS");
+
+ // call the SAML token provider and check the generated token.
+ new SAML20TokenProvider().issueToken(context);
+ assertNotNull("Unexpected null security token",
context.getSecurityToken());
+
+ JAXBContext jaxbContext =
JAXBContext.newInstance("org.jboss.identity.federation.saml.v2.assertion");
+ Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
+ JAXBElement<?> parsedElement = (JAXBElement<?>)
unmarshaller.unmarshal((Element) context.getSecurityToken()
+ .getTokenValue());
+ assertNotNull("Unexpected null element", parsedElement);
+ assertEquals("Unexpected element type", AssertionType.class,
parsedElement.getDeclaredType());
+
+ AssertionType assertion = (AssertionType) parsedElement.getValue();
+ StandardSecurityToken securityToken = (StandardSecurityToken)
context.getSecurityToken();
+ assertEquals("Unexpected token id", securityToken.getTokenID(),
assertion.getID());
+ assertEquals("Unexpected token issuer", "JBossSTS",
assertion.getIssuer().getValue());
+
+ // check the contents of the assertion conditions.
+ ConditionsType conditions = assertion.getConditions();
+ assertNotNull("Unexpected null conditions", conditions);
+ assertNotNull("Unexpected null value for NotBefore attribute",
conditions.getNotBefore());
+ assertNotNull("Unexpected null value for NotOnOrAfter attribute",
conditions.getNotOnOrAfter());
+ assertEquals("Unexpected number of conditions", 1,
conditions.getConditionOrAudienceRestrictionOrOneTimeUse()
+ .size());
+ assertTrue("Unexpected condition type",
+ conditions.getConditionOrAudienceRestrictionOrOneTimeUse().get(0) instanceof
AudienceRestrictionType);
+ AudienceRestrictionType restrictionType = (AudienceRestrictionType) conditions
+ .getConditionOrAudienceRestrictionOrOneTimeUse().get(0);
+ assertNotNull("Unexpected null audience list",
restrictionType.getAudience());
+ assertEquals("Unexpected number of audience elements", 1,
restrictionType.getAudience().size());
+ assertEquals("Unexpected audience value",
"http://services.testcorp.org/provider2", restrictionType.getAudience()
+ .get(0));
+
+ // check the contents of the assertion subject.
+ SubjectType subject = assertion.getSubject();
+ assertNotNull("Unexpected null subject", subject);
+ assertEquals("Unexpected subject content size", 2,
subject.getContent().size());
+ JAXBElement<?> content = subject.getContent().get(0);
+ assertEquals("Unexpected content type", NameIDType.class,
content.getDeclaredType());
+ NameIDType nameID = (NameIDType) content.getValue();
+ assertEquals("Unexpected name id qualifier",
"urn:jboss:identity-federation", nameID.getNameQualifier());
+ assertEquals("Unexpected name id", "sguilhen",
nameID.getValue());
+ content = subject.getContent().get(1);
+ assertEquals("Unexpected content type", SubjectConfirmationType.class,
content.getDeclaredType());
+ SubjectConfirmationType confirmation = (SubjectConfirmationType)
content.getValue();
+ assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_BEARER_URI,
confirmation.getMethod());
+
+ // validate the attached token reference created by the SAML provider.
+ RequestedReferenceType reference = context.getAttachedReference();
+ assertNotNull("Unexpected null attached reference", reference);
+ SecurityTokenReferenceType securityRef = reference.getSecurityTokenReference();
+ assertNotNull("Unexpected null security reference", securityRef);
+ String tokenTypeAttr = securityRef.getOtherAttributes().get(new
QName(WSTrustConstants.WSSE11_NS, "TokenType"));
+ assertNotNull("Required attribute TokenType is missing", tokenTypeAttr);
+ assertEquals("TokenType attribute has an unexpected value",
SAMLUtil.SAML2_TOKEN_TYPE, tokenTypeAttr);
+ JAXBElement<?> keyIdElement = (JAXBElement<?>)
securityRef.getAny().get(0);
+ KeyIdentifierType keyId = (KeyIdentifierType) keyIdElement.getValue();
+ assertEquals("Unexpected key value type", SAMLUtil.SAML2_VALUE_TYPE,
keyId.getValueType());
+ assertNotNull("Unexpected null key identifier value", keyId.getValue());
+ assertEquals(assertion.getID(), keyId.getValue().substring(1));
+ }
+
+ /**
+ * <p>
+ * Tests the validation of a SAMLV2.0 Assertion.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testValidateSAMLV20Token() throws Exception
+ {
+
+ // issue a SAMLV2.0 assertion.
+ WSTrustRequestContext context =
this.createIssuingContext(WSTrustUtil.createDefaultLifetime(3600000));
+ SAML20TokenProvider provider = new SAML20TokenProvider();
+ provider.issueToken(context);
+
+ // get the issued SAMLV2.0 assertion.
+ Element assertion = (Element) context.getSecurityToken().getTokenValue();
+
+ // now create a WS-Trust validate context.
+ context = this.createValidatingContext(assertion);
+
+ // validate the SAMLV2.0 assertion.
+ provider.validateToken(context);
+ StatusType status = context.getStatus();
+ assertNotNull("Unexpected null status type", status);
+ assertEquals("Unexpected status code",
WSTrustConstants.STATUS_CODE_VALID, status.getCode());
+ assertEquals("Unexpected status reason", "SAMLV2.0 Assertion
successfuly validated", status.getReason());
+
+ // now let's create a new SAMLV2.0 assertion with an expired lifetime.
+ long currentTimeMillis = System.currentTimeMillis();
+ GregorianCalendar created = new GregorianCalendar();
+ created.setTimeInMillis(currentTimeMillis - 3600000);
+ GregorianCalendar expires = new GregorianCalendar();
+ expires.setTimeInMillis(currentTimeMillis - 1800000);
+ context = this.createIssuingContext(new Lifetime(created, expires));
+
+ provider.issueToken(context);
+ assertion = (Element) context.getSecurityToken().getTokenValue();
+
+ // try to validate the expired token.
+ context = this.createValidatingContext(assertion);
+ provider.validateToken(context);
+ status = context.getStatus();
+ assertNotNull("Unexpected null status type", status);
+ assertEquals("Unexpected status code",
WSTrustConstants.STATUS_CODE_INVALID, status.getCode());
+ assertEquals("Unexpected status reason",
+ "Validation failure: assertion expired or used before its lifetime
period", status.getReason());
+ }
+
+ /**
+ * <p>
+ * Creates a {@code WSTrustRequestContext} using the specified lifetime. The created
context is used in the issuing
+ * test scenarios.
+ * </p>
+ *
+ * @param lifetime the {@code Lifetime} of the assertion to be issued.
+ * @return the constructed {@code WSTrustRequestHandler} instance.
+ * @throws Exception if an error occurs while creating the context.
+ */
+ private WSTrustRequestContext createIssuingContext(Lifetime lifetime) throws
Exception
+ {
+ // create a WSTrustRequestContext with a simple WS-Trust issue request.
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setLifetime(lifetime);
+
request.setAppliesTo(WSTrustUtil.createAppliesTo("http://services.te...;
+ request.setRequestType(URI.create(WSTrustConstants.ISSUE_REQUEST));
+ request.setTokenType(URI.create(SAMLUtil.SAML2_TOKEN_TYPE));
+
+ WSTrustRequestContext context = new WSTrustRequestContext(request, new
TestPrincipal("sguilhen"));
+ context.setTokenIssuer("JBossSTS");
+
+ return context;
+ }
+
+ /**
+ * <p>
+ * Creates a {@code WSTrustRequestContext} for validating the specified assertion.
+ * </p>
+ *
+ * @param assertion an {@code Element} representing the SAMLV2.0 assertion to be
validated.
+ * @return the constructed {@code WSTrustRequestContext} instance.
+ * @throws Exception if an error occurs while creating the validating context.
+ */
+ private WSTrustRequestContext createValidatingContext(Element assertion) throws
Exception
+ {
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setRequestType(URI.create(WSTrustConstants.VALIDATE_REQUEST));
+ request.setTokenType(URI.create(WSTrustConstants.STATUS_TYPE));
+ ValidateTargetType validateTarget = new ValidateTargetType();
+ validateTarget.setAny(assertion);
+ request.setValidateTarget(validateTarget);
+
+ WSTrustRequestContext context = new WSTrustRequestContext(request, new
TestPrincipal("sguilhen"));
+
+ return context;
+ }
+
+ /**
+ * <p>
+ * Simple {@code Principal} implementation used in the test scenarios.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan
Guilhen</a>
+ */
+ private class TestPrincipal implements Principal
+ {
+ private final String name;
+
+ /**
+ * <p>
+ * Creates an instance of {@code TestPrincipal} with the specified name.
+ * </p>
+ *
+ * @param name a {@code String} representing the principal name.
+ */
+ public TestPrincipal(String name)
+ {
+ this.name = name;
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see java.security.Principal#getName()
+ */
+ public String getName()
+ {
+ return this.name;
+ }
+ }
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/SpecialTokenProvider.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,74 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.core.wstrust;
+
+import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider;
+import org.jboss.identity.federation.core.wstrust.WSTrustException;
+import org.jboss.identity.federation.core.wstrust.WSTrustRequestContext;
+
+/**
+ * <p>
+ * Mock {@code SecurityTokenProvider} used in the test scenarios.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class SpecialTokenProvider implements SecurityTokenProvider
+{
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#cancelToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
+ */
+ public void cancelToken(WSTrustRequestContext context) throws WSTrustException
+ {
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#issueToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
+ */
+ public void issueToken(WSTrustRequestContext context) throws WSTrustException
+ {
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#renewToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
+ */
+ public void renewToken(WSTrustRequestContext context) throws WSTrustException
+ {
+ }
+
+ /*
+ * (non-Javadoc)
+ *
+ * @see
org.jboss.identity.federation.api.wstrust.SecurityTokenProvider#validateToken(org.jboss.identity.federation.api.wstrust.WSTrustRequestContext)
+ */
+ public void validateToken(WSTrustRequestContext context) throws WSTrustException
+ {
+ }
+
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustJAXBFactoryUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustJAXBFactoryUnitTestCase.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustJAXBFactoryUnitTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,186 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.core.wstrust;
+
+import java.net.URI;
+
+import javax.xml.transform.Source;
+import javax.xml.transform.dom.DOMSource;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.jboss.identity.federation.core.wstrust.WSTrustJAXBFactory;
+import org.jboss.identity.federation.core.wstrust.wrappers.BaseRequestSecurityToken;
+import
org.jboss.identity.federation.core.wstrust.wrappers.BaseRequestSecurityTokenResponse;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityToken;
+import org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponse;
+import
org.jboss.identity.federation.core.wstrust.wrappers.RequestSecurityTokenResponseCollection;
+import org.w3c.dom.Document;
+
+/**
+ * <p>
+ * This {@code TestCase} tests the methods of the {@code WSTrustJAXBFactory}.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class WSTrustJAXBFactoryUnitTestCase extends TestCase
+{
+
+ /**
+ * <p>
+ * Tests parsing a WS-Trust request message.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ public void testParseRequestSecurityToken() throws Exception
+ {
+ // load a sample ws-trust request from a test file.
+ Document document = DocumentUtil
+
.getDocument(this.getClass().getResourceAsStream("/wstrust/ws-trust-request.xml"));
+
+ // encapsulate the request in a source object.
+ Source source = new DOMSource(document);
+
+ // parse the request using the WSTrustJAXBFactory.
+ WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
+ BaseRequestSecurityToken baseRequest = factory.parseRequestSecurityToken(source);
+ assertNotNull("Unexpected null request message", baseRequest);
+
+ // check the contents of the parsed request.
+ assertTrue("Unexpected request message type", baseRequest instanceof
RequestSecurityToken);
+ RequestSecurityToken parsedRequest = (RequestSecurityToken) baseRequest;
+ assertEquals("Unexpected context name", "testcontext",
parsedRequest.getContext());
+ assertEquals("Unexpected token type",
"http://www.tokens.org/SpecialToken", parsedRequest.getTokenType().toString());
+ assertEquals("Unexpected request type",
"http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue", parsedRequest
+ .getRequestType().toString());
+ }
+
+ /**
+ * <p>
+ * Tests parsing a WS-Trust response message.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ public void testParseRequestSecurityTokenResponse() throws Exception
+ {
+ // load a ws-trust response from a file.
+ Document document = DocumentUtil.getDocument(this.getClass()
+ .getResourceAsStream("/wstrust/ws-trust-response.xml"));
+
+ // encapsulate the response in a source object.
+ Source source = new DOMSource(document);
+
+ // parse the response using the WSTrustJAXBFactory.
+ WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
+ BaseRequestSecurityTokenResponse baseResponse =
factory.parseRequestSecurityTokenResponse(source);
+ assertNotNull("Unexpected null response message", baseResponse);
+
+ // check the contents of the parsed response.
+ assertTrue("Unexpected response message type", baseResponse instanceof
RequestSecurityTokenResponseCollection);
+ RequestSecurityTokenResponseCollection parsedCollection =
(RequestSecurityTokenResponseCollection) baseResponse;
+ assertNotNull("Unexpected null response list",
parsedCollection.getRequestSecurityTokenResponses());
+ assertEquals("Unexpected number of responses", 1,
parsedCollection.getRequestSecurityTokenResponses().size());
+
+ RequestSecurityTokenResponse parsedResponse =
parsedCollection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected context name", "testcontext",
parsedResponse.getContext());
+ assertEquals("Unexpected token type",
"http://www.tokens.org/SpecialToken", parsedResponse.getTokenType()
+ .toString());
+ assertFalse(parsedResponse.isForwardable());
+ }
+
+ /**
+ * <p>
+ * Tests the marshalling of a WS-Trust request.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ public void testMarshallRequestSecurityToken() throws Exception
+ {
+ // create a request object.
+ RequestSecurityToken request = new RequestSecurityToken();
+ request.setContext("testcontext");
+ request.setTokenType(new
URI("http://www.tokens.org/SpecialToken"));
+ request.setRequestType(new
URI("http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue"));
+
+ // use the factory to marshall the request.
+ WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
+ Source source = factory.marshallRequestSecurityToken(request);
+ assertNotNull("Unexpected null source", source);
+ assertTrue("Unexpected source type", source instanceof DOMSource);
+
+ // at this point we know that the parsing works, so parse the generated source and
compare to the original request.
+ BaseRequestSecurityToken baseRequest = factory.parseRequestSecurityToken(source);
+ assertNotNull("Unexpected null value for the parsed request",
baseRequest);
+ assertTrue("Unexpected parsed request type", baseRequest instanceof
RequestSecurityToken);
+ RequestSecurityToken parsedRequest = (RequestSecurityToken) baseRequest;
+ assertEquals("Unexpected context value", request.getContext(),
parsedRequest.getContext());
+ assertTrue("Unexpected token type",
request.getTokenType().equals(parsedRequest.getTokenType()));
+ assertTrue("Unexpected request type",
request.getRequestType().equals(parsedRequest.getRequestType()));
+ }
+
+ /**
+ * <p>
+ * Tests the marshalling of a WS-Trust response.
+ * </p>
+ *
+ * @throws Exception
+ * if an error occurs while running the test.
+ */
+ public void testMarshallRequestSecurityTokenResponse() throws Exception
+ {
+ // create a sample ws-trust response message.
+ RequestSecurityTokenResponse response = new RequestSecurityTokenResponse();
+ response.setContext("testcontext");
+ response.setTokenType(new
URI("http://www.tokens.org/SpecialToken"));
+ response.setForwardable(false);
+
+ RequestSecurityTokenResponseCollection collection = new
RequestSecurityTokenResponseCollection();
+ collection.addRequestSecurityTokenResponse(response);
+
+ // use the factory to marshall the response.
+ WSTrustJAXBFactory factory = WSTrustJAXBFactory.getInstance();
+ Source source = factory.marshallRequestSecurityTokenResponse(collection);
+ assertNotNull("Unexpected null source", source);
+ assertTrue("Unexpected source type", source instanceof DOMSource);
+
+ // at this point we know that the parsing works, so parse the generated source and
compare to the original response.
+ BaseRequestSecurityTokenResponse baseResponse =
factory.parseRequestSecurityTokenResponse(source);
+ assertNotNull("Unexpected null value for the parsed response",
baseResponse);
+ assertTrue("Unexpected parsed request type", baseResponse instanceof
RequestSecurityTokenResponseCollection);
+ RequestSecurityTokenResponseCollection parsedCollection =
(RequestSecurityTokenResponseCollection) baseResponse;
+ assertNotNull("Unexpected null response list",
parsedCollection.getRequestSecurityTokenResponses());
+ assertEquals("Unexpected number of responses", 1,
parsedCollection.getRequestSecurityTokenResponses().size());
+
+ RequestSecurityTokenResponse parsedResponse =
parsedCollection.getRequestSecurityTokenResponses().get(0);
+ assertEquals("Unexpected context value", response.getContext(),
parsedResponse.getContext());
+ assertTrue("Unexpected token type",
response.getTokenType().equals(parsedResponse.getTokenType()));
+ assertFalse(parsedResponse.isForwardable());
+ }
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/java/org/jboss/test/identity/federation/core/wstrust/WSTrustServiceFactoryUnitTestCase.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,106 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2009, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site:
http://www.fsf.org.
+ */
+package org.jboss.test.identity.federation.core.wstrust;
+
+import java.security.PrivilegedActionException;
+
+import junit.framework.TestCase;
+
+import org.jboss.identity.federation.core.wstrust.STSConfiguration;
+import org.jboss.identity.federation.core.wstrust.SecurityTokenProvider;
+import org.jboss.identity.federation.core.wstrust.StandardRequestHandler;
+import org.jboss.identity.federation.core.wstrust.WSTrustRequestHandler;
+import org.jboss.identity.federation.core.wstrust.WSTrustServiceFactory;
+import org.jboss.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider;
+
+/**
+ * <p>
+ * This {@code TestCase} tests the behavior of the {@code WSTrustServiceFactory} class.
+ * </p>
+ *
+ * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a>
+ */
+public class WSTrustServiceFactoryUnitTestCase extends TestCase
+{
+
+ /**
+ * <p>
+ * Tests the creation of a {@code WSTrustRequestHandler} instance.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testCreateRequestHandler() throws Exception
+ {
+ STSConfiguration config = new MockSTSConfiguration();
+ WSTrustServiceFactory factory = WSTrustServiceFactory.getInstance();
+
+ // tests the creation of the request handler.
+ WSTrustRequestHandler handler = factory.createRequestHandler(
+
"org.jboss.identity.federation.core.wstrust.StandardRequestHandler", config);
+ assertNotNull("Unexpected null request handler", handler);
+ assertTrue("Unexpected request handler type", handler instanceof
StandardRequestHandler);
+
+ // try to create an invalid instance of request handler.
+ try
+ {
+ factory.createRequestHandler("InvalidHandler", config);
+ fail("An exception should have been raised");
+ }
+ catch (RuntimeException re)
+ {
+ assertTrue(re.getCause() instanceof PrivilegedActionException);
+ }
+ }
+
+ /**
+ * <p>
+ * Tests the creation of {@code SecurityTokenProvider}s.
+ * </p>
+ *
+ * @throws Exception if an error occurs while running the test.
+ */
+ public void testCreateTokenProvider() throws Exception
+ {
+ WSTrustServiceFactory factory = WSTrustServiceFactory.getInstance();
+ SecurityTokenProvider provider = factory
+
.createTokenProvider("org.jboss.test.identity.federation.core.wstrust.SpecialTokenProvider");
+ assertNotNull("Unexpected null token provider", provider);
+ assertTrue("Unexpected token provider type", provider instanceof
SpecialTokenProvider);
+ provider = factory
+
.createTokenProvider("org.jboss.identity.federation.core.wstrust.plugins.saml.SAML20TokenProvider");
+ assertNotNull("Unexpected null token provider", provider);
+ assertTrue("Unexpected token provider type", provider instanceof
SAML20TokenProvider);
+
+ // try to create an invalid token provider.
+ try
+ {
+ factory.createTokenProvider("InvalidTokenProvider");
+ fail("An exception should have been raised");
+ }
+ catch (RuntimeException re)
+ {
+ assertTrue(re.getCause() instanceof PrivilegedActionException);
+ }
+
+ }
+}
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-request.xml
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-request.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-request.xml 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,4 @@
+<wst:RequestSecurityToken
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/"
Context="testcontext">
+ <
wst:TokenType>http://www.tokens.org/SpecialToken</wst:TokenType>
+
<
wst:RequestType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/Issue...
+</wst:RequestSecurityToken>
\ No newline at end of file
Added:
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-response.xml
===================================================================
---
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-response.xml
(rev 0)
+++
identity-federation/trunk/jboss-identity-fed-core/src/test/resources/wstrust/ws-trust-response.xml 2009-09-03
01:56:21 UTC (rev 758)
@@ -0,0 +1,7 @@
+<wst:RequestSecurityTokenResponseCollection
+
xmlns:wst="http://docs.oasis-open.org/ws-sx/ws-trust/200512/">
+ <wst:RequestSecurityTokenResponse Context="testcontext">
+ <
wst:TokenType>http://www.tokens.org/SpecialToken</wst:TokenType>
+ <wst:Forwardable>false</wst:Forwardable>
+ </wst:RequestSecurityTokenResponse>
+</wst:RequestSecurityTokenResponseCollection>
Modified:
identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java
===================================================================
---
identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-seam/src/main/java/org/jboss/identity/seam/federation/SamlAuthenticationFilter.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -52,16 +52,16 @@
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.dsig.XMLSignatureException;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
-import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.api.util.XMLSignatureUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.jboss.identity.federation.core.util.XMLSignatureUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/filters/SPFilter.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -51,18 +51,21 @@
import javax.xml.crypto.dsig.XMLSignatureException;
import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
-import org.jboss.identity.federation.api.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
-import org.jboss.identity.federation.api.util.XMLSignatureUtil;
+import org.jboss.identity.federation.core.config.KeyProviderType;
+import org.jboss.identity.federation.core.config.SPType;
+import org.jboss.identity.federation.core.config.TrustType;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
+import org.jboss.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.jboss.identity.federation.core.saml.v2.exceptions.AssertionExpiredException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.jboss.identity.federation.core.saml.v2.holders.DestinationInfoHolder;
import org.jboss.identity.federation.core.saml.v2.util.AssertionUtil;
+import org.jboss.identity.federation.core.util.XMLSignatureUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeType;
@@ -72,9 +75,6 @@
import org.jboss.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
import org.jboss.identity.federation.saml.v2.protocol.StatusType;
-import org.jboss.identity.federation.core.config.KeyProviderType;
-import org.jboss.identity.federation.core.config.SPType;
-import org.jboss.identity.federation.core.config.TrustType;
import org.jboss.identity.federation.web.interfaces.IRoleValidator;
import org.jboss.identity.federation.web.interfaces.TrustKeyConfigurationException;
import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
Modified:
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java
===================================================================
---
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-09-02
17:50:36 UTC (rev 757)
+++
identity-federation/trunk/jboss-identity-web/src/main/java/org/jboss/identity/federation/web/util/IDPWebRequestUtil.java 2009-09-03
01:56:21 UTC (rev 758)
@@ -26,7 +26,6 @@
import java.io.InputStream;
import java.io.StringWriter;
import java.net.URL;
-import java.net.URLEncoder;
import java.security.GeneralSecurityException;
import java.security.Principal;
import java.security.PrivateKey;
@@ -38,21 +37,16 @@
import javax.xml.bind.JAXBException;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactoryConfigurationError;
-
+
import org.apache.log4j.Logger;
-import org.jboss.identity.federation.api.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.api.saml.v2.request.SAML2Request;
import org.jboss.identity.federation.api.saml.v2.response.SAML2Response;
import org.jboss.identity.federation.api.saml.v2.sig.SAML2Signature;
import org.jboss.identity.federation.core.config.IDPType;
import org.jboss.identity.federation.core.config.TrustType;
-import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
-import org.jboss.identity.federation.web.util.HTTPRedirectUtil;
-import org.jboss.identity.federation.web.util.PostBindingUtil;
-import org.jboss.identity.federation.web.util.RedirectBindingSignatureUtil;
-import org.jboss.identity.federation.web.util.RedirectBindingUtil;
import org.jboss.identity.federation.core.exceptions.ConfigurationException;
import org.jboss.identity.federation.core.exceptions.ParsingException;
+import org.jboss.identity.federation.core.saml.v2.common.IDGenerator;
import org.jboss.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import
org.jboss.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.jboss.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
@@ -61,11 +55,11 @@
import org.jboss.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
import org.jboss.identity.federation.core.saml.v2.holders.SPInfoHolder;
import org.jboss.identity.federation.core.saml.v2.util.DocumentUtil;
-import org.jboss.identity.federation.core.saml.v2.util.SignatureUtil;
import org.jboss.identity.federation.saml.v2.assertion.AssertionType;
import org.jboss.identity.federation.saml.v2.assertion.AttributeStatementType;
import org.jboss.identity.federation.saml.v2.protocol.RequestAbstractType;
import org.jboss.identity.federation.saml.v2.protocol.ResponseType;
+import org.jboss.identity.federation.web.interfaces.TrustKeyManager;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;