Picketlink SVN: r1064 - federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-07-06 00:42:18 -0400 (Wed, 06 Jul 2011)
New Revision: 1064
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
Log:
add todo
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-06 04:33:33 UTC (rev 1063)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-06 04:42:18 UTC (rev 1064)
@@ -340,6 +340,7 @@
}
else
{
+ //TODO: PLFED-193
log.error("No SAML Request or Response Message");
if (trace)
log.trace("Referer=" + referer);
13 years, 5 months
- 1
- 0
Picketlink SVN: r1063 - federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-07-06 00:33:33 -0400 (Wed, 06 Jul 2011)
New Revision: 1063
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
Log:
break the long invoke method into sub methods
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-06 04:09:10 UTC (rev 1062)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-06 04:33:33 UTC (rev 1063)
@@ -329,327 +329,397 @@
log.trace(builder.toString());
}
- if (isNotNull(samlRequestMessage))
- session.removeNote(GeneralConstants.SAML_REQUEST_KEY);
- if (isNotNull(samlResponseMessage))
- session.removeNote(GeneralConstants.SAML_RESPONSE_KEY);
+ //Send valid saml response after processing the request
+ if (samlRequestMessage != null)
+ {
+ processSAMLRequestMessage(webRequestUtil, request, response);
+ }
+ else if (isNotNull(samlResponseMessage))
+ {
+ processSAMLResponseMessage(webRequestUtil, request, response);
+ }
+ else
+ {
+ log.error("No SAML Request or Response Message");
+ if (trace)
+ log.trace("Referer=" + referer);
- if (isNotNull(relayState))
- session.removeNote(GeneralConstants.RELAY_STATE);
+ try
+ {
+ sendErrorResponseToSP(referer, response, relayState, webRequestUtil);
+ }
+ catch (ConfigurationException e)
+ {
+ if (trace)
+ log.trace(e);
+ }
+ }
+ }
+ }
- if (isNotNull(signature))
- session.removeNote("Signature");
- if (isNotNull(sigAlg))
- session.removeNote("sigAlg");
+ protected void processSAMLRequestMessage(IDPWebRequestUtil webRequestUtil, Request request, Response response)
+ throws IOException
+ {
+ Principal userPrincipal = request.getPrincipal();
+ Session session = request.getSessionInternal();
+ SAMLDocumentHolder samlDocumentHolder = null;
+ SAML2Object samlObject = null;
- boolean willSendRequest = false;
+ Document samlResponse = null;
+ String destination = null;
- SAMLDocumentHolder samlDocumentHolder = null;
- SAML2Object samlObject = null;
+ Boolean requestedPostProfile = null;
- Document samlResponse = null;
- String destination = null;
+ //Get the SAML Request Message
+ RequestAbstractType requestAbstractType = null;
+ String samlRequestMessage = (String) session.getNote(GeneralConstants.SAML_REQUEST_KEY);
- Boolean requestedPostProfile = null;
+ String relayState = (String) session.getNote(GeneralConstants.RELAY_STATE);
+ String signature = (String) session.getNote("Signature");
+ String sigAlg = (String) session.getNote("sigAlg");
- //Send valid saml response after processing the request
- if (samlRequestMessage != null)
- {
- //Get the SAML Request Message
- RequestAbstractType requestAbstractType = null;
+ boolean willSendRequest = false;
- try
- {
- samlDocumentHolder = webRequestUtil.getSAMLDocumentHolder(samlRequestMessage);
- samlObject = samlDocumentHolder.getSamlObject();
+ String referer = request.getHeader("Referer");
- boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
- boolean isValid = validate(request.getRemoteAddr(), request.getQueryString(), new SessionHolder(
- samlRequestMessage, signature, sigAlg), isPost);
+ cleanUpSessionNote(request);
- if (!isValid)
- throw new GeneralSecurityException("Validation check failed");
+ try
+ {
+ samlDocumentHolder = webRequestUtil.getSAMLDocumentHolder(samlRequestMessage);
+ samlObject = samlDocumentHolder.getSamlObject();
- String issuer = null;
- IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
- ProtocolContext protocolContext = new HTTPContext(request, response, context.getServletContext());
- //Create the request/response
- SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
- idpIssuer.getIssuer(), samlDocumentHolder, HANDLER_TYPE.IDP);
- saml2HandlerRequest.setRelayState(relayState);
+ boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
+ boolean isValid = validate(request.getRemoteAddr(), request.getQueryString(), new SessionHolder(
+ samlRequestMessage, signature, sigAlg), isPost);
- String assertionID = (String) session.getSession().getAttribute(GeneralConstants.ASSERTION_ID);
+ if (!isValid)
+ throw new GeneralSecurityException("Validation check failed");
- //Set the options on the handler request
- Map<String, Object> requestOptions = new HashMap<String, Object>();
- if (this.ignoreIncomingSignatures)
- requestOptions.put(GeneralConstants.IGNORE_SIGNATURES, Boolean.TRUE);
- requestOptions.put(GeneralConstants.ROLE_GENERATOR, roleGenerator);
- requestOptions.put(GeneralConstants.ASSERTIONS_VALIDITY, this.assertionValidity);
- requestOptions.put(GeneralConstants.CONFIGURATION, this.idpConfiguration);
- if (assertionID != null)
- requestOptions.put(GeneralConstants.ASSERTION_ID, assertionID);
+ String issuer = null;
+ IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
+ ProtocolContext protocolContext = new HTTPContext(request, response, context.getServletContext());
+ //Create the request/response
+ SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
+ idpIssuer.getIssuer(), samlDocumentHolder, HANDLER_TYPE.IDP);
+ saml2HandlerRequest.setRelayState(relayState);
- if (this.keyManager != null)
- {
- String remoteHost = request.getRemoteAddr();
- if (trace)
- {
- log.trace("Remote Host=" + remoteHost);
- }
- PublicKey validatingKey = CoreConfigUtil.getValidatingKey(keyManager, remoteHost);
- requestOptions.put(GeneralConstants.SENDER_PUBLIC_KEY, validatingKey);
- requestOptions.put(GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey());
- }
+ String assertionID = (String) session.getSession().getAttribute(GeneralConstants.ASSERTION_ID);
- Map<String, Object> attribs = this.attribManager.getAttributes(userPrincipal, attributeKeys);
- requestOptions.put(GeneralConstants.ATTRIBUTES, attribs);
+ //Set the options on the handler request
+ Map<String, Object> requestOptions = new HashMap<String, Object>();
+ if (this.ignoreIncomingSignatures)
+ requestOptions.put(GeneralConstants.IGNORE_SIGNATURES, Boolean.TRUE);
+ requestOptions.put(GeneralConstants.ROLE_GENERATOR, roleGenerator);
+ requestOptions.put(GeneralConstants.ASSERTIONS_VALIDITY, this.assertionValidity);
+ requestOptions.put(GeneralConstants.CONFIGURATION, this.idpConfiguration);
+ if (assertionID != null)
+ requestOptions.put(GeneralConstants.ASSERTION_ID, assertionID);
- saml2HandlerRequest.setOptions(requestOptions);
+ if (this.keyManager != null)
+ {
+ String remoteHost = request.getRemoteAddr();
+ if (trace)
+ {
+ log.trace("Remote Host=" + remoteHost);
+ }
+ PublicKey validatingKey = CoreConfigUtil.getValidatingKey(keyManager, remoteHost);
+ requestOptions.put(GeneralConstants.SENDER_PUBLIC_KEY, validatingKey);
+ requestOptions.put(GeneralConstants.DECRYPTING_KEY, keyManager.getSigningKey());
+ }
- List<String> roles = roleGenerator.generateRoles(userPrincipal);
- session.getSession().setAttribute(GeneralConstants.ROLES_ID, roles);
+ Map<String, Object> attribs = this.attribManager.getAttributes(userPrincipal, attributeKeys);
+ requestOptions.put(GeneralConstants.ATTRIBUTES, attribs);
- SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
+ saml2HandlerRequest.setOptions(requestOptions);
- Set<SAML2Handler> handlers = chain.handlers();
+ List<String> roles = roleGenerator.generateRoles(userPrincipal);
+ session.getSession().setAttribute(GeneralConstants.ROLES_ID, roles);
- if (trace)
- {
- log.trace("Handlers are=" + handlers);
- }
+ SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
- if (samlObject instanceof RequestAbstractType)
- {
- requestAbstractType = (RequestAbstractType) samlObject;
- issuer = requestAbstractType.getIssuer().getValue();
- webRequestUtil.isTrusted(issuer);
+ Set<SAML2Handler> handlers = chain.handlers();
- if (handlers != null)
- {
- try
- {
- chainLock.lock();
- for (SAML2Handler handler : handlers)
- {
- handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
- willSendRequest = saml2HandlerResponse.getSendRequest();
- }
- }
- finally
- {
- chainLock.unlock();
- }
- }
- }
- else
- throw new RuntimeException("Unknown type:" + samlObject.getClass().getName());
+ if (trace)
+ {
+ log.trace("Handlers are=" + handlers);
+ }
- samlResponse = saml2HandlerResponse.getResultingDocument();
- relayState = saml2HandlerResponse.getRelayState();
+ if (samlObject instanceof RequestAbstractType)
+ {
+ requestAbstractType = (RequestAbstractType) samlObject;
+ issuer = requestAbstractType.getIssuer().getValue();
+ webRequestUtil.isTrusted(issuer);
- destination = saml2HandlerResponse.getDestination();
-
- requestedPostProfile = saml2HandlerResponse.isPostBindingForResponse();
- }
- catch (Exception e)
+ if (handlers != null)
{
- String status = JBossSAMLURIConstants.STATUS_AUTHNFAILED.get();
- if (e instanceof IssuerNotTrustedException)
- {
- status = JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get();
- }
- log.error("Exception in processing request:", e);
- samlResponse = webRequestUtil.getErrorResponse(referer, status, this.identityURL,
- this.signOutgoingMessages);
- }
- finally
- {
try
{
- boolean postProfile = webRequestUtil.hasSAMLRequestInPostProfile();
- if (postProfile)
- recycle(response);
-
- WebRequestUtilHolder holder = webRequestUtil.getHolder();
- holder.setResponseDoc(samlResponse).setDestination(destination).setRelayState(relayState)
- .setAreWeSendingRequest(willSendRequest).setPrivateKey(null).setSupportSignature(false)
- .setServletResponse(response);
-
- if (requestedPostProfile != null)
- holder.setPostBindingRequested(requestedPostProfile);
- else
- holder.setPostBindingRequested(postProfile);
-
- if (this.signOutgoingMessages)
+ chainLock.lock();
+ for (SAML2Handler handler : handlers)
{
- holder.setPrivateKey(keyManager.getSigningKey()).setSupportSignature(true);
+ handler.handleRequestType(saml2HandlerRequest, saml2HandlerResponse);
+ willSendRequest = saml2HandlerResponse.getSendRequest();
}
-
- webRequestUtil.send(holder);
}
- catch (ParsingException e)
+ finally
{
- if (trace)
- log.trace("Parsing exception:", e);
+ chainLock.unlock();
}
- catch (GeneralSecurityException e)
- {
- if (trace)
- log.trace("Security Exception:", e);
- }
}
- return;
}
- else if (isNotNull(samlResponseMessage))
+ else
+ throw new RuntimeException("Unknown type:" + samlObject.getClass().getName());
+
+ samlResponse = saml2HandlerResponse.getResultingDocument();
+ relayState = saml2HandlerResponse.getRelayState();
+
+ destination = saml2HandlerResponse.getDestination();
+
+ requestedPostProfile = saml2HandlerResponse.isPostBindingForResponse();
+ }
+ catch (Exception e)
+ {
+ String status = JBossSAMLURIConstants.STATUS_AUTHNFAILED.get();
+ if (e instanceof IssuerNotTrustedException)
{
- StatusResponseType statusResponseType = null;
- try
+ status = JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get();
+ }
+ log.error("Exception in processing request:", e);
+ samlResponse = webRequestUtil.getErrorResponse(referer, status, this.identityURL, this.signOutgoingMessages);
+ }
+ finally
+ {
+ try
+ {
+ boolean postProfile = webRequestUtil.hasSAMLRequestInPostProfile();
+ if (postProfile)
+ recycle(response);
+
+ WebRequestUtilHolder holder = webRequestUtil.getHolder();
+ holder.setResponseDoc(samlResponse).setDestination(destination).setRelayState(relayState)
+ .setAreWeSendingRequest(willSendRequest).setPrivateKey(null).setSupportSignature(false)
+ .setServletResponse(response);
+
+ if (requestedPostProfile != null)
+ holder.setPostBindingRequested(requestedPostProfile);
+ else
+ holder.setPostBindingRequested(postProfile);
+
+ if (this.signOutgoingMessages)
{
- samlDocumentHolder = webRequestUtil.getSAMLDocumentHolder(samlResponseMessage);
- samlObject = samlDocumentHolder.getSamlObject();
+ holder.setPrivateKey(keyManager.getSigningKey()).setSupportSignature(true);
+ }
- boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
- boolean isValid = false;
+ webRequestUtil.send(holder);
+ }
+ catch (ParsingException e)
+ {
+ if (trace)
+ log.trace("Parsing exception:", e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ if (trace)
+ log.trace("Security Exception:", e);
+ }
+ }
+ return;
+ }
- String remoteAddress = request.getRemoteAddr();
+ protected void processSAMLResponseMessage(IDPWebRequestUtil webRequestUtil, Request request, Response response)
+ throws ServletException, IOException
+ {
+ Session session = request.getSessionInternal();
+ SAMLDocumentHolder samlDocumentHolder = null;
+ SAML2Object samlObject = null;
- if (isPost)
- {
- //Validate
- SAML2Signature samlSignature = new SAML2Signature();
+ Document samlResponse = null;
+ String destination = null;
- if (ignoreIncomingSignatures == false && signOutgoingMessages == true)
- {
- PublicKey publicKey = keyManager.getValidatingKey(remoteAddress);
- isValid = samlSignature.validate(samlDocumentHolder.getSamlDocument(), publicKey);
- }
- else
- isValid = true;
- }
- else
- {
- isValid = validate(remoteAddress, request.getQueryString(), new SessionHolder(samlResponseMessage,
- signature, sigAlg), isPost);
- }
+ Boolean requestedPostProfile = null;
- if (!isValid)
- throw new GeneralSecurityException("Validation check failed");
+ //Get the SAML Response Message
+ String samlResponseMessage = (String) session.getNote(GeneralConstants.SAML_RESPONSE_KEY);
+ String relayState = (String) session.getNote(GeneralConstants.RELAY_STATE);
+ String signature = (String) session.getNote("Signature");
+ String sigAlg = (String) session.getNote("sigAlg");
- String issuer = null;
- IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
- ProtocolContext protocolContext = new HTTPContext(request, response, context.getServletContext());
- //Create the request/response
- SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
- idpIssuer.getIssuer(), samlDocumentHolder, HANDLER_TYPE.IDP);
- saml2HandlerRequest.setRelayState(relayState);
+ boolean willSendRequest = false;
- SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
+ String referer = request.getHeader("Referer");
- Set<SAML2Handler> handlers = chain.handlers();
+ cleanUpSessionNote(request);
- if (samlObject instanceof StatusResponseType)
- {
- statusResponseType = (StatusResponseType) samlObject;
- issuer = statusResponseType.getIssuer().getValue();
- webRequestUtil.isTrusted(issuer);
+ StatusResponseType statusResponseType = null;
+ try
+ {
+ samlDocumentHolder = webRequestUtil.getSAMLDocumentHolder(samlResponseMessage);
+ samlObject = samlDocumentHolder.getSamlObject();
- if (handlers != null)
- {
- try
- {
- chainLock.lock();
- for (SAML2Handler handler : handlers)
- {
- handler.reset();
- handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
- willSendRequest = saml2HandlerResponse.getSendRequest();
- }
- }
- finally
- {
- chainLock.unlock();
- }
- }
- }
- else
- throw new RuntimeException("Unknown type:" + samlObject.getClass().getName());
+ boolean isPost = webRequestUtil.hasSAMLRequestInPostProfile();
+ boolean isValid = false;
- samlResponse = saml2HandlerResponse.getResultingDocument();
- relayState = saml2HandlerResponse.getRelayState();
+ String remoteAddress = request.getRemoteAddr();
- destination = saml2HandlerResponse.getDestination();
- requestedPostProfile = saml2HandlerResponse.isPostBindingForResponse();
- }
- catch (Exception e)
+ if (isPost)
+ {
+ //Validate
+ SAML2Signature samlSignature = new SAML2Signature();
+
+ if (ignoreIncomingSignatures == false && signOutgoingMessages == true)
{
- String status = JBossSAMLURIConstants.STATUS_AUTHNFAILED.get();
- if (e instanceof IssuerNotTrustedException)
- {
- status = JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get();
- }
- log.error("Exception in processing request:", e);
- samlResponse = webRequestUtil.getErrorResponse(referer, status, this.identityURL,
- this.signOutgoingMessages);
+ PublicKey publicKey = keyManager.getValidatingKey(remoteAddress);
+ isValid = samlSignature.validate(samlDocumentHolder.getSamlDocument(), publicKey);
}
- finally
+ else
+ isValid = true;
+ }
+ else
+ {
+ isValid = validate(remoteAddress, request.getQueryString(), new SessionHolder(samlResponseMessage,
+ signature, sigAlg), isPost);
+ }
+
+ if (!isValid)
+ throw new GeneralSecurityException("Validation check failed");
+
+ String issuer = null;
+ IssuerInfoHolder idpIssuer = new IssuerInfoHolder(this.identityURL);
+ ProtocolContext protocolContext = new HTTPContext(request, response, context.getServletContext());
+ //Create the request/response
+ SAML2HandlerRequest saml2HandlerRequest = new DefaultSAML2HandlerRequest(protocolContext,
+ idpIssuer.getIssuer(), samlDocumentHolder, HANDLER_TYPE.IDP);
+ saml2HandlerRequest.setRelayState(relayState);
+
+ SAML2HandlerResponse saml2HandlerResponse = new DefaultSAML2HandlerResponse();
+
+ Set<SAML2Handler> handlers = chain.handlers();
+
+ if (samlObject instanceof StatusResponseType)
+ {
+ statusResponseType = (StatusResponseType) samlObject;
+ issuer = statusResponseType.getIssuer().getValue();
+ webRequestUtil.isTrusted(issuer);
+
+ if (handlers != null)
{
try
{
- boolean postProfile = webRequestUtil.hasSAMLRequestInPostProfile();
- if (postProfile)
- recycle(response);
-
- WebRequestUtilHolder holder = webRequestUtil.getHolder();
- if (destination == null)
- throw new ServletException("Destination is null");
- holder.setResponseDoc(samlResponse).setDestination(destination).setRelayState(relayState)
- .setAreWeSendingRequest(willSendRequest).setPrivateKey(null).setSupportSignature(false)
- .setServletResponse(response).setPostBindingRequested(requestedPostProfile);
-
- if (requestedPostProfile != null)
- holder.setPostBindingRequested(requestedPostProfile);
- else
- holder.setPostBindingRequested(postProfile);
-
- if (this.signOutgoingMessages)
+ chainLock.lock();
+ for (SAML2Handler handler : handlers)
{
- holder.setPrivateKey(keyManager.getSigningKey()).setSupportSignature(true);
+ handler.reset();
+ handler.handleStatusResponseType(saml2HandlerRequest, saml2HandlerResponse);
+ willSendRequest = saml2HandlerResponse.getSendRequest();
}
- webRequestUtil.send(holder);
}
- catch (ParsingException e)
+ finally
{
- if (trace)
- log.trace("Parsing exception:", e);
+ chainLock.unlock();
}
- catch (GeneralSecurityException e)
- {
- if (trace)
- log.trace("Security Exception:", e);
- }
}
- return;
}
else
+ throw new RuntimeException("Unknown type:" + samlObject.getClass().getName());
+
+ samlResponse = saml2HandlerResponse.getResultingDocument();
+ relayState = saml2HandlerResponse.getRelayState();
+
+ destination = saml2HandlerResponse.getDestination();
+ requestedPostProfile = saml2HandlerResponse.isPostBindingForResponse();
+ }
+ catch (Exception e)
+ {
+ String status = JBossSAMLURIConstants.STATUS_AUTHNFAILED.get();
+ if (e instanceof IssuerNotTrustedException)
{
- log.error("No SAML Request or Response Message");
- if (trace)
- log.trace("Referer=" + referer);
+ status = JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get();
+ }
+ log.error("Exception in processing request:", e);
+ samlResponse = webRequestUtil.getErrorResponse(referer, status, this.identityURL, this.signOutgoingMessages);
+ }
+ finally
+ {
+ try
+ {
+ boolean postProfile = webRequestUtil.hasSAMLRequestInPostProfile();
+ if (postProfile)
+ recycle(response);
- try
+ WebRequestUtilHolder holder = webRequestUtil.getHolder();
+ if (destination == null)
+ throw new ServletException("Destination is null");
+ holder.setResponseDoc(samlResponse).setDestination(destination).setRelayState(relayState)
+ .setAreWeSendingRequest(willSendRequest).setPrivateKey(null).setSupportSignature(false)
+ .setServletResponse(response).setPostBindingRequested(requestedPostProfile);
+
+ if (requestedPostProfile != null)
+ holder.setPostBindingRequested(requestedPostProfile);
+ else
+ holder.setPostBindingRequested(postProfile);
+
+ if (this.signOutgoingMessages)
{
- sendErrorResponseToSP(referer, response, relayState, webRequestUtil);
+ holder.setPrivateKey(keyManager.getSigningKey()).setSupportSignature(true);
}
- catch (ConfigurationException e)
- {
- if (trace)
- log.trace(e);
- }
+ webRequestUtil.send(holder);
}
+ catch (ParsingException e)
+ {
+ if (trace)
+ log.trace("Parsing exception:", e);
+ }
+ catch (GeneralSecurityException e)
+ {
+ if (trace)
+ log.trace("Security Exception:", e);
+ }
}
+ return;
}
+ protected void cleanUpSessionNote(Request request)
+ {
+ Session session = request.getSessionInternal();
+ /**
+ * Since the container has finished the authentication,
+ * we can retrieve the original saml message as well as
+ * any relay state from the SP
+ */
+ String samlRequestMessage = (String) session.getNote(GeneralConstants.SAML_REQUEST_KEY);
+
+ String samlResponseMessage = (String) session.getNote(GeneralConstants.SAML_RESPONSE_KEY);
+ String relayState = (String) session.getNote(GeneralConstants.RELAY_STATE);
+ String signature = (String) session.getNote("Signature");
+ String sigAlg = (String) session.getNote("sigAlg");
+
+ if (trace)
+ {
+ StringBuilder builder = new StringBuilder();
+ builder.append("Retrieved saml messages and relay state from session");
+ builder.append("saml Request message=").append(samlRequestMessage);
+ builder.append("::").append("SAMLResponseMessage=");
+ builder.append(samlResponseMessage).append(":").append("relay state=").append(relayState);
+
+ builder.append("Signature=").append(signature).append("::sigAlg=").append(sigAlg);
+ log.trace(builder.toString());
+ }
+
+ if (isNotNull(samlRequestMessage))
+ session.removeNote(GeneralConstants.SAML_REQUEST_KEY);
+ if (isNotNull(samlResponseMessage))
+ session.removeNote(GeneralConstants.SAML_RESPONSE_KEY);
+
+ if (isNotNull(relayState))
+ session.removeNote(GeneralConstants.RELAY_STATE);
+
+ if (isNotNull(signature))
+ session.removeNote("Signature");
+ if (isNotNull(sigAlg))
+ session.removeNote("sigAlg");
+ }
+
protected void sendErrorResponseToSP(String referrer, Response response, String relayState,
IDPWebRequestUtil webRequestUtil) throws ServletException, IOException, ConfigurationException
{
13 years, 5 months
- 1
- 0
Picketlink SVN: r1062 - federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-07-06 00:09:10 -0400 (Wed, 06 Jul 2011)
New Revision: 1062
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
Log:
log the error
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-06 04:07:03 UTC (rev 1061)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-06 04:09:10 UTC (rev 1062)
@@ -459,8 +459,7 @@
{
status = JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get();
}
- if (trace)
- log.trace("Exception in processing request:", e);
+ log.error("Exception in processing request:", e);
samlResponse = webRequestUtil.getErrorResponse(referer, status, this.identityURL,
this.signOutgoingMessages);
}
@@ -589,6 +588,7 @@
{
status = JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get();
}
+ log.error("Exception in processing request:", e);
samlResponse = webRequestUtil.getErrorResponse(referer, status, this.identityURL,
this.signOutgoingMessages);
}
13 years, 5 months
- 1
- 0
Picketlink SVN: r1061 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-07-06 00:07:03 -0400 (Wed, 06 Jul 2011)
New Revision: 1061
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
Log:
qualify run time exc
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java 2011-07-06 04:06:22 UTC (rev 1060)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java 2011-07-06 04:07:03 UTC (rev 1061)
@@ -195,7 +195,7 @@
ract.addAuthnContextClassRef(value);
}
else
- throw new RuntimeException("unknown :" + elName);
+ throw new RuntimeException("SAMLAuthNRequestParser::unknown :" + elName);
return ract;
}
13 years, 5 months
- 1
- 0
Picketlink SVN: r1060 - federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-07-06 00:06:22 -0400 (Wed, 06 Jul 2011)
New Revision: 1060
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSloRequestParser.java
Log:
add continue blocks for Issuer and Signature elements
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSloRequestParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSloRequestParser.java 2011-07-05 19:56:25 UTC (rev 1059)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSloRequestParser.java 2011-07-06 04:06:22 UTC (rev 1060)
@@ -81,6 +81,14 @@
NameIDType nameID = SAMLParserUtil.parseNameIDType(xmlEventReader);
logoutRequest.setNameID(nameID);
}
+ else if (JBossSAMLConstants.ISSUER.get().equals(elementName))
+ {
+ continue;
+ }
+ else if (JBossSAMLConstants.SIGNATURE.get().equals(elementName))
+ {
+ continue;
+ }
else
throw new RuntimeException("unknown " + elementName);
}
13 years, 5 months
- 1
- 0
Picketlink SVN: r1059 - federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-07-05 15:56:25 -0400 (Tue, 05 Jul 2011)
New Revision: 1059
Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java
Log:
add trace
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-07-05 19:23:04 UTC (rev 1058)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java 2011-07-05 19:56:25 UTC (rev 1059)
@@ -162,7 +162,6 @@
public void generateSAMLRequest(SAML2HandlerRequest request, SAML2HandlerResponse response)
throws ProcessingException
{
-
}
public void handleStatusResponseType(SAML2HandlerRequest request, SAML2HandlerResponse response)
@@ -181,6 +180,8 @@
throw new ProcessingException("AuthnRequest is null");
String destination = art.getAssertionConsumerServiceURL().toASCIIString();
+ if (trace)
+ log.trace("Destination=" + destination);
HttpSession session = BaseSAML2Handler.getHttpSession(request);
Principal userPrincipal = (Principal) session.getAttribute(GeneralConstants.PRINCIPAL_ID);
@@ -315,7 +316,6 @@
}
catch (Exception e)
{
- e.printStackTrace();
if (trace)
log.trace(e);
}
Modified: federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java
===================================================================
--- federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java 2011-07-05 19:23:04 UTC (rev 1058)
+++ federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2LogOutHandler.java 2011-07-05 19:56:25 UTC (rev 1059)
@@ -144,7 +144,6 @@
public void generateSAMLRequest(SAML2HandlerRequest request, SAML2HandlerResponse response)
throws ProcessingException
{
-
}
public void handleStatusResponseType(SAML2HandlerRequest request, SAML2HandlerResponse response)
@@ -319,6 +318,10 @@
SAML2HandlerResponse response, String originalIssuer) throws ConfigurationException,
ParserConfigurationException, ProcessingException
{
+ if (trace)
+ {
+ log.trace("Generating Success Status Response for " + originalIssuer);
+ }
StatusResponseType statusResponse = new StatusResponseType(IDGenerator.create("ID_"),
XMLTimeUtil.getIssueInstant());
@@ -369,6 +372,10 @@
while (participants > 0 && participant.equals(originalRequestor));
}
+ if (trace)
+ {
+ log.trace("Participant = " + participant);
+ }
return participant;
}
}
13 years, 5 months
- 1
- 0
Picketlink SVN: r1058 - federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-07-05 15:23:04 -0400 (Tue, 05 Jul 2011)
New Revision: 1058
Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
Log:
reduce exception catches
Modified: federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java
===================================================================
--- federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-01 21:44:58 UTC (rev 1057)
+++ federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/idp/IDPWebBrowserSSOValve.java 2011-07-05 19:23:04 UTC (rev 1058)
@@ -70,7 +70,6 @@
import org.picketlink.identity.federation.core.interfaces.TrustKeyProcessingException;
import org.picketlink.identity.federation.core.saml.v2.common.SAMLDocumentHolder;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
-import org.picketlink.identity.federation.core.saml.v2.exceptions.IssueInstantMissingException;
import org.picketlink.identity.federation.core.saml.v2.exceptions.IssuerNotTrustedException;
import org.picketlink.identity.federation.core.saml.v2.factories.SAML2HandlerChainFactory;
import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
@@ -453,53 +452,17 @@
requestedPostProfile = saml2HandlerResponse.isPostBindingForResponse();
}
- catch (IssuerNotTrustedException e)
- {
- if (trace)
- log.trace("Exception in processing request:", e);
-
- samlResponse = webRequestUtil.getErrorResponse(referer,
- JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(), this.identityURL, this.signOutgoingMessages);
- }
- catch (ParsingException e)
- {
- if (trace)
- log.trace("Exception in processing request:", e);
-
- samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
- }
- catch (ConfigurationException e)
- {
- if (trace)
- log.trace("Exception in processing request:", e);
-
- samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
- }
- catch (IssueInstantMissingException e)
- {
- if (trace)
- log.trace("Exception in processing request:", e);
-
- samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
- }
- catch (GeneralSecurityException e)
- {
- if (trace)
- log.trace("Exception in processing request:", e);
-
- samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
- }
catch (Exception e)
{
+ String status = JBossSAMLURIConstants.STATUS_AUTHNFAILED.get();
+ if (e instanceof IssuerNotTrustedException)
+ {
+ status = JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get();
+ }
if (trace)
log.trace("Exception in processing request:", e);
-
- samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
+ samlResponse = webRequestUtil.getErrorResponse(referer, status, this.identityURL,
+ this.signOutgoingMessages);
}
finally
{
@@ -619,53 +582,15 @@
destination = saml2HandlerResponse.getDestination();
requestedPostProfile = saml2HandlerResponse.isPostBindingForResponse();
}
- catch (IssuerNotTrustedException e)
- {
- if (trace)
- log.trace("Exception in processing request:", e);
-
- samlResponse = webRequestUtil.getErrorResponse(referer,
- JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get(), this.identityURL, this.signOutgoingMessages);
- }
- catch (ParsingException e)
- {
- if (trace)
- log.trace("Exception in processing request:", e);
-
- samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
- }
- catch (ConfigurationException e)
- {
- if (trace)
- log.trace("Exception in processing request:", e);
-
- samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
- }
- catch (IssueInstantMissingException e)
- {
- if (trace)
- log.trace("Exception in processing request:", e);
-
- samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
- }
- catch (GeneralSecurityException e)
- {
- if (trace)
- log.trace("Exception in processing request:", e);
-
- samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
- }
catch (Exception e)
{
- if (trace)
- log.trace("Exception in processing request:", e);
-
- samlResponse = webRequestUtil.getErrorResponse(referer, JBossSAMLURIConstants.STATUS_AUTHNFAILED.get(),
- this.identityURL, this.signOutgoingMessages);
+ String status = JBossSAMLURIConstants.STATUS_AUTHNFAILED.get();
+ if (e instanceof IssuerNotTrustedException)
+ {
+ status = JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get();
+ }
+ samlResponse = webRequestUtil.getErrorResponse(referer, status, this.identityURL,
+ this.signOutgoingMessages);
}
finally
{
13 years, 5 months
- 1
- 0
Picketlink SVN: r1057 - in federation/trunk/picketlink-fed-core/src: main/java/org/picketlink/identity/federation/core/saml/v2/constants and 3 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-07-01 17:44:58 -0400 (Fri, 01 Jul 2011)
New Revision: 1057
Added:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLArtifactResponseParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAttributeQueryParser.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAttributeQueryParserTestCase.java
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-attributequery.xml
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java
Log:
PLFED-117: parse and write saml attribute query
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLArtifactResponseParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLArtifactResponseParser.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLArtifactResponseParser.java 2011-07-01 21:44:58 UTC (rev 1057)
@@ -0,0 +1,124 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.parsers.saml;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.events.StartElement;
+
+import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
+import org.picketlink.identity.federation.core.exceptions.ParsingException;
+import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport;
+import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.StatusResponseType;
+import org.w3c.dom.Element;
+
+/**
+ * Parse the SAML Response
+ * @author Anil.Saldhana(a)redhat.com
+ * @since July 1, 2011
+ */
+public class SAMLArtifactResponseParser extends SAMLStatusResponseTypeParser implements ParserNamespaceSupport
+{
+ private final String ARTIFACT_RESPONSE = JBossSAMLConstants.ARTIFACT_RESPONSE.get();
+
+ /**
+ * @see {@link ParserNamespaceSupport#parse(XMLEventReader)}
+ */
+ public Object parse(XMLEventReader xmlEventReader) throws ParsingException
+ {
+ //Get the startelement
+ StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ StaxParserUtil.validate(startElement, ARTIFACT_RESPONSE);
+
+ ArtifactResponseType response = (ArtifactResponseType) parseBaseAttributes(startElement);
+
+ while (xmlEventReader.hasNext())
+ {
+ //Let us peek at the next start element
+ startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
+ if (startElement == null)
+ break;
+ String elementName = StaxParserUtil.getStartElementName(startElement);
+
+ if (JBossSAMLConstants.ISSUER.get().equals(elementName))
+ {
+ startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ NameIDType issuer = new NameIDType();
+ issuer.setValue(StaxParserUtil.getElementText(xmlEventReader));
+ response.setIssuer(issuer);
+ }
+ else if (JBossSAMLConstants.SIGNATURE.get().equals(elementName))
+ {
+ Element sig = StaxParserUtil.getDOMElement(xmlEventReader);
+ response.setSignature(sig);
+ }
+ else if (JBossSAMLConstants.AUTHN_REQUEST.get().equals(elementName))
+ {
+ SAMLAuthNRequestParser authnParser = new SAMLAuthNRequestParser();
+ AuthnRequestType authn = (AuthnRequestType) authnParser.parse(xmlEventReader);
+ response.setAny(authn);
+ }
+ else if (JBossSAMLConstants.RESPONSE.get().equals(elementName))
+ {
+ SAMLResponseParser authnParser = new SAMLResponseParser();
+ ResponseType authn = (ResponseType) authnParser.parse(xmlEventReader);
+ response.setAny(authn);
+ }
+ else if (JBossSAMLConstants.STATUS.get().equals(elementName))
+ {
+ response.setStatus(parseStatus(xmlEventReader));
+ }
+ else
+ throw new RuntimeException("Unknown tag=" + elementName + "::location=" + startElement.getLocation());
+ }
+
+ return response;
+ }
+
+ /**
+ * @see {@link ParserNamespaceSupport#supports(QName)}
+ */
+ public boolean supports(QName qname)
+ {
+ return JBossSAMLURIConstants.PROTOCOL_NSURI.get().equals(qname.getNamespaceURI())
+ && ARTIFACT_RESPONSE.equals(qname.getLocalPart());
+ }
+
+ /**
+ * Parse the attributes at the response element
+ * @param startElement
+ * @return
+ * @throws ConfigurationException
+ */
+ protected StatusResponseType parseBaseAttributes(StartElement startElement) throws ParsingException
+ {
+ ArtifactResponseType response = new ArtifactResponseType(super.parseBaseAttributes(startElement));
+ return response;
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAttributeQueryParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAttributeQueryParser.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAttributeQueryParser.java 2011-07-01 21:44:58 UTC (rev 1057)
@@ -0,0 +1,103 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.identity.federation.core.parsers.saml;
+
+import javax.xml.namespace.QName;
+import javax.xml.stream.XMLEventReader;
+import javax.xml.stream.events.StartElement;
+
+import org.picketlink.identity.federation.core.exceptions.ParsingException;
+import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport;
+import org.picketlink.identity.federation.core.parsers.util.SAMLParserUtil;
+import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
+import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
+import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResolveType;
+import org.picketlink.identity.federation.saml.v2.protocol.AttributeQueryType;
+
+/**
+ * Parse the {@link ArtifactResolveType}
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 1, 2011
+ */
+public class SAMLAttributeQueryParser extends SAMLRequestAbstractParser implements ParserNamespaceSupport
+{
+ public Object parse(XMLEventReader xmlEventReader) throws ParsingException
+ {
+ //Get the startelement
+ StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ StaxParserUtil.validate(startElement, JBossSAMLConstants.ATTRIBUTE_QUERY.get());
+
+ AttributeQueryType attributeQuery = parseBaseAttributes(startElement);
+
+ while (xmlEventReader.hasNext())
+ {
+ //Let us peek at the next start element
+ startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
+ if (startElement == null)
+ break;
+ super.parseCommonElements(startElement, xmlEventReader, attributeQuery);
+ String elementName = StaxParserUtil.getStartElementName(startElement);
+
+ if (JBossSAMLConstants.SUBJECT.get().equals(elementName))
+ {
+ attributeQuery.setSubject(getSubject(xmlEventReader));
+ }
+ else if (JBossSAMLConstants.ATTRIBUTE.get().equals(elementName))
+ {
+ attributeQuery.add(SAMLParserUtil.parseAttribute(xmlEventReader));
+ }
+ else if (JBossSAMLConstants.ISSUER.get().equals(elementName))
+ {
+ continue;
+ }
+ else if (JBossSAMLConstants.SIGNATURE.get().equals(elementName))
+ {
+ continue;
+ }
+ else
+ throw new RuntimeException("Unknown Element:" + elementName + "::location=" + startElement.getLocation());
+ }
+ return attributeQuery;
+ }
+
+ public boolean supports(QName qname)
+ {
+ return JBossSAMLURIConstants.PROTOCOL_NSURI.get().equals(qname.getNamespaceURI());
+ }
+
+ /**
+ * Parse the attributes at the authnrequesttype element
+ * @param startElement
+ * @return
+ * @throws ParsingException
+ */
+ private AttributeQueryType parseBaseAttributes(StartElement startElement) throws ParsingException
+ {
+ super.parseRequiredAttributes(startElement);
+ AttributeQueryType authnRequest = new AttributeQueryType(id, issueInstant);
+ //Let us get the attributes
+ super.parseBaseAttributes(startElement, authnRequest);
+
+ return authnRequest;
+ }
+}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java 2011-07-01 20:57:08 UTC (rev 1056)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLAuthNRequestParser.java 2011-07-01 21:44:58 UTC (rev 1057)
@@ -34,7 +34,6 @@
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.NameIDPolicyType;
import org.picketlink.identity.federation.saml.v2.protocol.RequestedAuthnContextType;
@@ -180,12 +179,6 @@
return nameIDPolicy;
}
- private SubjectType getSubject(XMLEventReader xmlEventReader) throws ParsingException
- {
- SAMLSubjectParser subjectParser = new SAMLSubjectParser();
- return (SubjectType) subjectParser.parse(xmlEventReader);
- }
-
private RequestedAuthnContextType getRequestedAuthnContextType(XMLEventReader xmlEventReader)
throws ParsingException
{
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-07-01 20:57:08 UTC (rev 1056)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-07-01 21:44:58 UTC (rev 1057)
@@ -121,6 +121,12 @@
SAMLArtifactResponseParser responseParser = new SAMLArtifactResponseParser();
return responseParser.parse(xmlEventReader);
}
+ else if (JBossSAMLURIConstants.PROTOCOL_NSURI.get().equals(nsURI)
+ && JBossSAMLConstants.ATTRIBUTE_QUERY.get().equals(startElementName.getLocalPart()))
+ {
+ SAMLAttributeQueryParser responseParser = new SAMLAttributeQueryParser();
+ return responseParser.parse(xmlEventReader);
+ }
else if (JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY.get().equals(localPart))
{
SAMLXACMLRequestParser samlXacmlParser = new SAMLXACMLRequestParser();
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java 2011-07-01 20:57:08 UTC (rev 1056)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLRequestAbstractParser.java 2011-07-01 21:44:58 UTC (rev 1057)
@@ -32,8 +32,9 @@
import org.picketlink.identity.federation.core.exceptions.ParsingException;
import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil;
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants;
-import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
import org.picketlink.identity.federation.saml.v2.protocol.RequestAbstractType;
/**
@@ -44,62 +45,70 @@
public abstract class SAMLRequestAbstractParser
{
protected String id;
+
protected String version;
- protected XMLGregorianCalendar issueInstant;
-
- protected void parseRequiredAttributes( StartElement startElement ) throws ParsingException
+
+ protected XMLGregorianCalendar issueInstant;
+
+ protected void parseRequiredAttributes(StartElement startElement) throws ParsingException
{
- Attribute idAttr = startElement.getAttributeByName( new QName( "ID" ));
- if( idAttr == null )
- throw new RuntimeException( "ID attribute is missing" );
-
- id = StaxParserUtil.getAttributeValue( idAttr );
-
- Attribute versionAttr = startElement.getAttributeByName( new QName( "Version" ));
- if( versionAttr == null )
- throw new RuntimeException( "Version attribute required in Request" );
- version = StaxParserUtil.getAttributeValue( versionAttr );
-
- Attribute issueInstantAttr = startElement.getAttributeByName( new QName( "IssueInstant" ));
- if( issueInstantAttr == null )
- throw new RuntimeException( "IssueInstant attribute required in Request" );
- issueInstant = XMLTimeUtil.parse( StaxParserUtil.getAttributeValue( issueInstantAttr ));
+ Attribute idAttr = startElement.getAttributeByName(new QName("ID"));
+ if (idAttr == null)
+ throw new RuntimeException("ID attribute is missing");
+
+ id = StaxParserUtil.getAttributeValue(idAttr);
+
+ Attribute versionAttr = startElement.getAttributeByName(new QName("Version"));
+ if (versionAttr == null)
+ throw new RuntimeException("Version attribute required in Request");
+ version = StaxParserUtil.getAttributeValue(versionAttr);
+
+ Attribute issueInstantAttr = startElement.getAttributeByName(new QName("IssueInstant"));
+ if (issueInstantAttr == null)
+ throw new RuntimeException("IssueInstant attribute required in Request");
+ issueInstant = XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(issueInstantAttr));
}
-
+
/**
* Parse the attributes that are common to all SAML Request Types
* @param startElement
* @param request
* @throws ParsingException
*/
- protected void parseBaseAttributes( StartElement startElement, RequestAbstractType request ) throws ParsingException
- {
- Attribute destinationAttr = startElement.getAttributeByName( new QName( "Destination" ));
- if( destinationAttr != null )
- request.setDestination( URI.create( StaxParserUtil.getAttributeValue( destinationAttr ) ));
-
- Attribute consent = startElement.getAttributeByName( new QName( "Consent" ));
- if( consent != null )
- request.setConsent( StaxParserUtil.getAttributeValue( consent ));
- }
-
- protected void parseCommonElements( StartElement startElement, XMLEventReader xmlEventReader,
- RequestAbstractType request ) throws ParsingException
+ protected void parseBaseAttributes(StartElement startElement, RequestAbstractType request) throws ParsingException
{
- if( startElement == null )
- throw new IllegalArgumentException( " startElement is null" );
- String elementName = StaxParserUtil.getStartElementName( startElement );
+ Attribute destinationAttr = startElement.getAttributeByName(new QName("Destination"));
+ if (destinationAttr != null)
+ request.setDestination(URI.create(StaxParserUtil.getAttributeValue(destinationAttr)));
- if( JBossSAMLConstants.ISSUER.get().equals( elementName ))
+ Attribute consent = startElement.getAttributeByName(new QName("Consent"));
+ if (consent != null)
+ request.setConsent(StaxParserUtil.getAttributeValue(consent));
+ }
+
+ protected void parseCommonElements(StartElement startElement, XMLEventReader xmlEventReader,
+ RequestAbstractType request) throws ParsingException
+ {
+ if (startElement == null)
+ throw new IllegalArgumentException(" startElement is null");
+ String elementName = StaxParserUtil.getStartElementName(startElement);
+
+ if (JBossSAMLConstants.ISSUER.get().equals(elementName))
{
- startElement = StaxParserUtil.getNextStartElement( xmlEventReader );
+ startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
NameIDType issuer = new NameIDType();
- issuer.setValue( StaxParserUtil.getElementText( xmlEventReader ));
- request.setIssuer( issuer );
+ issuer.setValue(StaxParserUtil.getElementText(xmlEventReader));
+ request.setIssuer(issuer);
}
- else if( JBossSAMLConstants.SIGNATURE.get().equals( elementName ))
- {
- request.setSignature( StaxParserUtil.getDOMElement(xmlEventReader) );
- }
+ else if (JBossSAMLConstants.SIGNATURE.get().equals(elementName))
+ {
+ request.setSignature(StaxParserUtil.getDOMElement(xmlEventReader));
+ }
}
+
+ protected SubjectType getSubject(XMLEventReader xmlEventReader) throws ParsingException
+ {
+ SAMLSubjectParser subjectParser = new SAMLSubjectParser();
+ return (SubjectType) subjectParser.parse(xmlEventReader);
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2011-07-01 20:57:08 UTC (rev 1056)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2011-07-01 21:44:58 UTC (rev 1057)
@@ -40,6 +40,7 @@
ASSERTION_CONSUMER_SERVICE_INDEX( "AssertionConsumerServiceIndex" ),
ASSERTION_ID_REQUEST_SERVICE( "AssertionIDRequestService" ),
ATTRIBUTE( "Attribute" ),
+ ATTRIBUTE_QUERY( "AttributeQuery" ),
ATTRIBUTE_AUTHORITY_DESCRIPTOR( "AttributeAuthorityDescriptor" ),
ATTRIBUTE_CONSUMING_SERVICE( "AttributeConsumingService" ),
ATTRIBUTE_CONSUMING_SERVICE_INDEX( "AttributeConsumingServiceIndex" ),
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java 2011-07-01 20:57:08 UTC (rev 1056)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/BaseWriter.java 2011-07-01 21:44:58 UTC (rev 1057)
@@ -29,6 +29,7 @@
import java.util.List;
import java.util.Map;
+import javax.xml.datatype.XMLGregorianCalendar;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLStreamWriter;
@@ -37,9 +38,21 @@
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.saml.v2.assertion.BaseIDAbstractType;
+import org.picketlink.identity.federation.saml.v2.assertion.EncryptedElementType;
+import org.picketlink.identity.federation.saml.v2.assertion.KeyInfoConfirmationDataType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectType.STSubType;
import org.picketlink.identity.federation.saml.v2.metadata.LocalizedNameType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
+import org.w3c.dom.Element;
/**
* Base Class for the Stax writers for SAML
@@ -207,4 +220,161 @@
StaxUtil.writeCharacters(writer, localizedNameType.getValue());
StaxUtil.writeEndElement(writer);
}
+
+ /**
+ * write an {@code SubjectType} to stream
+ *
+ * @param subject
+ * @param out
+ * @throws ProcessingException
+ */
+ public void write(SubjectType subject) throws ProcessingException
+ {
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT.get(), ASSERTION_NSURI.get());
+
+ STSubType subType = subject.getSubType();
+ if (subType != null)
+ {
+ BaseIDAbstractType baseID = subType.getBaseID();
+ if (baseID instanceof NameIDType)
+ {
+ NameIDType nameIDType = (NameIDType) baseID;
+ write(nameIDType, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX));
+ }
+ EncryptedElementType enc = subType.getEncryptedID();
+ if (enc != null)
+ throw new RuntimeException("NYI");
+ List<SubjectConfirmationType> confirmations = subType.getConfirmation();
+ if (confirmations != null)
+ {
+ for (SubjectConfirmationType confirmation : confirmations)
+ {
+ write(confirmation);
+ }
+ }
+ }
+ List<SubjectConfirmationType> subjectConfirmations = subject.getConfirmation();
+ if (subjectConfirmations != null)
+ {
+ for (SubjectConfirmationType subjectConfirmationType : subjectConfirmations)
+ {
+ write(subjectConfirmationType);
+ }
+ }
+
+ StaxUtil.writeEndElement(writer);
+ StaxUtil.flush(writer);
+ }
+
+ private void write(SubjectConfirmationType subjectConfirmationType) throws ProcessingException
+ {
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION.get(),
+ ASSERTION_NSURI.get());
+
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.METHOD.get(), subjectConfirmationType.getMethod());
+
+ BaseIDAbstractType baseID = subjectConfirmationType.getBaseID();
+ if (baseID != null)
+ {
+ write(baseID);
+ }
+ NameIDType nameIDType = subjectConfirmationType.getNameID();
+ if (nameIDType != null)
+ {
+ write(nameIDType, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX));
+ }
+ SubjectConfirmationDataType subjectConfirmationData = subjectConfirmationType.getSubjectConfirmationData();
+ if (subjectConfirmationData != null)
+ {
+ write(subjectConfirmationData);
+ }
+ StaxUtil.writeEndElement(writer);
+ }
+
+ private void write(SubjectConfirmationDataType subjectConfirmationData) throws ProcessingException
+ {
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get(),
+ ASSERTION_NSURI.get());
+
+ // Let us look at attributes
+ String inResponseTo = subjectConfirmationData.getInResponseTo();
+ if (StringUtil.isNotNull(inResponseTo))
+ {
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.IN_RESPONSE_TO.get(), inResponseTo);
+ }
+
+ XMLGregorianCalendar notBefore = subjectConfirmationData.getNotBefore();
+ if (notBefore != null)
+ {
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), notBefore.toString());
+ }
+
+ XMLGregorianCalendar notOnOrAfter = subjectConfirmationData.getNotOnOrAfter();
+ if (notOnOrAfter != null)
+ {
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), notOnOrAfter.toString());
+ }
+
+ String recipient = subjectConfirmationData.getRecipient();
+ if (StringUtil.isNotNull(recipient))
+ {
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.RECIPIENT.get(), recipient);
+ }
+
+ String address = subjectConfirmationData.getAddress();
+ if (StringUtil.isNotNull(address))
+ {
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.ADDRESS.get(), address);
+ }
+
+ if (subjectConfirmationData instanceof KeyInfoConfirmationDataType)
+ {
+ KeyInfoConfirmationDataType kicd = (KeyInfoConfirmationDataType) subjectConfirmationData;
+ KeyInfoType keyInfo = (KeyInfoType) kicd.getAnyType();
+ if (keyInfo.getContent() == null || keyInfo.getContent().size() == 0)
+ throw new ProcessingException("Invalid KeyInfo object: content cannot be empty");
+ StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX,
+ WSTrustConstants.XMLDSig.KEYINFO, WSTrustConstants.XMLDSig.DSIG_NS);
+ StaxUtil.writeNameSpace(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX, WSTrustConstants.XMLDSig.DSIG_NS);
+ // write the keyInfo content.
+ Object content = keyInfo.getContent().get(0);
+ if (content instanceof Element)
+ {
+ Element element = (Element) keyInfo.getContent().get(0);
+ StaxUtil.writeDOMNode(this.writer, element);
+ }
+ else if (content instanceof X509DataType)
+ {
+ X509DataType type = (X509DataType) content;
+ if (type.getDataObjects().size() == 0)
+ throw new ProcessingException("X509Data cannot be empy");
+ StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX,
+ WSTrustConstants.XMLDSig.X509DATA, WSTrustConstants.XMLDSig.DSIG_NS);
+ Object obj = type.getDataObjects().get(0);
+ if (obj instanceof Element)
+ {
+ Element element = (Element) obj;
+ StaxUtil.writeDOMElement(this.writer, element);
+ }
+ else if (obj instanceof X509CertificateType)
+ {
+ X509CertificateType cert = (X509CertificateType) obj;
+ StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX,
+ WSTrustConstants.XMLDSig.X509CERT, WSTrustConstants.XMLDSig.DSIG_NS);
+ StaxUtil.writeCharacters(this.writer, new String(cert.getEncodedCertificate()));
+ StaxUtil.writeEndElement(this.writer);
+ }
+ StaxUtil.writeEndElement(this.writer);
+ }
+ StaxUtil.writeEndElement(this.writer);
+ }
+
+ StaxUtil.writeEndElement(writer);
+ StaxUtil.flush(writer);
+ }
+
+ private void write(BaseIDAbstractType baseId) throws ProcessingException
+ {
+ throw new RuntimeException("NYI");
+ }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java 2011-07-01 20:57:08 UTC (rev 1056)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java 2011-07-01 21:44:58 UTC (rev 1057)
@@ -34,8 +34,6 @@
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.saml.v2.util.SAMLXACMLUtil;
import org.picketlink.identity.federation.core.util.StaxUtil;
-import org.picketlink.identity.federation.core.util.StringUtil;
-import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
import org.picketlink.identity.federation.saml.v2.assertion.AdviceType;
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
@@ -48,22 +46,14 @@
import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextType;
import org.picketlink.identity.federation.saml.v2.assertion.AuthnContextType.AuthnContextTypeSequence;
import org.picketlink.identity.federation.saml.v2.assertion.AuthnStatementType;
-import org.picketlink.identity.federation.saml.v2.assertion.BaseIDAbstractType;
import org.picketlink.identity.federation.saml.v2.assertion.ConditionAbstractType;
import org.picketlink.identity.federation.saml.v2.assertion.ConditionsType;
import org.picketlink.identity.federation.saml.v2.assertion.EncryptedElementType;
-import org.picketlink.identity.federation.saml.v2.assertion.KeyInfoConfirmationDataType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationDataType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectConfirmationType;
import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
-import org.picketlink.identity.federation.saml.v2.assertion.SubjectType.STSubType;
import org.picketlink.identity.federation.saml.v2.assertion.URIType;
import org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
-import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
-import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType;
-import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -398,161 +388,4 @@
StaxUtil.writeEndElement(writer);
StaxUtil.flush(writer);
}
-
- /**
- * write an {@code SubjectType} to stream
- *
- * @param subject
- * @param out
- * @throws ProcessingException
- */
- public void write(SubjectType subject) throws ProcessingException
- {
- StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT.get(), ASSERTION_NSURI.get());
-
- STSubType subType = subject.getSubType();
- if (subType != null)
- {
- BaseIDAbstractType baseID = subType.getBaseID();
- if (baseID instanceof NameIDType)
- {
- NameIDType nameIDType = (NameIDType) baseID;
- write(nameIDType, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX));
- }
- EncryptedElementType enc = subType.getEncryptedID();
- if (enc != null)
- throw new RuntimeException("NYI");
- List<SubjectConfirmationType> confirmations = subType.getConfirmation();
- if (confirmations != null)
- {
- for (SubjectConfirmationType confirmation : confirmations)
- {
- write(confirmation);
- }
- }
- }
- List<SubjectConfirmationType> subjectConfirmations = subject.getConfirmation();
- if (subjectConfirmations != null)
- {
- for (SubjectConfirmationType subjectConfirmationType : subjectConfirmations)
- {
- write(subjectConfirmationType);
- }
- }
-
- StaxUtil.writeEndElement(writer);
- StaxUtil.flush(writer);
- }
-
- private void write(BaseIDAbstractType baseId) throws ProcessingException
- {
- throw new RuntimeException("NYI");
- }
-
- private void write(SubjectConfirmationType subjectConfirmationType) throws ProcessingException
- {
- StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION.get(),
- ASSERTION_NSURI.get());
-
- StaxUtil.writeAttribute(writer, JBossSAMLConstants.METHOD.get(), subjectConfirmationType.getMethod());
-
- BaseIDAbstractType baseID = subjectConfirmationType.getBaseID();
- if (baseID != null)
- {
- write(baseID);
- }
- NameIDType nameIDType = subjectConfirmationType.getNameID();
- if (nameIDType != null)
- {
- write(nameIDType, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX));
- }
- SubjectConfirmationDataType subjectConfirmationData = subjectConfirmationType.getSubjectConfirmationData();
- if (subjectConfirmationData != null)
- {
- write(subjectConfirmationData);
- }
- StaxUtil.writeEndElement(writer);
- }
-
- private void write(SubjectConfirmationDataType subjectConfirmationData) throws ProcessingException
- {
- StaxUtil.writeStartElement(writer, ASSERTION_PREFIX, JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get(),
- ASSERTION_NSURI.get());
-
- // Let us look at attributes
- String inResponseTo = subjectConfirmationData.getInResponseTo();
- if (StringUtil.isNotNull(inResponseTo))
- {
- StaxUtil.writeAttribute(writer, JBossSAMLConstants.IN_RESPONSE_TO.get(), inResponseTo);
- }
-
- XMLGregorianCalendar notBefore = subjectConfirmationData.getNotBefore();
- if (notBefore != null)
- {
- StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(), notBefore.toString());
- }
-
- XMLGregorianCalendar notOnOrAfter = subjectConfirmationData.getNotOnOrAfter();
- if (notOnOrAfter != null)
- {
- StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(), notOnOrAfter.toString());
- }
-
- String recipient = subjectConfirmationData.getRecipient();
- if (StringUtil.isNotNull(recipient))
- {
- StaxUtil.writeAttribute(writer, JBossSAMLConstants.RECIPIENT.get(), recipient);
- }
-
- String address = subjectConfirmationData.getAddress();
- if (StringUtil.isNotNull(address))
- {
- StaxUtil.writeAttribute(writer, JBossSAMLConstants.ADDRESS.get(), address);
- }
-
- if (subjectConfirmationData instanceof KeyInfoConfirmationDataType)
- {
- KeyInfoConfirmationDataType kicd = (KeyInfoConfirmationDataType) subjectConfirmationData;
- KeyInfoType keyInfo = (KeyInfoType) kicd.getAnyType();
- if (keyInfo.getContent() == null || keyInfo.getContent().size() == 0)
- throw new ProcessingException("Invalid KeyInfo object: content cannot be empty");
- StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX,
- WSTrustConstants.XMLDSig.KEYINFO, WSTrustConstants.XMLDSig.DSIG_NS);
- StaxUtil.writeNameSpace(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX, WSTrustConstants.XMLDSig.DSIG_NS);
- // write the keyInfo content.
- Object content = keyInfo.getContent().get(0);
- if (content instanceof Element)
- {
- Element element = (Element) keyInfo.getContent().get(0);
- StaxUtil.writeDOMNode(this.writer, element);
- }
- else if (content instanceof X509DataType)
- {
- X509DataType type = (X509DataType) content;
- if (type.getDataObjects().size() == 0)
- throw new ProcessingException("X509Data cannot be empy");
- StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX,
- WSTrustConstants.XMLDSig.X509DATA, WSTrustConstants.XMLDSig.DSIG_NS);
- Object obj = type.getDataObjects().get(0);
- if (obj instanceof Element)
- {
- Element element = (Element) obj;
- StaxUtil.writeDOMElement(this.writer, element);
- }
- else if (obj instanceof X509CertificateType)
- {
- X509CertificateType cert = (X509CertificateType) obj;
- StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX,
- WSTrustConstants.XMLDSig.X509CERT, WSTrustConstants.XMLDSig.DSIG_NS);
- StaxUtil.writeCharacters(this.writer, new String(cert.getEncodedCertificate()));
- StaxUtil.writeEndElement(this.writer);
- }
- StaxUtil.writeEndElement(this.writer);
- }
- StaxUtil.writeEndElement(this.writer);
- }
-
- StaxUtil.writeEndElement(writer);
- StaxUtil.flush(writer);
- }
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java 2011-07-01 20:57:08 UTC (rev 1056)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java 2011-07-01 21:44:58 UTC (rev 1057)
@@ -26,6 +26,7 @@
import java.io.StringWriter;
import java.net.URI;
+import java.util.List;
import javax.xml.bind.JAXBException;
import javax.xml.bind.Marshaller;
@@ -43,8 +44,11 @@
import org.picketlink.identity.federation.core.util.JAXBUtil;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResolveType;
+import org.picketlink.identity.federation.saml.v2.protocol.AttributeQueryType;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.NameIDPolicyType;
@@ -231,6 +235,7 @@
StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.ARTIFACT_RESOLVE.get(),
PROTOCOL_NSURI.get());
StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, PROTOCOL_NSURI.get());
+ StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
//Attributes
@@ -267,11 +272,58 @@
StaxUtil.flush(writer);
}
+ public void write(AttributeQueryType request) throws ProcessingException
+ {
+ StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.ATTRIBUTE_QUERY.get(),
+ PROTOCOL_NSURI.get());
+ StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, PROTOCOL_NSURI.get());
+ StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
+ StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
+
+ //Attributes
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), request.getID());
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), request.getVersion());
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), request.getIssueInstant().toString());
+
+ URI destination = request.getDestination();
+ if (destination != null)
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.DESTINATION.get(), destination.toASCIIString());
+
+ String consent = request.getConsent();
+ if (StringUtil.isNotNull(consent))
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.CONSENT.get(), consent);
+
+ NameIDType issuer = request.getIssuer();
+ if (issuer != null)
+ {
+ write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get()));
+ }
+ Element sig = request.getSignature();
+ if (sig != null)
+ {
+ StaxUtil.writeDOMElement(writer, sig);
+ }
+ SubjectType subject = request.getSubject();
+ if (subject != null)
+ {
+ write(subject);
+ }
+ List<AttributeType> attributes = request.getAttribute();
+ for (AttributeType attr : attributes)
+ {
+ write(attr);
+ }
+ StaxUtil.writeEndElement(writer);
+ StaxUtil.flush(writer);
+ }
+
public void write(XACMLAuthzDecisionQueryType xacmlQuery) throws ProcessingException
{
StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.REQUEST_ABSTRACT.get(),
PROTOCOL_NSURI.get());
StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, PROTOCOL_NSURI.get());
+ StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
+
StaxUtil.writeNameSpace(writer, XACML_SAML_PROTO_PREFIX, JBossSAMLURIConstants.XACML_SAML_PROTO_NSURI.get());
StaxUtil.writeDefaultNameSpace(writer, JBossSAMLURIConstants.XACML_NSURI.get());
Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAttributeQueryParserTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAttributeQueryParserTestCase.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAttributeQueryParserTestCase.java 2011-07-01 21:44:58 UTC (rev 1057)
@@ -0,0 +1,86 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+import java.util.List;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
+import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
+import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResolveType;
+import org.picketlink.identity.federation.saml.v2.protocol.AttributeQueryType;
+import org.w3c.dom.Document;
+
+/**
+ * Unit test the parsing of {@link ArtifactResolveType}
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 1, 2011
+ */
+public class SAMLAttributeQueryParserTestCase
+{
+ @Test
+ public void testSAMLAttributeQueryParse() throws Exception
+ {
+ String file = "parser/saml2/saml2-attributequery.xml";
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream(file);
+
+ JAXPValidationUtil.validate(configStream);
+ configStream = tcl.getResourceAsStream(file);
+
+ SAMLParser parser = new SAMLParser();
+ AttributeQueryType attributeQuery = (AttributeQueryType) parser.parse(configStream);
+ assertNotNull("ArtifactResolveType is not null", attributeQuery);
+
+ assertEquals("ID_aaf23196-1773-2113-474a-fe114412ab72", attributeQuery.getID());
+ assertEquals(XMLTimeUtil.parse("2006-07-17T20:31:40Z"), attributeQuery.getIssueInstant());
+ assertEquals("CN=anil,OU=User,O=TEST,C=US", attributeQuery.getIssuer().getValue());
+
+ SubjectType subject = attributeQuery.getSubject();
+ NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
+ assertEquals("CN=anil,OU=User,O=TEST,C=US", nameID.getValue());
+ List<AttributeType> attributes = attributeQuery.getAttribute();
+ assertEquals(2, attributes.size());
+
+ //Try out writing
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLRequestWriter writer = new SAMLRequestWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(attributeQuery);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ Document doc = DocumentUtil.getDocument(bis); //throws exceptions
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-attributequery.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-attributequery.xml (rev 0)
+++ federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-attributequery.xml 2011-07-01 21:44:58 UTC (rev 1057)
@@ -0,0 +1,27 @@
+<samlp:AttributeQuery
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ ID="ID_aaf23196-1773-2113-474a-fe114412ab72"
+ Version="2.0"
+ IssueInstant="2006-07-17T20:31:40Z">
+ <saml:Issuer
+ Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
+ CN=anil,OU=User,O=TEST,C=US
+ </saml:Issuer>
+ <saml:Subject>
+ <saml:NameID
+ Format="urn:oasis:names:tc:SAML:1.1:nameid-format:X509SubjectName">
+ CN=anil,OU=User,O=TEST,C=US
+ </saml:NameID>
+ </saml:Subject>
+ <saml:Attribute
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+ Name="urn:oid:2.5.4.42"
+ FriendlyName="givenName">
+ </saml:Attribute>
+ <saml:Attribute
+ NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri"
+ Name="urn:oid:1.3.6.1.4.1.1466.115.121.1.26"
+ FriendlyName="mail">
+ </saml:Attribute>
+ </samlp:AttributeQuery>
\ No newline at end of file
13 years, 5 months
- 1
- 0
Picketlink SVN: r1056 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants and 4 other directories.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-07-01 16:57:08 -0400 (Fri, 01 Jul 2011)
New Revision: 1056
Added:
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResponseParserTestCase.java
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-authnrequest.xml
federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-response.xml
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java
federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/protocol/ArtifactResponseType.java
Log:
PLFED-116: saml artifact resolve writing
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-07-01 20:29:06 UTC (rev 1055)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLParser.java 2011-07-01 20:57:08 UTC (rev 1056)
@@ -115,6 +115,12 @@
SAMLArtifactResolveParser artifactResolverParser = new SAMLArtifactResolveParser();
return artifactResolverParser.parse(xmlEventReader);
}
+ else if (JBossSAMLURIConstants.PROTOCOL_NSURI.get().equals(nsURI)
+ && JBossSAMLConstants.ARTIFACT_RESPONSE.get().equals(startElementName.getLocalPart()))
+ {
+ SAMLArtifactResponseParser responseParser = new SAMLArtifactResponseParser();
+ return responseParser.parse(xmlEventReader);
+ }
else if (JBossSAMLConstants.XACML_AUTHZ_DECISION_QUERY.get().equals(localPart))
{
SAMLXACMLRequestParser samlXacmlParser = new SAMLXACMLRequestParser();
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2011-07-01 20:29:06 UTC (rev 1055)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/constants/JBossSAMLConstants.java 2011-07-01 20:57:08 UTC (rev 1056)
@@ -32,6 +32,7 @@
ALLOW_CREATE( "AllowCreate" ),
ARTIFACT( "Artifact" ),
ARTIFACT_RESOLVE( "ArtifactResolve" ),
+ ARTIFACT_RESPONSE( "ArtifactResponse" ),
ARTIFACT_RESOLUTION_SERVICE( "ArtifactResolutionService" ),
ASSERTION( "Assertion" ),
ASSERTION_CONSUMER_SERVICE( "AssertionConsumerService" ),
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java 2011-07-01 20:29:06 UTC (rev 1055)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLResponseWriter.java 2011-07-01 20:57:08 UTC (rev 1056)
@@ -37,6 +37,8 @@
import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.EncryptedAssertionType;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType;
import org.picketlink.identity.federation.saml.v2.protocol.StatusCodeType;
@@ -82,6 +84,12 @@
write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get()));
}
+ Element sig = response.getSignature();
+ if (sig != null)
+ {
+ StaxUtil.writeDOMElement(writer, sig);
+ }
+
StatusType status = response.getStatus();
write(status);
@@ -108,6 +116,51 @@
StaxUtil.flush(writer);
}
+ public void write(ArtifactResponseType response) throws ProcessingException
+ {
+ StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.ARTIFACT_RESPONSE.get(),
+ PROTOCOL_NSURI.get());
+
+ StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, PROTOCOL_NSURI.get());
+ StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
+ StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
+
+ writeBaseAttributes(response);
+
+ NameIDType issuer = response.getIssuer();
+ if (issuer != null)
+ {
+ write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get()));
+ }
+
+ Element sig = response.getSignature();
+ if (sig != null)
+ {
+ StaxUtil.writeDOMElement(writer, sig);
+ }
+
+ StatusType status = response.getStatus();
+ if (status != null)
+ {
+ write(status);
+ }
+ Object anyObj = response.getAny();
+ if (anyObj instanceof AuthnRequestType)
+ {
+ AuthnRequestType authn = (AuthnRequestType) anyObj;
+ SAMLRequestWriter requestWriter = new SAMLRequestWriter(writer);
+ requestWriter.write(authn);
+ }
+ else if (anyObj instanceof ResponseType)
+ {
+ ResponseType rt = (ResponseType) anyObj;
+ write(rt);
+ }
+
+ StaxUtil.writeEndElement(writer);
+ StaxUtil.flush(writer);
+ }
+
/**
* Write a {@code StatusResponseType}
* @param response
Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResponseParserTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResponseParserTestCase.java (rev 0)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResponseParserTestCase.java 2011-07-01 20:57:08 UTC (rev 1056)
@@ -0,0 +1,117 @@
+/*
+ * JBoss, Home of Professional Open Source.
+ * Copyright 2008, Red Hat Middleware LLC, and individual contributors
+ * as indicated by the @author tags. See the copyright.txt file in the
+ * distribution for a full listing of individual contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU Lesser General Public License as
+ * published by the Free Software Foundation; either version 2.1 of
+ * the License, or (at your option) any later version.
+ *
+ * This software is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * Lesser General Public License for more details.
+ *
+ * You should have received a copy of the GNU Lesser General Public
+ * License along with this software; if not, write to the Free
+ * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
+ * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ */
+package org.picketlink.test.identity.federation.core.parser.saml;
+
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.InputStream;
+
+import org.junit.Test;
+import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
+import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
+import org.w3c.dom.Document;
+
+/**
+ * Unit test the parsing of {@link ArtifactResponseType}
+ * @author Anil.Saldhana(a)redhat.com
+ * @since Jul 1, 2011
+ */
+public class SAMLArtifactResponseParserTestCase
+{
+ @Test
+ public void testSAMLArtifactResponseWithAuthnRequestParse() throws Exception
+ {
+ String file = "parser/saml2/saml2-artifact-response-authnrequest.xml";
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream(file);
+
+ JAXPValidationUtil.validate(configStream);
+ configStream = tcl.getResourceAsStream(file);
+
+ SAMLParser parser = new SAMLParser();
+ ArtifactResponseType artifactResponse = (ArtifactResponseType) parser.parse(configStream);
+ assertNotNull("ArtifactResponseType is not null", artifactResponse);
+
+ assertEquals("ID_d84a49e5958803dedcff4c984c2b0d95", artifactResponse.getID());
+ assertEquals(XMLTimeUtil.parse("2004-12-05T09:21:59Z"), artifactResponse.getIssueInstant());
+ assertEquals("ID_cce4ee769ed970b501d680f697989d14", artifactResponse.getInResponseTo());
+ assertTrue(artifactResponse.getAny() instanceof AuthnRequestType);
+
+ StatusType status = artifactResponse.getStatus();
+ assertNotNull(status);
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Success", status.getStatusCode().getValue().toString());
+
+ //Try out writing
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(artifactResponse);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ Document doc = DocumentUtil.getDocument(bis); //throws exceptions
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+
+ @Test
+ public void testSAMLArtifactResponseWithResponseParse() throws Exception
+ {
+ String file = "parser/saml2/saml2-artifact-response-response.xml";
+ ClassLoader tcl = Thread.currentThread().getContextClassLoader();
+ InputStream configStream = tcl.getResourceAsStream(file);
+
+ JAXPValidationUtil.validate(configStream);
+ configStream = tcl.getResourceAsStream(file);
+
+ SAMLParser parser = new SAMLParser();
+ ArtifactResponseType artifactResponse = (ArtifactResponseType) parser.parse(configStream);
+ assertNotNull("ArtifactResponseType is not null", artifactResponse);
+
+ assertEquals("ID_d84a49e5958803dedcff4c984c2b0d95", artifactResponse.getID());
+ assertEquals(XMLTimeUtil.parse("2004-12-05T09:21:59Z"), artifactResponse.getIssueInstant());
+ assertEquals("ID_cce4ee769ed970b501d680f697989d14", artifactResponse.getInResponseTo());
+ assertTrue(artifactResponse.getAny() instanceof ResponseType);
+
+ StatusType status = artifactResponse.getStatus();
+ assertNotNull(status);
+ assertEquals("urn:oasis:names:tc:SAML:2.0:status:Success", status.getStatusCode().getValue().toString());
+
+ //Try out writing
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLResponseWriter writer = new SAMLResponseWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(artifactResponse);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ Document doc = DocumentUtil.getDocument(bis); //throws exceptions
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
+ }
+}
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-authnrequest.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-authnrequest.xml (rev 0)
+++ federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-authnrequest.xml 2011-07-01 20:57:08 UTC (rev 1056)
@@ -0,0 +1,57 @@
+<samlp:ArtifactResponse
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ ID="ID_d84a49e5958803dedcff4c984c2b0d95"
+ InResponseTo="ID_cce4ee769ed970b501d680f697989d14"
+ Version="2.0"
+ IssueInstant="2004-12-05T09:21:59Z">
+ <ds:Signature xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
+ <ds:SignedInfo>
+ <ds:CanonicalizationMethod
+ Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmlds#rsa-sha1" />
+ <ds:Reference URI="#ID_ab0392ef-b557-4453-95a8-a7e168da8ac5">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmlds#enveloped-signature" />
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmlds#sha1" />
+ <ds:DigestValue>0Y9QM5c5qCShz5UWmbFzBmbuTus=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>
+ se/flQ2htUQ0IUYieVkXNn9cfjnfgv6H99nFarsTNTpRI9xuSlw5OTai/2PYdZI2Va9+QzzBf99m
+ VFyigfFdfrqug6aKFhF0lsujzlFfPfmXBbDRiTFX+4SkBeV71uuy7rOUI/jRiitEA0QrKqs0e/pV
+ +C8PoaariisK96Mtt7A=
+ </ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:KeyValue>
+ <ds:RSAKeyValue>
+ <ds:Modulus>
+ suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1
+ dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJwspqVnMuRK19ju2dxpKw
+ lYGGtrP5VQv00dfNPbs=
+ </ds:Modulus>
+ <ds:Exponent>AQAB</ds:Exponent>
+ </ds:RSAKeyValue>
+ </ds:KeyValue>
+ </ds:KeyInfo>
+ </ds:Signature>
+ <samlp:Status>
+ <samlp:StatusCode
+ Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+ </samlp:Status>
+ <samlp:AuthnRequest
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ ID="_306f8ec5b618f361c70b6ffb1480eade"
+ Version="2.0"
+ IssueInstant="2004-12-05T09:21:59Z"
+ Destination="https://idp.example.org/SAML2/SSO/Artifact"
+ ProtocolBinding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Artifact"
+ AssertionConsumerServiceURL="https://sp.example.com/SAML2/SSO/Artifact">
+ <saml:Issuer>https://sp.example.com/SAML2</saml:Issuer>
+ <samlp:NameIDPolicy
+ AllowCreate="false"
+ Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"/>
+ </samlp:AuthnRequest>
+ </samlp:ArtifactResponse>
\ No newline at end of file
Added: federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-response.xml
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-response.xml (rev 0)
+++ federation/trunk/picketlink-fed-core/src/test/resources/parser/saml2/saml2-artifact-response-response.xml 2011-07-01 20:57:08 UTC (rev 1056)
@@ -0,0 +1,95 @@
+<samlp:ArtifactResponse
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ ID="ID_d84a49e5958803dedcff4c984c2b0d95"
+ InResponseTo="ID_cce4ee769ed970b501d680f697989d14"
+ Version="2.0"
+ IssueInstant="2004-12-05T09:21:59Z">
+ <ds:Signature
+ xmlns:ds="http://www.w3.org/2000/09/xmldsig#"><ds:SignedInfo>
+ <ds:CanonicalizationMethod
+ Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#WithComments" />
+ <ds:SignatureMethod Algorithm="http://www.w3.org/2000/09/xmlds#rsa-sha1" />
+ <ds:Reference URI="#ID_ab0392ef-b557-4453-95a8-a7e168da8ac5">
+ <ds:Transforms>
+ <ds:Transform Algorithm="http://www.w3.org/2000/09/xmlds#enveloped-signature" />
+ <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#" />
+ </ds:Transforms>
+ <ds:DigestMethod Algorithm="http://www.w3.org/2000/09/xmlds#sha1" />
+ <ds:DigestValue>0Y9QM5c5qCShz5UWmbFzBmbuTus=</ds:DigestValue>
+ </ds:Reference>
+ </ds:SignedInfo>
+ <ds:SignatureValue>
+ se/flQ2htUQ0IUYieVkXNn9cfjnfgv6H99nFarsTNTpRI9xuSlw5OTai/2PYdZI2Va9+QzzBf99m
+ VFyigfFdfrqug6aKFhF0lsujzlFfPfmXBbDRiTFX+4SkBeV71uuy7rOUI/jRiitEA0QrKqs0e/pV
+ +C8PoaariisK96Mtt7A=
+ </ds:SignatureValue>
+ <ds:KeyInfo>
+ <ds:KeyValue>
+ <ds:RSAKeyValue>
+ <ds:Modulus>
+ suGIyhVTbFvDwZdx8Av62zmP+aGOlsBN8WUE3eEEcDtOIZgO78SImMQGwB2C0eIVMhiLRzVPqoW1
+ dCPAveTm653zHOmubaps1fY0lLJDSZbTbhjeYhoQmmaBro/tDpVw5lKJwspqVnMuRK19ju2dxpKw
+ lYGGtrP5VQv00dfNPbs=
+ </ds:Modulus>
+ <ds:Exponent>AQAB</ds:Exponent>
+ </ds:RSAKeyValue>
+ </ds:KeyValue>
+ </ds:KeyInfo>
+ </ds:Signature>
+ <samlp:Status>
+ <samlp:StatusCode
+ Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+ </samlp:Status>
+
+ <samlp:Response
+ xmlns:samlp="urn:oasis:names:tc:SAML:2.0:protocol"
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ ID="identifier_6"
+ InResponseTo="identifier_3"
+ Version="2.0"
+ IssueInstant="2004-12-05T09:22:05Z"
+ Destination="https://sp.example.com/SAML2/SSO/Artifact">
+ <saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
+
+ <samlp:Status>
+ <samlp:StatusCode
+ Value="urn:oasis:names:tc:SAML:2.0:status:Success"/>
+ </samlp:Status>
+ <saml:Assertion
+ xmlns:saml="urn:oasis:names:tc:SAML:2.0:assertion"
+ ID="identifier_7"
+ Version="2.0"
+ IssueInstant="2004-12-05T09:22:05Z">
+ <saml:Issuer>https://idp.example.org/SAML2</saml:Issuer>
+ <saml:Subject>
+ <saml:NameID
+ Format="urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress">
+ user(a)mail.example.org
+ </saml:NameID>
+ <saml:SubjectConfirmation
+ Method="urn:oasis:names:tc:SAML:2.0:cm:bearer">
+ <saml:SubjectConfirmationData
+ InResponseTo="identifier_3"
+ Recipient="https://sp.example.com/SAML2/SSO/Artifact"
+ NotOnOrAfter="2004-12-05T09:27:05Z"/>
+ </saml:SubjectConfirmation>
+ </saml:Subject>
+ <saml:Conditions
+ NotBefore="2004-12-05T09:17:05Z"
+ NotOnOrAfter="2004-12-05T09:27:05Z">
+ <saml:AudienceRestriction>
+ <saml:Audience>https://sp.example.com/SAML2</saml:Audience>
+ </saml:AudienceRestriction>
+ </saml:Conditions>
+ <saml:AuthnStatement
+ AuthnInstant="2004-12-05T09:22:00Z"
+ SessionIndex="identifier_7">
+ <saml:AuthnContext>
+ <saml:AuthnContextClassRef>
+ urn:oasis:names:tc:SAML:2.0:ac:classes:PasswordProtectedTransport
+ </saml:AuthnContextClassRef>
+ </saml:AuthnContext>
+ </saml:AuthnStatement>
+ </saml:Assertion>
+ </samlp:Response>
+ </samlp:ArtifactResponse>
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/protocol/ArtifactResponseType.java
===================================================================
--- federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/protocol/ArtifactResponseType.java 2011-07-01 20:29:06 UTC (rev 1055)
+++ federation/trunk/picketlink-fed-model/src/main/java/org/picketlink/identity/federation/saml/v2/protocol/ArtifactResponseType.java 2011-07-01 20:57:08 UTC (rev 1056)
@@ -55,6 +55,11 @@
super(id, issueInstant);
}
+ public ArtifactResponseType(StatusResponseType srt)
+ {
+ super(srt);
+ }
+
/**
* Gets the value of the any property.
*
13 years, 5 months
- 1
- 0
Picketlink SVN: r1055 - in federation/trunk/picketlink-fed-core/src: test/java/org/picketlink/test/identity/federation/core/parser/saml and 1 other directory.
by picketlink-commits@lists.jboss.org
Author: anil.saldhana(a)jboss.com
Date: 2011-07-01 16:29:06 -0400 (Fri, 01 Jul 2011)
New Revision: 1055
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParserTestCase.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java
Log:
PLFED-116: saml artifact resolve writing
Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java 2011-07-01 20:00:05 UTC (rev 1054)
+++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLRequestWriter.java 2011-07-01 20:29:06 UTC (rev 1055)
@@ -44,11 +44,13 @@
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
+import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResolveType;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.LogoutRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.NameIDPolicyType;
import org.picketlink.identity.federation.saml.v2.protocol.XACMLAuthzDecisionQueryType;
import org.w3c.dom.Document;
+import org.w3c.dom.Element;
/**
* Writes a SAML2 Request Type to Stream
@@ -134,6 +136,13 @@
{
write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get()));
}
+
+ Element sig = request.getSignature();
+ if (sig != null)
+ {
+ StaxUtil.writeDOMElement(writer, sig);
+ }
+
NameIDPolicyType nameIDPolicy = request.getNameIDPolicy();
if (nameIDPolicy != null)
write(nameIDPolicy);
@@ -217,6 +226,47 @@
StaxUtil.flush(writer);
}
+ public void write(ArtifactResolveType request) throws ProcessingException
+ {
+ StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.ARTIFACT_RESOLVE.get(),
+ PROTOCOL_NSURI.get());
+ StaxUtil.writeNameSpace(writer, PROTOCOL_PREFIX, PROTOCOL_NSURI.get());
+ StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
+
+ //Attributes
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), request.getID());
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(), request.getVersion());
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(), request.getIssueInstant().toString());
+
+ URI destination = request.getDestination();
+ if (destination != null)
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.DESTINATION.get(), destination.toASCIIString());
+
+ String consent = request.getConsent();
+ if (StringUtil.isNotNull(consent))
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.CONSENT.get(), consent);
+
+ NameIDType issuer = request.getIssuer();
+ if (issuer != null)
+ {
+ write(issuer, new QName(ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get()));
+ }
+ Element sig = request.getSignature();
+ if (sig != null)
+ {
+ StaxUtil.writeDOMElement(writer, sig);
+ }
+ String artifact = request.getArtifact();
+ if (StringUtil.isNotNull(artifact))
+ {
+ StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.ARTIFACT.get(), PROTOCOL_NSURI.get());
+ StaxUtil.writeCharacters(writer, artifact);
+ StaxUtil.writeEndElement(writer);
+ }
+ StaxUtil.writeEndElement(writer);
+ StaxUtil.flush(writer);
+ }
+
public void write(XACMLAuthzDecisionQueryType xacmlQuery) throws ProcessingException
{
StaxUtil.writeStartElement(writer, PROTOCOL_PREFIX, JBossSAMLConstants.REQUEST_ABSTRACT.get(),
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParserTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParserTestCase.java 2011-07-01 20:00:05 UTC (rev 1054)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLArtifactResolveParserTestCase.java 2011-07-01 20:29:06 UTC (rev 1055)
@@ -24,13 +24,19 @@
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotNull;
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import org.junit.Test;
import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter;
import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
+import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.saml.v2.protocol.ArtifactResolveType;
+import org.w3c.dom.Document;
/**
* Unit test the parsing of {@link ArtifactResolveType}
@@ -57,5 +63,14 @@
assertEquals("https://sp.example.com/SAML2/ArtifactResolution", artifactResolve.getDestination().toString());
assertEquals("https://idp.example.org/SAML2", artifactResolve.getIssuer().getValue());
assertEquals("AAQAAMh48/1oXIM+sDo7Dh2qMp1HM4IF5DaRNmDj6RdUmllwn9jJHyEgIi8=", artifactResolve.getArtifact());
+
+ //Try out writing
+ ByteArrayOutputStream baos = new ByteArrayOutputStream();
+ SAMLRequestWriter writer = new SAMLRequestWriter(StaxUtil.getXMLStreamWriter(baos));
+ writer.write(artifactResolve);
+
+ ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
+ Document doc = DocumentUtil.getDocument(bis); //throws exceptions
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
}
}
\ No newline at end of file
Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java
===================================================================
--- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java 2011-07-01 20:00:05 UTC (rev 1054)
+++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/saml/SAMLAuthnRequestParserTestCase.java 2011-07-01 20:29:06 UTC (rev 1055)
@@ -33,9 +33,11 @@
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
import org.picketlink.identity.federation.saml.v2.protocol.NameIDPolicyType;
+import org.w3c.dom.Document;
/**
* Validate the SAML2 AuthnRequest parse
@@ -78,6 +80,7 @@
writer.write(authnRequest);
ByteArrayInputStream bis = new ByteArrayInputStream(baos.toByteArray());
- DocumentUtil.getDocument(bis); //throws exceptions
+ Document doc = DocumentUtil.getDocument(bis); //throws exceptions
+ JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(doc));
}
}
\ No newline at end of file
13 years, 5 months
- 1
- 0