June 2011 - picketlink-commits - Jboss List Archives

Picketlink SVN: r1037 - in federation/trunk: picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion and 1 other directory.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-27 13:29:49 -0400 (Mon, 27 Jun 2011) New Revision: 1037 Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectConfirmationType.java federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectType.java Log: PLFED-190: fix saml11 objects Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java 2011-06-27 17:27:51 UTC (rev 1036) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java 2011-06-27 17:29:49 UTC (rev 1037) @@ -56,20 +56,32 @@ String AUTHENTICATION_STATEMENT = "AuthenticationStatement"; + String AUTHORITY_BINDING = "AuthorityBinding"; + + String AUTHORITY_KIND = "AuthorityKind"; + String AUTHORIZATION_DECISION_QUERY = "AuthorizationDecisionQuery"; String AUTHORIZATION_DECISION_STATEMENT = "AuthorizationDecisionStatement"; + String BINDING = "Binding"; + String CONFIRMATION_METHOD = "ConfirmationMethod"; String DECISION = "Decision"; + String DNS_ADDRESS = "DNSAddress"; + String FORMAT = "Format"; String FORMAT_EMAIL_ADDRESS = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"; + String IP_ADDRESS = "IPAddress"; + String ISSUER = "Issuer"; + String LOCATION = "Location"; + String MAJOR_VERSION = "MajorVersion"; String MINOR_VERSION = "MinorVersion"; Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectConfirmationType.java =================================================================== --- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectConfirmationType.java 2011-06-27 17:27:51 UTC (rev 1036) +++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectConfirmationType.java 2011-06-27 17:29:49 UTC (rev 1037) @@ -83,4 +83,9 @@ { this.keyInfo = keyInfo; } + + public Object getSubjectConfirmationData() + { + return subjectConfirmationData; + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectType.java =================================================================== --- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectType.java 2011-06-27 17:27:51 UTC (rev 1036) +++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/assertion/SAML11SubjectType.java 2011-06-27 17:29:49 UTC (rev 1037) @@ -59,7 +59,7 @@ return nameID; } - public SAML11SubjectConfirmationType getsubjectConfirmation() + public SAML11SubjectConfirmationType getSubjectConfirmation() { return subjectConfirmation; }

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r1036 - in federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml: v1/writers and 1 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-27 13:27:51 -0400 (Mon, 27 Jun 2011) New Revision: 1036 Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java Removed: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAML11AssertionWriter.java Log: move SAML11 assertion writer to correct pkg Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/writers/SAML11AssertionWriter.java 2011-06-27 17:27:51 UTC (rev 1036) @@ -0,0 +1,472 @@ +/* + * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as + * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual + * contributors. + * + * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any + * later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to + * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: + * http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.saml.v1.writers; + +import java.net.URI; +import java.util.List; + +import javax.xml.datatype.XMLGregorianCalendar; +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamWriter; + +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.saml.v1.SAML11Constants; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; +import org.picketlink.identity.federation.core.util.StaxUtil; +import org.picketlink.identity.federation.core.util.StringUtil; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AdviceType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeStatementType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AudienceRestrictionCondition; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthenticationStatementType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthorityBindingType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthorizationDecisionStatementType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionAbstractType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11NameIdentifierType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11StatementAbstractType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectConfirmationType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectLocalityType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectStatementType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType.SAML11SubjectTypeChoice; +import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType; +import org.picketlink.identity.federation.saml.v2.metadata.LocalizedNameType; +import org.w3c.dom.Element; + +/** + * Write the SAML 11 Assertion to stream + * + * @author Anil.Saldhana(a)redhat.com + * @since June 24, 2011 + */ +public class SAML11AssertionWriter +{ + + protected static String PROTOCOL_PREFIX = "samlp"; + + protected static String ASSERTION_PREFIX = "saml"; + + protected static String XACML_SAML_PREFIX = "xacml-saml"; + + protected static String XACML_SAML_PROTO_PREFIX = "xacml-samlp"; + + protected static String XSI_PREFIX = "xsi"; + + protected XMLStreamWriter writer; + + public SAML11AssertionWriter(XMLStreamWriter writer) throws ProcessingException + { + this.writer = writer; + } + + /** + * Write an {@code SAML11AssertionType} to stream + * + * @param assertion + * @param out + * @throws ProcessingException + */ + public void write(SAML11AssertionType assertion) throws ProcessingException + { + String ns = SAML11Constants.ASSERTION_11_NSURI; + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get(), ns); + StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ns); + StaxUtil.writeDefaultNameSpace(writer, ns); + + // Attributes + StaxUtil.writeAttribute(writer, SAML11Constants.ASSERTIONID, assertion.getID()); + StaxUtil.writeAttribute(writer, SAML11Constants.MAJOR_VERSION, assertion.getMajorVersion() + ""); + StaxUtil.writeAttribute(writer, SAML11Constants.MINOR_VERSION, assertion.getMinorVersion() + ""); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString()); + + String issuer = assertion.getIssuer(); + if (issuer != null) + { + StaxUtil.writeAttribute(writer, SAML11Constants.ISSUER, issuer); + } + + SAML11ConditionsType conditions = assertion.getConditions(); + if (conditions != null) + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ns); + + StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString()); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter() + .toString()); + + List<SAML11ConditionAbstractType> typeOfConditions = conditions.get(); + if (typeOfConditions != null) + { + for (SAML11ConditionAbstractType typeCondition : typeOfConditions) + { + if (typeCondition instanceof SAML11AudienceRestrictionCondition) + { + SAML11AudienceRestrictionCondition art = (SAML11AudienceRestrictionCondition) typeCondition; + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.AUDIENCE_RESTRICTION_CONDITION, + ns); + List<URI> audiences = art.get(); + if (audiences != null) + { + for (URI audience : audiences) + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get(), ns); + StaxUtil.writeCharacters(writer, audience.toString()); + StaxUtil.writeEndElement(writer); + } + } + + StaxUtil.writeEndElement(writer); + } + } + } + + StaxUtil.writeEndElement(writer); + } + + SAML11AdviceType advice = assertion.getAdvice(); + if (advice != null) + throw new RuntimeException("Advice needs to be handled"); + + List<SAML11StatementAbstractType> statements = assertion.getStatements(); + if (statements != null) + { + for (SAML11StatementAbstractType statement : statements) + { + if (statement instanceof SAML11AuthenticationStatementType) + { + write((SAML11AuthenticationStatementType) statement); + } + else if (statement instanceof SAML11AttributeStatementType) + { + write((SAML11AttributeStatementType) statement); + } + else if (statement instanceof SAML11AuthorizationDecisionStatementType) + { + write((SAML11AuthorizationDecisionStatementType) statement); + } + else if (statement instanceof SAML11SubjectStatementType) + { + write((SAML11SubjectStatementType) statement); + } + else + throw new RuntimeException("unknown statement type=" + statement.getClass().getName()); + } + } + + Element sig = assertion.getSignature(); + if (sig != null) + StaxUtil.writeDOMElement(writer, sig); + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + /** + * Write an {@code StatementAbstractType} to stream + * + * @param statement + * @param out + * @throws ProcessingException + */ + public void write(StatementAbstractType statement) throws ProcessingException + { + throw new RuntimeException("NYI"); + } + + public void write(SAML11SubjectStatementType statement) throws ProcessingException + { + throw new ProcessingException("NYI"); + } + + public void write(SAML11AttributeStatementType statement) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_STATEMENT.get(), + SAML11Constants.ASSERTION_11_NSURI); + + SAML11SubjectType subject = statement.getSubject(); + if (subject != null) + write(subject); + + List<SAML11AttributeType> attributes = statement.get(); + if (attributes != null) + { + for (SAML11AttributeType attr : attributes) + { + write(attr); + } + } + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + /** + * Write an {@code AuthnStatementType} to stream + * + * @param authnStatement + * @param out + * @throws ProcessingException + */ + public void write(SAML11AuthenticationStatementType authnStatement) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_STATEMENT.get(), + SAML11Constants.ASSERTION_11_NSURI); + + XMLGregorianCalendar authnInstant = authnStatement.getAuthenticationInstant(); + if (authnInstant != null) + { + StaxUtil.writeAttribute(writer, SAML11Constants.AUTHENTICATION_INSTANT, authnInstant.toString()); + } + + URI authMethod = authnStatement.getAuthenticationMethod(); + if (authMethod != null) + { + StaxUtil.writeAttribute(writer, SAML11Constants.AUTHENTICATION_METHOD, authMethod.toString()); + } + + SAML11SubjectType subject = authnStatement.getSubject(); + if (subject != null) + write(subject); + + SAML11SubjectLocalityType locality = authnStatement.getSubjectLocality(); + if (locality != null) + write(locality); + + List<SAML11AuthorityBindingType> authorities = authnStatement.getAuthorityBindingType(); + for (SAML11AuthorityBindingType authority : authorities) + { + write(authority); + } + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + public void write(SAML11AuthorityBindingType authority) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.AUTHORITY_BINDING, + SAML11Constants.ASSERTION_11_NSURI); + + QName authorityKind = authority.getAuthorityKind(); + StaxUtil.writeAttribute(writer, SAML11Constants.AUTHORITY_KIND, authorityKind); + + String binding = authority.getBinding().toString(); + StaxUtil.writeAttribute(writer, SAML11Constants.BINDING, binding); + + String location = authority.getLocation().toString(); + StaxUtil.writeAttribute(writer, SAML11Constants.LOCATION, location); + + StaxUtil.writeEndElement(writer); + } + + public void write(SAML11SubjectLocalityType locality) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_LOCALITY.get(), + SAML11Constants.ASSERTION_11_NSURI); + String ip = locality.getIpAddress(); + if (StringUtil.isNotNull(ip)) + { + StaxUtil.writeAttribute(writer, SAML11Constants.IP_ADDRESS, ip); + } + String dns = locality.getDnsAddress(); + if (StringUtil.isNotNull(dns)) + { + StaxUtil.writeAttribute(writer, SAML11Constants.DNS_ADDRESS, dns); + } + StaxUtil.writeEndElement(writer); + } + + public void write(SAML11AuthorizationDecisionStatementType xacmlStat) throws ProcessingException + { + String ns = SAML11Constants.ASSERTION_11_NSURI; + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.AUTHORIZATION_DECISION_STATEMENT, ns); + + String resource = xacmlStat.getResource().toString(); + StaxUtil.writeAttribute(writer, SAML11Constants.RESOURCE, resource); + + StaxUtil.writeAttribute(writer, SAML11Constants.DECISION, xacmlStat.getDecision().name()); + + SAML11SubjectType subject = xacmlStat.getSubject(); + if (subject != null) + write(subject); + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + /** + * write an {@code SubjectType} to stream + * + * @param subject + * @param out + * @throws ProcessingException + */ + public void write(SAML11SubjectType subject) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT.get(), + SAML11Constants.ASSERTION_11_NSURI); + + SAML11SubjectTypeChoice choice = subject.getChoice(); + if (choice != null) + { + SAML11NameIdentifierType nameid = choice.getNameID(); + if (nameid != null) + { + write(nameid); + } + + SAML11SubjectConfirmationType confirmation = choice.getSubjectConfirmation(); + if (confirmation != null) + write(confirmation); + } + + SAML11SubjectConfirmationType confirmation = subject.getSubjectConfirmation(); + if (confirmation != null) + write(confirmation); + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + public void write(SAML11SubjectConfirmationType confirmation) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION.get(), + SAML11Constants.ASSERTION_11_NSURI); + List<URI> confirmationMethods = confirmation.getConfirmationMethod(); + if (confirmationMethods != null) + { + for (URI confirmationMethod : confirmationMethods) + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.CONFIRMATION_METHOD, + SAML11Constants.ASSERTION_11_NSURI); + StaxUtil.writeCharacters(writer, confirmationMethod.toString()); + StaxUtil.writeEndElement(writer); + } + } + + Element keyInfo = confirmation.getKeyInfo(); + if (keyInfo != null) + { + StaxUtil.writeDOMElement(writer, keyInfo); + } + + Object subjectConfirmationData = confirmation.getSubjectConfirmationData(); + writeSubjectConfirmationData(subjectConfirmationData); + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + public void writeSubjectConfirmationData(Object scData) throws ProcessingException + { + throw new ProcessingException("NYI"); + } + + public void write(SAML11NameIdentifierType nameid) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.NAME_IDENTIFIER, + SAML11Constants.ASSERTION_11_NSURI); + + URI format = nameid.getFormat(); + if (format != null) + { + StaxUtil.writeAttribute(writer, SAML11Constants.FORMAT, format.toString()); + } + String nameQualifier = nameid.getNameQualifier(); + if (StringUtil.isNotNull(nameQualifier)) + { + StaxUtil.writeAttribute(writer, SAML11Constants.NAME_QUALIFIER, nameQualifier); + } + + StaxUtil.writeCharacters(writer, nameid.getValue()); + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + /** + * Write an {@code AttributeType} to stream + * + * @param attributeType + * @param out + * @throws ProcessingException + */ + public void write(SAML11AttributeType attributeType) throws ProcessingException + { + String ns = SAML11Constants.ASSERTION_11_NSURI; + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE.get(), ns); + + writeAttributeTypeWithoutRootTag(attributeType); + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + public void writeAttributeTypeWithoutRootTag(SAML11AttributeType attributeType) throws ProcessingException + { + String attributeName = attributeType.getAttributeName(); + if (StringUtil.isNullOrEmpty(attributeName)) + throw new ProcessingException("attribute name is null"); + StaxUtil.writeAttribute(writer, SAML11Constants.ATTRIBUTE_NAME, attributeName); + + String attributeNamespace = attributeType.getAttributeNamespace().toString(); + if (StringUtil.isNullOrEmpty(attributeNamespace)) + throw new ProcessingException("attribute namespace is null"); + StaxUtil.writeAttribute(writer, SAML11Constants.ATTRIBUTE_NAMESPACE, attributeNamespace); + + List<Object> attributeValues = attributeType.get(); + if (attributeValues != null) + { + for (Object attributeValue : attributeValues) + { + if (attributeValue instanceof String) + { + writeStringAttributeValue((String) attributeValue); + } + else + throw new RuntimeException("Unsupported attribute value:" + attributeValue.getClass().getName()); + } + } + } + + public void writeStringAttributeValue(String attributeValue) throws ProcessingException + { + String ns = SAML11Constants.ASSERTION_11_NSURI; + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_VALUE.get(), ns); + + StaxUtil.writeNameSpace(writer, JBossSAMLURIConstants.XSI_PREFIX.get(), JBossSAMLURIConstants.XSI_NSURI.get()); + StaxUtil.writeNameSpace(writer, "xs", JBossSAMLURIConstants.XMLSCHEMA_NSURI.get()); + StaxUtil.writeAttribute(writer, JBossSAMLURIConstants.XSI_NSURI.get(), "type", "xs:string"); + StaxUtil.writeCharacters(writer, attributeValue); + StaxUtil.writeEndElement(writer); + } + + public void writeLocalizedNameType(LocalizedNameType localizedNameType, QName startElement) + throws ProcessingException + { + StaxUtil.writeStartElement(writer, startElement.getPrefix(), startElement.getLocalPart(), + startElement.getNamespaceURI()); + StaxUtil.writeAttribute(writer, new QName(JBossSAMLURIConstants.XML.get(), "lang", "xml"), + localizedNameType.getLang()); + StaxUtil.writeCharacters(writer, localizedNameType.getValue()); + StaxUtil.writeEndElement(writer); + } +} \ No newline at end of file Deleted: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAML11AssertionWriter.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAML11AssertionWriter.java 2011-06-24 21:56:04 UTC (rev 1035) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAML11AssertionWriter.java 2011-06-27 17:27:51 UTC (rev 1036) @@ -1,472 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as - * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual - * contributors. - * - * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public - * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any - * later version. - * - * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied - * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more - * details. - * - * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to - * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: - * http://www.fsf.org. - */ -package org.picketlink.identity.federation.core.saml.v2.writers; - -import static org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants.ASSERTION_NSURI; - -import java.net.URI; -import java.util.List; -import java.util.Set; - -import javax.xml.datatype.XMLGregorianCalendar; -import javax.xml.namespace.QName; -import javax.xml.stream.XMLStreamWriter; - -import org.picketlink.identity.federation.core.exceptions.ProcessingException; -import org.picketlink.identity.federation.core.saml.v1.SAML11Constants; -import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; -import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; -import org.picketlink.identity.federation.core.util.StaxUtil; -import org.picketlink.identity.federation.core.util.StringUtil; -import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; -import org.picketlink.identity.federation.saml.v1.assertion.SAML11AdviceType; -import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; -import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeStatementType; -import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeType; -import org.picketlink.identity.federation.saml.v1.assertion.SAML11AudienceRestrictionCondition; -import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthenticationStatementType; -import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthorizationDecisionStatementType; -import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionAbstractType; -import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType; -import org.picketlink.identity.federation.saml.v1.assertion.SAML11NameIdentifierType; -import org.picketlink.identity.federation.saml.v1.assertion.SAML11StatementAbstractType; -import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType; -import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType.SAML11SubjectTypeChoice; -import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextClassRefType; -import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextDeclRefType; -import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextDeclType; -import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextType; -import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextType.AuthnContextTypeSequence; -import org.picketlink.identity.federation.saml.v2.assertion.BaseIDAbstractType; -import org.picketlink.identity.federation.saml.v2.assertion.KeyInfoConfirmationDataType; -import org.picketlink.identity.federation.saml.v2.assertion.NameIDType; -import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType; -import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType; -import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType; -import org.picketlink.identity.federation.saml.v2.assertion.URIType; -import org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; -import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; -import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType; -import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType; -import org.w3c.dom.Element; - -/** - * Write the SAML 11 Assertion to stream - * - * @author Anil.Saldhana(a)redhat.com - * @since June 24, 2011 - */ -public class SAML11AssertionWriter extends BaseWriter -{ - public SAML11AssertionWriter(XMLStreamWriter writer) throws ProcessingException - { - super(writer); - } - - /** - * Write an {@code SAML11AssertionType} to stream - * - * @param assertion - * @param out - * @throws ProcessingException - */ - public void write(SAML11AssertionType assertion) throws ProcessingException - { - String ns = SAML11Constants.ASSERTION_11_NSURI; - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get(), ns); - StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ns); - StaxUtil.writeDefaultNameSpace(writer, ns); - - // Attributes - StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID()); - StaxUtil.writeAttribute(writer, SAML11Constants.MAJOR_VERSION, assertion.getMajorVersion() + ""); - StaxUtil.writeAttribute(writer, SAML11Constants.MINOR_VERSION, assertion.getMinorVersion() + ""); - StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString()); - - String issuer = assertion.getIssuer(); - if (issuer != null) - { - StaxUtil.writeAttribute(writer, SAML11Constants.ISSUER, issuer); - } - - SAML11ConditionsType conditions = assertion.getConditions(); - if (conditions != null) - { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ns); - - StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString()); - StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter() - .toString()); - - List<SAML11ConditionAbstractType> typeOfConditions = conditions.get(); - if (typeOfConditions != null) - { - for (SAML11ConditionAbstractType typeCondition : typeOfConditions) - { - if (typeCondition instanceof SAML11AudienceRestrictionCondition) - { - SAML11AudienceRestrictionCondition art = (SAML11AudienceRestrictionCondition) typeCondition; - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.AUDIENCE_RESTRICTION_CONDITION, - ns); - List<URI> audiences = art.get(); - if (audiences != null) - { - for (URI audience : audiences) - { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get(), ns); - StaxUtil.writeCharacters(writer, audience.toString()); - StaxUtil.writeEndElement(writer); - } - } - - StaxUtil.writeEndElement(writer); - } - } - } - - StaxUtil.writeEndElement(writer); - } - - SAML11AdviceType advice = assertion.getAdvice(); - if (advice != null) - throw new RuntimeException("Advice needs to be handled"); - - List<SAML11StatementAbstractType> statements = assertion.getStatements(); - if (statements != null) - { - for (SAML11StatementAbstractType statement : statements) - { - if (statement instanceof SAML11AuthenticationStatementType) - { - write((SAML11AuthenticationStatementType) statement); - } - else if (statement instanceof SAML11AttributeStatementType) - { - write((SAML11AttributeStatementType) statement); - } - else if (statement instanceof SAML11AuthorizationDecisionStatementType) - { - write((SAML11AuthorizationDecisionStatementType) statement); - } - else - throw new RuntimeException("unknown statement type=" + statement.getClass().getName()); - } - } - - StaxUtil.writeEndElement(writer); - StaxUtil.flush(writer); - } - - /** - * Write an {@code StatementAbstractType} to stream - * - * @param statement - * @param out - * @throws ProcessingException - */ - public void write(StatementAbstractType statement) throws ProcessingException - { - // TODO: handle this section - throw new RuntimeException("NYI"); - } - - public void write(SAML11AttributeStatementType statement) throws ProcessingException - { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_STATEMENT.get(), - SAML11Constants.ASSERTION_11_NSURI); - - List<SAML11AttributeType> attributes = statement.get(); - if (attributes != null) - { - for (SAML11AttributeType attr : attributes) - { - throw new RuntimeException("NYI"); - } - } - - StaxUtil.writeEndElement(writer); - StaxUtil.flush(writer); - } - - /** - * Write an {@code AuthnStatementType} to stream - * - * @param authnStatement - * @param out - * @throws ProcessingException - */ - public void write(SAML11AuthenticationStatementType authnStatement) throws ProcessingException - { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_STATEMENT.get(), - SAML11Constants.ASSERTION_11_NSURI); - - XMLGregorianCalendar authnInstant = authnStatement.getAuthenticationInstant(); - if (authnInstant != null) - { - StaxUtil.writeAttribute(writer, SAML11Constants.AUTHENTICATION_INSTANT, authnInstant.toString()); - } - - URI authMethod = authnStatement.getAuthenticationMethod(); - if (authMethod != null) - { - StaxUtil.writeAttribute(writer, SAML11Constants.AUTHENTICATION_METHOD, authMethod.toString()); - } - - StaxUtil.writeEndElement(writer); - StaxUtil.flush(writer); - } - - public void write(SAML11AuthorizationDecisionStatementType xacmlStat) throws ProcessingException - { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.STATEMENT.get(), ASSERTION_NSURI.get()); - - StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get()); - StaxUtil.writeNameSpace(writer, XACML_SAML_PREFIX, JBossSAMLURIConstants.XACML_SAML_NSURI.get()); - StaxUtil.writeNameSpace(writer, XACML_SAML_PROTO_PREFIX, JBossSAMLURIConstants.XACML_SAML_PROTO_NSURI.get()); - StaxUtil.writeNameSpace(writer, XSI_PREFIX, JBossSAMLURIConstants.XSI_NSURI.get()); - - StaxUtil.writeAttribute(writer, new QName(JBossSAMLURIConstants.XSI_NSURI.get(), JBossSAMLConstants.TYPE.get(), - XSI_PREFIX), XACMLAuthzDecisionStatementType.XSI_TYPE); - - StaxUtil.writeEndElement(writer); - StaxUtil.flush(writer); - } - - /** - * Write an {@code AuthnContextType} to stream - * - * @param authContext - * @param out - * @throws ProcessingException - */ - public void write(AuthnContextType authContext) throws ProcessingException - { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT.get(), - ASSERTION_NSURI.get()); - - AuthnContextTypeSequence sequence = authContext.getSequence(); - if (sequence != null) - { - AuthnContextClassRefType authnContextClassRefType = sequence.getClassRef(); - if (authnContextClassRefType != null) - { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT_CLASS_REF.get(), - ASSERTION_NSURI.get()); - StaxUtil.writeCharacters(writer, authnContextClassRefType.getValue().toASCIIString()); - StaxUtil.writeEndElement(writer); - } - - Set<URIType> uriTypes = sequence.getURIType(); - if (uriTypes != null) - { - for (URIType uriType : uriTypes) - { - if (uriType instanceof AuthnContextDeclType) - { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, - JBossSAMLConstants.AUTHN_CONTEXT_DECLARATION.get(), ASSERTION_NSURI.get()); - StaxUtil.writeCharacters(writer, uriType.getValue().toASCIIString()); - StaxUtil.writeEndElement(writer); - } - if (uriType instanceof AuthnContextDeclRefType) - { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, - JBossSAMLConstants.AUTHN_CONTEXT_DECLARATION_REF.get(), ASSERTION_NSURI.get()); - StaxUtil.writeCharacters(writer, uriType.getValue().toASCIIString()); - StaxUtil.writeEndElement(writer); - } - } - } - } - - Set<URI> authAuthorities = authContext.getAuthenticatingAuthority(); - if (authAuthorities != null) - { - for (URI aa : authAuthorities) - { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHENTICATING_AUTHORITY.get(), - ASSERTION_NSURI.get()); - StaxUtil.writeCharacters(writer, aa.toASCIIString()); - StaxUtil.writeEndElement(writer); - } - } - - StaxUtil.writeEndElement(writer); - StaxUtil.flush(writer); - } - - /** - * write an {@code SubjectType} to stream - * - * @param subject - * @param out - * @throws ProcessingException - */ - public void write(SAML11SubjectType subject) throws ProcessingException - { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT.get(), - SAML11Constants.ASSERTION_11_NSURI); - - SAML11SubjectTypeChoice choice = subject.getChoice(); - if (choice != null) - { - SAML11NameIdentifierType nameid = choice.getNameID(); - if (nameid != null) - { - write(nameid); - } - } - - StaxUtil.writeEndElement(writer); - StaxUtil.flush(writer); - } - - private void write(BaseIDAbstractType baseId) throws ProcessingException - { - throw new RuntimeException("NYI"); - } - - private void write(SubjectConfirmationType subjectConfirmationType) throws ProcessingException - { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION.get(), - ASSERTION_NSURI.get()); - - StaxUtil.writeAttribute(writer, JBossSAMLConstants.METHOD.get(), subjectConfirmationType.getMethod()); - - BaseIDAbstractType baseID = subjectConfirmationType.getBaseID(); - if (baseID != null) - { - write(baseID); - } - NameIDType nameIDType = subjectConfirmationType.getNameID(); - if (nameIDType != null) - { - write(nameIDType, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX)); - } - SubjectConfirmationDataType subjectConfirmationData = subjectConfirmationType.getSubjectConfirmationData(); - if (subjectConfirmationData != null) - { - write(subjectConfirmationData); - } - StaxUtil.writeEndElement(writer); - } - - private void write(SubjectConfirmationDataType subjectConfirmationData) throws ProcessingException - { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get(), - ASSERTION_NSURI.get()); - - // Let us look at attributes - String inResponseTo = subjectConfirmationData.getInResponseTo(); - if (StringUtil.isNotNull(inResponseTo)) - { - StaxUtil.writeAttribute(writer, JBossSAMLConstants.IN_RESPONSE_TO.get(), inResponseTo); - } - - XMLGregorianCalendar notBefore = subjectConfirmationData.getNotBefore(); - if (notBefore != null) - { - StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), notBefore.toString()); - } - - XMLGregorianCalendar notOnOrAfter = subjectConfirmationData.getNotOnOrAfter(); - if (notOnOrAfter != null) - { - StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), notOnOrAfter.toString()); - } - - String recipient = subjectConfirmationData.getRecipient(); - if (StringUtil.isNotNull(recipient)) - { - StaxUtil.writeAttribute(writer, JBossSAMLConstants.RECIPIENT.get(), recipient); - } - - String address = subjectConfirmationData.getAddress(); - if (StringUtil.isNotNull(address)) - { - StaxUtil.writeAttribute(writer, JBossSAMLConstants.ADDRESS.get(), address); - } - - if (subjectConfirmationData instanceof KeyInfoConfirmationDataType) - { - KeyInfoConfirmationDataType kicd = (KeyInfoConfirmationDataType) subjectConfirmationData; - KeyInfoType keyInfo = (KeyInfoType) kicd.getAnyType(); - if (keyInfo.getContent() == null || keyInfo.getContent().size() == 0) - throw new ProcessingException("Invalid KeyInfo object: content cannot be empty"); - StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX, - WSTrustConstants.XMLDSig.KEYINFO, WSTrustConstants.XMLDSig.DSIG_NS); - StaxUtil.writeNameSpace(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX, WSTrustConstants.XMLDSig.DSIG_NS); - // write the keyInfo content. - Object content = keyInfo.getContent().get(0); - if (content instanceof Element) - { - Element element = (Element) keyInfo.getContent().get(0); - StaxUtil.writeDOMNode(this.writer, element); - } - else if (content instanceof X509DataType) - { - X509DataType type = (X509DataType) content; - if (type.getDataObjects().size() == 0) - throw new ProcessingException("X509Data cannot be empy"); - StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX, - WSTrustConstants.XMLDSig.X509DATA, WSTrustConstants.XMLDSig.DSIG_NS); - Object obj = type.getDataObjects().get(0); - if (obj instanceof Element) - { - Element element = (Element) obj; - StaxUtil.writeDOMElement(this.writer, element); - } - else if (obj instanceof X509CertificateType) - { - X509CertificateType cert = (X509CertificateType) obj; - StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX, - WSTrustConstants.XMLDSig.X509CERT, WSTrustConstants.XMLDSig.DSIG_NS); - StaxUtil.writeCharacters(this.writer, new String(cert.getEncodedCertificate())); - StaxUtil.writeEndElement(this.writer); - } - StaxUtil.writeEndElement(this.writer); - } - StaxUtil.writeEndElement(this.writer); - } - - StaxUtil.writeEndElement(writer); - StaxUtil.flush(writer); - } - - public void write(SAML11NameIdentifierType nameid) throws ProcessingException - { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.NAME_IDENTIFIER, - SAML11Constants.ASSERTION_11_NSURI); - - URI format = nameid.getFormat(); - if (format != null) - { - StaxUtil.writeAttribute(writer, SAML11Constants.FORMAT, format.toString()); - } - String nameQualifier = nameid.getNameQualifier(); - if (StringUtil.isNotNull(nameQualifier)) - { - StaxUtil.writeAttribute(writer, SAML11Constants.NAME_QUALIFIER, nameQualifier); - } - - StaxUtil.writeCharacters(writer, nameid.getValue()); - - StaxUtil.writeEndElement(writer); - StaxUtil.flush(writer); - } -} \ No newline at end of file

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r1035 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util and 2 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-24 17:56:04 -0400 (Fri, 24 Jun 2011) New Revision: 1035 Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAML11AssertionWriter.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML11TokenProvider.java Modified: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML20TokenRoleAttributeProvider.java federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java Log: wst saml11 token provider Modified: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML20TokenRoleAttributeProvider.java =================================================================== --- federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML20TokenRoleAttributeProvider.java 2011-06-24 19:10:12 UTC (rev 1034) +++ federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SAML20TokenRoleAttributeProvider.java 2011-06-24 21:56:04 UTC (rev 1035) @@ -8,11 +8,10 @@ import javax.security.auth.Subject; import org.apache.log4j.Logger; -import org.jboss.security.SecurityContextAssociation; import org.picketlink.identity.federation.core.wstrust.plugins.saml.SAML20TokenAttributeProvider; import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType; +import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType; import org.picketlink.identity.federation.saml.v2.assertion.AttributeType; -import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType; /** * @@ -45,12 +44,12 @@ public class SAML20TokenRoleAttributeProvider implements SAML20TokenAttributeProvider { private static Logger logger = Logger.getLogger(SAML20TokenRoleAttributeProvider.class); - + /** * The name of the principal in JBoss that is expected to include user roles */ public static final String JBOSS_ROLE_PRINCIPAL_NAME = "Roles"; - + /** * The default attribute name in the SAML Token that will carry the user's roles, if not configured otherwise */ @@ -60,12 +59,12 @@ * The name of the attribute in the SAML Token that will carry the user's roles */ private String tokenRoleAttributeName; - + public void setProperties(Map<String, String> properties) { String roleAttrKey = this.getClass().getName() + ".tokenRoleAttributeName"; tokenRoleAttributeName = properties.get(roleAttrKey); - if( tokenRoleAttributeName == null ) + if (tokenRoleAttributeName == null) { tokenRoleAttributeName = DEFAULT_TOKEN_ROLE_ATTRIBUTE_NAME; } @@ -73,8 +72,8 @@ public AttributeStatementType getAttributeStatement() { - Subject subject = SecurityContextAssociation.getSecurityContext().getSubjectInfo().getAuthenticatedSubject(); - if( subject == null ) + Subject subject = SecurityActions.getSecurityContext().getSubjectInfo().getAuthenticatedSubject(); + if (subject == null) { if (logger.isDebugEnabled()) logger.debug("No authentication Subject found, cannot provide any user roles!"); @@ -82,28 +81,29 @@ } else { - AttributeStatementType attributeStatement = new AttributeStatementType(); - AttributeType rolesAttribute = new AttributeType( tokenRoleAttributeName ); - attributeStatement.addAttribute( new ASTChoiceType(rolesAttribute) ); - - //List<Object> roles = rolesAttribute.getAttributeValue(); - for( Principal rolePrincipal : subject.getPrincipals() ) - { - if( JBOSS_ROLE_PRINCIPAL_NAME.equalsIgnoreCase( rolePrincipal.getName() ) ) - { - Group simpleGroup = (Group)rolePrincipal; - Enumeration<? extends Principal> members = simpleGroup.members(); - while( members.hasMoreElements() ) - { - Principal role = (Principal)members.nextElement(); - rolesAttribute.addAttributeValue( role.getName() ); - //roles.add( role.getName() ); - } - } - } - if (logger.isDebugEnabled()) - logger.debug("Returning an AttributeStatement with a [" + tokenRoleAttributeName + "] attribute containing: " + rolesAttribute.getAttributeValue()); - return attributeStatement; + AttributeStatementType attributeStatement = new AttributeStatementType(); + AttributeType rolesAttribute = new AttributeType(tokenRoleAttributeName); + attributeStatement.addAttribute(new ASTChoiceType(rolesAttribute)); + + //List<Object> roles = rolesAttribute.getAttributeValue(); + for (Principal rolePrincipal : subject.getPrincipals()) + { + if (JBOSS_ROLE_PRINCIPAL_NAME.equalsIgnoreCase(rolePrincipal.getName())) + { + Group simpleGroup = (Group) rolePrincipal; + Enumeration<? extends Principal> members = simpleGroup.members(); + while (members.hasMoreElements()) + { + Principal role = members.nextElement(); + rolesAttribute.addAttributeValue(role.getName()); + //roles.add( role.getName() ); + } + } + } + if (logger.isDebugEnabled()) + logger.debug("Returning an AttributeStatement with a [" + tokenRoleAttributeName + + "] attribute containing: " + rolesAttribute.getAttributeValue()); + return attributeStatement; } } } \ No newline at end of file Modified: federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java =================================================================== --- federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java 2011-06-24 19:10:12 UTC (rev 1034) +++ federation/trunk/picketlink-bindings-jboss/src/main/java/org/picketlink/identity/federation/bindings/jboss/auth/SecurityActions.java 2011-06-24 21:56:04 UTC (rev 1035) @@ -27,6 +27,7 @@ import java.security.PrivilegedExceptionAction; import org.jboss.security.SecurityContext; +import org.jboss.security.SecurityContextAssociation; import org.jboss.security.SecurityContextFactory; /** @@ -37,6 +38,17 @@ */ class SecurityActions { + static SecurityContext getSecurityContext() + { + return AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() + { + public SecurityContext run() + { + return SecurityContextAssociation.getSecurityContext(); + } + }); + } + static SecurityContext createSecurityContext() throws PrivilegedActionException { return AccessController.doPrivileged(new PrivilegedExceptionAction<SecurityContext>() Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-06-24 19:10:12 UTC (rev 1034) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/AssertionUtil.java 2011-06-24 21:56:04 UTC (rev 1035) @@ -36,6 +36,7 @@ import org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter; import org.picketlink.identity.federation.core.util.StaxUtil; import org.picketlink.identity.federation.core.util.XMLSignatureUtil; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType; import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType; @@ -80,6 +81,19 @@ * @param issuer * @return */ + public static SAML11AssertionType createSAML11Assertion(String id, XMLGregorianCalendar issueInstant, String issuer) + { + SAML11AssertionType assertion = new SAML11AssertionType(id, issueInstant); + assertion.setIssuer(issuer); + return assertion; + } + + /** + * Create an assertion + * @param id + * @param issuer + * @return + */ public static AssertionType createAssertion(String id, NameIDType issuer) { XMLGregorianCalendar issueInstant = null; Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java 2011-06-24 19:10:12 UTC (rev 1034) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java 2011-06-24 21:56:04 UTC (rev 1035) @@ -36,7 +36,7 @@ import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.picketlink.identity.federation.core.util.StaxUtil; -import org.picketlink.identity.federation.core.util.StringUtil; +import org.picketlink.identity.federation.core.util.StringUtil; import org.picketlink.identity.federation.saml.v2.assertion.AttributeType; import org.picketlink.identity.federation.saml.v2.assertion.NameIDType; import org.picketlink.identity.federation.saml.v2.metadata.LocalizedNameType; @@ -49,18 +49,22 @@ public class BaseWriter { protected static String PROTOCOL_PREFIX = "samlp"; + protected static String ASSERTION_PREFIX = "saml"; + protected static String XACML_SAML_PREFIX = "xacml-saml"; + protected static String XACML_SAML_PROTO_PREFIX = "xacml-samlp"; + protected static String XSI_PREFIX = "xsi"; - - protected XMLStreamWriter writer = null; - + + protected XMLStreamWriter writer = null; + public BaseWriter(XMLStreamWriter writer) throws ProcessingException { this.writer = writer; } - + /** * Write {@code NameIDType} to stream * @param nameIDType @@ -68,44 +72,44 @@ * @param out * @throws ProcessingException */ - public void write( NameIDType nameIDType, QName tag ) throws ProcessingException + public void write(NameIDType nameIDType, QName tag) throws ProcessingException { - StaxUtil.writeStartElement( writer, tag.getPrefix(), tag.getLocalPart() , tag.getNamespaceURI() ); - + StaxUtil.writeStartElement(writer, tag.getPrefix(), tag.getLocalPart(), tag.getNamespaceURI()); + URI format = nameIDType.getFormat(); - if( format != null ) + if (format != null) { - StaxUtil.writeAttribute( writer, JBossSAMLConstants.FORMAT.get(), format.toASCIIString() ); - } - + StaxUtil.writeAttribute(writer, JBossSAMLConstants.FORMAT.get(), format.toASCIIString()); + } + String spProvidedID = nameIDType.getSPProvidedID(); - if( StringUtil.isNotNull( spProvidedID )) + if (StringUtil.isNotNull(spProvidedID)) { - StaxUtil.writeAttribute( writer, JBossSAMLConstants.SP_PROVIDED_ID.get(), spProvidedID ); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.SP_PROVIDED_ID.get(), spProvidedID); } - + String spNameQualifier = nameIDType.getSPNameQualifier(); - if( StringUtil.isNotNull( spNameQualifier )) + if (StringUtil.isNotNull(spNameQualifier)) { - StaxUtil.writeAttribute( writer, JBossSAMLConstants.SP_NAME_QUALIFIER.get(), spNameQualifier ); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.SP_NAME_QUALIFIER.get(), spNameQualifier); } - + String nameQualifier = nameIDType.getNameQualifier(); - if( StringUtil.isNotNull( nameQualifier )) + if (StringUtil.isNotNull(nameQualifier)) { - StaxUtil.writeAttribute( writer, JBossSAMLConstants.NAME_QUALIFIER.get(), nameQualifier ); - } - + StaxUtil.writeAttribute(writer, JBossSAMLConstants.NAME_QUALIFIER.get(), nameQualifier); + } + String value = nameIDType.getValue(); - if( StringUtil.isNotNull( value )) + if (StringUtil.isNotNull(value)) { - StaxUtil.writeCharacters( writer, value ); + StaxUtil.writeCharacters(writer, value); } - - StaxUtil.writeEndElement( writer); - StaxUtil.flush( writer ); + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); } - + /** * Write an {@code AttributeType} to stream * @@ -117,13 +121,13 @@ { StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE.get(), ASSERTION_NSURI.get()); - writeAttributeTypeWithoutRootTag(attributeType); - + writeAttributeTypeWithoutRootTag(attributeType); + StaxUtil.writeEndElement(writer); StaxUtil.flush(writer); } - - public void writeAttributeTypeWithoutRootTag( AttributeType attributeType ) throws ProcessingException + + public void writeAttributeTypeWithoutRootTag(AttributeType attributeType) throws ProcessingException { String attributeName = attributeType.getName(); if (attributeName != null) @@ -171,32 +175,34 @@ { if (attributeValue instanceof String) { - writeStringAttributeValue( (String) attributeValue ); + writeStringAttributeValue((String) attributeValue); } else throw new RuntimeException("Unsupported attribute value:" + attributeValue.getClass().getName()); } } } - - public void writeStringAttributeValue( String attributeValue ) throws ProcessingException + + public void writeStringAttributeValue(String attributeValue) throws ProcessingException { - StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_VALUE.get(), ASSERTION_NSURI.get()); + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_VALUE.get(), + ASSERTION_NSURI.get()); StaxUtil.writeNameSpace(writer, JBossSAMLURIConstants.XSI_PREFIX.get(), JBossSAMLURIConstants.XSI_NSURI.get()); StaxUtil.writeNameSpace(writer, "xs", JBossSAMLURIConstants.XMLSCHEMA_NSURI.get()); StaxUtil.writeAttribute(writer, JBossSAMLURIConstants.XSI_NSURI.get(), "type", "xs:string"); - StaxUtil.writeCharacters(writer, attributeValue ); + StaxUtil.writeCharacters(writer, attributeValue); StaxUtil.writeEndElement(writer); } - - - public void writeLocalizedNameType( LocalizedNameType localizedNameType, QName startElement ) throws ProcessingException + public void writeLocalizedNameType(LocalizedNameType localizedNameType, QName startElement) + throws ProcessingException { - StaxUtil.writeStartElement(writer, startElement.getPrefix(), startElement.getLocalPart(), startElement.getNamespaceURI() ); - StaxUtil.writeAttribute(writer, new QName( JBossSAMLURIConstants.XML.get(), "lang", "xml" ), localizedNameType.getLang() ); - StaxUtil.writeCharacters(writer, localizedNameType.getValue() ); + StaxUtil.writeStartElement(writer, startElement.getPrefix(), startElement.getLocalPart(), + startElement.getNamespaceURI()); + StaxUtil.writeAttribute(writer, new QName(JBossSAMLURIConstants.XML.get(), "lang", "xml"), + localizedNameType.getLang()); + StaxUtil.writeCharacters(writer, localizedNameType.getValue()); StaxUtil.writeEndElement(writer); } } \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAML11AssertionWriter.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAML11AssertionWriter.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAML11AssertionWriter.java 2011-06-24 21:56:04 UTC (rev 1035) @@ -0,0 +1,472 @@ +/* + * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and individual contributors as + * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual + * contributors. + * + * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any + * later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to + * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: + * http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.saml.v2.writers; + +import static org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants.ASSERTION_NSURI; + +import java.net.URI; +import java.util.List; +import java.util.Set; + +import javax.xml.datatype.XMLGregorianCalendar; +import javax.xml.namespace.QName; +import javax.xml.stream.XMLStreamWriter; + +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.saml.v1.SAML11Constants; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; +import org.picketlink.identity.federation.core.util.StaxUtil; +import org.picketlink.identity.federation.core.util.StringUtil; +import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AdviceType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeStatementType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AudienceRestrictionCondition; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthenticationStatementType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthorizationDecisionStatementType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionAbstractType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11NameIdentifierType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11StatementAbstractType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType.SAML11SubjectTypeChoice; +import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextClassRefType; +import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextDeclRefType; +import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextDeclType; +import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextType; +import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextType.AuthnContextTypeSequence; +import org.picketlink.identity.federation.saml.v2.assertion.BaseIDAbstractType; +import org.picketlink.identity.federation.saml.v2.assertion.KeyInfoConfirmationDataType; +import org.picketlink.identity.federation.saml.v2.assertion.NameIDType; +import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType; +import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType; +import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType; +import org.picketlink.identity.federation.saml.v2.assertion.URIType; +import org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; +import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; +import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType; +import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType; +import org.w3c.dom.Element; + +/** + * Write the SAML 11 Assertion to stream + * + * @author Anil.Saldhana(a)redhat.com + * @since June 24, 2011 + */ +public class SAML11AssertionWriter extends BaseWriter +{ + public SAML11AssertionWriter(XMLStreamWriter writer) throws ProcessingException + { + super(writer); + } + + /** + * Write an {@code SAML11AssertionType} to stream + * + * @param assertion + * @param out + * @throws ProcessingException + */ + public void write(SAML11AssertionType assertion) throws ProcessingException + { + String ns = SAML11Constants.ASSERTION_11_NSURI; + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ASSERTION.get(), ns); + StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ns); + StaxUtil.writeDefaultNameSpace(writer, ns); + + // Attributes + StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID()); + StaxUtil.writeAttribute(writer, SAML11Constants.MAJOR_VERSION, assertion.getMajorVersion() + ""); + StaxUtil.writeAttribute(writer, SAML11Constants.MINOR_VERSION, assertion.getMinorVersion() + ""); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), assertion.getIssueInstant().toString()); + + String issuer = assertion.getIssuer(); + if (issuer != null) + { + StaxUtil.writeAttribute(writer, SAML11Constants.ISSUER, issuer); + } + + SAML11ConditionsType conditions = assertion.getConditions(); + if (conditions != null) + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.CONDITIONS.get(), ns); + + StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), conditions.getNotBefore().toString()); + StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), conditions.getNotOnOrAfter() + .toString()); + + List<SAML11ConditionAbstractType> typeOfConditions = conditions.get(); + if (typeOfConditions != null) + { + for (SAML11ConditionAbstractType typeCondition : typeOfConditions) + { + if (typeCondition instanceof SAML11AudienceRestrictionCondition) + { + SAML11AudienceRestrictionCondition art = (SAML11AudienceRestrictionCondition) typeCondition; + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.AUDIENCE_RESTRICTION_CONDITION, + ns); + List<URI> audiences = art.get(); + if (audiences != null) + { + for (URI audience : audiences) + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUDIENCE.get(), ns); + StaxUtil.writeCharacters(writer, audience.toString()); + StaxUtil.writeEndElement(writer); + } + } + + StaxUtil.writeEndElement(writer); + } + } + } + + StaxUtil.writeEndElement(writer); + } + + SAML11AdviceType advice = assertion.getAdvice(); + if (advice != null) + throw new RuntimeException("Advice needs to be handled"); + + List<SAML11StatementAbstractType> statements = assertion.getStatements(); + if (statements != null) + { + for (SAML11StatementAbstractType statement : statements) + { + if (statement instanceof SAML11AuthenticationStatementType) + { + write((SAML11AuthenticationStatementType) statement); + } + else if (statement instanceof SAML11AttributeStatementType) + { + write((SAML11AttributeStatementType) statement); + } + else if (statement instanceof SAML11AuthorizationDecisionStatementType) + { + write((SAML11AuthorizationDecisionStatementType) statement); + } + else + throw new RuntimeException("unknown statement type=" + statement.getClass().getName()); + } + } + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + /** + * Write an {@code StatementAbstractType} to stream + * + * @param statement + * @param out + * @throws ProcessingException + */ + public void write(StatementAbstractType statement) throws ProcessingException + { + // TODO: handle this section + throw new RuntimeException("NYI"); + } + + public void write(SAML11AttributeStatementType statement) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.ATTRIBUTE_STATEMENT.get(), + SAML11Constants.ASSERTION_11_NSURI); + + List<SAML11AttributeType> attributes = statement.get(); + if (attributes != null) + { + for (SAML11AttributeType attr : attributes) + { + throw new RuntimeException("NYI"); + } + } + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + /** + * Write an {@code AuthnStatementType} to stream + * + * @param authnStatement + * @param out + * @throws ProcessingException + */ + public void write(SAML11AuthenticationStatementType authnStatement) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_STATEMENT.get(), + SAML11Constants.ASSERTION_11_NSURI); + + XMLGregorianCalendar authnInstant = authnStatement.getAuthenticationInstant(); + if (authnInstant != null) + { + StaxUtil.writeAttribute(writer, SAML11Constants.AUTHENTICATION_INSTANT, authnInstant.toString()); + } + + URI authMethod = authnStatement.getAuthenticationMethod(); + if (authMethod != null) + { + StaxUtil.writeAttribute(writer, SAML11Constants.AUTHENTICATION_METHOD, authMethod.toString()); + } + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + public void write(SAML11AuthorizationDecisionStatementType xacmlStat) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.STATEMENT.get(), ASSERTION_NSURI.get()); + + StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get()); + StaxUtil.writeNameSpace(writer, XACML_SAML_PREFIX, JBossSAMLURIConstants.XACML_SAML_NSURI.get()); + StaxUtil.writeNameSpace(writer, XACML_SAML_PROTO_PREFIX, JBossSAMLURIConstants.XACML_SAML_PROTO_NSURI.get()); + StaxUtil.writeNameSpace(writer, XSI_PREFIX, JBossSAMLURIConstants.XSI_NSURI.get()); + + StaxUtil.writeAttribute(writer, new QName(JBossSAMLURIConstants.XSI_NSURI.get(), JBossSAMLConstants.TYPE.get(), + XSI_PREFIX), XACMLAuthzDecisionStatementType.XSI_TYPE); + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + /** + * Write an {@code AuthnContextType} to stream + * + * @param authContext + * @param out + * @throws ProcessingException + */ + public void write(AuthnContextType authContext) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT.get(), + ASSERTION_NSURI.get()); + + AuthnContextTypeSequence sequence = authContext.getSequence(); + if (sequence != null) + { + AuthnContextClassRefType authnContextClassRefType = sequence.getClassRef(); + if (authnContextClassRefType != null) + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHN_CONTEXT_CLASS_REF.get(), + ASSERTION_NSURI.get()); + StaxUtil.writeCharacters(writer, authnContextClassRefType.getValue().toASCIIString()); + StaxUtil.writeEndElement(writer); + } + + Set<URIType> uriTypes = sequence.getURIType(); + if (uriTypes != null) + { + for (URIType uriType : uriTypes) + { + if (uriType instanceof AuthnContextDeclType) + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, + JBossSAMLConstants.AUTHN_CONTEXT_DECLARATION.get(), ASSERTION_NSURI.get()); + StaxUtil.writeCharacters(writer, uriType.getValue().toASCIIString()); + StaxUtil.writeEndElement(writer); + } + if (uriType instanceof AuthnContextDeclRefType) + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, + JBossSAMLConstants.AUTHN_CONTEXT_DECLARATION_REF.get(), ASSERTION_NSURI.get()); + StaxUtil.writeCharacters(writer, uriType.getValue().toASCIIString()); + StaxUtil.writeEndElement(writer); + } + } + } + } + + Set<URI> authAuthorities = authContext.getAuthenticatingAuthority(); + if (authAuthorities != null) + { + for (URI aa : authAuthorities) + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.AUTHENTICATING_AUTHORITY.get(), + ASSERTION_NSURI.get()); + StaxUtil.writeCharacters(writer, aa.toASCIIString()); + StaxUtil.writeEndElement(writer); + } + } + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + /** + * write an {@code SubjectType} to stream + * + * @param subject + * @param out + * @throws ProcessingException + */ + public void write(SAML11SubjectType subject) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT.get(), + SAML11Constants.ASSERTION_11_NSURI); + + SAML11SubjectTypeChoice choice = subject.getChoice(); + if (choice != null) + { + SAML11NameIdentifierType nameid = choice.getNameID(); + if (nameid != null) + { + write(nameid); + } + } + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + private void write(BaseIDAbstractType baseId) throws ProcessingException + { + throw new RuntimeException("NYI"); + } + + private void write(SubjectConfirmationType subjectConfirmationType) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION.get(), + ASSERTION_NSURI.get()); + + StaxUtil.writeAttribute(writer, JBossSAMLConstants.METHOD.get(), subjectConfirmationType.getMethod()); + + BaseIDAbstractType baseID = subjectConfirmationType.getBaseID(); + if (baseID != null) + { + write(baseID); + } + NameIDType nameIDType = subjectConfirmationType.getNameID(); + if (nameIDType != null) + { + write(nameIDType, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX)); + } + SubjectConfirmationDataType subjectConfirmationData = subjectConfirmationType.getSubjectConfirmationData(); + if (subjectConfirmationData != null) + { + write(subjectConfirmationData); + } + StaxUtil.writeEndElement(writer); + } + + private void write(SubjectConfirmationDataType subjectConfirmationData) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get(), + ASSERTION_NSURI.get()); + + // Let us look at attributes + String inResponseTo = subjectConfirmationData.getInResponseTo(); + if (StringUtil.isNotNull(inResponseTo)) + { + StaxUtil.writeAttribute(writer, JBossSAMLConstants.IN_RESPONSE_TO.get(), inResponseTo); + } + + XMLGregorianCalendar notBefore = subjectConfirmationData.getNotBefore(); + if (notBefore != null) + { + StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), notBefore.toString()); + } + + XMLGregorianCalendar notOnOrAfter = subjectConfirmationData.getNotOnOrAfter(); + if (notOnOrAfter != null) + { + StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), notOnOrAfter.toString()); + } + + String recipient = subjectConfirmationData.getRecipient(); + if (StringUtil.isNotNull(recipient)) + { + StaxUtil.writeAttribute(writer, JBossSAMLConstants.RECIPIENT.get(), recipient); + } + + String address = subjectConfirmationData.getAddress(); + if (StringUtil.isNotNull(address)) + { + StaxUtil.writeAttribute(writer, JBossSAMLConstants.ADDRESS.get(), address); + } + + if (subjectConfirmationData instanceof KeyInfoConfirmationDataType) + { + KeyInfoConfirmationDataType kicd = (KeyInfoConfirmationDataType) subjectConfirmationData; + KeyInfoType keyInfo = (KeyInfoType) kicd.getAnyType(); + if (keyInfo.getContent() == null || keyInfo.getContent().size() == 0) + throw new ProcessingException("Invalid KeyInfo object: content cannot be empty"); + StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX, + WSTrustConstants.XMLDSig.KEYINFO, WSTrustConstants.XMLDSig.DSIG_NS); + StaxUtil.writeNameSpace(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX, WSTrustConstants.XMLDSig.DSIG_NS); + // write the keyInfo content. + Object content = keyInfo.getContent().get(0); + if (content instanceof Element) + { + Element element = (Element) keyInfo.getContent().get(0); + StaxUtil.writeDOMNode(this.writer, element); + } + else if (content instanceof X509DataType) + { + X509DataType type = (X509DataType) content; + if (type.getDataObjects().size() == 0) + throw new ProcessingException("X509Data cannot be empy"); + StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX, + WSTrustConstants.XMLDSig.X509DATA, WSTrustConstants.XMLDSig.DSIG_NS); + Object obj = type.getDataObjects().get(0); + if (obj instanceof Element) + { + Element element = (Element) obj; + StaxUtil.writeDOMElement(this.writer, element); + } + else if (obj instanceof X509CertificateType) + { + X509CertificateType cert = (X509CertificateType) obj; + StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX, + WSTrustConstants.XMLDSig.X509CERT, WSTrustConstants.XMLDSig.DSIG_NS); + StaxUtil.writeCharacters(this.writer, new String(cert.getEncodedCertificate())); + StaxUtil.writeEndElement(this.writer); + } + StaxUtil.writeEndElement(this.writer); + } + StaxUtil.writeEndElement(this.writer); + } + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } + + public void write(SAML11NameIdentifierType nameid) throws ProcessingException + { + StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, SAML11Constants.NAME_IDENTIFIER, + SAML11Constants.ASSERTION_11_NSURI); + + URI format = nameid.getFormat(); + if (format != null) + { + StaxUtil.writeAttribute(writer, SAML11Constants.FORMAT, format.toString()); + } + String nameQualifier = nameid.getNameQualifier(); + if (StringUtil.isNotNull(nameQualifier)) + { + StaxUtil.writeAttribute(writer, SAML11Constants.NAME_QUALIFIER, nameQualifier); + } + + StaxUtil.writeCharacters(writer, nameid.getValue()); + + StaxUtil.writeEndElement(writer); + StaxUtil.flush(writer); + } +} \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML11TokenProvider.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML11TokenProvider.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAML11TokenProvider.java 2011-06-24 21:56:04 UTC (rev 1035) @@ -0,0 +1,438 @@ +/* + * JBoss, Home of Professional Open Source. Copyright 2009, Red Hat Middleware LLC, and individual contributors as + * indicated by the @author tags. See the copyright.txt file in the distribution for a full listing of individual + * contributors. + * + * This is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public + * License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any + * later version. + * + * This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied + * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more + * details. + * + * You should have received a copy of the GNU Lesser General Public License along with this software; if not, write to + * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA, or see the FSF site: + * http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.wstrust.plugins.saml; + +import java.net.URI; +import java.security.Principal; +import java.security.PrivilegedActionException; +import java.util.ArrayList; +import java.util.HashMap; +import java.util.List; +import java.util.Map; + +import javax.xml.datatype.XMLGregorianCalendar; +import javax.xml.namespace.QName; + +import org.apache.log4j.Logger; +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.interfaces.ProtocolContext; +import org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider; +import org.picketlink.identity.federation.core.saml.v1.SAML11Constants; +import org.picketlink.identity.federation.core.saml.v2.common.IDGenerator; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; +import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory; +import org.picketlink.identity.federation.core.saml.v2.util.AssertionUtil; +import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil; +import org.picketlink.identity.federation.core.sts.AbstractSecurityTokenProvider; +import org.picketlink.identity.federation.core.wstrust.SecurityToken; +import org.picketlink.identity.federation.core.wstrust.StandardSecurityToken; +import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; +import org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext; +import org.picketlink.identity.federation.core.wstrust.WSTrustUtil; +import org.picketlink.identity.federation.core.wstrust.wrappers.Lifetime; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AudienceRestrictionCondition; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11StatementAbstractType; +import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; +import org.picketlink.identity.federation.saml.v2.assertion.KeyInfoConfirmationDataType; +import org.picketlink.identity.federation.saml.v2.assertion.NameIDType; +import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType; +import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType; +import org.picketlink.identity.federation.saml.v2.assertion.SubjectType; +import org.picketlink.identity.federation.ws.policy.AppliesTo; +import org.picketlink.identity.federation.ws.trust.RequestedReferenceType; +import org.picketlink.identity.federation.ws.trust.StatusType; +import org.picketlink.identity.federation.ws.wss.secext.KeyIdentifierType; +import org.w3c.dom.Element; + +/** + * + * A {@code SecurityTokenProvider} implementation that handles WS-Trust SAML 2.0 token requests. + * + * + * @author <a href="mailto:sguilhen@redhat.com">Stefan Guilhen</a> + */ +public class SAML11TokenProvider extends AbstractSecurityTokenProvider implements SecurityTokenProvider +{ + protected static Logger logger = Logger.getLogger(SAML11TokenProvider.class); + + private SAML20TokenAttributeProvider attributeProvider; + + /* + * (non-Javadoc) + * + * @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider#initialize(java.util.Map) + */ + public void initialize(Map<String, String> properties) + { + super.initialize(properties); + + // Check if an attribute provider has been set. + String attributeProviderClassName = this.properties.get(ATTRIBUTE_PROVIDER); + if (attributeProviderClassName == null) + { + if (logger.isDebugEnabled()) + logger.debug("No attribute provider set"); + } + else + { + try + { + Object object = SecurityActions.instantiateClass(attributeProviderClassName); + if (object instanceof SAML20TokenAttributeProvider) + { + this.attributeProvider = (SAML20TokenAttributeProvider) object; + this.attributeProvider.setProperties(this.properties); + } + else + logger.warn("Attribute provider not installed: " + attributeProviderClassName + + "is not an instance of SAML20TokenAttributeProvider"); + } + catch (PrivilegedActionException pae) + { + logger.warn("Error instantiating attribute provider: " + pae.getMessage()); + pae.printStackTrace(); + } + } + } + + /* + * (non-Javadoc) + * + * @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider# + * cancelToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext) + */ + public void cancelToken(ProtocolContext protoContext) throws ProcessingException + { + if (!(protoContext instanceof WSTrustRequestContext)) + return; + + WSTrustRequestContext context = (WSTrustRequestContext) protoContext; + + // get the assertion that must be canceled. + Element token = context.getRequestSecurityToken().getCancelTargetElement(); + if (token == null) + throw new ProcessingException("Invalid cancel request: missing required CancelTarget"); + Element assertionElement = (Element) token.getFirstChild(); + if (!this.isAssertion(assertionElement)) + throw new ProcessingException("CancelTarget doesn't not contain a SAMLV2.0 assertion"); + + // get the assertion ID and add it to the canceled assertions set. + String assertionId = assertionElement.getAttribute("ID"); + this.revocationRegistry.revokeToken(SAMLUtil.SAML11_TOKEN_TYPE, assertionId); + } + + /* + * (non-Javadoc) + * + * @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider# + * issueToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext) + */ + public void issueToken(ProtocolContext protoContext) throws ProcessingException + { + if (!(protoContext instanceof WSTrustRequestContext)) + return; + + WSTrustRequestContext context = (WSTrustRequestContext) protoContext; + // generate an id for the new assertion. + String assertionID = IDGenerator.create("ID_"); + + // lifetime and audience restrictions. + Lifetime lifetime = context.getRequestSecurityToken().getLifetime(); + SAML11AudienceRestrictionCondition restriction = null; + AppliesTo appliesTo = context.getRequestSecurityToken().getAppliesTo(); + if (appliesTo != null) + { + restriction = new SAML11AudienceRestrictionCondition(); + restriction.add(URI.create(WSTrustUtil.parseAppliesTo(appliesTo))); + } + SAML11ConditionsType conditions = new SAML11ConditionsType(); + conditions.setNotBefore(lifetime.getCreated()); + conditions.setNotOnOrAfter(lifetime.getExpires()); + conditions.add(restriction); + + // the assertion principal (default is caller principal) + Principal principal = context.getCallerPrincipal(); + + String confirmationMethod = null; + KeyInfoConfirmationDataType keyInfoDataType = null; + // if there is a on-behalf-of principal, we have the sender vouches confirmation method. + if (context.getOnBehalfOfPrincipal() != null) + { + principal = context.getOnBehalfOfPrincipal(); + confirmationMethod = SAMLUtil.SAML11_SENDER_VOUCHES_URI; + } + // if there is a proof-of-possession token in the context, we have the holder of key confirmation method. + else if (context.getProofTokenInfo() != null) + { + confirmationMethod = SAMLUtil.SAML11_HOLDER_OF_KEY_URI; + keyInfoDataType = SAMLAssertionFactory.createKeyInfoConfirmation(context.getProofTokenInfo()); + } + else + confirmationMethod = SAMLUtil.SAML11_BEARER_URI; + + SubjectConfirmationType subjectConfirmation = SAMLAssertionFactory.createSubjectConfirmation(null, + confirmationMethod, keyInfoDataType); + + // create a subject using the caller principal or on-behalf-of principal. + String subjectName = principal == null ? "ANONYMOUS" : principal.getName(); + NameIDType nameID = SAMLAssertionFactory.createNameID(null, "urn:picketlink:identity-federation", subjectName); + SubjectType subject = SAMLAssertionFactory.createSubject(nameID, subjectConfirmation); + + // create the attribute statements if necessary. + List<StatementAbstractType> statements = null; + Map<String, Object> claimedAttributes = context.getClaimedAttributes(); + if (claimedAttributes != null) + { + statements = new ArrayList<StatementAbstractType>(); + statements.add(StatementUtil.createAttributeStatement(claimedAttributes)); + } + /* + // create the SAML assertion. + NameIDType issuerID = SAMLAssertionFactory.createNameID(null, null, context.getTokenIssuer()); + AssertionType assertion = SAMLAssertionFactory.createAssertion(assertionID, issuerID, lifetime.getCreated(), + conditions, subject, statements); + + if (this.attributeProvider != null) + { + AttributeStatementType attributeStatement = this.attributeProvider.getAttributeStatement(); + if (attributeStatement != null) + { + assertion.addStatement(attributeStatement); + } + } + + // convert the constructed assertion to element. + Element assertionElement = null; + try + { + assertionElement = SAMLUtil.toElement(assertion); + } + catch (Exception e) + { + throw new ProcessingException("Failed to marshall SAMLV2 assertion", e); + } + + SecurityToken token = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType().toString(), + assertionElement, assertionID); + context.setSecurityToken(token); + + // set the SAML assertion attached reference. + KeyIdentifierType keyIdentifier = WSTrustUtil.createKeyIdentifier(SAMLUtil.SAML11_VALUE_TYPE, "#" + assertionID); + Map<QName, String> attributes = new HashMap<QName, String>(); + attributes.put(new QName(WSTrustConstants.WSSE11_NS, "TokenType", WSTrustConstants.WSSE.PREFIX_11), + SAMLUtil.SAML11_TOKEN_TYPE); + RequestedReferenceType attachedReference = WSTrustUtil.createRequestedReference(keyIdentifier, attributes); + context.setAttachedReference(attachedReference);*/ + } + + /* + * (non-Javadoc) + * + * @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider# + * renewToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext) + */ + public void renewToken(ProtocolContext protoContext) throws ProcessingException + { + if (!(protoContext instanceof WSTrustRequestContext)) + return; + + WSTrustRequestContext context = (WSTrustRequestContext) protoContext; + // get the specified assertion that must be renewed. + Element token = context.getRequestSecurityToken().getRenewTargetElement(); + if (token == null) + throw new ProcessingException("Invalid renew request: missing required RenewTarget"); + Element oldAssertionElement = (Element) token.getFirstChild(); + if (!this.isAssertion(oldAssertionElement)) + throw new ProcessingException("RenewTarget doesn't not contain a SAMLV1.1 assertion"); + + // get the JAXB representation of the old assertion. + SAML11AssertionType oldAssertion = null; + try + { + oldAssertion = SAMLUtil.saml11FromElement(oldAssertionElement); + } + catch (Exception je) + { + throw new ProcessingException("Error unmarshalling assertion", je); + } + + // canceled assertions cannot be renewed. + if (this.revocationRegistry.isRevoked(SAMLUtil.SAML11_TOKEN_TYPE, oldAssertion.getID())) + throw new ProcessingException("Assertion with id " + oldAssertion.getID() + + " has been canceled and cannot be renewed"); + + // adjust the lifetime for the renewed assertion. + SAML11ConditionsType conditions = oldAssertion.getConditions(); + conditions.setNotBefore(context.getRequestSecurityToken().getLifetime().getCreated()); + conditions.setNotOnOrAfter(context.getRequestSecurityToken().getLifetime().getExpires()); + + // create a new unique ID for the renewed assertion. + String assertionID = IDGenerator.create("ID_"); + + List<SAML11StatementAbstractType> statements = new ArrayList<SAML11StatementAbstractType>(); + statements.addAll(oldAssertion.getStatements()); + + // create the new assertion. + XMLGregorianCalendar created = context.getRequestSecurityToken().getLifetime().getCreated(); + + SAML11AssertionType newAssertion = AssertionUtil.createSAML11Assertion(assertionID, created, + oldAssertion.getIssuer()); + newAssertion.addAllStatements(oldAssertion.getStatements()); + + // create a security token with the new assertion. + Element assertionElement = null; + try + { + assertionElement = SAMLUtil.toElement(newAssertion); + } + catch (Exception e) + { + throw new ProcessingException("Failed to marshall SAMLV2 assertion", e); + } + SecurityToken securityToken = new StandardSecurityToken(context.getRequestSecurityToken().getTokenType() + .toString(), assertionElement, assertionID); + context.setSecurityToken(securityToken); + + // set the SAML assertion attached reference. + KeyIdentifierType keyIdentifier = WSTrustUtil.createKeyIdentifier(SAMLUtil.SAML11_VALUE_TYPE, "#" + assertionID); + Map<QName, String> attributes = new HashMap<QName, String>(); + attributes.put(new QName(WSTrustConstants.WSSE11_NS, "TokenType"), SAMLUtil.SAML11_TOKEN_TYPE); + RequestedReferenceType attachedReference = WSTrustUtil.createRequestedReference(keyIdentifier, attributes); + context.setAttachedReference(attachedReference); + } + + /* + * (non-Javadoc) + * + * @see org.picketlink.identity.federation.core.wstrust.SecurityTokenProvider# + * validateToken(org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext) + */ + public void validateToken(ProtocolContext protoContext) throws ProcessingException + { + if (!(protoContext instanceof WSTrustRequestContext)) + return; + + WSTrustRequestContext context = (WSTrustRequestContext) protoContext; + if (logger.isTraceEnabled()) + logger.trace("SAML V2.0 token validation started"); + + // get the SAML assertion that must be validated. + Element token = context.getRequestSecurityToken().getValidateTargetElement(); + if (token == null) + throw new ProcessingException("Bad validate request: missing required ValidateTarget"); + + String code = WSTrustConstants.STATUS_CODE_VALID; + String reason = "SAMLV2.0 Assertion successfuly validated"; + + AssertionType assertion = null; + Element assertionElement = (Element) token.getFirstChild(); + if (!this.isAssertion(assertionElement)) + { + code = WSTrustConstants.STATUS_CODE_INVALID; + reason = "Validation failure: supplied token is not a SAMLV2.0 Assertion"; + } + else + { + try + { + assertion = SAMLUtil.fromElement(assertionElement); + } + catch (Exception e) + { + throw new ProcessingException("Unmarshalling error:", e); + } + } + + // check if the assertion has been canceled before. + if (this.revocationRegistry.isRevoked(SAMLUtil.SAML11_TOKEN_TYPE, assertion.getID())) + { + code = WSTrustConstants.STATUS_CODE_INVALID; + reason = "Validation failure: assertion with id " + assertion.getID() + " has been canceled"; + } + + // check the assertion lifetime. + try + { + if (AssertionUtil.hasExpired(assertion)) + { + code = WSTrustConstants.STATUS_CODE_INVALID; + reason = "Validation failure: assertion expired or used before its lifetime period"; + } + } + catch (Exception ce) + { + code = WSTrustConstants.STATUS_CODE_INVALID; + reason = "Validation failure: unable to verify assertion lifetime: " + ce.getMessage(); + } + + // construct the status and set it on the request context. + StatusType status = new StatusType(); + status.setCode(code); + status.setReason(reason); + context.setStatus(status); + } + + /** + * + * Checks whether the specified element is a SAMLV2.0 assertion or not. + * + * + * @param element + * the {@code Element} being verified. + * @return {@code true} if the element is a SAMLV2.0 assertion; {@code false} otherwise. + */ + private boolean isAssertion(Element element) + { + return element == null ? false : "Assertion".equals(element.getLocalName()) + && SAML11Constants.ASSERTION_11_NSURI.equals(element.getNamespaceURI()); + } + + /** + * @see {@code SecurityTokenProvider#supports(String)} + */ + public boolean supports(String namespace) + { + return WSTrustConstants.BASE_NAMESPACE.equals(namespace); + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#tokenType() + */ + public String tokenType() + { + return SAMLUtil.SAML11_TOKEN_TYPE; + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#getSupportedQName() + */ + public QName getSupportedQName() + { + return new QName(tokenType(), JBossSAMLConstants.ASSERTION.get()); + } + + /** + * @see org.picketlink.identity.federation.core.interfaces.SecurityTokenProvider#family() + */ + public String family() + { + return SecurityTokenProvider.FAMILY_TYPE.WS_TRUST.toString(); + } +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java 2011-06-24 19:10:12 UTC (rev 1034) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java 2011-06-24 21:56:04 UTC (rev 1035) @@ -23,14 +23,17 @@ import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; +import java.security.GeneralSecurityException; import org.picketlink.identity.federation.core.exceptions.ConfigurationException; import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.exceptions.ProcessingException; import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; +import org.picketlink.identity.federation.core.saml.v2.writers.SAML11AssertionWriter; import org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter; import org.picketlink.identity.federation.core.util.StaxUtil; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -45,12 +48,22 @@ public class SAMLUtil { + public static final String SAML11_BEARER_URI = "urn:oasis:names:tc:SAML:1.0:cm:bearer"; + + public static final String SAML11_HOLDER_OF_KEY_URI = "urn:oasis:names:tc:SAML:1.0:cm:holder-of-key"; + + public static final String SAML11_SENDER_VOUCHES_URI = "urn:oasis:names:tc:SAML:1.0:cm:sender-vouches"; + public static final String SAML2_BEARER_URI = "urn:oasis:names:tc:SAML:2.0:cm:bearer"; public static final String SAML2_HOLDER_OF_KEY_URI = "urn:oasis:names:tc:SAML:2.0:cm:holder-of-key"; public static final String SAML2_SENDER_VOUCHES_URI = "urn:oasis:names:tc:SAML:2.0:cm:sender-vouches"; + public static final String SAML11_TOKEN_TYPE = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1"; + + public static final String SAML11_VALUE_TYPE = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.0#SAMLAsser..."; + public static final String SAML2_TOKEN_TYPE = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV2.0"; public static final String SAML2_VALUE_TYPE = "http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLID"; @@ -80,6 +93,29 @@ /** * + * Utility method that marshals the specified {@code AssertionType} object into an {@code Element} instance. + * + * + * @param assertion + * an {@code AssertionType} object representing the SAML assertion to be marshaled. + * @return a reference to the {@code Element} that contains the marshaled SAML assertion. + * @throws Exception + * if an error occurs while marshaling the assertion. + */ + public static Element toElement(SAML11AssertionType assertion) throws Exception + { + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + SAML11AssertionWriter writer = new SAML11AssertionWriter(StaxUtil.getXMLStreamWriter(baos)); + writer.write(assertion); + + ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray()); + Document document = DocumentUtil.getDocument(bis); + + return document.getDocumentElement(); + } + + /** + * * Utility method that unmarshals the specified {@code Element} into an {@code AssertionType} instance. * * @@ -97,4 +133,16 @@ AssertionType assertion = (AssertionType) samlParser.parse(DocumentUtil.getNodeAsStream(assertionElement)); return assertion; } -} + + /** + * Given a {@link Element} that represents a SAML 1.1 assertion, convert it into a {@link SAML11AssertionType} + * @param assertionElement + * @return + * @throws GeneralSecurityException + */ + public static SAML11AssertionType saml11FromElement(Element assertionElement) throws GeneralSecurityException + { + SAMLParser samlParser = new SAMLParser(); + return (SAML11AssertionType) samlParser.parse(DocumentUtil.getNodeAsStream(assertionElement)); + } +} \ No newline at end of file

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r1034 - in federation/trunk/picketlink-fed-core/src: main/java/org/picketlink/identity/federation/core/parsers/util and 3 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-24 15:10:12 -0400 (Fri, 24 Jun 2011) New Revision: 1034 Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-assertionIDref.xml federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-authzquery.xml Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11RequestParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11SubjectParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java Log: more SAML11 parsing Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11RequestParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11RequestParser.java 2011-06-24 18:12:12 UTC (rev 1033) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11RequestParser.java 2011-06-24 19:10:12 UTC (rev 1034) @@ -37,6 +37,7 @@ import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; import org.picketlink.identity.federation.saml.v1.protocol.SAML11AttributeQueryType; import org.picketlink.identity.federation.saml.v1.protocol.SAML11AuthenticationQueryType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11AuthorizationDecisionQueryType; import org.picketlink.identity.federation.saml.v1.protocol.SAML11RequestType; /** @@ -99,10 +100,22 @@ startElement = StaxParserUtil.getNextStartElement(xmlEventReader); request.addAssertionArtifact(StaxParserUtil.getElementText(xmlEventReader)); } + else if (SAML11Constants.AUTHORIZATION_DECISION_QUERY.equals(elementName)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + SAML11AuthorizationDecisionQueryType query = SAML11ParserUtil + .parseSAML11AuthorizationDecisionQueryType(xmlEventReader); + request.setQuery(query); + } else if (elementName.equals(JBossSAMLConstants.SIGNATURE.get())) { request.setSignature(StaxParserUtil.getDOMElement(xmlEventReader)); } + else if (SAML11Constants.ASSERTION_ID_REF.equals(elementName)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + request.addAssertionIDRef(StaxParserUtil.getElementText(xmlEventReader)); + } else throw new RuntimeException("Unknown Element:" + elementName + "::location=" + startElement.getLocation()); } Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11SubjectParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11SubjectParser.java 2011-06-24 18:12:12 UTC (rev 1033) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11SubjectParser.java 2011-06-24 19:10:12 UTC (rev 1034) @@ -90,7 +90,7 @@ Attribute nameQAtt = peekedElement.getAttributeByName(new QName(SAML11Constants.NAME_QUALIFIER)); if (nameQAtt != null) { - nameID.setNameQualifier(StaxParserUtil.getAttributeValue(formatAtt)); + nameID.setNameQualifier(StaxParserUtil.getAttributeValue(nameQAtt)); } String val = StaxParserUtil.getElementText(xmlEventReader); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java 2011-06-24 18:12:12 UTC (rev 1033) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java 2011-06-24 19:10:12 UTC (rev 1034) @@ -48,6 +48,7 @@ import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType; import org.picketlink.identity.federation.saml.v1.protocol.SAML11AttributeQueryType; import org.picketlink.identity.federation.saml.v1.protocol.SAML11AuthenticationQueryType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11AuthorizationDecisionQueryType; import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType; import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; import org.picketlink.identity.xmlsec.w3.xmldsig.KeyValueType; @@ -658,4 +659,64 @@ } return query; } + + /** + * Parse the {@link SAML11AuthorizationDecisionQueryType} + * @param xmlEventReader + * @return + * @throws ParsingException + */ + public static SAML11AuthorizationDecisionQueryType parseSAML11AuthorizationDecisionQueryType( + XMLEventReader xmlEventReader) throws ParsingException + { + SAML11AuthorizationDecisionQueryType query = new SAML11AuthorizationDecisionQueryType(); + StartElement startElement; + // There may be additional things under subject confirmation + while (xmlEventReader.hasNext()) + { + XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader); + if (xmlEvent instanceof EndElement) + { + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); + if (StaxParserUtil.matches(endElement, SAML11Constants.AUTHORIZATION_DECISION_QUERY)) + break; + else + throw new ParsingException("Unknown end element:" + StaxParserUtil.getEndElementName(endElement)); + } + + if (xmlEvent instanceof StartElement) + { + startElement = (StartElement) xmlEvent; + + String startTag = StaxParserUtil.getStartElementName(startElement); + + if (startTag.equals(JBossSAMLConstants.SUBJECT.get())) + { + SAML11SubjectParser parser = new SAML11SubjectParser(); + query.setSubject((SAML11SubjectType) parser.parse(xmlEventReader)); + } + else if (startTag.equals(SAML11Constants.RESOURCE)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + query.setResource(URI.create(StaxParserUtil.getElementText(xmlEventReader))); + } + else if (startTag.equals(SAML11Constants.ACTION)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + SAML11ActionType action = new SAML11ActionType(); + Attribute nsAttr = startElement.getAttributeByName(new QName(SAML11Constants.NAMESPACE)); + if (nsAttr != null) + { + action.setNamespace(StaxParserUtil.getAttributeValue(nsAttr)); + } + + action.setValue(StaxParserUtil.getElementText(xmlEventReader)); + query.add(action); + } + else + throw new ParsingException("Unknown tag:" + startTag); + } + } + return query; + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java 2011-06-24 18:12:12 UTC (rev 1033) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java 2011-06-24 19:10:12 UTC (rev 1034) @@ -36,6 +36,8 @@ String ASSERTION_ARTIFACT = "AssertionArtifact"; + String ASSERTION_ID_REF = "AssertionIDReference"; + String ATTRIBUTE_QUERY = "AttributeQuery"; String ATTRIBUTE_NAME = "AttributeName"; @@ -54,6 +56,8 @@ String AUTHENTICATION_STATEMENT = "AuthenticationStatement"; + String AUTHORIZATION_DECISION_QUERY = "AuthorizationDecisionQuery"; + String AUTHORIZATION_DECISION_STATEMENT = "AuthorizationDecisionStatement"; String CONFIRMATION_METHOD = "ConfirmationMethod"; @@ -62,6 +66,8 @@ String FORMAT = "Format"; + String FORMAT_EMAIL_ADDRESS = "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"; + String ISSUER = "Issuer"; String MAJOR_VERSION = "MajorVersion"; @@ -72,7 +78,7 @@ String NAME_QUALIFIER = "NameQualifier"; - String NAMESPACE = "Namespace"; + String NAMESPACE = "NameSpace"; String PROTOCOL_11_NSURI = "urn:oasis:names:tc:SAML:1.0:protocol"; Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java 2011-06-24 18:12:12 UTC (rev 1033) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java 2011-06-24 19:10:12 UTC (rev 1034) @@ -26,13 +26,17 @@ import static org.junit.Assert.assertTrue; import java.io.InputStream; +import java.util.List; import org.junit.Test; import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; +import org.picketlink.identity.federation.core.saml.v1.SAML11Constants; import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11ActionType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType; import org.picketlink.identity.federation.saml.v1.protocol.SAML11AttributeQueryType; import org.picketlink.identity.federation.saml.v1.protocol.SAML11AuthenticationQueryType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11AuthorizationDecisionQueryType; import org.picketlink.identity.federation.saml.v1.protocol.SAML11QueryAbstractType; import org.picketlink.identity.federation.saml.v1.protocol.SAML11RequestType; @@ -92,6 +96,39 @@ } @Test + public void testSAML11RequestWithAuthorizationQuery() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-request-authzquery.xml"); + + SAMLParser parser = new SAMLParser(); + SAML11RequestType request = (SAML11RequestType) parser.parse(configStream); + assertNotNull(request); + + assertEquals(1, request.getMajorVersion()); + assertEquals(1, request.getMinorVersion()); + assertEquals("1234", request.getID()); + assertEquals(XMLTimeUtil.parse("2002-08-05T10:04:15"), request.getIssueInstant()); + + SAML11QueryAbstractType query = request.getQuery(); + assertTrue(query instanceof SAML11AuthorizationDecisionQueryType); + SAML11AuthorizationDecisionQueryType attQuery = (SAML11AuthorizationDecisionQueryType) query; + + SAML11SubjectType subject = attQuery.getSubject(); + SAML11SubjectType.SAML11SubjectTypeChoice choice = subject.getChoice(); + assertEquals("anil(a)anil.org", choice.getNameID().getValue()); + assertEquals(SAML11Constants.FORMAT_EMAIL_ADDRESS, choice.getNameID().getFormat().toString()); + assertEquals("http://jboss.org", choice.getNameID().getNameQualifier()); + + assertEquals("urn:jboss.resource", attQuery.getResource().toString()); + List<SAML11ActionType> actions = attQuery.get(); + assertEquals(1, actions.size()); + SAML11ActionType action = actions.get(0); + assertEquals("create", action.getValue()); + assertEquals("http://www.jboss.org", action.getNamespace()); + } + + @Test public void testSAML11RequestWithAssertionArtifact() throws Exception { ClassLoader tcl = Thread.currentThread().getContextClassLoader(); @@ -108,4 +145,22 @@ assertEquals("abcd", request.getAssertionArtifact().get(0)); } + + @Test + public void testSAML11RequestWithAssertionIDReference() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-request-assertionIDref.xml"); + + SAMLParser parser = new SAMLParser(); + SAML11RequestType request = (SAML11RequestType) parser.parse(configStream); + assertNotNull(request); + + assertEquals(1, request.getMajorVersion()); + assertEquals(1, request.getMinorVersion()); + assertEquals("rid", request.getID()); + assertEquals(XMLTimeUtil.parse("2002-06-19T17:03:44.022Z"), request.getIssueInstant()); + + assertEquals("abcd", request.getAssertionIDRef().get(0)); + } } \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-assertionIDref.xml =================================================================== --- federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-assertionIDref.xml (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-assertionIDref.xml 2011-06-24 19:10:12 UTC (rev 1034) @@ -0,0 +1,7 @@ +<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" +xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" + MajorVersion="1" MinorVersion="1" + RequestID="rid" + IssueInstant="2002-06-19T17:03:44.022Z"> + <saml:AssertionIDReference>abcd</saml:AssertionIDReference> +</samlp:Request> \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-authzquery.xml =================================================================== --- federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-authzquery.xml (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-authzquery.xml 2011-06-24 19:10:12 UTC (rev 1034) @@ -0,0 +1,15 @@ +<Request RequestID="1234" MajorVersion="1" MinorVersion="1" + IssueInstant="2002-08-05T10:04:15" + xmlns="urn:oasis:names:tc:SAML:1.0:protocol" + xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <AuthorizationDecisionQuery> + <saml:Resource>urn:jboss.resource</saml:Resource> + <saml:Subject> + <saml:NameIdentifier NameQualifier="http://jboss.org" + Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> + anil(a)anil.org + </saml:NameIdentifier> + </saml:Subject> + <saml:Action NameSpace="http://www.jboss.org">create</saml:Action> + </AuthorizationDecisionQuery> +</Request> \ No newline at end of file

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r1033 - federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-24 14:12:12 -0400 (Fri, 24 Jun 2011) New Revision: 1033 Removed: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/JNDIUtilUnitTestCase.java Log: unneeded test Deleted: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/JNDIUtilUnitTestCase.java =================================================================== --- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/JNDIUtilUnitTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) +++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/util/JNDIUtilUnitTestCase.java 2011-06-24 18:12:12 UTC (rev 1033) @@ -1,65 +0,0 @@ -/* - * JBoss, Home of Professional Open Source. - * Copyright 2008, Red Hat Middleware LLC, and individual contributors - * as indicated by the @author tags. See the copyright.txt file in the - * distribution for a full listing of individual contributors. - * - * This is free software; you can redistribute it and/or modify it - * under the terms of the GNU Lesser General Public License as - * published by the Free Software Foundation; either version 2.1 of - * the License, or (at your option) any later version. - * - * This software is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * Lesser General Public License for more details. - * - * You should have received a copy of the GNU Lesser General Public - * License along with this software; if not, write to the Free - * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA - * 02110-1301 USA, or see the FSF site: http://www.fsf.org. - */ -package org.picketlink.test.identity.federation.bindings.util; - -import junit.framework.TestCase; - - -/** - * JNDI Util test case - * @author Anil.Saldhana(a)redhat.com - * @since Apr 27, 2009 - */ -public class JNDIUtilUnitTestCase extends TestCase -{ -// @SuppressWarnings("unchecked") - public void testJNDIConnection() throws Exception - { - /*Hashtable env = new Hashtable(); - env.put(Context.INITIAL_CONTEXT_FACTORY,"com.sun.jndi.ldap.LdapCtxFactory"); - env.put(Context.PROVIDER_URL, "ldap://localhost:389"); - env.put(Context.SECURITY_AUTHENTICATION,"simple"); - env.put(Context.SECURITY_PRINCIPAL,"cn=Manager,dc=jboss,dc=org"); - env.put(Context.SECURITY_CREDENTIALS,"test"); - DirContext ctx = new InitialDirContext(env); - - //Read stuff - Object obj = ctx.lookup("ou=identity,dc=jboss,dc=org"); - assertNotNull("Obj is not null", obj); - assertTrue(obj instanceof LdapContext); - - obj = ctx.lookup("ou=idp,ou=identity,dc=jboss,dc=org"); - assertNotNull("Obj is not null", obj); - assertTrue(obj instanceof LdapContext); - - SearchControls sc = new SearchControls(); - sc.setSearchScope(SearchControls.SUBTREE_SCOPE); - NamingEnumeration<SearchResult> ne = ctx.search("ou=idp,ou=identity,dc=jboss,dc=org", - "(ou=providers)", sc); - - while(ne.hasMore()) - { - SearchResult sr = ne.next(); - System.out.println(sr.toString()); - }*/ - } -} \ No newline at end of file

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r1032 - in federation/trunk: picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response and 12 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-24 14:10:38 -0400 (Fri, 24 Jun 2011) New Revision: 1032 Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2LogoutTomcatWorkflowUnitTestCase.java federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/config/PBEUtilsUnitTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/DOMTransformerTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloRequestParserTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloResponseParserTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicCertificateTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicKeyTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustOnBehalfOfTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataWriterUnitTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/stax/DomElementToStaxWritingTestCase.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/XMLTimeUtilUnitTestCase.java federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2AuthenticationHandlerUnitTestCase.java federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java Log: unneeded system.out Modified: federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2LogoutTomcatWorkflowUnitTestCase.java =================================================================== --- federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2LogoutTomcatWorkflowUnitTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-bindings/src/test/java/org/picketlink/test/identity/federation/bindings/workflow/SAML2LogoutTomcatWorkflowUnitTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -21,7 +21,9 @@ */ package org.picketlink.test.identity.federation.bindings.workflow; -import static org.junit.Assert.*; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; import java.io.ByteArrayOutputStream; import java.io.InputStream; @@ -35,8 +37,6 @@ import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSessionEvent; -import junit.framework.TestCase; - import org.apache.catalina.deploy.LoginConfig; import org.apache.catalina.realm.GenericPrincipal; import org.junit.Test; @@ -65,18 +65,22 @@ @SuppressWarnings("unused") public class SAML2LogoutTomcatWorkflowUnitTestCase { - private String profile = "saml2/logout"; + private final String profile = "saml2/logout"; + private ClassLoader tcl; - private String IDP = "http://localhost:8080/idp/"; - private String employee = "http://localhost:8080/employee/"; - private String sales = "http://localhost:8080/sales/"; - + private final String IDP = "http://localhost:8080/idp/"; - private String RELAY_STATE_KEY = "RelayState="; - private String SAML_REQUEST_KEY = "SAMLRequest="; - private String SAML_RESPONSE_KEY = "SAMLResponse="; - + private final String employee = "http://localhost:8080/employee/"; + + private final String sales = "http://localhost:8080/sales/"; + + private final String RELAY_STATE_KEY = "RelayState="; + + private final String SAML_REQUEST_KEY = "SAMLRequest="; + + private final String SAML_RESPONSE_KEY = "SAMLResponse="; + /** * Test that the SP Redirect Authenticator generates the logout request * to the IDP when there is a parameter "GLO" set to true @@ -85,7 +89,7 @@ */ @Test public void testSPLogOutRequestGeneration() throws Exception - { + { MockCatalinaSession session = new MockCatalinaSession(); session.setAttribute(GeneralConstants.PRINCIPAL_ID, new Principal() { @@ -93,205 +97,182 @@ { return "anil"; } - }); + }); List<String> rolesList = new ArrayList<String>(); rolesList.add("manager"); session.setAttribute(GeneralConstants.ROLES_ID, rolesList); - MockCatalinaContext context = new MockCatalinaContext(); session.setServletContext(context); - + //Let us feed the LogOutRequest to the SPFilter MockCatalinaContextClassLoader mclSPEmp = setupTCL(profile + "/sp/employee"); Thread.currentThread().setContextClassLoader(mclSPEmp); - + SPRedirectFormAuthenticator sp = new SPRedirectFormAuthenticator(); sp.setContainer(context); sp.testStart(); - - MockCatalinaRequest catalinaRequest = new MockCatalinaRequest(); + + MockCatalinaRequest catalinaRequest = new MockCatalinaRequest(); MockCatalinaResponse response = new MockCatalinaResponse(); MockCatalinaLoginConfig loginConfig = new MockCatalinaLoginConfig(); - + ByteArrayOutputStream filterbaos = new ByteArrayOutputStream(); response.setWriter(new PrintWriter(filterbaos)); catalinaRequest.setParameter(GeneralConstants.GLOBAL_LOGOUT, "true"); sp.authenticate(catalinaRequest, response, loginConfig); - + String redirectStr = response.redirectString; - String logoutRequest = redirectStr.substring(redirectStr.indexOf(SAML_REQUEST_KEY) + - SAML_REQUEST_KEY.length()) ; - - - InputStream stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutRequest); - + String logoutRequest = redirectStr.substring(redirectStr.indexOf(SAML_REQUEST_KEY) + SAML_REQUEST_KEY.length()); + + InputStream stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutRequest); + SAML2Request saml2Request = new SAML2Request(); - LogoutRequestType lor = - (LogoutRequestType) saml2Request.getRequestType(stream); + LogoutRequestType lor = (LogoutRequestType) saml2Request.getRequestType(stream); assertEquals("Match Employee URL", employee, lor.getIssuer().getValue()); } - @Test public void testSAML2LogOutFromIDP() throws Exception - { + { MockCatalinaSession session = new MockCatalinaSession(); - + MockCatalinaContextClassLoader mclIDP = setupTCL(profile + "/idp"); Thread.currentThread().setContextClassLoader(mclIDP); - + MockCatalinaContext catalinaContext = new MockCatalinaContext(); session.setServletContext(catalinaContext); - + IdentityServer server = this.getIdentityServer(session); catalinaContext.setAttribute("IDENTITY_SERVER", server); - - IDPWebBrowserSSOValve idp = new IDPWebBrowserSSOValve(); - + + IDPWebBrowserSSOValve idp = new IDPWebBrowserSSOValve(); + idp.setContainer(catalinaContext); idp.setSignOutgoingMessages(false); idp.setIgnoreIncomingSignatures(true); - idp.start(); - + idp.start(); + //Assume that we already have the principal and roles set in the session MockCatalinaRealm realm = new MockCatalinaRealm("anil", "test", new Principal() - { + { public String getName() - { + { return "anil"; } }); List<String> roles = new ArrayList<String>(); roles.add("manager"); roles.add("employee"); - + List<String> rolesList = new ArrayList<String>(); rolesList.add("manager"); - + MockCatalinaRequest request = new MockCatalinaRequest(); session.clear(); - request.setSession(session); - + request.setSession(session); + request.addHeader("Referer", sales); - GenericPrincipal genericPrincipal =new GenericPrincipal(realm, "anil", "test", roles) ; + GenericPrincipal genericPrincipal = new GenericPrincipal(realm, "anil", "test", roles); request.setUserPrincipal(genericPrincipal); - - String samlMessage = RedirectBindingUtil.deflateBase64Encode(createLogOutRequest(sales).getBytes()); + + String samlMessage = RedirectBindingUtil.deflateBase64Encode(createLogOutRequest(sales).getBytes()); request.setParameter("SAMLRequest", samlMessage); - - MockCatalinaResponse response = new MockCatalinaResponse(); ByteArrayOutputStream baos = new ByteArrayOutputStream(); response.setWriter(new PrintWriter(baos)); - + // The IDP is preloaded with 2 participants : "http://localhost:8080/sales/" // and "http://localhost:8080/employee" - + //Lets start the workflow with get request.setMethod("GET"); - idp.invoke(request, response); - + idp.invoke(request, response); + String redirectStr = response.redirectString; - - System.out.println("RedirectStr from IDP=" + redirectStr); - String destination = redirectStr.substring(0,redirectStr.indexOf(SAML_REQUEST_KEY) -1); - String relayState = redirectStr.substring(redirectStr.indexOf(RELAY_STATE_KEY) + - RELAY_STATE_KEY.length()) ; - String logoutRequest = redirectStr.substring(redirectStr.indexOf(SAML_REQUEST_KEY) + - SAML_REQUEST_KEY.length(),redirectStr.indexOf(RELAY_STATE_KEY) - 1 ) ; - - - System.out.println("LogO=" + logoutRequest); - InputStream stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutRequest); - + String destination = redirectStr.substring(0, redirectStr.indexOf(SAML_REQUEST_KEY) - 1); + String relayState = redirectStr.substring(redirectStr.indexOf(RELAY_STATE_KEY) + RELAY_STATE_KEY.length()); + String logoutRequest = redirectStr.substring(redirectStr.indexOf(SAML_REQUEST_KEY) + SAML_REQUEST_KEY.length(), + redirectStr.indexOf(RELAY_STATE_KEY) - 1); + + InputStream stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutRequest); + SAML2Request saml2Request = new SAML2Request(); - LogoutRequestType lor = - (LogoutRequestType) saml2Request.getRequestType(stream); + LogoutRequestType lor = (LogoutRequestType) saml2Request.getRequestType(stream); assertEquals("Match Employee URL", employee, destination); assertEquals("Destination exists", employee, lor.getDestination().toString()); - + //Let us feed the LogOutRequest to the SPFilter MockCatalinaContextClassLoader mclSPEmp = setupTCL(profile + "/sp/employee"); - Thread.currentThread().setContextClassLoader(mclSPEmp); + Thread.currentThread().setContextClassLoader(mclSPEmp); MockCatalinaContext context = new MockCatalinaContext(); context.setRealm(realm); session.setServletContext(context); - + SPRedirectFormAuthenticator sp = new SPRedirectFormAuthenticator(); sp.setContainer(context); - sp.testStart(); - + sp.testStart(); + request = new MockCatalinaRequest(); request.setSession(session); request.setParameter("SAMLRequest", RedirectBindingUtil.urlDecode(logoutRequest)); request.setParameter("RelayState", relayState); - + MockCatalinaResponse filterResponse = new MockCatalinaResponse(); ByteArrayOutputStream filterbaos = new ByteArrayOutputStream(); filterResponse.setWriter(new PrintWriter(filterbaos)); - - sp.authenticate(request, response, new LoginConfig()); - + sp.authenticate(request, response, new LoginConfig()); + redirectStr = response.redirectString; - - System.out.println("Redirect String from SP=" + redirectStr); - - destination = redirectStr.substring(0,redirectStr.indexOf(SAML_RESPONSE_KEY) -1); - relayState = redirectStr.substring(redirectStr.indexOf(RELAY_STATE_KEY) + - RELAY_STATE_KEY.length()) ; - assertNotNull("RelayState exists",relayState); - String logoutResponse = redirectStr.substring(redirectStr.indexOf(SAML_RESPONSE_KEY) + - SAML_RESPONSE_KEY.length(),redirectStr.indexOf(RELAY_STATE_KEY) - 1 ) ; - - System.out.println("Logout Response from SP=" + logoutResponse); - - stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutResponse); - StatusResponseType statusResponse = - (StatusResponseType) saml2Request.getSAML2ObjectFromStream(stream); + + destination = redirectStr.substring(0, redirectStr.indexOf(SAML_RESPONSE_KEY) - 1); + relayState = redirectStr.substring(redirectStr.indexOf(RELAY_STATE_KEY) + RELAY_STATE_KEY.length()); + assertNotNull("RelayState exists", relayState); + String logoutResponse = redirectStr.substring( + redirectStr.indexOf(SAML_RESPONSE_KEY) + SAML_RESPONSE_KEY.length(), + redirectStr.indexOf(RELAY_STATE_KEY) - 1); + + stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutResponse); + StatusResponseType statusResponse = (StatusResponseType) saml2Request.getSAML2ObjectFromStream(stream); assertEquals("Match IDP URL", IDP, destination); - + //Now the SP (employee app) has logged out and sending a status response to IDP Thread.currentThread().setContextClassLoader(mclIDP); session.clear(); request.clear(); - + request.setMethod("GET"); request.setSession(session); request.setUserPrincipal(genericPrincipal); request.setParameter("SAMLResponse", RedirectBindingUtil.urlDecode(logoutResponse)); request.setParameter("RelayState", relayState); - - idp.invoke(request, response); - destination = redirectStr.substring(0,redirectStr.indexOf(SAML_RESPONSE_KEY) -1); - relayState = redirectStr.substring(redirectStr.indexOf(RELAY_STATE_KEY) + - RELAY_STATE_KEY.length()) ; - logoutResponse = redirectStr.substring(redirectStr.indexOf(SAML_RESPONSE_KEY) + - SAML_RESPONSE_KEY.length(),redirectStr.indexOf(RELAY_STATE_KEY) - 1 ) ; - - - System.out.println("LogO=" + logoutResponse); - stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutResponse); - + idp.invoke(request, response); + + destination = redirectStr.substring(0, redirectStr.indexOf(SAML_RESPONSE_KEY) - 1); + relayState = redirectStr.substring(redirectStr.indexOf(RELAY_STATE_KEY) + RELAY_STATE_KEY.length()); + logoutResponse = redirectStr.substring(redirectStr.indexOf(SAML_RESPONSE_KEY) + SAML_RESPONSE_KEY.length(), + redirectStr.indexOf(RELAY_STATE_KEY) - 1); + + stream = RedirectBindingUtil.urlBase64DeflateDecode(logoutResponse); + SAML2Response saml2Response = new SAML2Response(); - statusResponse = - (StatusResponseType) saml2Request.getSAML2ObjectFromStream(stream); + statusResponse = (StatusResponseType) saml2Request.getSAML2ObjectFromStream(stream); assertEquals("Match IDP URL", IDP, destination); - + //Now we should have got a full success report from IDP MockCatalinaContextClassLoader mclSPSales = setupTCL(profile + "/sp/employee"); Thread.currentThread().setContextClassLoader(mclSPSales); sp = new SPRedirectFormAuthenticator(); sp.setContainer(context); - sp.testStart(); - + sp.testStart(); + session.clear(); request.clear(); request.setSession(session); @@ -299,12 +280,12 @@ request.setParameter("SAMLResponse", RedirectBindingUtil.urlDecode(logoutResponse)); request.setParameter("RelayState", relayState); request.setContext(context); - - sp.authenticate(request, response, new LoginConfig()); - + + sp.authenticate(request, response, new LoginConfig()); + assertEquals(0, server.stack().getParticipants(session.getId())); assertEquals(0, server.stack().getNumOfParticipantsInTransit(session.getId())); - + //Finally the session should be invalidated assertTrue(session.isInvalidated()); } @@ -312,32 +293,32 @@ private MockCatalinaContextClassLoader setupTCL(String resource) { tcl = Thread.currentThread().getContextClassLoader(); - URL[] urls = new URL[] {tcl.getResource(resource)}; - + URL[] urls = new URL[] + {tcl.getResource(resource)}; + MockCatalinaContextClassLoader mcl = new MockCatalinaContextClassLoader(urls); mcl.setDelegate(tcl); mcl.setProfile(resource); return mcl; } - + private String createLogOutRequest(String url) throws Exception { SAML2Request samlRequest = new SAML2Request(); - LogoutRequestType lot = - samlRequest.createLogoutRequest(url); + LogoutRequestType lot = samlRequest.createLogoutRequest(url); StringWriter sw = new StringWriter(); samlRequest.marshall(lot, sw); return sw.toString(); } - + //Get the Identity server with 2 participants private IdentityServer getIdentityServer(HttpSession session) { IdentityServer server = new IdentityServer(); server.sessionCreated(new HttpSessionEvent(session)); - + server.stack().register(session.getId(), sales, false); server.stack().register(session.getId(), employee, false); return server; - } + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java =================================================================== --- federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -403,7 +403,6 @@ writer.write(responseType, new QName(PROTOCOL_NSURI.get(), LOGOUT_RESPONSE.get(), "samlp")); } - //System.out.println( new String( bos.toByteArray() ) ); return DocumentUtil.getDocument(new ByteArrayInputStream(bos.toByteArray())); } Modified: federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/saml/v2/SignatureValidationUnitTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -80,8 +80,6 @@ ss.setSignatureMethod(SignatureMethod.DSA_SHA1); Document signedDoc = ss.sign(authnRequest, kp); - // System.out.println(DocumentUtil.getDocumentAsString(signedDoc)); - // Validate the signature boolean isValid = XMLSignatureUtil.validate(signedDoc, kp.getPublic()); assertTrue(isValid); @@ -102,12 +100,12 @@ String authnContextDeclRef = JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get(); - AuthnStatementType authnStatement = response.createAuthnStatement(authnContextDeclRef, XMLTimeUtil - .getIssueInstant()); + AuthnStatementType authnStatement = response.createAuthnStatement(authnContextDeclRef, + XMLTimeUtil.getIssueInstant()); // Create an assertion AssertionType assertion = response.createAssertion(id, issuerInfo.getIssuer()); - assertion.addStatement( authnStatement ); + assertion.addStatement(authnStatement); KeyPairGenerator kpg = KeyPairGenerator.getInstance("DSA"); KeyPair kp = kpg.genKeyPair(); @@ -154,8 +152,6 @@ SAML2Signature ss = new SAML2Signature(); Document signedDoc = ss.sign(responseType, id, kp, referenceURI); - // System.out.println(DocumentUtil.getDocumentAsString(signedDoc)); - Node signedNode = DocumentUtil.getNodeWithAttribute(signedDoc, "urn:oasis:names:tc:SAML:2.0:assertion", "Assertion", "ID", id); @@ -167,8 +163,7 @@ // Validate the signature boolean isValid = XMLSignatureUtil.validate(validatingDoc, kp.getPublic()); assertTrue("Signature is valid:", isValid); - - + /** * Now the signed document is marshalled across the wire using dom * write @@ -176,10 +171,10 @@ //Binder<Node> binder = response.getBinder(); //We have to parse the dom coming from the stream and feed to binder Document readDoc = DocumentUtil.getDocument(DocumentUtil.getNodeAsStream(signedDoc)); - - signedNode = DocumentUtil.getNodeWithAttribute(readDoc, "urn:oasis:names:tc:SAML:2.0:assertion", - "Assertion", "ID", id); - + + signedNode = DocumentUtil.getNodeWithAttribute(readDoc, "urn:oasis:names:tc:SAML:2.0:assertion", "Assertion", + "ID", id); + // The client creates a validating document, importing the signed assertion. validatingDoc = DocumentUtil.createDocument(); importedSignedNode = validatingDoc.importNode(signedNode, true); @@ -187,7 +182,7 @@ // The client re-validates the signature. assertTrue("Signature is valid:", XMLSignatureUtil.validate(validatingDoc, kp.getPublic())); - + /*JAXBElement<ResponseType> jaxbresponseType = (JAXBElement<ResponseType>) binder.unmarshal(readDoc); responseType = jaxbresponseType.getValue(); assertNotNull(responseType); */ @@ -210,5 +205,5 @@ boolean valid = SignatureUtil.validate(arbitContent.getBytes(), sigVal, kp.getPublic()); assertTrue(valid); - } + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-api/src/test/java/org/picketlink/test/identity/federation/api/util/XMLEncryptionUnitTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -55,127 +55,119 @@ import org.w3c.dom.Node; import org.w3c.dom.NodeList; - /** * Unit Test the XML Encryption Utility * @author Anil.Saldhana(a)redhat.com * @since Feb 5, 2009 - */ + */ public class XMLEncryptionUnitTestCase extends TestCase { SAML2Response sr = new SAML2Response(); - + public void testEncryptAssertion() throws Exception { PicketLinkCoreSTS sts = PicketLinkCoreSTS.instance(); sts.installDefaultConfiguration(); - + KeyPair kp = this.getKeyPair("RSA"); SecretKey sk = this.getSecretKey(); - + ResponseType rt = createResponse(); - Document responseDoc = sr.convert(rt); - + Document responseDoc = sr.convert(rt); + String assertionNS = JBossSAMLURIConstants.ASSERTION_NSURI.get(); - + QName assertionQName = new QName(assertionNS, "EncryptedAssertion", "saml"); - - Element docElement = XMLEncryptionUtil.encryptElementInDocument(responseDoc,kp.getPublic(), sk, - 128, assertionQName, true); - - System.out.println( DocumentUtil.getDOMElementAsString(docElement)); - - // System.out.println( DocumentUtil.getNodeAsString(docElement)); - InputStream is = DocumentUtil.getNodeAsStream( docElement ); - EncryptedAssertionType eet = sr.getEncryptedAssertion( is ); - rt.addAssertion( new RTChoiceType( eet ) ); - + Element docElement = XMLEncryptionUtil.encryptElementInDocument(responseDoc, kp.getPublic(), sk, 128, + assertionQName, true); + + InputStream is = DocumentUtil.getNodeAsStream(docElement); + EncryptedAssertionType eet = sr.getEncryptedAssertion(is); + rt.addAssertion(new RTChoiceType(eet)); + RTChoiceType choiceType = rt.getAssertions().get(1); EncryptedAssertionType encryptedAssertionType = choiceType.getEncryptedAssertion(); - - Document eetDoc = sr.convert( encryptedAssertionType ); - - Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(eetDoc,kp.getPrivate()); - + + Document eetDoc = sr.convert(encryptedAssertionType); + + Element decryptedDocumentElement = XMLEncryptionUtil.decryptElementInDocument(eetDoc, kp.getPrivate()); + //Let us use the encrypted doc element to decrypt it - + ResponseType newRT = sr.getResponseType(DocumentUtil.getNodeAsStream(decryptedDocumentElement)); - AssertionType assertion = (AssertionType) newRT.getAssertions().get(0).getAssertion(); + AssertionType assertion = newRT.getAssertions().get(0).getAssertion(); assertEquals("testPrincipal", assertion.getIssuer().getValue()); - - } - + + } + public void testArbitraryXML() throws Exception { String myXML = "<somexml><a></a></somexml>"; - + KeyPair kp = this.getKeyPair("RSA"); SecretKey sk = this.getSecretKey(); - + PublicKey publicKey = kp.getPublic(); - + Document doc = DocumentUtil.getDocument(myXML); QName qname = new QName("urn:test", "encryptedA", "someprefix"); - + QName elementAQname = new QName("a"); - - XMLEncryptionUtil.encryptElement(elementAQname, doc, - publicKey, sk, 256, qname, true); - + + XMLEncryptionUtil.encryptElement(elementAQname, doc, publicKey, sk, 256, qname, true); + //Let us verify the document: The original document that has been passed has been updated - NodeList nl = doc.getElementsByTagNameNS(XMLEncryptionUtil.XMLENC_NS, - XMLEncryptionUtil.ENCRYPTED_KEY_LOCALNAME); - assertTrue(nl != null && nl.getLength() == 1); - + NodeList nl = doc.getElementsByTagNameNS(XMLEncryptionUtil.XMLENC_NS, XMLEncryptionUtil.ENCRYPTED_KEY_LOCALNAME); + assertTrue(nl != null && nl.getLength() == 1); + Node wrappedNode = doc.getDocumentElement().getFirstChild(); - assertEquals(wrappedNode.getLocalName(),qname.getLocalPart()); + assertEquals(wrappedNode.getLocalName(), qname.getLocalPart()); assertEquals(wrappedNode.getNamespaceURI(), qname.getNamespaceURI()); - assertEquals(wrappedNode.getPrefix(), qname.getPrefix()); - + assertEquals(wrappedNode.getPrefix(), qname.getPrefix()); + //Let us decrypt the document PrivateKey privateKey = kp.getPrivate(); Element decryptedElement = XMLEncryptionUtil.decryptElementInDocument(doc, privateKey); assertEquals("a", decryptedElement.getLocalName()); } - + public void testArbitraryXMLWithOuterKeyInfo() throws Exception { String myXML = "<somexml><a></a></somexml>"; - + KeyPair kp = this.getKeyPair("RSA"); SecretKey sk = this.getSecretKey(); - + PublicKey publicKey = kp.getPublic(); - + Document doc = DocumentUtil.getDocument(myXML); QName qname = new QName("urn:test", "encryptedA", "someprefix"); - + QName elementAQname = new QName("a"); - - XMLEncryptionUtil.encryptElement(elementAQname, doc, - publicKey, sk, 256, qname, false); - + + XMLEncryptionUtil.encryptElement(elementAQname, doc, publicKey, sk, 256, qname, false); + //Let us verify the document: The original document that has been passed has been updated - NodeList nl = doc.getElementsByTagNameNS(XMLEncryptionUtil.XMLENC_NS, - XMLEncryptionUtil.ENCRYPTED_KEY_LOCALNAME); + NodeList nl = doc.getElementsByTagNameNS(XMLEncryptionUtil.XMLENC_NS, XMLEncryptionUtil.ENCRYPTED_KEY_LOCALNAME); assertTrue(nl != null && nl.getLength() == 1); } + private ResponseType createResponse() throws Exception { List<String> roles = new ArrayList<String>(); roles.add("roleA"); roles.add("roleB"); - + ResponseType responseType = null; - + SAML2Response saml2Response = new SAML2Response(); - + //Create a response type String id = IDGenerator.create("ID_"); - IssuerInfoHolder issuerHolder = new IssuerInfoHolder("http://identityurl"); + IssuerInfoHolder issuerHolder = new IssuerInfoHolder("http://identityurl"); issuerHolder.setStatusCode(JBossSAMLURIConstants.STATUS_SUCCESS.get()); IDPInfoHolder idp = new IDPInfoHolder(); @@ -185,28 +177,27 @@ SPInfoHolder sp = new SPInfoHolder(); sp.setResponseDestinationURI("http://service"); responseType = saml2Response.createResponseType(id, sp, idp, issuerHolder); - AssertionType assertion = (AssertionType) responseType.getAssertions().get(0).getAssertion(); + AssertionType assertion = responseType.getAssertions().get(0).getAssertion(); AttributeStatementType attrStatement = StatementUtil.createAttributeStatement(roles); - assertion.addStatement( attrStatement ); - + assertion.addStatement(attrStatement); + //Add timed conditions saml2Response.createTimedConditions(assertion, 5000L); - - return responseType; + + return responseType; } - + private KeyPair getKeyPair(String algo) throws Exception { KeyPairGenerator kpg = KeyPairGenerator.getInstance(algo); - return kpg.genKeyPair(); - } - + return kpg.genKeyPair(); + } + private SecretKey getSecretKey() throws Exception - { - KeyGenerator keyGenerator = - KeyGenerator.getInstance("AES"); + { + KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); keyGenerator.init(128); return keyGenerator.generateKey(); - } + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/config/PBEUtilsUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/config/PBEUtilsUnitTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/config/PBEUtilsUnitTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -43,27 +43,24 @@ public void testPBE() throws Exception { String pass = "testpass"; - + String salt = "18273645"; int iterationCount = 56; - String pbeAlgo = PicketLinkFederationConstants.PBE_ALGORITHM; - SecretKeyFactory factory = SecretKeyFactory.getInstance( pbeAlgo ); + SecretKeyFactory factory = SecretKeyFactory.getInstance(pbeAlgo); char[] password = "somearbitrarycrazystringthatdoesnotmatter".toCharArray(); - PBEParameterSpec cipherSpec = new PBEParameterSpec( salt.getBytes(), iterationCount ); + PBEParameterSpec cipherSpec = new PBEParameterSpec(salt.getBytes(), iterationCount); PBEKeySpec keySpec = new PBEKeySpec(password); SecretKey cipherKey = factory.generateSecret(keySpec); - - String encodedPass = PBEUtils.encode64(pass.getBytes(), pbeAlgo , cipherKey, cipherSpec); - - System.out.println( getClass().getCanonicalName() + ":encoded=" + encodedPass ); - + + String encodedPass = PBEUtils.encode64(pass.getBytes(), pbeAlgo, cipherKey, cipherSpec); + //Decode the stuff cipherKey = factory.generateSecret(keySpec); String decodedPass = PBEUtils.decode64(encodedPass, pbeAlgo, cipherKey, cipherSpec); - - assertEquals( "Passwords match", pass, decodedPass ); + + assertEquals("Passwords match", pass, decodedPass); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/DOMTransformerTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/DOMTransformerTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/DOMTransformerTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -51,33 +51,31 @@ public class DOMTransformerTestCase { String xml = "<a xmlns=\'urn:a\'><c><d>SomeD</d></c></a>"; - + @Test public void testDOMTransformer() throws Exception - { - ByteArrayInputStream bis = new ByteArrayInputStream( xml.getBytes() ); - XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader( bis ); - - StartElement a = StaxParserUtil.getNextStartElement( xmlEventReader ); - StaxParserUtil.validate(a, "a" ); - + { + ByteArrayInputStream bis = new ByteArrayInputStream(xml.getBytes()); + XMLEventReader xmlEventReader = StaxParserUtil.getXMLEventReader(bis); + + StartElement a = StaxParserUtil.getNextStartElement(xmlEventReader); + StaxParserUtil.validate(a, "a"); + Document resultDocument = DocumentUtil.createDocument(); - DOMResult domResult = new DOMResult( resultDocument ); - + DOMResult domResult = new DOMResult(resultDocument); + //Let us parse <c><d> using transformer StAXSource source = new StAXSource(xmlEventReader); - + Transformer transformer = TransformerUtil.getStaxSourceToDomResultTransformer(); - transformer.transform( source, domResult ); - + transformer.transform(source, domResult); + Document doc = (Document) domResult.getNode(); Element elem = doc.getDocumentElement(); - assertEquals( "b", elem.getLocalName() ); - + assertEquals("b", elem.getLocalName()); + XMLEvent xmlEvent = xmlEventReader.nextEvent(); - assertTrue( xmlEvent instanceof EndElement ); - StaxParserUtil.validate( (EndElement) xmlEvent, "a" ); - - System.out.println( DocumentUtil.asString( (Document) domResult.getNode() )); - } + assertTrue(xmlEvent instanceof EndElement); + StaxParserUtil.validate((EndElement) xmlEvent, "a"); + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAssertionParserTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -224,55 +224,10 @@ assertEquals(1, audienceRestrictionType.getAudience().size()); assertEquals("https://sp.example.com/SAML2", audienceRestrictionType.getAudience().get(0).toString()); - /*List<JAXBElement<?>> content = subject.getContent(); - - int size = content.size(); - assertEquals( 2, size ); - - for( int i = 0 ; i < size; i++ ) - { - JAXBElement<?> node = content.get(i); - Class<?> clazz = node.getDeclaredType(); - if( clazz.equals( NameIDType.class )) - { - NameIDType subjectNameID = (NameIDType) node.getValue(); - - assertEquals( "3f7b3dcf-1674-4ecd-92c8-1544f346baf8", subjectNameID.getValue() ); - assertEquals( "urn:oasis:names:tc:SAML:2.0:nameid-format:transient", subjectNameID.getFormat() ); - } - - if( clazz.equals( ConditionsType.class )) - { - //Conditions - ConditionsType conditions = (ConditionsType) node.getValue(); - assertEquals( XMLTimeUtil.parse( "2004-12-05T09:17:05Z" ) , conditions.getNotBefore() ); - assertEquals( XMLTimeUtil.parse( "2004-12-05T09:27:05Z" ) , conditions.getNotOnOrAfter() ); - - //Audience Restriction - AudienceRestrictionType audienceRestrictionType = - (AudienceRestrictionType) conditions.getConditionOrAudienceRestrictionOrOneTimeUse(); - assertEquals( 1, audienceRestrictionType.getAudience().size() ); - assertEquals( "https://sp.example.com/SAML2", audienceRestrictionType.getAudience().get( 0 )); - } - - else if( clazz.equals( SubjectConfirmationType.class )) - { - SubjectConfirmationType subjectConfirmation = (SubjectConfirmationType) node.getValue(); - assertEquals( "urn:oasis:names:tc:SAML:2.0:cm:bearer", subjectConfirmation.getMethod() ); - - SubjectConfirmationDataType subjectConfirmationData = subjectConfirmation.getSubjectConfirmationData(); - assertEquals( "ID_aaf23196-1773-2113-474a-fe114412ab72", subjectConfirmationData.getInResponseTo() ); - assertEquals( XMLTimeUtil.parse( "2004-12-05T09:27:05Z" ), subjectConfirmationData.getNotOnOrAfter() ); - assertEquals( "https://sp.example.com/SAML2/SSO/POST", subjectConfirmationData.getRecipient()); - } - } */ - ByteArrayOutputStream baos = new ByteArrayOutputStream(); SAMLAssertionWriter writer = new SAMLAssertionWriter(StaxUtil.getXMLStreamWriter(baos)); writer.write(assertion); - System.out.println(new String(baos.toByteArray())); - ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray()); DocumentUtil.getDocument(bis); //throws exceptions } Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -33,7 +33,7 @@ import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter; -import org.picketlink.identity.federation.core.util.StaxUtil; +import org.picketlink.identity.federation.core.util.StaxUtil; import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType; import org.picketlink.identity.federation.saml.v2.protocol.NameIDPolicyType; @@ -48,36 +48,36 @@ public void testSAMLAuthnRequestParse() throws Exception { ClassLoader tcl = Thread.currentThread().getContextClassLoader(); - InputStream configStream = tcl.getResourceAsStream( "parser/saml2/saml2-authnrequest.xml" ); - + InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-authnrequest.xml"); + SAMLParser parser = new SAMLParser(); - AuthnRequestType authnRequest = ( AuthnRequestType ) parser.parse(configStream); - assertNotNull( "AuthnRequestType is not null", authnRequest ); - - assertEquals( "http://localhost/org.eclipse.higgins.saml2idp.test/SAMLEndpoint", authnRequest.getAssertionConsumerServiceURL().toString() ); - assertEquals( "http://localhost/org.eclipse.higgins.saml2idp.server/SAMLEndpoint", authnRequest.getDestination().toString() ); - assertEquals( "a2sffdlgdhgfg32fdldsdghdsgdgfdglgx", authnRequest.getID() ); - assertEquals( XMLTimeUtil.parse( "2007-12-17T18:40:52.203Z" ), authnRequest.getIssueInstant() ); - assertEquals( "urn:oasis:names.tc:SAML:2.0:bindings:HTTP-Redirect", authnRequest.getProtocolBinding().toString() ); - assertEquals( "Test SAML2 SP", authnRequest.getProviderName() ); - assertEquals( "2.0", authnRequest.getVersion() ); - + AuthnRequestType authnRequest = (AuthnRequestType) parser.parse(configStream); + assertNotNull("AuthnRequestType is not null", authnRequest); + + assertEquals("http://localhost/org.eclipse.higgins.saml2idp.test/SAMLEndpoint", authnRequest + .getAssertionConsumerServiceURL().toString()); + assertEquals("http://localhost/org.eclipse.higgins.saml2idp.server/SAMLEndpoint", authnRequest.getDestination() + .toString()); + assertEquals("a2sffdlgdhgfg32fdldsdghdsgdgfdglgx", authnRequest.getID()); + assertEquals(XMLTimeUtil.parse("2007-12-17T18:40:52.203Z"), authnRequest.getIssueInstant()); + assertEquals("urn:oasis:names.tc:SAML:2.0:bindings:HTTP-Redirect", authnRequest.getProtocolBinding().toString()); + assertEquals("Test SAML2 SP", authnRequest.getProviderName()); + assertEquals("2.0", authnRequest.getVersion()); + //Issuer - assertEquals( "Test SAML2 SP", authnRequest.getIssuer().getValue() ); - + assertEquals("Test SAML2 SP", authnRequest.getIssuer().getValue()); + //NameID Policy NameIDPolicyType nameIDPolicy = authnRequest.getNameIDPolicy(); - assertEquals( "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", nameIDPolicy.getFormat().toString() ); - assertEquals( Boolean.TRUE , nameIDPolicy.isAllowCreate() ); - + assertEquals("urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", nameIDPolicy.getFormat().toString()); + assertEquals(Boolean.TRUE, nameIDPolicy.isAllowCreate()); + //Try out writing ByteArrayOutputStream baos = new ByteArrayOutputStream(); - SAMLRequestWriter writer = new SAMLRequestWriter(StaxUtil.getXMLStreamWriter(baos)); - writer.write( authnRequest ); - - System.out.println( new String( baos.toByteArray() )); - - ByteArrayInputStream bis = new ByteArrayInputStream( baos.toByteArray() ); - DocumentUtil.getDocument( bis ); //throws exceptions + SAMLRequestWriter writer = new SAMLRequestWriter(StaxUtil.getXMLStreamWriter(baos)); + writer.write(authnRequest); + + ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray()); + DocumentUtil.getDocument(bis); //throws exceptions } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLResponseParserTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -50,8 +50,8 @@ import org.picketlink.identity.federation.saml.v2.assertion.SubjectType; import org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType; import org.picketlink.identity.federation.saml.v2.protocol.ResponseType; -import org.picketlink.identity.federation.saml.v2.protocol.StatusType; import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType; +import org.picketlink.identity.federation.saml.v2.protocol.StatusType; /** * Validate the parsing of SAML2 Response @@ -126,8 +126,6 @@ SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos)); writer.write(response); - System.out.println(new String(baos.toByteArray())); - ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray()); DocumentUtil.getDocument(bis); //throws exceptions } Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloRequestParserTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloRequestParserTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloRequestParserTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -33,7 +33,7 @@ import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil; import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter; -import org.picketlink.identity.federation.core.util.StaxUtil; +import org.picketlink.identity.federation.core.util.StaxUtil; import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType; /** @@ -45,28 +45,26 @@ { @Test public void testSAMLLogOutRequestParsing() throws Exception - { + { ClassLoader tcl = Thread.currentThread().getContextClassLoader(); - InputStream configStream = tcl.getResourceAsStream( "parser/saml2/saml2-logout-request.xml" ); - + InputStream configStream = tcl.getResourceAsStream("parser/saml2/saml2-logout-request.xml"); + SAMLParser parser = new SAMLParser(); - LogoutRequestType lotRequest = ( LogoutRequestType ) parser.parse(configStream); - assertNotNull( lotRequest ); - - assertEquals( "ID_c3b5ae86-7fea-4d8b-a438-a3f47d8e92c3", lotRequest.getID() ); - assertEquals( XMLTimeUtil.parse( "2010-07-29T13:46:20.647-05:00" ), lotRequest.getIssueInstant() ); - assertEquals( "2.0", lotRequest.getVersion() ); + LogoutRequestType lotRequest = (LogoutRequestType) parser.parse(configStream); + assertNotNull(lotRequest); + + assertEquals("ID_c3b5ae86-7fea-4d8b-a438-a3f47d8e92c3", lotRequest.getID()); + assertEquals(XMLTimeUtil.parse("2010-07-29T13:46:20.647-05:00"), lotRequest.getIssueInstant()); + assertEquals("2.0", lotRequest.getVersion()); //Issuer - assertEquals( "http://localhost:8080/sales/", lotRequest.getIssuer().getValue() ); - + assertEquals("http://localhost:8080/sales/", lotRequest.getIssuer().getValue()); + //Try out writing ByteArrayOutputStream baos = new ByteArrayOutputStream(); - SAMLRequestWriter writer = new SAMLRequestWriter(StaxUtil.getXMLStreamWriter(baos)); - writer.write( lotRequest ); - - System.out.println( new String( baos.toByteArray() )); - - ByteArrayInputStream bis = new ByteArrayInputStream( baos.toByteArray() ); - DocumentUtil.getDocument( bis ); //throws exceptions - } + SAMLRequestWriter writer = new SAMLRequestWriter(StaxUtil.getXMLStreamWriter(baos)); + writer.write(lotRequest); + + ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray()); + DocumentUtil.getDocument(bis); //throws exceptions + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloResponseParserTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloResponseParserTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLSloResponseParserTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -76,8 +76,6 @@ SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos)); writer.write(response, new QName(PROTOCOL_NSURI.get(), LOGOUT_RESPONSE.get(), "samlp")); - System.out.println(new String(baos.toByteArray())); - ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray()); DocumentUtil.getDocument(bis); //throws exceptions Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustBatchValidateParsingTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -44,38 +44,37 @@ */ public class WSTrustBatchValidateParsingTestCase { - @Test + @Test public void testWST_BatchValidate() throws Exception { ClassLoader tcl = Thread.currentThread().getContextClassLoader(); - InputStream configStream = tcl.getResourceAsStream( "parser/wst/wst-batch-validate.xml" ); - + InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-batch-validate.xml"); + WSTrustParser parser = new WSTrustParser(); - RequestSecurityTokenCollection requestCollection = (RequestSecurityTokenCollection) parser.parse( configStream ); - assertNotNull( "Request Security Token Collection is null?", requestCollection ); - - List<RequestSecurityToken> tokens = requestCollection.getRequestSecurityTokens(); - assertEquals( 2, tokens.size() ); - - RequestSecurityToken rst1 = tokens.get( 0 ); - assertEquals( "validatecontext1", rst1.getContext() ); - assertEquals( WSTrustConstants.BATCH_VALIDATE_REQUEST, rst1.getRequestType().toASCIIString() ); - assertEquals( WSTrustConstants.RSTR_STATUS_TOKEN_TYPE, rst1.getTokenType().toASCIIString() ); - - RequestSecurityToken rst2 = tokens.get( 1 ); - assertEquals( "validatecontext2", rst2.getContext() ); - assertEquals( WSTrustConstants.BATCH_VALIDATE_REQUEST , rst2.getRequestType().toASCIIString() ); - assertEquals( WSTrustConstants.RSTR_STATUS_TOKEN_TYPE , rst2.getTokenType().toASCIIString() ); - + RequestSecurityTokenCollection requestCollection = (RequestSecurityTokenCollection) parser.parse(configStream); + assertNotNull("Request Security Token Collection is null?", requestCollection); + + List<RequestSecurityToken> tokens = requestCollection.getRequestSecurityTokens(); + assertEquals(2, tokens.size()); + + RequestSecurityToken rst1 = tokens.get(0); + assertEquals("validatecontext1", rst1.getContext()); + assertEquals(WSTrustConstants.BATCH_VALIDATE_REQUEST, rst1.getRequestType().toASCIIString()); + assertEquals(WSTrustConstants.RSTR_STATUS_TOKEN_TYPE, rst1.getTokenType().toASCIIString()); + + RequestSecurityToken rst2 = tokens.get(1); + assertEquals("validatecontext2", rst2.getContext()); + assertEquals(WSTrustConstants.BATCH_VALIDATE_REQUEST, rst2.getRequestType().toASCIIString()); + assertEquals(WSTrustConstants.RSTR_STATUS_TOKEN_TYPE, rst2.getTokenType().toASCIIString()); + //Now for the writing part ByteArrayOutputStream baos = new ByteArrayOutputStream(); WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos); - rstWriter.write( requestCollection ); + rstWriter.write(requestCollection); - System.out.println( new String( baos.toByteArray() )); - DocumentUtil.getDocument( new ByteArrayInputStream( baos.toByteArray() )); - baos.close(); + DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); + baos.close(); } } Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustCancelTargetSamlTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -73,7 +73,6 @@ rstWriter.write(requestToken); - System.out.println(new String(baos.toByteArray())); DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); } Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicCertificateTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicCertificateTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicCertificateTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -76,7 +76,6 @@ rstWriter.write(requestToken); - System.out.println(new String(baos.toByteArray())); DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicKeyTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicKeyTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssuePublicKeyTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -73,7 +73,6 @@ rstWriter.write(requestToken); - System.out.println(new String(baos.toByteArray())); DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -44,39 +44,37 @@ * @since Oct 18, 2010 */ public class WSTrustIssueSymmetricKeyTestCase -{ +{ @Test public void testSymKey() throws Exception { ClassLoader tcl = Thread.currentThread().getContextClassLoader(); - InputStream configStream = tcl.getResourceAsStream( "parser/wst/wst-issue-symmetric-key.xml" ); - + InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-issue-symmetric-key.xml"); + WSTrustParser parser = new WSTrustParser(); - RequestSecurityToken requestToken = ( RequestSecurityToken ) parser.parse( configStream ); - - assertEquals( "testcontext", requestToken.getContext() ); - assertEquals( WSTrustConstants.ISSUE_REQUEST , requestToken.getRequestType().toASCIIString() ); - + RequestSecurityToken requestToken = (RequestSecurityToken) parser.parse(configStream); + + assertEquals("testcontext", requestToken.getContext()); + assertEquals(WSTrustConstants.ISSUE_REQUEST, requestToken.getRequestType().toASCIIString()); + AppliesTo appliesTo = requestToken.getAppliesTo(); EndpointReferenceType endpoint = (EndpointReferenceType) appliesTo.getAny().get(0); - assertEquals( "http://services.testcorp.org/provider2", endpoint.getAddress().getValue() ); - - - assertEquals( WSTrustConstants.BS_TYPE_SYMMETRIC, requestToken.getKeyType().toASCIIString() ); - + assertEquals("http://services.testcorp.org/provider2", endpoint.getAddress().getValue()); + + assertEquals(WSTrustConstants.BS_TYPE_SYMMETRIC, requestToken.getKeyType().toASCIIString()); + EntropyType entropy = requestToken.getEntropy(); - BinarySecretType binarySecret = (BinarySecretType) entropy.getAny().get(0); - - assertEquals( WSTrustConstants.BS_TYPE_NONCE, binarySecret.getType() ); - assertEquals( "M0/7qLpV49c=" , new String( binarySecret.getValue() )); - + BinarySecretType binarySecret = (BinarySecretType) entropy.getAny().get(0); + + assertEquals(WSTrustConstants.BS_TYPE_NONCE, binarySecret.getType()); + assertEquals("M0/7qLpV49c=", new String(binarySecret.getValue())); + //Now for the writing part ByteArrayOutputStream baos = new ByteArrayOutputStream(); WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos); - rstWriter.write(requestToken); + rstWriter.write(requestToken); - System.out.println( new String( baos.toByteArray() )); - DocumentUtil.getDocument( new ByteArrayInputStream( baos.toByteArray() )); + DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -40,27 +40,26 @@ * @since Oct 18, 2010 */ public class WSTrustIssueTestCase -{ +{ @Test public void testIssue() throws Exception { ClassLoader tcl = Thread.currentThread().getContextClassLoader(); - InputStream configStream = tcl.getResourceAsStream( "parser/wst/wst-issue.xml" ); + InputStream configStream = tcl.getResourceAsStream("parser/wst/wst-issue.xml"); WSTrustParser parser = new WSTrustParser(); - RequestSecurityToken requestToken = ( RequestSecurityToken ) parser.parse( configStream ); + RequestSecurityToken requestToken = (RequestSecurityToken) parser.parse(configStream); - assertEquals( "testcontext", requestToken.getContext() ); - assertEquals( WSTrustConstants.ISSUE_REQUEST , requestToken.getRequestType().toASCIIString() ); - assertEquals( WSTrustConstants.SAML2_TOKEN_TYPE, requestToken.getTokenType().toASCIIString() ); + assertEquals("testcontext", requestToken.getContext()); + assertEquals(WSTrustConstants.ISSUE_REQUEST, requestToken.getRequestType().toASCIIString()); + assertEquals(WSTrustConstants.SAML2_TOKEN_TYPE, requestToken.getTokenType().toASCIIString()); //Now for the writing part ByteArrayOutputStream baos = new ByteArrayOutputStream(); WSTrustRequestWriter rstWriter = new WSTrustRequestWriter(baos); - rstWriter.write(requestToken); + rstWriter.write(requestToken); - System.out.println( new String( baos.toByteArray() )); - DocumentUtil.getDocument( new ByteArrayInputStream( baos.toByteArray() )); + DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustOnBehalfOfTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustOnBehalfOfTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustOnBehalfOfTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -70,7 +70,6 @@ rstWriter.write(requestToken); - System.out.println(new String(baos.toByteArray())); DocumentUtil.getDocument(new ByteArrayInputStream(baos.toByteArray())); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/X500AttributeUnitTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -79,13 +79,7 @@ SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos)); writer.write(rt); - /*Marshaller marshaller = JBossSAMLAuthnResponseFactory.getValidatingMarshaller(false); - JAXBElement<ResponseType> jaxb = SAMLProtocolFactory.getObjectFactory().createResponse(rt); - marshaller.marshal(jaxb, baos); - *///marshaller.marshal(jaxb, System.out); - Document samlDom = DocumentUtil.getDocument(new String(baos.toByteArray())); - System.out.println(DocumentUtil.getDocumentAsString(samlDom)); NodeList nl = samlDom.getElementsByTagNameNS(JBossSAMLURIConstants.ASSERTION_NSURI.get(), "Attribute"); assertEquals("nodes = 2", 2, nl.getLength()); Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataParsingUnitTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -57,45 +57,44 @@ public void testEntitiesDescriptor() throws Exception { ClassLoader tcl = Thread.currentThread().getContextClassLoader(); - InputStream is = - tcl.getResourceAsStream("saml2/metadata/seam-entities.xml"); - assertNotNull("Inputstream not null", is); - + InputStream is = tcl.getResourceAsStream("saml2/metadata/seam-entities.xml"); + assertNotNull("Inputstream not null", is); + SAMLParser parser = new SAMLParser(); EntitiesDescriptorType entities = (EntitiesDescriptorType) parser.parse(is); - Assert.assertNotNull(entities); - Assert.assertEquals( 2, entities.getEntityDescriptor().size() ); + Assert.assertNotNull(entities); + Assert.assertEquals(2, entities.getEntityDescriptor().size()); EntityDescriptorType entity = (EntityDescriptorType) entities.getEntityDescriptor().get(0); IDPSSODescriptorType idp = entity.getChoiceType().get(0).getDescriptors().get(0).getIdpDescriptor(); KeyDescriptorType keyDescriptor = idp.getKeyDescriptor().get(0); X509Certificate cert = SAMLMetadataUtil.getCertificate(keyDescriptor); Assert.assertNotNull(cert); - Assert.assertEquals( "CN=test, OU=OpenSSO, O=Sun, L=Santa Clara, ST=California, C=US", cert.getIssuerDN().getName() ); + Assert.assertEquals("CN=test, OU=OpenSSO, O=Sun, L=Santa Clara, ST=California, C=US", cert.getIssuerDN() + .getName()); } - + @Test public void parseOrganizationAndContactPerson() throws Exception { ClassLoader tcl = Thread.currentThread().getContextClassLoader(); - InputStream is = - tcl.getResourceAsStream("saml2/metadata/sp-entitydescOrgContact.xml"); - assertNotNull("Inputstream not null", is); - + InputStream is = tcl.getResourceAsStream("saml2/metadata/sp-entitydescOrgContact.xml"); + assertNotNull("Inputstream not null", is); + SAMLParser parser = new SAMLParser(); EntityDescriptorType entity = (EntityDescriptorType) parser.parse(is); - assertNotNull( entity ); + assertNotNull(entity); OrganizationType org = entity.getOrganization(); - assertNotNull( org ); - + assertNotNull(org); + List<ContactType> contactPersons = entity.getContactPerson(); - assertNotNull( contactPersons ); - assertTrue( contactPersons.size() == 1 ); - - assertEquals( "technical", contactPersons.get(0).getContactType().value() ); - assertEquals( "SAML SP Support", contactPersons.get(0).getSurName() ); - assertEquals( "mailto:saml-support@sp.example.com", contactPersons.get(0).getEmailAddress().get(0) ); + assertNotNull(contactPersons); + assertTrue(contactPersons.size() == 1); + + assertEquals("technical", contactPersons.get(0).getContactType().value()); + assertEquals("SAML SP Support", contactPersons.get(0).getSurName()); + assertEquals("mailto:saml-support@sp.example.com", contactPersons.get(0).getEmailAddress().get(0)); } - + /** * PLFED-39 * @throws Exception @@ -104,48 +103,45 @@ public void testShibbolethMetadataExtensions() throws Exception { ClassLoader tcl = Thread.currentThread().getContextClassLoader(); - InputStream is = - tcl.getResourceAsStream("saml2/metadata/testshib.org.idp-metadata.xml"); - assertNotNull("Inputstream not null", is); + InputStream is = tcl.getResourceAsStream("saml2/metadata/testshib.org.idp-metadata.xml"); + assertNotNull("Inputstream not null", is); SAMLParser parser = new SAMLParser(); EntitiesDescriptorType entities = (EntitiesDescriptorType) parser.parse(is); - assertNotNull(entities); - + assertNotNull(entities); + //Another md is = tcl.getResourceAsStream("saml2/metadata/shib.idp-metadata.xml"); - assertNotNull("Inputstream not null", is); - + assertNotNull("Inputstream not null", is); + EntityDescriptorType entity = (EntityDescriptorType) parser.parse(is); - assertNotNull( entity ); + assertNotNull(entity); } - + @Test public void testShibbolethMetadata() throws Exception { boolean runTest = false; - System.out.println( "Test is disabled because of heap space issues in test env" ); - if( runTest ) + System.out.println("Test is disabled because of heap space issues in test env"); + if (runTest) { ClassLoader tcl = Thread.currentThread().getContextClassLoader(); - InputStream is = - tcl.getResourceAsStream("saml2/metadata/testshib-two-metadata.xml"); - assertNotNull("Inputstream not null", is); + InputStream is = tcl.getResourceAsStream("saml2/metadata/testshib-two-metadata.xml"); + assertNotNull("Inputstream not null", is); SAMLParser parser = new SAMLParser(); EntitiesDescriptorType entities = (EntitiesDescriptorType) parser.parse(is); assertNotNull(entities); - assertEquals( "urn:mace:shibboleth:testshib:two", entities.getName() ); - + assertEquals("urn:mace:shibboleth:testshib:two", entities.getName()); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); - - XMLStreamWriter writer = StaxUtil.getXMLStreamWriter( baos ); - + + XMLStreamWriter writer = StaxUtil.getXMLStreamWriter(baos); + //write it back - SAMLMetadataWriter mdWriter = new SAMLMetadataWriter( writer ); + SAMLMetadataWriter mdWriter = new SAMLMetadataWriter(writer); mdWriter.writeEntitiesDescriptor(entities); - - //System.out.println( new String( baos.toByteArray() )); + } } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataWriterUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataWriterUnitTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/saml/v2/metadata/SAMLMetadataWriterUnitTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -44,7 +44,6 @@ import org.picketlink.identity.federation.saml.v2.metadata.OrganizationType; import org.picketlink.identity.federation.saml.v2.metadata.SPSSODescriptorType; - /** * Unit test the {@code SAMLMetadataWriter} * @author Anil.Saldhana(a)redhat.com @@ -56,45 +55,42 @@ public void testWriteSPSSODescriptor() throws Exception { String fileName = "saml2/metadata/sp-entitydescriptor.xml"; - InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream( fileName ); - assertNotNull( is ); - + InputStream is = Thread.currentThread().getContextClassLoader().getResourceAsStream(fileName); + assertNotNull(is); + SAMLParser parser = new SAMLParser(); EntityDescriptorType entityDesc = (EntityDescriptorType) parser.parse(is); - + ByteArrayOutputStream baos = new ByteArrayOutputStream(); - - XMLStreamWriter writer = StaxUtil.getXMLStreamWriter( baos ); - + + XMLStreamWriter writer = StaxUtil.getXMLStreamWriter(baos); + //write it back - SAMLMetadataWriter mdWriter = new SAMLMetadataWriter( writer ); - mdWriter.writeEntityDescriptor( entityDesc ) ; - - System.out.println( new String( baos.toByteArray() )); + SAMLMetadataWriter mdWriter = new SAMLMetadataWriter(writer); + mdWriter.writeEntityDescriptor(entityDesc); + } - + @Test public void testWriteEntityDescWithContactPerson() throws Exception { ClassLoader tcl = Thread.currentThread().getContextClassLoader(); - InputStream is = - tcl.getResourceAsStream("saml2/metadata/sp-entitydescOrgContact.xml"); - assertNotNull("Inputstream not null", is); - + InputStream is = tcl.getResourceAsStream("saml2/metadata/sp-entitydescOrgContact.xml"); + assertNotNull("Inputstream not null", is); + SAMLParser parser = new SAMLParser(); EntityDescriptorType entity = (EntityDescriptorType) parser.parse(is); - assertNotNull( entity ); + assertNotNull(entity); ByteArrayOutputStream baos = new ByteArrayOutputStream(); - - XMLStreamWriter writer = StaxUtil.getXMLStreamWriter( baos ); - + + XMLStreamWriter writer = StaxUtil.getXMLStreamWriter(baos); + //write it back - SAMLMetadataWriter mdWriter = new SAMLMetadataWriter( writer ); - mdWriter.writeEntityDescriptor( entity ) ; - - System.out.println( new String( baos.toByteArray() )); + SAMLMetadataWriter mdWriter = new SAMLMetadataWriter(writer); + mdWriter.writeEntityDescriptor(entity); + } - + /** * PLFED-142 * @throws Exception @@ -103,27 +99,26 @@ public void testDynamicMetadataCreation() throws Exception { OrganizationType org = new OrganizationType(); - AttributeType attributeType = new AttributeType( "hello" ); + AttributeType attributeType = new AttributeType("hello"); List<AttributeType> attributes = new ArrayList<AttributeType>(); attributes.add(attributeType); - - URI test = URI.create( "http://test"); - EndpointType sloEndPoint = new EndpointType( test, test ); + + URI test = URI.create("http://test"); + EndpointType sloEndPoint = new EndpointType(test, test); KeyDescriptorType keyDescriptorType = new KeyDescriptorType(); String str = "<a/>"; - keyDescriptorType.setKeyInfo( DocumentUtil.getDocument( str ).getDocumentElement() ); - - SPSSODescriptorType spSSO = MetaDataBuilderDelegate.createSPSSODescriptor(false, keyDescriptorType, sloEndPoint, attributes, org); + keyDescriptorType.setKeyInfo(DocumentUtil.getDocument(str).getDocumentElement()); + + SPSSODescriptorType spSSO = MetaDataBuilderDelegate.createSPSSODescriptor(false, keyDescriptorType, sloEndPoint, + attributes, org); EntityDescriptorType entity = MetaDataBuilderDelegate.createEntityDescriptor(spSSO); - ByteArrayOutputStream baos = new ByteArrayOutputStream(); - - XMLStreamWriter writer = StaxUtil.getXMLStreamWriter( baos ); - + + XMLStreamWriter writer = StaxUtil.getXMLStreamWriter(baos); + //write it back - SAMLMetadataWriter mdWriter = new SAMLMetadataWriter( writer ); - mdWriter.writeEntityDescriptor( entity ) ; - System.out.println( new String( baos.toByteArray() )); + SAMLMetadataWriter mdWriter = new SAMLMetadataWriter(writer); + mdWriter.writeEntityDescriptor(entity); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/stax/DomElementToStaxWritingTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/stax/DomElementToStaxWritingTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/stax/DomElementToStaxWritingTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -41,16 +41,15 @@ public void testDOM2Stax() throws Exception { String xml = "<a xmlns=\'urn:hello\' > <c/> <d xmlns=\'urn:t\' test=\'tt\'/> </a>"; - - Document doc = DocumentUtil.getDocument( xml ); - + + Document doc = DocumentUtil.getDocument(xml); + ByteArrayOutputStream baos = new ByteArrayOutputStream(); - - XMLStreamWriter writer = StaxUtil.getXMLStreamWriter( baos ); - StaxUtil.writeDOMElement(writer, doc.getDocumentElement() ); - - String writtenDoc = new String( baos.toByteArray() ); - System.out.println( writtenDoc ); - doc = DocumentUtil.getDocument( writtenDoc ); + + XMLStreamWriter writer = StaxUtil.getXMLStreamWriter(baos); + StaxUtil.writeDOMElement(writer, doc.getDocumentElement()); + + String writtenDoc = new String(baos.toByteArray()); + doc = DocumentUtil.getDocument(writtenDoc); } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/XMLTimeUtilUnitTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/XMLTimeUtilUnitTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/util/XMLTimeUtilUnitTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -38,7 +38,7 @@ * @since Jan 6, 2009 */ public class XMLTimeUtilUnitTestCase extends TestCase -{ +{ public void testCompareViaParsing() throws Exception { DatatypeFactory dt = DatatypeFactory.newInstance(); @@ -47,39 +47,37 @@ XMLGregorianCalendar notOnOrAfter = dt.newXMLGregorianCalendar("2009-06-03T17:47:05.901-04:00"); assertTrue(XMLTimeUtil.isValid(now, notBefore, notOnOrAfter)); } - + public void testAdd() throws Exception { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); long min5 = XMLTimeUtil.inMilis(5); - + XMLGregorianCalendar after5M = XMLTimeUtil.add(now, min5); - assertTrue(now.compare(after5M) == DatatypeConstants.LESSER); - + assertTrue(now.compare(after5M) == DatatypeConstants.LESSER); + GregorianCalendar nowG = now.toGregorianCalendar(); GregorianCalendar now5M = after5M.toGregorianCalendar(); - + //Add 5 minutes nowG.roll(Calendar.MINUTE, 5); - + int val = nowG.compareTo(now5M); - - System.out.println("Comparison value="+val); - - assertTrue( "Compared value is 0", val <= 0); + + assertTrue("Compared value is 0", val <= 0); } public void testIsValid() throws Exception - { + { XMLGregorianCalendar now = XMLTimeUtil.getIssueInstant(); - + long milisFor5Mins = XMLTimeUtil.inMilis(5); - + XMLGregorianCalendar after5M = XMLTimeUtil.add(now, milisFor5Mins); XMLGregorianCalendar after10M = XMLTimeUtil.add(now, milisFor5Mins * 2); - + //isValid(now, notbefore, notOnOrAfter) assertTrue(XMLTimeUtil.isValid(after5M, now, after10M)); - assertFalse(XMLTimeUtil.isValid(now, after5M,after10M)); - } + assertFalse(XMLTimeUtil.isValid(now, after5M, after10M)); + } } \ No newline at end of file Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2AuthenticationHandlerUnitTestCase.java =================================================================== --- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2AuthenticationHandlerUnitTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/saml/handlers/SAML2AuthenticationHandlerUnitTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -123,7 +123,6 @@ Document samlReq = response.getResultingDocument(); SAMLParser parser = new SAMLParser(); - System.out.println("Doc=" + DocumentUtil.asString(samlReq)); AuthnRequestType authnRequest = (AuthnRequestType) parser.parse(DocumentUtil.getNodeAsStream(samlReq)); NameIDPolicyType nameIDPolicy = authnRequest.getNameIDPolicy(); assertEquals(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get(), nameIDPolicy.getFormat().toString()); @@ -188,8 +187,6 @@ XMLEncryptionUtil.encryptElement(new QName(assertionNS, "Assertion", "saml"), responseDoc, publicKey, secretKey, 128, assertionQName, true); - System.out.println(DocumentUtil.asString(responseDoc)); - SAMLParser parser = new SAMLParser(); saml2Object = (SAML2Object) parser.parse(DocumentUtil.getNodeAsStream(responseDoc)); Modified: federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java =================================================================== --- federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) +++ federation/trunk/picketlink-web/src/test/java/org/picketlink/test/identity/federation/web/workflow/saml2/SAML2LogoutWorkflowUnitTestCase.java 2011-06-24 18:10:38 UTC (rev 1032) @@ -68,11 +68,14 @@ */ public class SAML2LogoutWorkflowUnitTestCase { - private String profile = "saml2/logout"; + private final String profile = "saml2/logout"; + private ClassLoader tcl; - private String employee = "http://localhost:8080/employee/"; - private String sales = "http://localhost:8080/sales/"; - + + private final String employee = "http://localhost:8080/employee/"; + + private final String sales = "http://localhost:8080/sales/"; + /** * Test that the SP web filter generates the logout request * to the IDP when there is a parameter "GLO" set to true @@ -81,9 +84,9 @@ */ @Test public void testSPFilterLogOutRequestGeneration() throws Exception - { + { tcl = Thread.currentThread().getContextClassLoader(); - + MockHttpSession session = new MockHttpSession(); session.setAttribute(GeneralConstants.PRINCIPAL_ID, new Principal() { @@ -91,48 +94,45 @@ { return "anil"; } - }); + }); List<String> rolesList = new ArrayList<String>(); rolesList.add("manager"); session.setAttribute(GeneralConstants.ROLES_ID, rolesList); - ServletContext servletContext = new MockServletContext(); session.setServletContext(servletContext); - + //Let us feed the LogOutRequest to the SPFilter MockContextClassLoader mclSPEmp = setupTCL(profile + "/sp/employee"); Thread.currentThread().setContextClassLoader(mclSPEmp); SPFilter spEmpl = new SPFilter(); MockFilterConfig filterConfig = new MockFilterConfig(servletContext); filterConfig.addInitParameter(GeneralConstants.IGNORE_SIGNATURES, "true"); - + spEmpl.init(filterConfig); - + MockHttpSession filterSession = new MockHttpSession(); MockHttpServletRequest filterRequest = new MockHttpServletRequest(filterSession, "POST"); - filterRequest.addParameter(GeneralConstants.GLOBAL_LOGOUT, "true"); - + filterRequest.addParameter(GeneralConstants.GLOBAL_LOGOUT, "true"); + MockHttpServletResponse filterResponse = new MockHttpServletResponse(); ByteArrayOutputStream filterbaos = new ByteArrayOutputStream(); filterResponse.setWriter(new PrintWriter(filterbaos)); - + spEmpl.doFilter(filterRequest, filterResponse, new MockFilterChain()); - - + String spResponse = new String(filterbaos.toByteArray()); Document spHTMLResponse = DocumentUtil.getDocument(spResponse); NodeList nodes = spHTMLResponse.getElementsByTagName("INPUT"); - Element inputElement = (Element)nodes.item(0); - String logoutRequest = inputElement.getAttributeNode("VALUE").getValue(); - + Element inputElement = (Element) nodes.item(0); + String logoutRequest = inputElement.getAttributeNode("VALUE").getValue(); + byte[] b64Decoded = PostBindingUtil.base64Decode(logoutRequest); SAML2Request saml2Request = new SAML2Request(); - LogoutRequestType lor = - (LogoutRequestType) saml2Request.getRequestType(new ByteArrayInputStream(b64Decoded)); + LogoutRequestType lor = (LogoutRequestType) saml2Request.getRequestType(new ByteArrayInputStream(b64Decoded)); assertEquals("Match Employee URL", employee, lor.getIssuer().getValue()); } - + /** * In this test case, we preload the IDP with 2 active participants * namely the Sales app and Employee App. After this, the employee app @@ -149,27 +149,27 @@ */ @Test public void testSAML2LogOutFromIDPServlet() throws Exception - { + { tcl = Thread.currentThread().getContextClassLoader(); MockHttpSession session = new MockHttpSession(); - + MockContextClassLoader mclIDP = setupTCL(profile + "/idp"); Thread.currentThread().setContextClassLoader(mclIDP); - + ServletContext servletContext = new MockServletContext(); session.setServletContext(servletContext); - + IdentityServer server = this.getIdentityServer(session); servletContext.setAttribute("IDENTITY_SERVER", server); MockServletConfig servletConfig = new MockServletConfig(servletContext); - + IDPServlet idp = new IDPServlet(); //No signing outgoing messages servletConfig.addInitParameter(GeneralConstants.SIGN_OUTGOING_MESSAGES, "false"); - + //Initialize the servlet - idp.init(servletConfig); - + idp.init(servletConfig); + //Assume that we already have the principal and roles set in the session session.setAttribute(GeneralConstants.PRINCIPAL_ID, new Principal() { @@ -177,153 +177,152 @@ { return "anil"; } - }); + }); List<String> rolesList = new ArrayList<String>(); rolesList.add("manager"); session.setAttribute(GeneralConstants.ROLES_ID, rolesList); - - MockHttpServletRequest request = new MockHttpServletRequest(session, "POST"); + + MockHttpServletRequest request = new MockHttpServletRequest(session, "POST"); request.addHeader("Referer", sales); - + String samlMessage = Base64.encodeBytes(createLogOutRequest(sales).getBytes()); session.setAttribute("SAMLRequest", samlMessage); - + MockHttpServletResponse response = new MockHttpServletResponse(); ByteArrayOutputStream baos = new ByteArrayOutputStream(); response.setWriter(new PrintWriter(baos)); - + // The IDP is preloaded with 2 participants : "http://localhost:8080/sales/" // and "http://localhost:8080/employee" - + //Lets start the workflow with post - idp.testPost(request, response); + idp.testPost(request, response); String idpResponse = new String(baos.toByteArray()); assertNotNull(idpResponse); - + Document htmlResponse = DocumentUtil.getDocument(idpResponse); assertNotNull(htmlResponse); NodeList nodes = htmlResponse.getElementsByTagName("INPUT"); - Element inputElement = (Element)nodes.item(0); + Element inputElement = (Element) nodes.item(0); String logoutOrigResponse = inputElement.getAttributeNode("VALUE").getValue(); - + String relayState = null; - if(nodes.getLength() > 1) - relayState = ((Element)nodes.item(1)).getAttributeNode("VALUE").getValue(); - + if (nodes.getLength() > 1) + relayState = ((Element) nodes.item(1)).getAttributeNode("VALUE").getValue(); + String logoutResponse = new String(Base64.decode(logoutOrigResponse)); - System.out.println(logoutResponse); SAML2Request samlRequest = new SAML2Request(); ByteArrayInputStream bis = new ByteArrayInputStream(logoutResponse.getBytes()); SAML2Object samlObject = samlRequest.getSAML2ObjectFromStream(bis); - assertTrue(samlObject instanceof LogoutRequestType); - + assertTrue(samlObject instanceof LogoutRequestType); + //Let us feed the LogOutRequest to the SPFilter MockContextClassLoader mclSPEmp = setupTCL(profile + "/sp/employee"); Thread.currentThread().setContextClassLoader(mclSPEmp); SPFilter spEmpl = new SPFilter(); MockFilterConfig filterConfig = new MockFilterConfig(servletContext); filterConfig.addInitParameter(GeneralConstants.IGNORE_SIGNATURES, "true"); - + spEmpl.init(filterConfig); - + MockHttpSession filterSession = new MockHttpSession(); MockHttpServletRequest filterRequest = new MockHttpServletRequest(filterSession, "POST"); filterRequest.addParameter("SAMLResponse", logoutOrigResponse); filterRequest.addParameter("RelayState", relayState); - + MockHttpServletResponse filterResponse = new MockHttpServletResponse(); ByteArrayOutputStream filterbaos = new ByteArrayOutputStream(); filterResponse.setWriter(new PrintWriter(filterbaos)); - + spEmpl.doFilter(filterRequest, filterResponse, new MockFilterChain()); String spResponse = new String(filterbaos.toByteArray()); Document spHTMLResponse = DocumentUtil.getDocument(spResponse); nodes = spHTMLResponse.getElementsByTagName("INPUT"); - inputElement = (Element)nodes.item(0); + inputElement = (Element) nodes.item(0); logoutOrigResponse = inputElement.getAttributeNode("VALUE").getValue(); relayState = null; - if(nodes.getLength() > 1) - relayState = ((Element)nodes.item(1)).getAttributeNode("VALUE").getValue(); - + if (nodes.getLength() > 1) + relayState = ((Element) nodes.item(1)).getAttributeNode("VALUE").getValue(); + //Now the SP (employee app) has logged out and sending a status response to IDP Thread.currentThread().setContextClassLoader(mclIDP); session.setAttribute("SAMLResponse", logoutOrigResponse); session.setAttribute("RelayState", relayState); - - idp.testPost(request, response); + idp.testPost(request, response); + idpResponse = new String(filterbaos.toByteArray()); assertNotNull(idpResponse); - + htmlResponse = DocumentUtil.getDocument(idpResponse); assertNotNull(htmlResponse); nodes = htmlResponse.getElementsByTagName("INPUT"); - inputElement = (Element)nodes.item(0); + inputElement = (Element) nodes.item(0); logoutOrigResponse = inputElement.getAttributeNode("VALUE").getValue(); - + relayState = null; - if(nodes.getLength() > 1) - relayState = ((Element)nodes.item(1)).getAttributeNode("VALUE").getValue(); - + if (nodes.getLength() > 1) + relayState = ((Element) nodes.item(1)).getAttributeNode("VALUE").getValue(); + //Now we should have got a full success report from IDP MockContextClassLoader mclSPSales = setupTCL(profile + "/sp/employee"); Thread.currentThread().setContextClassLoader(mclSPSales); SPFilter spSales = new SPFilter(); - + spSales.init(filterConfig); - + filterRequest.addParameter("SAMLResponse", logoutOrigResponse); filterRequest.addParameter("RelayState", relayState); - + spSales.doFilter(filterRequest, filterResponse, new MockFilterChain()); - + spResponse = new String(filterbaos.toByteArray()); - + assertEquals(0, server.stack().getParticipants(session.getId())); assertEquals(0, server.stack().getNumOfParticipantsInTransit(session.getId())); - + spHTMLResponse = DocumentUtil.getDocument(spResponse); nodes = spHTMLResponse.getElementsByTagName("INPUT"); - inputElement = (Element)nodes.item(0); + inputElement = (Element) nodes.item(0); logoutOrigResponse = inputElement.getAttributeNode("VALUE").getValue(); relayState = null; - if(nodes.getLength() > 1) - relayState = ((Element)nodes.item(1)).getAttributeNode("VALUE").getValue(); - + if (nodes.getLength() > 1) + relayState = ((Element) nodes.item(1)).getAttributeNode("VALUE").getValue(); + //Finally the session should be invalidated assertTrue(filterSession.isInvalidated()); } private MockContextClassLoader setupTCL(String resource) { - URL[] urls = new URL[] {tcl.getResource(resource)}; - + URL[] urls = new URL[] + {tcl.getResource(resource)}; + MockContextClassLoader mcl = new MockContextClassLoader(urls); mcl.setDelegate(tcl); mcl.setProfile(resource); return mcl; } - + private String createLogOutRequest(String url) throws Exception { SAML2Request samlRequest = new SAML2Request(); - LogoutRequestType lot = - samlRequest.createLogoutRequest(url); + LogoutRequestType lot = samlRequest.createLogoutRequest(url); StringWriter sw = new StringWriter(); samlRequest.marshall(lot, sw); return sw.toString(); } - + //Get the Identity server with 2 participants private IdentityServer getIdentityServer(HttpSession session) { IdentityServer server = new IdentityServer(); server.sessionCreated(new HttpSessionEvent(session)); - - server.stack().register( session.getId(), sales, false ); - server.stack().register( session.getId(), employee, false ); + + server.stack().register(session.getId(), sales, false); + server.stack().register(session.getId(), employee, false); return server; } } \ No newline at end of file

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r1031 - in federation/trunk/picketlink-fed-core/src: main/java/org/picketlink/identity/federation/core/saml/v1 and 2 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-24 13:59:14 -0400 (Fri, 24 Jun 2011) New Revision: 1031 Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-assertionartifact.xml Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11RequestParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java Log: more SAML11 parsing Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11RequestParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11RequestParser.java 2011-06-24 17:48:39 UTC (rev 1030) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11RequestParser.java 2011-06-24 17:59:14 UTC (rev 1031) @@ -94,6 +94,11 @@ SAML11AuthenticationQueryType query = SAML11ParserUtil.parseSAML11AuthenticationQuery(xmlEventReader); request.setQuery(query); } + else if (SAML11Constants.ASSERTION_ARTIFACT.equals(elementName)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + request.addAssertionArtifact(StaxParserUtil.getElementText(xmlEventReader)); + } else if (elementName.equals(JBossSAMLConstants.SIGNATURE.get())) { request.setSignature(StaxParserUtil.getDOMElement(xmlEventReader)); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java 2011-06-24 17:48:39 UTC (rev 1030) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java 2011-06-24 17:59:14 UTC (rev 1031) @@ -34,6 +34,8 @@ String ASSERTION_11_NSURI = "urn:oasis:names:tc:SAML:1.0:assertion"; + String ASSERTION_ARTIFACT = "AssertionArtifact"; + String ATTRIBUTE_QUERY = "AttributeQuery"; String ATTRIBUTE_NAME = "AttributeName"; Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java 2011-06-24 17:48:39 UTC (rev 1030) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java 2011-06-24 17:59:14 UTC (rev 1031) @@ -90,4 +90,22 @@ SAML11SubjectType.SAML11SubjectTypeChoice choice = subject.getChoice(); assertEquals("testID", choice.getNameID().getValue()); } + + @Test + public void testSAML11RequestWithAssertionArtifact() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-request-assertionartifact.xml"); + + SAMLParser parser = new SAMLParser(); + SAML11RequestType request = (SAML11RequestType) parser.parse(configStream); + assertNotNull(request); + + assertEquals(1, request.getMajorVersion()); + assertEquals(1, request.getMinorVersion()); + assertEquals("rid", request.getID()); + assertEquals(XMLTimeUtil.parse("2002-06-19T17:03:44.022Z"), request.getIssueInstant()); + + assertEquals("abcd", request.getAssertionArtifact().get(0)); + } } \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-assertionartifact.xml =================================================================== --- federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-assertionartifact.xml (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-assertionartifact.xml 2011-06-24 17:59:14 UTC (rev 1031) @@ -0,0 +1,6 @@ +<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" + MajorVersion="1" MinorVersion="1" + RequestID="rid" + IssueInstant="2002-06-19T17:03:44.022Z"> + <samlp:AssertionArtifact>abcd</samlp:AssertionArtifact> +</samlp:Request> \ No newline at end of file

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r1030 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util and 4 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-24 13:48:39 -0400 (Fri, 24 Jun 2011) New Revision: 1030 Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11RequestParser.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-attributequery.xml federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-authquery.xml Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11AssertionParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/protocol/SAML11RequestType.java Log: more SAML11 parsing Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11AssertionParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11AssertionParser.java 2011-06-23 22:25:12 UTC (rev 1029) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11AssertionParser.java 2011-06-24 17:48:39 UTC (rev 1030) @@ -120,10 +120,8 @@ if (tag.equals(JBossSAMLConstants.SIGNATURE.get())) { assertion.setSignature(StaxParserUtil.getDOMElement(xmlEventReader)); - continue; } - - if (JBossSAMLConstants.ISSUER.get().equalsIgnoreCase(tag)) + else if (JBossSAMLConstants.ISSUER.get().equalsIgnoreCase(tag)) { startElement = StaxParserUtil.getNextStartElement(xmlEventReader); issuer = StaxParserUtil.getElementText(xmlEventReader); Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11RequestParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11RequestParser.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11RequestParser.java 2011-06-24 17:48:39 UTC (rev 1030) @@ -0,0 +1,114 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.parsers.saml; + +import javax.xml.datatype.XMLGregorianCalendar; +import javax.xml.namespace.QName; +import javax.xml.stream.XMLEventReader; +import javax.xml.stream.events.Attribute; +import javax.xml.stream.events.StartElement; + +import org.picketlink.identity.federation.core.exceptions.ParsingException; +import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport; +import org.picketlink.identity.federation.core.parsers.util.SAML11ParserUtil; +import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil; +import org.picketlink.identity.federation.core.saml.v1.SAML11Constants; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; +import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11AttributeQueryType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11AuthenticationQueryType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11RequestType; + +/** + * Parse the SAML2 AuthnRequest + * @author Anil.Saldhana(a)redhat.com + * @since June 24, 2011 + */ +public class SAML11RequestParser implements ParserNamespaceSupport +{ + + protected SAML11RequestType parseRequiredAttributes(StartElement startElement) throws ParsingException + { + Attribute idAttr = startElement.getAttributeByName(new QName(SAML11Constants.REQUEST_ID)); + if (idAttr == null) + throw new RuntimeException(SAML11Constants.REQUEST_ID + " attribute is missing"); + + String id = StaxParserUtil.getAttributeValue(idAttr); + + Attribute issueInstantAttr = startElement.getAttributeByName(new QName("IssueInstant")); + if (issueInstantAttr == null) + throw new RuntimeException("IssueInstant attribute required in Request"); + XMLGregorianCalendar issueInstant = XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(issueInstantAttr)); + return new SAML11RequestType(id, issueInstant); + } + + /** + * @see {@link ParserNamespaceSupport#parse(XMLEventReader)} + */ + public Object parse(XMLEventReader xmlEventReader) throws ParsingException + { + //Get the startelement + StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + StaxParserUtil.validate(startElement, SAML11Constants.REQUEST); + + SAML11RequestType request = parseRequiredAttributes(startElement); + + while (xmlEventReader.hasNext()) + { + //Let us peek at the next start element + startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); + if (startElement == null) + break; + + String elementName = StaxParserUtil.getStartElementName(startElement); + + if (SAML11Constants.ATTRIBUTE_QUERY.equals(elementName)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + SAML11AttributeQueryType query = SAML11ParserUtil.parseSAML11AttributeQuery(xmlEventReader); + request.setQuery(query); + } + else if (SAML11Constants.AUTHENTICATION_QUERY.equals(elementName)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + SAML11AuthenticationQueryType query = SAML11ParserUtil.parseSAML11AuthenticationQuery(xmlEventReader); + request.setQuery(query); + } + else if (elementName.equals(JBossSAMLConstants.SIGNATURE.get())) + { + request.setSignature(StaxParserUtil.getDOMElement(xmlEventReader)); + } + else + throw new RuntimeException("Unknown Element:" + elementName + "::location=" + startElement.getLocation()); + } + return request; + } + + /** + * @see {@link ParserNamespaceSupport#supports(QName)} + */ + public boolean supports(QName qname) + { + return JBossSAMLURIConstants.PROTOCOL_NSURI.get().equals(qname.getNamespaceURI()); + } +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-06-23 22:25:12 UTC (rev 1029) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-06-24 17:48:39 UTC (rev 1030) @@ -130,6 +130,12 @@ SAML11ResponseParser responseParser = new SAML11ResponseParser(); return responseParser.parse(xmlEventReader); } + else if (SAML11Constants.PROTOCOL_11_NSURI.equals(nsURI) + && SAML11Constants.REQUEST.equals(startElementName.getLocalPart())) + { + SAML11RequestParser reqParser = new SAML11RequestParser(); + return reqParser.parse(xmlEventReader); + } else throw new RuntimeException("Unknown Tag:" + elementName + "::location=" + startElement.getLocation()); } Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java 2011-06-23 22:25:12 UTC (rev 1029) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java 2011-06-24 17:48:39 UTC (rev 1030) @@ -46,6 +46,8 @@ import org.picketlink.identity.federation.saml.v1.assertion.SAML11DecisionType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectConfirmationType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11AttributeQueryType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11AuthenticationQueryType; import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType; import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; import org.picketlink.identity.xmlsec.w3.xmldsig.KeyValueType; @@ -61,7 +63,12 @@ */ public class SAML11ParserUtil { - + /** + * Parse the {@link SAML11SubjectConfirmationType} + * @param xmlEventReader + * @return + * @throws ParsingException + */ public static SAML11SubjectConfirmationType parseSAML11SubjectConfirmation(XMLEventReader xmlEventReader) throws ParsingException { @@ -112,6 +119,12 @@ } + /** + * Parse the {@link SubjectConfirmationDataType} + * @param xmlEventReader + * @return + * @throws ParsingException + */ public static SubjectConfirmationDataType parseSubjectConfirmationData(XMLEventReader xmlEventReader) throws ParsingException { @@ -561,4 +574,88 @@ } return rsaKeyValue; } + + /** + * Parse the {@link SAML11AttributeQueryType} + * @param xmlEventReader + * @return + * @throws ParsingException + */ + public static SAML11AttributeQueryType parseSAML11AttributeQuery(XMLEventReader xmlEventReader) + throws ParsingException + { + SAML11AttributeQueryType query = new SAML11AttributeQueryType(); + StartElement startElement; + // There may be additional things under subject confirmation + while (xmlEventReader.hasNext()) + { + XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader); + if (xmlEvent instanceof EndElement) + { + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); + if (StaxParserUtil.matches(endElement, SAML11Constants.ATTRIBUTE_QUERY)) + break; + else + throw new ParsingException("Unknown end element:" + StaxParserUtil.getEndElementName(endElement)); + } + + if (xmlEvent instanceof StartElement) + { + startElement = (StartElement) xmlEvent; + + String startTag = StaxParserUtil.getStartElementName(startElement); + + if (startTag.equals(JBossSAMLConstants.SUBJECT.get())) + { + SAML11SubjectParser parser = new SAML11SubjectParser(); + query.setSubject((SAML11SubjectType) parser.parse(xmlEventReader)); + } + else + throw new ParsingException("Unknown tag:" + startTag); + } + } + return query; + } + + /** + * Parse the {@link SAML11AttributeQueryType} + * @param xmlEventReader + * @return + * @throws ParsingException + */ + public static SAML11AuthenticationQueryType parseSAML11AuthenticationQuery(XMLEventReader xmlEventReader) + throws ParsingException + { + SAML11AuthenticationQueryType query = new SAML11AuthenticationQueryType(); + StartElement startElement; + // There may be additional things under subject confirmation + while (xmlEventReader.hasNext()) + { + XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader); + if (xmlEvent instanceof EndElement) + { + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); + if (StaxParserUtil.matches(endElement, SAML11Constants.AUTHENTICATION_QUERY)) + break; + else + throw new ParsingException("Unknown end element:" + StaxParserUtil.getEndElementName(endElement)); + } + + if (xmlEvent instanceof StartElement) + { + startElement = (StartElement) xmlEvent; + + String startTag = StaxParserUtil.getStartElementName(startElement); + + if (startTag.equals(JBossSAMLConstants.SUBJECT.get())) + { + SAML11SubjectParser parser = new SAML11SubjectParser(); + query.setSubject((SAML11SubjectType) parser.parse(xmlEventReader)); + } + else + throw new ParsingException("Unknown tag:" + startTag); + } + } + return query; + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java 2011-06-23 22:25:12 UTC (rev 1029) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java 2011-06-24 17:48:39 UTC (rev 1030) @@ -34,6 +34,8 @@ String ASSERTION_11_NSURI = "urn:oasis:names:tc:SAML:1.0:assertion"; + String ATTRIBUTE_QUERY = "AttributeQuery"; + String ATTRIBUTE_NAME = "AttributeName"; String ATTRIBUTE_NAMESPACE = "AttributeNamespace"; @@ -46,6 +48,8 @@ String AUTHENTICATION_METHOD = "AuthenticationMethod"; + String AUTHENTICATION_QUERY = "AuthenticationQuery"; + String AUTHENTICATION_STATEMENT = "AuthenticationStatement"; String AUTHORIZATION_DECISION_STATEMENT = "AuthorizationDecisionStatement"; @@ -70,5 +74,9 @@ String PROTOCOL_11_NSURI = "urn:oasis:names:tc:SAML:1.0:protocol"; + String REQUEST = "Request"; + + String REQUEST_ID = "RequestID"; + String RESOURCE = "Resource"; } \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11RequestParserTestCase.java 2011-06-24 17:48:39 UTC (rev 1030) @@ -0,0 +1,93 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.identity.federation.core.parser.saml; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; + +import java.io.InputStream; + +import org.junit.Test; +import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; +import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11AttributeQueryType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11AuthenticationQueryType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11QueryAbstractType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11RequestType; + +/** + * Unit Test SAML 1.1 Request Parsing + * @author Anil.Saldhana(a)redhat.com + * @since Jun 24, 2011 + */ +public class SAML11RequestParserTestCase +{ + @Test + public void testSAML11RequestWithAuthQuery() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-request-authquery.xml"); + + SAMLParser parser = new SAMLParser(); + SAML11RequestType request = (SAML11RequestType) parser.parse(configStream); + assertNotNull(request); + + assertEquals(1, request.getMajorVersion()); + assertEquals(1, request.getMinorVersion()); + assertEquals("aaf23196-1773-2113-474a-fe114412ab72", request.getID()); + assertEquals(XMLTimeUtil.parse("2006-07-17T22:26:40Z"), request.getIssueInstant()); + + SAML11QueryAbstractType query = request.getQuery(); + assertTrue(query instanceof SAML11AuthenticationQueryType); + SAML11AuthenticationQueryType attQuery = (SAML11AuthenticationQueryType) query; + + SAML11SubjectType subject = attQuery.getSubject(); + SAML11SubjectType.SAML11SubjectTypeChoice choice = subject.getChoice(); + assertEquals("myusername", choice.getNameID().getValue()); + } + + @Test + public void testSAML11RequestWithAttributeQuery() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-request-attributequery.xml"); + + SAMLParser parser = new SAMLParser(); + SAML11RequestType request = (SAML11RequestType) parser.parse(configStream); + assertNotNull(request); + + assertEquals(1, request.getMajorVersion()); + assertEquals(1, request.getMinorVersion()); + assertEquals("aaf23196-1773-2113-474a-fe114412ab72", request.getID()); + assertEquals(XMLTimeUtil.parse("2006-07-17T22:26:40Z"), request.getIssueInstant()); + + SAML11QueryAbstractType query = request.getQuery(); + assertTrue(query instanceof SAML11AttributeQueryType); + SAML11AttributeQueryType attQuery = (SAML11AttributeQueryType) query; + + SAML11SubjectType subject = attQuery.getSubject(); + SAML11SubjectType.SAML11SubjectTypeChoice choice = subject.getChoice(); + assertEquals("testID", choice.getNameID().getValue()); + } +} \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-attributequery.xml =================================================================== --- federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-attributequery.xml (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-attributequery.xml 2011-06-24 17:48:39 UTC (rev 1030) @@ -0,0 +1,11 @@ +<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" + xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" + MajorVersion="1" MinorVersion="1" + RequestID="aaf23196-1773-2113-474a-fe114412ab72" + IssueInstant="2006-07-17T22:26:40Z" > + <samlp:AttributeQuery> + <saml:Subject> + <saml:NameIdentifier>testID</saml:NameIdentifier> + </saml:Subject> + </samlp:AttributeQuery> +</samlp:Request> \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-authquery.xml =================================================================== --- federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-authquery.xml (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-request-authquery.xml 2011-06-24 17:48:39 UTC (rev 1030) @@ -0,0 +1,11 @@ +<samlp:Request xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" + RequestID="aaf23196-1773-2113-474a-fe114412ab72" + MajorVersion="1" MinorVersion="1" + IssueInstant="2006-07-17T22:26:40Z"> + <samlp:AuthenticationQuery> + <saml:Subject xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion"> + <saml:NameIdentifier + Format="urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified">myusername</saml:NameIdentifier> + </saml:Subject> + </samlp:AuthenticationQuery> +</samlp:Request> \ No newline at end of file Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/protocol/SAML11RequestType.java =================================================================== --- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/protocol/SAML11RequestType.java 2011-06-23 22:25:12 UTC (rev 1029) +++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/protocol/SAML11RequestType.java 2011-06-24 17:48:39 UTC (rev 1030) @@ -92,4 +92,14 @@ { return Collections.unmodifiableList(assertionArtifact); } + + public SAML11QueryAbstractType getQuery() + { + return query; + } + + public void setQuery(SAML11QueryAbstractType query) + { + this.query = query; + } } \ No newline at end of file

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r1029 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1 and 3 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-23 18:25:12 -0400 (Thu, 23 Jun 2011) New Revision: 1029 Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11ResponseParser.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11ResponseParserTestCase.java federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-response.xml Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLResponseParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/protocol/SAML11ResponseType.java Log: more SAML11 parsing Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11ResponseParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11ResponseParser.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11ResponseParser.java 2011-06-23 22:25:12 UTC (rev 1029) @@ -0,0 +1,185 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.parsers.saml; + +import javax.xml.datatype.XMLGregorianCalendar; +import javax.xml.namespace.QName; +import javax.xml.stream.XMLEventReader; +import javax.xml.stream.events.Attribute; +import javax.xml.stream.events.EndElement; +import javax.xml.stream.events.StartElement; +import javax.xml.stream.events.XMLEvent; + +import org.picketlink.identity.federation.core.exceptions.ParsingException; +import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport; +import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil; +import org.picketlink.identity.federation.core.saml.v1.SAML11Constants; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; +import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11ResponseType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11StatusCodeType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11StatusType; +import org.w3c.dom.Element; + +/** + * Parse the SAML 11 Response + * @author Anil.Saldhana(a)redhat.com + * @since 23 June 2011 + */ +public class SAML11ResponseParser implements ParserNamespaceSupport +{ + private final String RESPONSE = JBossSAMLConstants.RESPONSE.get(); + + /** + * @see {@link ParserNamespaceSupport#parse(XMLEventReader)} + */ + public Object parse(XMLEventReader xmlEventReader) throws ParsingException + { + //Get the startelement + StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + StaxParserUtil.validate(startElement, RESPONSE); + + Attribute idAttr = startElement.getAttributeByName(new QName("ResponseID")); + if (idAttr == null) + throw new RuntimeException("ID attribute is missing"); + String id = StaxParserUtil.getAttributeValue(idAttr); + + Attribute issueInstant = startElement.getAttributeByName(new QName("IssueInstant")); + if (issueInstant == null) + throw new RuntimeException("IssueInstant attribute required in Response"); + XMLGregorianCalendar issueInstantVal = XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(issueInstant)); + + SAML11ResponseType response = new SAML11ResponseType(id, issueInstantVal); + + while (xmlEventReader.hasNext()) + { + //Let us peek at the next start element + startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); + if (startElement == null) + break; + String elementName = StaxParserUtil.getStartElementName(startElement); + if (JBossSAMLConstants.SIGNATURE.get().equals(elementName)) + { + Element sig = StaxParserUtil.getDOMElement(xmlEventReader); + response.setSignature(sig); + } + else if (JBossSAMLConstants.ASSERTION.get().equals(elementName)) + { + SAML11AssertionParser assertionParser = new SAML11AssertionParser(); + response.add((SAML11AssertionType) assertionParser.parse(xmlEventReader)); + } + else if (JBossSAMLConstants.STATUS.get().equals(elementName)) + { + response.setStatus(parseStatus(xmlEventReader)); + } + else + throw new RuntimeException("Unknown tag=" + elementName + "::location=" + startElement.getLocation()); + } + + return response; + } + + /** + * Parse the status element + * @param xmlEventReader + * @return + * @throws ParsingException + */ + protected SAML11StatusType parseStatus(XMLEventReader xmlEventReader) throws ParsingException + { + //Get the Start Element + StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + String STATUS = JBossSAMLConstants.STATUS.get(); + StaxParserUtil.validate(startElement, STATUS); + + SAML11StatusType status = new SAML11StatusType(); + + while (xmlEventReader.hasNext()) + { + startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); + + if (startElement == null) + break; + + QName startElementName = startElement.getName(); + String elementTag = startElementName.getLocalPart(); + + SAML11StatusCodeType statusCode = new SAML11StatusCodeType(); + + if (JBossSAMLConstants.STATUS_CODE.get().equals(elementTag)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + if (startElement == null) + break; + Attribute valueAttr = startElement.getAttributeByName(new QName("Value")); + if (valueAttr != null) + { + statusCode.setValue(new QName(StaxParserUtil.getAttributeValue(valueAttr))); + } + status.setStatusCode(statusCode); + + //Peek at the next start element to see if it is status code + startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); + elementTag = startElement.getName().getLocalPart(); + if (JBossSAMLConstants.STATUS_CODE.get().equals(elementTag)) + { + SAML11StatusCodeType subStatusCodeType = new SAML11StatusCodeType(); + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + Attribute subValueAttr = startElement.getAttributeByName(new QName("Value")); + if (subValueAttr != null) + { + subStatusCodeType.setValue(new QName(StaxParserUtil.getAttributeValue(subValueAttr))); + } + statusCode.setStatusCode(subStatusCodeType); + + // Go to Status code end element. + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); + StaxParserUtil.validate(endElement, JBossSAMLConstants.STATUS_CODE.get()); + continue; + } + } + + //Get the next end element + XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader); + if (xmlEvent instanceof EndElement) + { + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); + if (StaxParserUtil.matches(endElement, STATUS)) + break; + else + throw new RuntimeException("unknown end element:" + StaxParserUtil.getEndElementName(endElement)); + } + else + break; + } + return status; + } + + /** + * @see {@link ParserNamespaceSupport#supports(QName)} + */ + public boolean supports(QName qname) + { + return SAML11Constants.PROTOCOL_11_NSURI.equals(qname.getNamespaceURI()) && RESPONSE.equals(qname.getLocalPart()); + } +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-06-23 20:44:42 UTC (rev 1028) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-06-23 22:25:12 UTC (rev 1029) @@ -63,7 +63,8 @@ String elementName = StaxParserUtil.getStartElementName(startElement); - if (elementName.equalsIgnoreCase(JBossSAMLConstants.ASSERTION.get())) + if (elementName.equalsIgnoreCase(JBossSAMLConstants.ASSERTION.get()) + || elementName.equals(JBossSAMLConstants.ENCRYPTED_ASSERTION.get())) { if (nsURI.equals(SAML11Constants.ASSERTION_11_NSURI)) { @@ -97,7 +98,6 @@ SAMLResponseParser responseParser = new SAMLResponseParser(); return responseParser.parse(xmlEventReader); } - else if (JBossSAMLURIConstants.PROTOCOL_NSURI.get().equals(nsURI) && JBossSAMLConstants.REQUEST_ABSTRACT.get().equals(startElementName.getLocalPart())) { @@ -124,10 +124,11 @@ SAMLEntitiesDescriptorParser entityDescriptorParser = new SAMLEntitiesDescriptorParser(); return entityDescriptorParser.parse(xmlEventReader); } - else if (JBossSAMLURIConstants.ASSERTION_NSURI.get().equals(nsURI)) + else if (SAML11Constants.PROTOCOL_11_NSURI.equals(nsURI) + && JBossSAMLConstants.RESPONSE.get().equals(startElementName.getLocalPart())) { - SAMLAssertionParser assertionParser = new SAMLAssertionParser(); - return assertionParser.parse(xmlEventReader); + SAML11ResponseParser responseParser = new SAML11ResponseParser(); + return responseParser.parse(xmlEventReader); } else throw new RuntimeException("Unknown Tag:" + elementName + "::location=" + startElement.getLocation()); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLResponseParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLResponseParser.java 2011-06-23 20:44:42 UTC (rev 1028) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLResponseParser.java 2011-06-23 22:25:12 UTC (rev 1029) @@ -76,8 +76,8 @@ } else if (JBossSAMLConstants.SIGNATURE.get().equals(elementName)) { - startElement = StaxParserUtil.getNextStartElement(xmlEventReader); - StaxParserUtil.bypassElementBlock(xmlEventReader, JBossSAMLConstants.SIGNATURE.get()); + Element sig = StaxParserUtil.getDOMElement(xmlEventReader); + response.setSignature(sig); } else if (JBossSAMLConstants.ASSERTION.get().equals(elementName)) { Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java 2011-06-23 20:44:42 UTC (rev 1028) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v1/SAML11Constants.java 2011-06-23 22:25:12 UTC (rev 1029) @@ -68,5 +68,7 @@ String NAMESPACE = "Namespace"; + String PROTOCOL_11_NSURI = "urn:oasis:names:tc:SAML:1.0:protocol"; + String RESOURCE = "Resource"; } \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11ResponseParserTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11ResponseParserTestCase.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11ResponseParserTestCase.java 2011-06-23 22:25:12 UTC (rev 1029) @@ -0,0 +1,72 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.identity.federation.core.parser.saml; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotNull; + +import java.io.InputStream; +import java.util.List; + +import org.junit.Test; +import org.picketlink.identity.federation.core.parsers.saml.SAML11ResponseParser; +import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; +import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11ResponseType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11StatusCodeType; +import org.picketlink.identity.federation.saml.v1.protocol.SAML11StatusType; + +/** + * Unit Test the {@link SAML11ResponseParser} + * @author Anil.Saldhana(a)redhat.com + * @since Jun 23, 2011 + */ +public class SAML11ResponseParserTestCase +{ + @Test + public void testSAML11Response() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-response.xml"); + + SAMLParser parser = new SAMLParser(); + SAML11ResponseType response = (SAML11ResponseType) parser.parse(configStream); + assertNotNull(response); + + assertEquals(1, response.getMajorVersion()); + assertEquals(1, response.getMinorVersion()); + assertEquals("_P1YaA+Q/wSM/t/8E3R8rNhcpPTM=", response.getID()); + assertEquals(XMLTimeUtil.parse("2002-06-19T17:05:37.795Z"), response.getIssueInstant()); + + assertNotNull(response.getSignature()); + + SAML11StatusType status = response.getStatus(); + SAML11StatusCodeType statusCode = status.getStatusCode(); + assertEquals("samlp:Success", statusCode.getValue().toString()); + + List<SAML11AssertionType> assertions = response.get(); + assertEquals(1, assertions.size()); + SAML11AssertionType assertion = assertions.get(0); + assertEquals("buGxcG4gILg5NlocyLccDz6iXrUa", assertion.getID()); + } +} \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-response.xml =================================================================== --- federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-response.xml (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-response.xml 2011-06-23 22:25:12 UTC (rev 1029) @@ -0,0 +1,55 @@ +<samlp:Response + xmlns:samlp="urn:oasis:names:tc:SAML:1.0:protocol" + MajorVersion="1" MinorVersion="1" + ResponseID="_P1YaA+Q/wSM/t/8E3R8rNhcpPTM=" + IssueInstant="2002-06-19T17:05:37.795Z"> + <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> + <SignedInfo> + <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> + <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> + <Reference URI="#s69f7e258e30da2b9b9f5799d4eb0c548782432bf"> + <Transforms> + <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> + <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> + </Transforms> + <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> + <DigestValue>zdCY/1iqOMUJq/RvxsaDPWM4+7c=</DigestValue> + </Reference> + </SignedInfo> + <SignatureValue>ApcX/Ddfsfdslkfd</SignatureValue> + <KeyInfo> + <X509Data> + <X509Certificate>MIICmjdfdflkfdslfaf;sjdposafhpofhpowfowqpowqfow + </X509Certificate> + </X509Data> + </KeyInfo> + </Signature> + <samlp:Status> + <samlp:StatusCode Value="samlp:Success"/> + </samlp:Status> + <saml:Assertion + xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" + MajorVersion="1" MinorVersion="1" + AssertionID="buGxcG4gILg5NlocyLccDz6iXrUa" + Issuer="https://idp.example.org/saml" + IssueInstant="2002-06-19T17:05:37.795Z"> + <saml:Conditions + NotBefore="2002-06-19T17:00:37.795Z" + NotOnOrAfter="2002-06-19T17:10:37.795Z"/> + <saml:AuthenticationStatement + AuthenticationMethod="urn:oasis:names:tc:SAML:1.0:am:password" + AuthenticationInstant="2002-06-19T17:05:17.706Z"> + <saml:Subject> + <saml:NameIdentifier + Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"> + user(a)idp.example.org + </saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod> + urn:oasis:names:tc:SAML:1.0:cm:bearer + </saml:ConfirmationMethod> + </saml:SubjectConfirmation> + </saml:Subject> + </saml:AuthenticationStatement> + </saml:Assertion> + </samlp:Response> \ No newline at end of file Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/protocol/SAML11ResponseType.java =================================================================== --- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/protocol/SAML11ResponseType.java 2011-06-23 20:44:42 UTC (rev 1028) +++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v1/protocol/SAML11ResponseType.java 2011-06-23 22:25:12 UTC (rev 1029) @@ -27,7 +27,6 @@ import javax.xml.datatype.XMLGregorianCalendar; -import org.picketlink.identity.federation.saml.common.CommonResponseType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType; /** @@ -46,7 +45,7 @@ * @author Anil.Saldhana(a)redhat.com * @since Jun 22, 2011 */ -public class SAML11ResponseType extends CommonResponseType +public class SAML11ResponseType extends SAML11ResponseAbstractType { private static final long serialVersionUID = 1L;

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r1028 - in federation/trunk/picketlink-fed-core/src: main/java/org/picketlink/identity/federation/core/parsers/util and 2 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2011-06-23 16:44:42 -0400 (Thu, 23 Jun 2011) New Revision: 1028 Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-assertion-keyinfo.xml Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11SubjectParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11AssertionParserTestCase.java Log: more SAML11 parsing Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11SubjectParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11SubjectParser.java 2011-06-23 20:07:49 UTC (rev 1027) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAML11SubjectParser.java 2011-06-23 20:44:42 UTC (rev 1028) @@ -28,22 +28,15 @@ import org.picketlink.identity.federation.core.exceptions.ParsingException; import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport; +import org.picketlink.identity.federation.core.parsers.util.SAML11ParserUtil; import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil; import org.picketlink.identity.federation.core.saml.v1.SAML11Constants; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; -import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; -import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.saml.v1.assertion.SAML11NameIdentifierType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectConfirmationType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType.SAML11SubjectTypeChoice; -import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType; -import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; -import org.picketlink.identity.xmlsec.w3.xmldsig.KeyValueType; -import org.picketlink.identity.xmlsec.w3.xmldsig.RSAKeyValueType; -import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType; -import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType; /** * Parse the saml subject @@ -107,34 +100,9 @@ } else if (JBossSAMLConstants.SUBJECT_CONFIRMATION.get().equalsIgnoreCase(tag)) { - SAML11SubjectConfirmationType subjectConfirmationType = new SAML11SubjectConfirmationType(); - peekedElement = StaxParserUtil.getNextStartElement(xmlEventReader); - - // There may be additional things under subject confirmation - xmlEvent = StaxParserUtil.peek(xmlEventReader); - if (xmlEvent instanceof StartElement) - { - StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); - String startTag = StaxParserUtil.getStartElementName(startElement); - - if (startTag.equals(SAML11Constants.CONFIRMATION_METHOD)) - { - String method = StaxParserUtil.getElementText(xmlEventReader); - subjectConfirmationType.addConfirmation(URI.create(method)); - } - - if (startTag.equals(JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get())) - { - SubjectConfirmationDataType subjectConfirmationData = parseSubjectConfirmationData(xmlEventReader); - subjectConfirmationType.setSubjectConfirmationData(subjectConfirmationData); - } - } - + SAML11SubjectConfirmationType subjectConfirmationType = SAML11ParserUtil + .parseSAML11SubjectConfirmation(xmlEventReader); subject.setSubjectConfirmation(subjectConfirmationType); - - // Get the end tag - EndElement endElement = (EndElement) StaxParserUtil.getNextEvent(xmlEventReader); - StaxParserUtil.matches(endElement, JBossSAMLConstants.SUBJECT_CONFIRMATION.get()); } else throw new RuntimeException("Unknown tag:" + tag + "::location=" + peekedElement.getLocation()); @@ -154,184 +122,4 @@ && localPart.equals(JBossSAMLConstants.SUBJECT.get()); } - private SubjectConfirmationDataType parseSubjectConfirmationData(XMLEventReader xmlEventReader) - throws ParsingException - { - StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); - StaxParserUtil.validate(startElement, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get()); - - SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType(); - - Attribute inResponseTo = startElement.getAttributeByName(new QName(JBossSAMLConstants.IN_RESPONSE_TO.get())); - if (inResponseTo != null) - { - subjectConfirmationData.setInResponseTo(StaxParserUtil.getAttributeValue(inResponseTo)); - } - - Attribute notBefore = startElement.getAttributeByName(new QName(JBossSAMLConstants.NOT_BEFORE.get())); - if (notBefore != null) - { - subjectConfirmationData.setNotBefore(XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(notBefore))); - } - - Attribute notOnOrAfter = startElement.getAttributeByName(new QName(JBossSAMLConstants.NOT_ON_OR_AFTER.get())); - if (notOnOrAfter != null) - { - subjectConfirmationData.setNotOnOrAfter(XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(notOnOrAfter))); - } - - Attribute recipient = startElement.getAttributeByName(new QName(JBossSAMLConstants.RECIPIENT.get())); - if (recipient != null) - { - subjectConfirmationData.setRecipient(StaxParserUtil.getAttributeValue(recipient)); - } - - Attribute address = startElement.getAttributeByName(new QName(JBossSAMLConstants.ADDRESS.get())); - if (address != null) - { - subjectConfirmationData.setAddress(StaxParserUtil.getAttributeValue(address)); - } - - XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader); - if (!(xmlEvent instanceof EndElement)) - { - startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); - String tag = StaxParserUtil.getStartElementName(startElement); - if (tag.equals(WSTrustConstants.XMLDSig.KEYINFO)) - { - KeyInfoType keyInfo = parseKeyInfo(xmlEventReader); - subjectConfirmationData.setAnyType(keyInfo); - } - else if (tag.equals(WSTrustConstants.XMLEnc.ENCRYPTED_KEY)) - { - subjectConfirmationData.setAnyType(StaxParserUtil.getDOMElement(xmlEventReader)); - } - else - throw new RuntimeException("Handle:" + tag); - } - - // Get the end tag - EndElement endElement = (EndElement) StaxParserUtil.getNextEvent(xmlEventReader); - StaxParserUtil.matches(endElement, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get()); - return subjectConfirmationData; - } - - private KeyInfoType parseKeyInfo(XMLEventReader xmlEventReader) throws ParsingException - { - KeyInfoType keyInfo = new KeyInfoType(); - StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); - StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.KEYINFO); - - XMLEvent xmlEvent = null; - String tag = null; - - while (xmlEventReader.hasNext()) - { - xmlEvent = StaxParserUtil.peek(xmlEventReader); - if (xmlEvent instanceof EndElement) - { - tag = StaxParserUtil.getEndElementName((EndElement) xmlEvent); - if (tag.equals(WSTrustConstants.XMLDSig.KEYINFO)) - { - xmlEvent = StaxParserUtil.getNextEndElement(xmlEventReader); - break; - } - else - throw new RuntimeException("unknown end element:" + tag); - } - startElement = (StartElement) xmlEvent; - tag = StaxParserUtil.getStartElementName(startElement); - if (tag.equals(WSTrustConstants.XMLEnc.ENCRYPTED_KEY)) - { - keyInfo.addContent(StaxParserUtil.getDOMElement(xmlEventReader)); - } - else if (tag.equals(WSTrustConstants.XMLDSig.X509DATA)) - { - startElement = StaxParserUtil.getNextStartElement(xmlEventReader); - X509DataType x509 = new X509DataType(); - - // Let us go for the X509 certificate - startElement = StaxParserUtil.getNextStartElement(xmlEventReader); - StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.X509CERT); - - X509CertificateType cert = new X509CertificateType(); - String certValue = StaxParserUtil.getElementText(xmlEventReader); - cert.setEncodedCertificate(certValue.getBytes()); - x509.add(cert); - - EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); - StaxParserUtil.validate(endElement, WSTrustConstants.XMLDSig.X509DATA); - keyInfo.addContent(x509); - } - else if (tag.equals(WSTrustConstants.XMLDSig.KEYVALUE)) - { - startElement = StaxParserUtil.getNextStartElement(xmlEventReader); - KeyValueType keyValue = new KeyValueType(); - - startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); - tag = StaxParserUtil.getStartElementName(startElement); - if (tag.equals(WSTrustConstants.XMLDSig.RSA_KEYVALUE)) - { - keyValue.getContent().add(this.parseRSAKeyValue(xmlEventReader)); - } - else if (tag.equals(WSTrustConstants.XMLDSig.DSA_KEYVALUE)) - { - // TODO: parse the DSA key contents. - } - else - throw new ParsingException("Unknown element: " + tag); - - EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); - StaxParserUtil.validate(endElement, WSTrustConstants.XMLDSig.KEYVALUE); - - keyInfo.addContent(keyValue); - } - } - return keyInfo; - } - - private RSAKeyValueType parseRSAKeyValue(XMLEventReader xmlEventReader) throws ParsingException - { - StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); - StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.RSA_KEYVALUE); - - XMLEvent xmlEvent = null; - String tag = null; - - RSAKeyValueType rsaKeyValue = new RSAKeyValueType(); - - while (xmlEventReader.hasNext()) - { - xmlEvent = StaxParserUtil.peek(xmlEventReader); - if (xmlEvent instanceof EndElement) - { - tag = StaxParserUtil.getEndElementName((EndElement) xmlEvent); - if (tag.equals(WSTrustConstants.XMLDSig.RSA_KEYVALUE)) - { - xmlEvent = StaxParserUtil.getNextEndElement(xmlEventReader); - break; - } - else - throw new RuntimeException("unknown end element:" + tag); - } - - startElement = (StartElement) xmlEvent; - tag = StaxParserUtil.getStartElementName(startElement); - if (tag.equals(WSTrustConstants.XMLDSig.MODULUS)) - { - startElement = StaxParserUtil.getNextStartElement(xmlEventReader); - String text = StaxParserUtil.getElementText(xmlEventReader); - rsaKeyValue.setModulus(text.getBytes()); - } - else if (tag.equals(WSTrustConstants.XMLDSig.EXPONENT)) - { - startElement = StaxParserUtil.getNextStartElement(xmlEventReader); - String text = StaxParserUtil.getElementText(xmlEventReader); - rsaKeyValue.setExponent(text.getBytes()); - } - else - throw new ParsingException("Unknown element: " + tag); - } - return rsaKeyValue; - } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java 2011-06-23 20:07:49 UTC (rev 1027) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/util/SAML11ParserUtil.java 2011-06-23 20:44:42 UTC (rev 1028) @@ -36,6 +36,7 @@ import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants; import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil; +import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.saml.v1.assertion.SAML11ActionType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeStatementType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11AttributeType; @@ -43,7 +44,15 @@ import org.picketlink.identity.federation.saml.v1.assertion.SAML11AuthorizationDecisionStatementType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11ConditionsType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11DecisionType; +import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectConfirmationType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType; +import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType; +import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType; +import org.picketlink.identity.xmlsec.w3.xmldsig.KeyValueType; +import org.picketlink.identity.xmlsec.w3.xmldsig.RSAKeyValueType; +import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType; +import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType; +import org.w3c.dom.Element; /** * Utility for parsing SAML 1.1 payload @@ -52,6 +61,119 @@ */ public class SAML11ParserUtil { + + public static SAML11SubjectConfirmationType parseSAML11SubjectConfirmation(XMLEventReader xmlEventReader) + throws ParsingException + { + SAML11SubjectConfirmationType subjectConfirmationType = new SAML11SubjectConfirmationType(); + + StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + + // There may be additional things under subject confirmation + while (xmlEventReader.hasNext()) + { + XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader); + if (xmlEvent instanceof EndElement) + { + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); + StaxParserUtil.validate(endElement, JBossSAMLConstants.SUBJECT_CONFIRMATION.get()); + break; + } + + if (xmlEvent instanceof StartElement) + { + startElement = (StartElement) xmlEvent; + + String startTag = StaxParserUtil.getStartElementName(startElement); + + if (startTag.equals(SAML11Constants.CONFIRMATION_METHOD)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + String method = StaxParserUtil.getElementText(xmlEventReader); + subjectConfirmationType.addConfirmation(URI.create(method)); + } + + else if (startTag.equals(JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get())) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + SubjectConfirmationDataType subjectConfirmationData = parseSubjectConfirmationData(xmlEventReader); + subjectConfirmationType.setSubjectConfirmationData(subjectConfirmationData); + } + else if (startTag.equals(JBossSAMLConstants.KEY_INFO.get())) + { + Element keyInfo = StaxParserUtil.getDOMElement(xmlEventReader); + subjectConfirmationType.setKeyInfo(keyInfo); + } + else + throw new ParsingException("Unknown tag:" + startTag); + } + } + return subjectConfirmationType; + + } + + public static SubjectConfirmationDataType parseSubjectConfirmationData(XMLEventReader xmlEventReader) + throws ParsingException + { + StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + StaxParserUtil.validate(startElement, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get()); + + SubjectConfirmationDataType subjectConfirmationData = new SubjectConfirmationDataType(); + + Attribute inResponseTo = startElement.getAttributeByName(new QName(JBossSAMLConstants.IN_RESPONSE_TO.get())); + if (inResponseTo != null) + { + subjectConfirmationData.setInResponseTo(StaxParserUtil.getAttributeValue(inResponseTo)); + } + + Attribute notBefore = startElement.getAttributeByName(new QName(JBossSAMLConstants.NOT_BEFORE.get())); + if (notBefore != null) + { + subjectConfirmationData.setNotBefore(XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(notBefore))); + } + + Attribute notOnOrAfter = startElement.getAttributeByName(new QName(JBossSAMLConstants.NOT_ON_OR_AFTER.get())); + if (notOnOrAfter != null) + { + subjectConfirmationData.setNotOnOrAfter(XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(notOnOrAfter))); + } + + Attribute recipient = startElement.getAttributeByName(new QName(JBossSAMLConstants.RECIPIENT.get())); + if (recipient != null) + { + subjectConfirmationData.setRecipient(StaxParserUtil.getAttributeValue(recipient)); + } + + Attribute address = startElement.getAttributeByName(new QName(JBossSAMLConstants.ADDRESS.get())); + if (address != null) + { + subjectConfirmationData.setAddress(StaxParserUtil.getAttributeValue(address)); + } + + XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader); + if (!(xmlEvent instanceof EndElement)) + { + startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); + String tag = StaxParserUtil.getStartElementName(startElement); + if (tag.equals(WSTrustConstants.XMLDSig.KEYINFO)) + { + KeyInfoType keyInfo = parseKeyInfo(xmlEventReader); + subjectConfirmationData.setAnyType(keyInfo); + } + else if (tag.equals(WSTrustConstants.XMLEnc.ENCRYPTED_KEY)) + { + subjectConfirmationData.setAnyType(StaxParserUtil.getDOMElement(xmlEventReader)); + } + else + throw new RuntimeException("Handle:" + tag); + } + + // Get the end tag + EndElement endElement = (EndElement) StaxParserUtil.getNextEvent(xmlEventReader); + StaxParserUtil.matches(endElement, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get()); + return subjectConfirmationData; + } + /** * Parse an {@code SAML11AttributeStatementType} * @param xmlEventReader @@ -320,4 +442,123 @@ } return conditions; } + + public static KeyInfoType parseKeyInfo(XMLEventReader xmlEventReader) throws ParsingException + { + KeyInfoType keyInfo = new KeyInfoType(); + StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.KEYINFO); + + XMLEvent xmlEvent = null; + String tag = null; + + while (xmlEventReader.hasNext()) + { + xmlEvent = StaxParserUtil.peek(xmlEventReader); + if (xmlEvent instanceof EndElement) + { + tag = StaxParserUtil.getEndElementName((EndElement) xmlEvent); + if (tag.equals(WSTrustConstants.XMLDSig.KEYINFO)) + { + xmlEvent = StaxParserUtil.getNextEndElement(xmlEventReader); + break; + } + else + throw new RuntimeException("unknown end element:" + tag); + } + startElement = (StartElement) xmlEvent; + tag = StaxParserUtil.getStartElementName(startElement); + if (tag.equals(WSTrustConstants.XMLEnc.ENCRYPTED_KEY)) + { + keyInfo.addContent(StaxParserUtil.getDOMElement(xmlEventReader)); + } + else if (tag.equals(WSTrustConstants.XMLDSig.X509DATA)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + X509DataType x509 = new X509DataType(); + + // Let us go for the X509 certificate + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.X509CERT); + + X509CertificateType cert = new X509CertificateType(); + String certValue = StaxParserUtil.getElementText(xmlEventReader); + cert.setEncodedCertificate(certValue.getBytes()); + x509.add(cert); + + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); + StaxParserUtil.validate(endElement, WSTrustConstants.XMLDSig.X509DATA); + keyInfo.addContent(x509); + } + else if (tag.equals(WSTrustConstants.XMLDSig.KEYVALUE)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + KeyValueType keyValue = new KeyValueType(); + + startElement = StaxParserUtil.peekNextStartElement(xmlEventReader); + tag = StaxParserUtil.getStartElementName(startElement); + if (tag.equals(WSTrustConstants.XMLDSig.RSA_KEYVALUE)) + { + keyValue.getContent().add(parseRSAKeyValue(xmlEventReader)); + } + else if (tag.equals(WSTrustConstants.XMLDSig.DSA_KEYVALUE)) + { + // TODO: parse the DSA key contents. + } + else + throw new ParsingException("Unknown element: " + tag); + + EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader); + StaxParserUtil.validate(endElement, WSTrustConstants.XMLDSig.KEYVALUE); + + keyInfo.addContent(keyValue); + } + } + return keyInfo; + } + + public static RSAKeyValueType parseRSAKeyValue(XMLEventReader xmlEventReader) throws ParsingException + { + StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.RSA_KEYVALUE); + + XMLEvent xmlEvent = null; + String tag = null; + + RSAKeyValueType rsaKeyValue = new RSAKeyValueType(); + + while (xmlEventReader.hasNext()) + { + xmlEvent = StaxParserUtil.peek(xmlEventReader); + if (xmlEvent instanceof EndElement) + { + tag = StaxParserUtil.getEndElementName((EndElement) xmlEvent); + if (tag.equals(WSTrustConstants.XMLDSig.RSA_KEYVALUE)) + { + xmlEvent = StaxParserUtil.getNextEndElement(xmlEventReader); + break; + } + else + throw new RuntimeException("unknown end element:" + tag); + } + + startElement = (StartElement) xmlEvent; + tag = StaxParserUtil.getStartElementName(startElement); + if (tag.equals(WSTrustConstants.XMLDSig.MODULUS)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + String text = StaxParserUtil.getElementText(xmlEventReader); + rsaKeyValue.setModulus(text.getBytes()); + } + else if (tag.equals(WSTrustConstants.XMLDSig.EXPONENT)) + { + startElement = StaxParserUtil.getNextStartElement(xmlEventReader); + String text = StaxParserUtil.getElementText(xmlEventReader); + rsaKeyValue.setExponent(text.getBytes()); + } + else + throw new ParsingException("Unknown element: " + tag); + } + return rsaKeyValue; + } } \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11AssertionParserTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11AssertionParserTestCase.java 2011-06-23 20:07:49 UTC (rev 1027) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAML11AssertionParserTestCase.java 2011-06-23 20:44:42 UTC (rev 1028) @@ -44,6 +44,7 @@ import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectConfirmationType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType; import org.picketlink.identity.federation.saml.v1.assertion.SAML11SubjectType.SAML11SubjectTypeChoice; +import org.w3c.dom.Element; /** * Unit Test the parsing of SAML 1.1 assertion @@ -236,4 +237,39 @@ confirmationMethod = subjConf.getConfirmationMethod().get(0); assertEquals("urn:oasis:names:tc:SAML:1.0:cm:artifact", confirmationMethod.toString()); } + + @Test + public void testSAML11AssertionWithKeyInfo() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream configStream = tcl.getResourceAsStream("parser/saml1/saml1-assertion-keyinfo.xml"); + + SAMLParser parser = new SAMLParser(); + SAML11AssertionType assertion = (SAML11AssertionType) parser.parse(configStream); + assertNotNull(assertion); + + //Validate assertion + assertEquals(1, assertion.getMajorVersion()); + assertEquals(1, assertion.getMinorVersion()); + assertEquals("s69f7e2599d4eb0c548782432bf", assertion.getID()); + assertEquals("http://jboss.org/test", assertion.getIssuer()); + assertEquals(XMLTimeUtil.parse("2006-05-24T05:52:32Z"), assertion.getIssueInstant()); + + List<SAML11StatementAbstractType> statements = assertion.getStatements(); + assertEquals(1, statements.size()); + SAML11AuthenticationStatementType authStat = (SAML11AuthenticationStatementType) statements.get(0); + assertEquals(XMLTimeUtil.parse("2006-05-24T05:52:30Z"), authStat.getAuthenticationInstant()); + assertEquals("urn:picketlink:auth", authStat.getAuthenticationMethod().toString()); + SAML11SubjectType subject = authStat.getSubject(); + SAML11SubjectTypeChoice choice = subject.getChoice(); + SAML11NameIdentifierType nameID = choice.getNameID(); + assertEquals("anil", nameID.getValue()); + SAML11SubjectConfirmationType subjConf = subject.getSubjectConfirmation(); + URI confirmationMethod = subjConf.getConfirmationMethod().get(0); + assertEquals("urn:oasis:names:tc:SAML:1.0:cm:holder-of-key", confirmationMethod.toString()); + assertNotNull(subjConf.getKeyInfo()); + + Element sig = assertion.getSignature(); + assertNotNull(sig); + } } \ No newline at end of file Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-assertion-keyinfo.xml =================================================================== --- federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-assertion-keyinfo.xml (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/resources/parser/saml1/saml1-assertion-keyinfo.xml 2011-06-23 20:44:42 UTC (rev 1028) @@ -0,0 +1,44 @@ +<saml:Assertion xmlns:saml="urn:oasis:names:tc:SAML:1.0:assertion" + AssertionID="s69f7e2599d4eb0c548782432bf" IssueInstant="2006-05-24T05:52:32Z" + Issuer="http://jboss.org/test" MajorVersion="1" MinorVersion="1"> + <saml:AuthenticationStatement + AuthenticationInstant="2006-05-24T05:52:30Z" AuthenticationMethod="urn:picketlink:auth"> + <saml:Subject> + <saml:NameIdentifier>anil</saml:NameIdentifier> + <saml:SubjectConfirmation> + <saml:ConfirmationMethod>urn:oasis:names:tc:SAML:1.0:cm:holder-of-key + </saml:ConfirmationMethod> + <KeyInfo xmlns="http://www.w3.org/2000/09/xmldsig#"> + <KeyName>CN=anil, OU=PicketLink, O=JBoss, L=Chicago, ST=IL, C=US</KeyName> + <KeyValue> + <RSAKeyValue> + <Modulus>dsfdfdskjfdsf;dfjds;fdsjfdsfdsjf</Modulus> + <Exponent>AQAB</Exponent> + </RSAKeyValue> + </KeyValue> + </KeyInfo> + </saml:SubjectConfirmation> + </saml:Subject> + </saml:AuthenticationStatement> + <Signature xmlns="http://www.w3.org/2000/09/xmldsig#"> + <SignedInfo> + <CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> + <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#rsa-sha1" /> + <Reference URI="#s69f7e258e30da2b9b9f5799d4eb0c548782432bf"> + <Transforms> + <Transform Algorithm="http://www.w3.org/2000/09/xmldsig#enveloped-signature" /> + <Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" /> + </Transforms> + <DigestMethod Algorithm="http://www.w3.org/2000/09/xmldsig#sha1" /> + <DigestValue>zdCY/1iqOMUJq/RvxsaDPWM4+7c=</DigestValue> + </Reference> + </SignedInfo> + <SignatureValue>ApcX/Ddfsfdslkfd</SignatureValue> + <KeyInfo> + <X509Data> + <X509Certificate>MIICmjdfdflkfdslfaf;sjdposafhpofhpowfowqpowqfow + </X509Certificate> + </X509Data> + </KeyInfo> + </Signature> +</saml:Assertion> \ No newline at end of file

13 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

picketlink-commits June 2011