Picketlink SVN: r585 - in federation/trunk: picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers and 3 other directories.
7:55 p.m.
Author: sguilhen(a)redhat.com
Date: 2010-12-03 20:55:23 -0500 (Fri, 03 Dec 2010)
New Revision: 585
Added:
federation/trunk/picketlink-xmlsec-model/src/main/java/org/picketlink/identity/xmlsec/w3/xmldsig/X509CertificateType.java
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java
Log:
Fixed PicketLink STS related test cases
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java 2010-12-01
15:44:48 UTC (rev 584)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLStatusResponseTypeParser.java 2010-12-04
01:55:23 UTC (rev 585)
@@ -131,6 +131,11 @@
subStatusCodeType.setValue( NetworkUtil.createURI(
StaxParserUtil.getAttributeValue( subValueAttr )));
}
statusCode.setStatusCode( subStatusCodeType );
+
+ // Go to Status code end element.
+ EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
+ StaxParserUtil.validate(endElement,
JBossSAMLConstants.STATUS_CODE.get());
+ continue;
}
else
break;
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java 2010-12-01
15:44:48 UTC (rev 584)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/saml/SAMLSubjectParser.java 2010-12-04
01:55:23 UTC (rev 585)
@@ -1,27 +1,22 @@
/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and
individual contributors as
+ * indicated by the @author tags. See the copyright.txt file in the distribution for a
full listing of individual
+ * contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the terms of the
GNU Lesser General Public
+ * License as published by the Free Software Foundation; either version 2.1 of the
License, or (at your option) any
+ * later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License along with
this software; if not, write to
+ * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
USA, or see the FSF site:
+ * http://www.fsf.org.
*/
package org.picketlink.identity.federation.core.parsers.saml;
-import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import javax.xml.stream.XMLEventReader;
import javax.xml.stream.events.Attribute;
@@ -43,204 +38,286 @@
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType;
import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType.STSubType;
import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.KeyValueType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.RSAKeyValueType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType;
import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
/**
* Parse the saml subject
+ *
* @author Anil.Saldhana(a)redhat.com
* @since Oct 12, 2010
*/
public class SAMLSubjectParser implements ParserNamespaceSupport
-{
+{
/**
* @see {@link ParserNamespaceSupport#parse(XMLEventReader)}
*/
public Object parse(XMLEventReader xmlEventReader) throws ParsingException
- {
- StaxParserUtil.getNextEvent(xmlEventReader);
+ {
+ StaxParserUtil.getNextEvent(xmlEventReader);
- SubjectType subject = new SubjectType();
+ SubjectType subject = new SubjectType();
- //Peek at the next event
- while( xmlEventReader.hasNext() )
- {
+ // Peek at the next event
+ while (xmlEventReader.hasNext())
+ {
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
- if( xmlEvent instanceof EndElement )
+ if (xmlEvent instanceof EndElement)
{
- EndElement endElement = (EndElement) xmlEvent;
- if( StaxParserUtil.matches(endElement , JBossSAMLConstants.SUBJECT.get() ))
+ EndElement endElement = (EndElement) xmlEvent;
+ if (StaxParserUtil.matches(endElement, JBossSAMLConstants.SUBJECT.get()))
{
endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
- break;
- }
+ break;
+ }
else
- throw new RuntimeException( "Unknown End Element:" +
StaxParserUtil.getEndElementName( endElement ) );
+ throw new RuntimeException("Unknown End Element:" +
StaxParserUtil.getEndElementName(endElement));
}
- StartElement peekedElement = StaxParserUtil.peekNextStartElement(
xmlEventReader );
- if( peekedElement == null )
- break;
+ StartElement peekedElement =
StaxParserUtil.peekNextStartElement(xmlEventReader);
+ if (peekedElement == null)
+ break;
- String tag = StaxParserUtil.getStartElementName( peekedElement );
+ String tag = StaxParserUtil.getStartElementName(peekedElement);
- if( JBossSAMLConstants.NAMEID.get().equalsIgnoreCase( tag ) )
+ if (JBossSAMLConstants.NAMEID.get().equalsIgnoreCase(tag))
{
NameIDType nameID = SAMLParserUtil.parseNameIDType(xmlEventReader);
STSubType subType = new STSubType();
subType.addBaseID(nameID);
- subject.setSubType( subType );
- }
- else if( JBossSAMLConstants.SUBJECT_CONFIRMATION.get().equalsIgnoreCase( tag )
)
+ subject.setSubType(subType);
+ }
+ else if (JBossSAMLConstants.SUBJECT_CONFIRMATION.get().equalsIgnoreCase(tag))
{
- StartElement subjectConfirmationElement = StaxParserUtil.getNextStartElement(
xmlEventReader );
- Attribute method = subjectConfirmationElement.getAttributeByName( new QName(
JBossSAMLConstants.METHOD.get() ));
+ StartElement subjectConfirmationElement =
StaxParserUtil.getNextStartElement(xmlEventReader);
+ Attribute method = subjectConfirmationElement
+ .getAttributeByName(new QName(JBossSAMLConstants.METHOD.get()));
- SubjectConfirmationType subjectConfirmationType = new
SubjectConfirmationType();
+ SubjectConfirmationType subjectConfirmationType = new
SubjectConfirmationType();
- if( method != null )
+ if (method != null)
{
- subjectConfirmationType.setMethod( StaxParserUtil.getAttributeValue(
method ) );
- }
-
- //There may be additional things under subject confirmation
+
subjectConfirmationType.setMethod(StaxParserUtil.getAttributeValue(method));
+ }
+
+ // There may be additional things under subject confirmation
xmlEvent = StaxParserUtil.peek(xmlEventReader);
- if( xmlEvent instanceof StartElement )
+ if (xmlEvent instanceof StartElement)
{
StartElement startElement = (StartElement) xmlEvent;
String startTag = StaxParserUtil.getStartElementName(startElement);
-
- if( startTag.equals( JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get()
))
+
+ if (startTag.equals(JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get()))
{
SubjectConfirmationDataType subjectConfirmationData =
parseSubjectConfirmationData(xmlEventReader);
- subjectConfirmationType.setSubjectConfirmationData(
subjectConfirmationData );
+
subjectConfirmationType.setSubjectConfirmationData(subjectConfirmationData);
}
}
subject.addConfirmation(subjectConfirmationType);
- //Get the end tag
+ // Get the end tag
EndElement endElement = (EndElement)
StaxParserUtil.getNextEvent(xmlEventReader);
- StaxParserUtil.matches(endElement,
JBossSAMLConstants.SUBJECT_CONFIRMATION.get() );
- }
- else throw new RuntimeException( "Unknown tag:" + tag );
- }
+ StaxParserUtil.matches(endElement,
JBossSAMLConstants.SUBJECT_CONFIRMATION.get());
+ }
+ else
+ throw new RuntimeException("Unknown tag:" + tag);
+ }
return subject;
}
/**
* @see {@link ParserNamespaceSupport#supports(QName)}
*/
- public boolean supports( QName qname )
- {
+ public boolean supports(QName qname)
+ {
String nsURI = qname.getNamespaceURI();
String localPart = qname.getLocalPart();
-
- return nsURI.equals( JBossSAMLURIConstants.ASSERTION_NSURI.get() )
- && localPart.equals( JBossSAMLConstants.SUBJECT.get() );
+
+ return nsURI.equals(JBossSAMLURIConstants.ASSERTION_NSURI.get())
+ && localPart.equals(JBossSAMLConstants.SUBJECT.get());
}
-
- private SubjectConfirmationDataType parseSubjectConfirmationData( XMLEventReader
xmlEventReader ) throws ParsingException
+
+ private SubjectConfirmationDataType parseSubjectConfirmationData(XMLEventReader
xmlEventReader)
+ throws ParsingException
{
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
- StaxParserUtil.validate(startElement,
JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get() );
-
+ StaxParserUtil.validate(startElement,
JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get());
+
SubjectConfirmationDataType subjectConfirmationData = new
SubjectConfirmationDataType();
-
- Attribute inResponseTo = startElement.getAttributeByName( new QName(
JBossSAMLConstants.IN_RESPONSE_TO.get() ));
- if( inResponseTo != null )
+
+ Attribute inResponseTo = startElement.getAttributeByName(new
QName(JBossSAMLConstants.IN_RESPONSE_TO.get()));
+ if (inResponseTo != null)
{
- subjectConfirmationData.setInResponseTo( StaxParserUtil.getAttributeValue(
inResponseTo ));
- }
-
- Attribute notBefore = startElement.getAttributeByName( new QName(
JBossSAMLConstants.NOT_BEFORE.get() ));
- if( notBefore != null )
+
subjectConfirmationData.setInResponseTo(StaxParserUtil.getAttributeValue(inResponseTo));
+ }
+
+ Attribute notBefore = startElement.getAttributeByName(new
QName(JBossSAMLConstants.NOT_BEFORE.get()));
+ if (notBefore != null)
{
- subjectConfirmationData.setNotBefore( XMLTimeUtil.parse(
StaxParserUtil.getAttributeValue( notBefore )));
+
subjectConfirmationData.setNotBefore(XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(notBefore)));
}
-
- Attribute notOnOrAfter = startElement.getAttributeByName( new QName(
JBossSAMLConstants.NOT_ON_OR_AFTER.get() ));
- if( notOnOrAfter != null )
+
+ Attribute notOnOrAfter = startElement.getAttributeByName(new
QName(JBossSAMLConstants.NOT_ON_OR_AFTER.get()));
+ if (notOnOrAfter != null)
{
- subjectConfirmationData.setNotOnOrAfter( XMLTimeUtil.parse(
StaxParserUtil.getAttributeValue( notOnOrAfter )));
+
subjectConfirmationData.setNotOnOrAfter(XMLTimeUtil.parse(StaxParserUtil.getAttributeValue(notOnOrAfter)));
}
-
- Attribute recipient = startElement.getAttributeByName( new QName(
JBossSAMLConstants.RECIPIENT.get() ));
- if( recipient != null )
+
+ Attribute recipient = startElement.getAttributeByName(new
QName(JBossSAMLConstants.RECIPIENT.get()));
+ if (recipient != null)
{
- subjectConfirmationData.setRecipient( StaxParserUtil.getAttributeValue(
recipient ));
+
subjectConfirmationData.setRecipient(StaxParserUtil.getAttributeValue(recipient));
}
-
- Attribute address = startElement.getAttributeByName( new QName(
JBossSAMLConstants.ADDRESS.get() ));
- if( address != null )
+
+ Attribute address = startElement.getAttributeByName(new
QName(JBossSAMLConstants.ADDRESS.get()));
+ if (address != null)
{
- subjectConfirmationData.setAddress( StaxParserUtil.getAttributeValue( address
));
+ subjectConfirmationData.setAddress(StaxParserUtil.getAttributeValue(address));
}
-
+
XMLEvent xmlEvent = StaxParserUtil.peek(xmlEventReader);
- if( ! ( xmlEvent instanceof EndElement ))
+ if (!(xmlEvent instanceof EndElement))
{
startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
String tag = StaxParserUtil.getStartElementName(startElement);
- if( tag.equals( WSTrustConstants.XMLDSig.KEYINFO ))
+ if (tag.equals(WSTrustConstants.XMLDSig.KEYINFO))
{
- KeyInfoType keyInfo = parseKeyInfo(xmlEventReader);
+ KeyInfoType keyInfo = parseKeyInfo(xmlEventReader);
subjectConfirmationData.setAnyType(keyInfo);
- }
- else if( tag.equals( WSTrustConstants.XMLEnc.ENCRYPTED_KEY ))
+ }
+ else if (tag.equals(WSTrustConstants.XMLEnc.ENCRYPTED_KEY))
{
- subjectConfirmationData.setAnyType(
StaxParserUtil.getDOMElement(xmlEventReader));
+
subjectConfirmationData.setAnyType(StaxParserUtil.getDOMElement(xmlEventReader));
}
else
- throw new RuntimeException( "Handle:" + tag );
+ throw new RuntimeException("Handle:" + tag);
}
- //Get the end tag
+ // Get the end tag
EndElement endElement = (EndElement) StaxParserUtil.getNextEvent(xmlEventReader);
- StaxParserUtil.matches(endElement,
JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get() );
+ StaxParserUtil.matches(endElement,
JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get());
return subjectConfirmationData;
}
-
- private KeyInfoType parseKeyInfo( XMLEventReader xmlEventReader ) throws
ParsingException
+
+ private KeyInfoType parseKeyInfo(XMLEventReader xmlEventReader) throws
ParsingException
{
KeyInfoType keyInfo = new KeyInfoType();
StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
- StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.KEYINFO );
-
+ StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.KEYINFO);
+
XMLEvent xmlEvent = null;
String tag = null;
-
- while( xmlEventReader.hasNext() )
+
+ while (xmlEventReader.hasNext())
{
xmlEvent = StaxParserUtil.peek(xmlEventReader);
- if( xmlEvent instanceof EndElement )
+ if (xmlEvent instanceof EndElement)
{
- tag = StaxParserUtil.getEndElementName( (EndElement) xmlEvent );
- if( tag.equals( WSTrustConstants.XMLDSig.KEYINFO ))
+ tag = StaxParserUtil.getEndElementName((EndElement) xmlEvent);
+ if (tag.equals(WSTrustConstants.XMLDSig.KEYINFO))
{
xmlEvent = StaxParserUtil.getNextEndElement(xmlEventReader);
break;
}
else
- throw new RuntimeException( "unknown end element:" + tag );
+ throw new RuntimeException("unknown end element:" + tag);
}
startElement = (StartElement) xmlEvent;
tag = StaxParserUtil.getStartElementName(startElement);
- if( tag.equals( WSTrustConstants.XMLDSig.X509DATA ))
+ if (tag.equals(WSTrustConstants.XMLEnc.ENCRYPTED_KEY))
{
+ keyInfo.getContent().add(StaxParserUtil.getDOMElement(xmlEventReader));
+ }
+ else if (tag.equals(WSTrustConstants.XMLDSig.X509DATA))
+ {
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
X509DataType x509 = new X509DataType();
- //Let us go for the X509 certificate
+
+ // Let us go for the X509 certificate
startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
- StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.X509CERT );
+ StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.X509CERT);
+ X509CertificateType cert = new X509CertificateType();
String certValue = StaxParserUtil.getElementText(xmlEventReader);
- QName qname = new QName( WSTrustConstants.DSIG_NS,
WSTrustConstants.XMLDSig.X509CERT, WSTrustConstants.XMLDSig.DSIG_PREFIX );
- JAXBElement<?> cert = new JAXBElement<byte[]>( qname,
byte[].class, certValue.getBytes() );
- x509.getX509IssuerSerialOrX509SKIOrX509SubjectName().add( cert );
+ cert.setEncodedCertificate(certValue.getBytes());
+ x509.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(cert);
+
EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
- StaxParserUtil.validate(endElement, WSTrustConstants.XMLDSig.X509DATA );
+ StaxParserUtil.validate(endElement, WSTrustConstants.XMLDSig.X509DATA);
+ keyInfo.getContent().add(x509);
}
- }
+ else if (tag.equals(WSTrustConstants.XMLDSig.KEYVALUE))
+ {
+ startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ KeyValueType keyValue = new KeyValueType();
+
+ startElement = StaxParserUtil.peekNextStartElement(xmlEventReader);
+ tag = StaxParserUtil.getStartElementName(startElement);
+ if (tag.equals(WSTrustConstants.XMLDSig.RSA_KEYVALUE))
+ {
+ keyValue.getContent().add(this.parseRSAKeyValue(xmlEventReader));
+ }
+ else if (tag.equals(WSTrustConstants.XMLDSig.DSA_KEYVALUE))
+ {
+ // TODO: parse the DSA key contents.
+ }
+ else
+ throw new ParsingException("Unknown element: " + tag);
+
+ EndElement endElement = StaxParserUtil.getNextEndElement(xmlEventReader);
+ StaxParserUtil.validate(endElement, WSTrustConstants.XMLDSig.KEYVALUE);
+
+ keyInfo.getContent().add(keyValue);
+ }
+ }
return keyInfo;
- }
+ }
+
+ private RSAKeyValueType parseRSAKeyValue(XMLEventReader xmlEventReader) throws
ParsingException
+ {
+ StartElement startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ StaxParserUtil.validate(startElement, WSTrustConstants.XMLDSig.RSA_KEYVALUE);
+
+ XMLEvent xmlEvent = null;
+ String tag = null;
+
+ RSAKeyValueType rsaKeyValue = new RSAKeyValueType();
+
+ while (xmlEventReader.hasNext())
+ {
+ xmlEvent = StaxParserUtil.peek(xmlEventReader);
+ if (xmlEvent instanceof EndElement)
+ {
+ tag = StaxParserUtil.getEndElementName((EndElement) xmlEvent);
+ if (tag.equals(WSTrustConstants.XMLDSig.RSA_KEYVALUE))
+ {
+ xmlEvent = StaxParserUtil.getNextEndElement(xmlEventReader);
+ break;
+ }
+ else
+ throw new RuntimeException("unknown end element:" + tag);
+ }
+
+ startElement = (StartElement) xmlEvent;
+ tag = StaxParserUtil.getStartElementName(startElement);
+ if (tag.equals(WSTrustConstants.XMLDSig.MODULUS))
+ {
+ startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ String text = StaxParserUtil.getElementText(xmlEventReader);
+ rsaKeyValue.setModulus(text.getBytes());
+ }
+ else if (tag.equals(WSTrustConstants.XMLDSig.EXPONENT))
+ {
+ startElement = StaxParserUtil.getNextStartElement(xmlEventReader);
+ String text = StaxParserUtil.getElementText(xmlEventReader);
+ rsaKeyValue.setExponent(text.getBytes());
+ }
+ else
+ throw new ParsingException("Unknown element: " + tag);
+ }
+ return rsaKeyValue;
+ }
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java 2010-12-01
15:44:48 UTC (rev 584)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/writers/SAMLAssertionWriter.java 2010-12-04
01:55:23 UTC (rev 585)
@@ -1,23 +1,19 @@
/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2008, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ * JBoss, Home of Professional Open Source. Copyright 2008, Red Hat Middleware LLC, and
individual contributors as
+ * indicated by the @author tags. See the copyright.txt file in the distribution for a
full listing of individual
+ * contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the terms of the
GNU Lesser General Public
+ * License as published by the Free Software Foundation; either version 2.1 of the
License, or (at your option) any
+ * later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License along with
this software; if not, write to
+ * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
USA, or see the FSF site:
+ * http://www.fsf.org.
*/
package org.picketlink.identity.federation.core.saml.v2.writers;
@@ -39,6 +35,7 @@
import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLURIConstants;
import org.picketlink.identity.federation.core.util.StaxUtil;
import org.picketlink.identity.federation.core.util.StringUtil;
+import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AdviceType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.AssertionType;
import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.AttributeStatementType;
@@ -64,10 +61,13 @@
import
org.picketlink.identity.federation.newmodel.saml.v2.assertion.SubjectType.STSubType;
import org.picketlink.identity.federation.newmodel.saml.v2.assertion.URIType;
import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
import org.w3c.dom.Element;
/**
* Write the SAML Assertion to stream
+ *
* @author Anil.Saldhana(a)redhat.com
* @since Nov 2, 2010
*/
@@ -77,416 +77,457 @@
{
super(writer);
}
-
+
/**
* Write an {@code AssertionType} to stream
+ *
* @param assertion
* @param out
* @throws ProcessingException
*/
- public void write( AssertionType assertion ) throws ProcessingException
+ public void write(AssertionType assertion) throws ProcessingException
{
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.ASSERTION.get() , ASSERTION_NSURI.get() );
- StaxUtil.writeNameSpace( writer, ASSERTION_PREFIX, ASSERTION_NSURI.get() );
- StaxUtil.writeDefaultNameSpace( writer, ASSERTION_NSURI.get() );
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.ASSERTION.get(), ASSERTION_NSURI.get());
+ StaxUtil.writeNameSpace(writer, ASSERTION_PREFIX, ASSERTION_NSURI.get());
+ StaxUtil.writeDefaultNameSpace(writer, ASSERTION_NSURI.get());
- //Attributes
- StaxUtil.writeAttribute( writer, JBossSAMLConstants.ID.get(), assertion.getID() );
- StaxUtil.writeAttribute( writer, JBossSAMLConstants.VERSION.get(),
assertion.getVersion() );
- StaxUtil.writeAttribute( writer, JBossSAMLConstants.ISSUE_INSTANT.get(),
assertion.getIssueInstant().toString() );
+ // Attributes
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.ID.get(), assertion.getID());
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.VERSION.get(),
assertion.getVersion());
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.ISSUE_INSTANT.get(),
assertion.getIssueInstant().toString());
NameIDType issuer = assertion.getIssuer();
- if( issuer != null )
- write( issuer, new QName( ASSERTION_NSURI.get(), JBossSAMLConstants.ISSUER.get()
) );
-
+ if (issuer != null)
+ write(issuer, new QName(ASSERTION_NSURI.get(),
JBossSAMLConstants.ISSUER.get()));
+
SubjectType subject = assertion.getSubject();
- if( subject != null )
+ if (subject != null)
{
write(subject);
}
-
+
ConditionsType conditions = assertion.getConditions();
- if( conditions != null )
+ if (conditions != null)
{
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.CONDITIONS.get() , ASSERTION_NSURI.get() );
-
- StaxUtil.writeAttribute( writer, JBossSAMLConstants.NOT_BEFORE.get(),
conditions.getNotBefore().toString() );
- StaxUtil.writeAttribute( writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(),
conditions.getNotOnOrAfter().toString() );
-
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.CONDITIONS.get(), ASSERTION_NSURI
+ .get());
+
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(),
conditions.getNotBefore().toString());
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(),
conditions.getNotOnOrAfter()
+ .toString());
+
List<ConditionAbstractType> typeOfConditions =
conditions.getConditions();
- if( typeOfConditions != null )
+ if (typeOfConditions != null)
{
- for( ConditionAbstractType typeCondition: typeOfConditions )
+ for (ConditionAbstractType typeCondition : typeOfConditions)
{
- if( typeCondition instanceof AudienceRestrictionType )
+ if (typeCondition instanceof AudienceRestrictionType)
{
AudienceRestrictionType art = (AudienceRestrictionType) typeCondition;
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUDIENCE_RESTRICTION.get() , ASSERTION_NSURI.get() );
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUDIENCE_RESTRICTION.get(),
+ ASSERTION_NSURI.get());
List<URI> audiences = art.getAudience();
- if( audiences != null )
+ if (audiences != null)
{
- for( URI audience: audiences )
+ for (URI audience : audiences)
{
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUDIENCE.get() , ASSERTION_NSURI.get() );
- StaxUtil.writeCharacters(writer, audience.toString() );
- StaxUtil.writeEndElement( writer);
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUDIENCE.get(),
+ ASSERTION_NSURI.get());
+ StaxUtil.writeCharacters(writer, audience.toString());
+ StaxUtil.writeEndElement(writer);
}
}
- StaxUtil.writeEndElement( writer);
+ StaxUtil.writeEndElement(writer);
}
}
}
- StaxUtil.writeEndElement( writer);
+ StaxUtil.writeEndElement(writer);
}
-
+
AdviceType advice = assertion.getAdvice();
- if( advice != null )
- throw new RuntimeException( "Advice needs to be handled" );
-
+ if (advice != null)
+ throw new RuntimeException("Advice needs to be handled");
+
Set<StatementAbstractType> statements = assertion.getStatements();
- if( statements != null )
+ if (statements != null)
{
- for( StatementAbstractType statement: statements )
+ for (StatementAbstractType statement : statements)
{
- if( statement instanceof AuthnStatementType )
+ if (statement instanceof AuthnStatementType)
{
- write( ( AuthnStatementType )statement );
+ write((AuthnStatementType) statement);
}
- else if( statement instanceof AttributeStatementType )
+ else if (statement instanceof AttributeStatementType)
{
- write( ( AttributeStatementType )statement );
+ write((AttributeStatementType) statement);
}
- else
- throw new RuntimeException( "unknown statement type=" +
statement.getClass().getName() );
+ else
+ throw new RuntimeException("unknown statement type=" +
statement.getClass().getName());
}
}
-
- StaxUtil.writeEndElement( writer);
- StaxUtil.flush( writer );
- }
-
+
+ StaxUtil.writeEndElement(writer);
+ StaxUtil.flush(writer);
+ }
+
/**
* Write an {@code StatementAbstractType} to stream
+ *
* @param statement
* @param out
* @throws ProcessingException
*/
- public void write( StatementAbstractType statement ) throws ProcessingException
+ public void write(StatementAbstractType statement) throws ProcessingException
{
- //TODO: handle this section
- throw new RuntimeException( "NYI" );
+ // TODO: handle this section
+ throw new RuntimeException("NYI");
}
-
- public void write( AttributeStatementType statement ) throws ProcessingException
+
+ public void write(AttributeStatementType statement) throws ProcessingException
{
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.ATTRIBUTE_STATEMENT.get() , ASSERTION_NSURI.get() );
-
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.ATTRIBUTE_STATEMENT.get(),
+ ASSERTION_NSURI.get());
+
List<ASTChoiceType> attributes = statement.getAttributes();
- if( attributes != null )
+ if (attributes != null)
{
- for( ASTChoiceType attr : attributes )
+ for (ASTChoiceType attr : attributes)
{
AttributeType attributeType = attr.getAttribute();
- if( attributeType != null )
+ if (attributeType != null)
{
- write( attributeType );
+ write(attributeType);
}
EncryptedElementType encType = attr.getEncryptedAssertion();
- if( encType != null )
- throw new RuntimeException( "unable to write as it is NYI" );
+ if (encType != null)
+ throw new RuntimeException("unable to write as it is NYI");
}
- }
+ }
- StaxUtil.writeEndElement( writer);
- StaxUtil.flush( writer );
+ StaxUtil.writeEndElement(writer);
+ StaxUtil.flush(writer);
}
-
-
+
/**
* Write an {@code AuthnStatementType} to stream
+ *
* @param authnStatement
* @param out
* @throws ProcessingException
*/
- public void write( AuthnStatementType authnStatement ) throws ProcessingException
+ public void write(AuthnStatementType authnStatement) throws ProcessingException
{
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUTHN_STATEMENT.get() , ASSERTION_NSURI.get() );
-
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUTHN_STATEMENT.get(), ASSERTION_NSURI
+ .get());
+
XMLGregorianCalendar authnInstant = authnStatement.getAuthnInstant();
- if( authnInstant != null )
- {
- StaxUtil.writeAttribute( writer, JBossSAMLConstants.AUTHN_INSTANT.get(),
authnInstant.toString() );
+ if (authnInstant != null)
+ {
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.AUTHN_INSTANT.get(),
authnInstant.toString());
}
-
+
AuthnContextType authnContext = authnStatement.getAuthnContext();
- if( authnContext != null )
- write( authnContext );
+ if (authnContext != null)
+ write(authnContext);
- StaxUtil.writeEndElement( writer);
- StaxUtil.flush( writer );
+ StaxUtil.writeEndElement(writer);
+ StaxUtil.flush(writer);
}
-
+
/**
* Write an {@code AuthnContextType} to stream
+ *
* @param authContext
* @param out
* @throws ProcessingException
*/
- public void write( AuthnContextType authContext ) throws ProcessingException
+ public void write(AuthnContextType authContext) throws ProcessingException
{
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUTHN_CONTEXT.get() , ASSERTION_NSURI.get() );
-
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUTHN_CONTEXT.get(), ASSERTION_NSURI
+ .get());
+
AuthnContextTypeSequence sequence = authContext.getSequence();
- if( sequence != null )
+ if (sequence != null)
{
AuthnContextClassRefType authnContextClassRefType = sequence.getClassRef();
- if( authnContextClassRefType != null )
+ if (authnContextClassRefType != null)
{
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUTHN_CONTEXT_CLASS_REF.get() ,
- ASSERTION_NSURI.get() );
- StaxUtil.writeCharacters( writer,
authnContextClassRefType.getValue().toASCIIString() );
- StaxUtil.writeEndElement( writer);
- }
-
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUTHN_CONTEXT_CLASS_REF.get(),
+ ASSERTION_NSURI.get());
+ StaxUtil.writeCharacters(writer,
authnContextClassRefType.getValue().toASCIIString());
+ StaxUtil.writeEndElement(writer);
+ }
+
Set<URIType> uriTypes = sequence.getURIType();
- if( uriTypes != null )
+ if (uriTypes != null)
{
- for( URIType uriType: uriTypes )
+ for (URIType uriType : uriTypes)
{
- if( uriType instanceof AuthnContextDeclType )
+ if (uriType instanceof AuthnContextDeclType)
{
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUTHN_CONTEXT_DECLARATION.get() ,
- ASSERTION_NSURI.get() );
- StaxUtil.writeCharacters( writer, uriType.getValue().toASCIIString()
);
- StaxUtil.writeEndElement( writer);
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUTHN_CONTEXT_DECLARATION
+ .get(), ASSERTION_NSURI.get());
+ StaxUtil.writeCharacters(writer, uriType.getValue().toASCIIString());
+ StaxUtil.writeEndElement(writer);
}
- if( uriType instanceof AuthnContextDeclRefType )
+ if (uriType instanceof AuthnContextDeclRefType)
{
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUTHN_CONTEXT_DECLARATION_REF.get() ,
- ASSERTION_NSURI.get() );
- StaxUtil.writeCharacters( writer, uriType.getValue().toASCIIString()
);
- StaxUtil.writeEndElement( writer);
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUTHN_CONTEXT_DECLARATION_REF
+ .get(), ASSERTION_NSURI.get());
+ StaxUtil.writeCharacters(writer, uriType.getValue().toASCIIString());
+ StaxUtil.writeEndElement(writer);
}
}
- }
+ }
}
-
+
Set<URI> authAuthorities = authContext.getAuthenticatingAuthority();
- if( authAuthorities != null )
+ if (authAuthorities != null)
{
- for( URI aa: authAuthorities )
+ for (URI aa : authAuthorities)
{
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUTHENTICATING_AUTHORITY.get() ,
- ASSERTION_NSURI.get() );
- StaxUtil.writeCharacters( writer, aa.toASCIIString() );
- StaxUtil.writeEndElement( writer);
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.AUTHENTICATING_AUTHORITY.get(),
+ ASSERTION_NSURI.get());
+ StaxUtil.writeCharacters(writer, aa.toASCIIString());
+ StaxUtil.writeEndElement(writer);
}
- }
+ }
- StaxUtil.writeEndElement( writer);
- StaxUtil.flush( writer );
+ StaxUtil.writeEndElement(writer);
+ StaxUtil.flush(writer);
}
-
+
/**
* Write an {@code AttributeType} to stream
+ *
* @param attributeType
* @param out
* @throws ProcessingException
*/
- public void write( AttributeType attributeType ) throws ProcessingException
+ public void write(AttributeType attributeType) throws ProcessingException
{
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.ATTRIBUTE.get() , ASSERTION_NSURI.get() );
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.ATTRIBUTE.get(), ASSERTION_NSURI.get());
String attributeName = attributeType.getName();
- if( attributeName != null )
+ if (attributeName != null)
{
- StaxUtil.writeAttribute( writer, JBossSAMLConstants.NAME.get(), attributeName
);
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.NAME.get(), attributeName);
}
-
+
String friendlyName = attributeType.getFriendlyName();
- if( StringUtil.isNotNull( friendlyName ))
+ if (StringUtil.isNotNull(friendlyName))
{
- StaxUtil.writeAttribute( writer, JBossSAMLConstants.FRIENDLY_NAME.get(),
friendlyName );
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.FRIENDLY_NAME.get(),
friendlyName);
}
-
+
String nameFormat = attributeType.getNameFormat();
- if( StringUtil.isNotNull( nameFormat ))
+ if (StringUtil.isNotNull(nameFormat))
{
- StaxUtil.writeAttribute( writer, JBossSAMLConstants.NAME_FORMAT.get(),
nameFormat );
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.NAME_FORMAT.get(),
nameFormat);
}
-
- //Take care of other attributes such as x500:encoding
+
+ // Take care of other attributes such as x500:encoding
Map<QName, String> otherAttribs = attributeType.getOtherAttributes();
- if( otherAttribs != null )
+ if (otherAttribs != null)
{
List<String> nameSpacesDealt = new ArrayList<String>();
-
+
Iterator<QName> keySet = otherAttribs.keySet().iterator();
- while( keySet != null && keySet.hasNext() )
+ while (keySet != null && keySet.hasNext())
{
QName qname = keySet.next();
String ns = qname.getNamespaceURI();
- if( !nameSpacesDealt.contains( ns ))
+ if (!nameSpacesDealt.contains(ns))
{
- StaxUtil.writeNameSpace(writer, qname.getPrefix(), ns );
- nameSpacesDealt.add( ns );
- }
- String attribValue = otherAttribs.get( qname );
- StaxUtil.writeAttribute(writer, qname, attribValue );
+ StaxUtil.writeNameSpace(writer, qname.getPrefix(), ns);
+ nameSpacesDealt.add(ns);
+ }
+ String attribValue = otherAttribs.get(qname);
+ StaxUtil.writeAttribute(writer, qname, attribValue);
}
}
-
+
List<Object> attributeValues = attributeType.getAttributeValue();
- if( attributeValues != null )
+ if (attributeValues != null)
{
- for( Object attributeValue : attributeValues )
+ for (Object attributeValue : attributeValues)
{
- if( attributeValue instanceof String )
- {
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.ATTRIBUTE_VALUE.get() , ASSERTION_NSURI.get() );
+ if (attributeValue instanceof String)
+ {
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.ATTRIBUTE_VALUE.get(),
+ ASSERTION_NSURI.get());
- StaxUtil.writeNameSpace( writer, "xsi",
JBossSAMLURIConstants.XSI_NSURI.get() );
- StaxUtil.writeNameSpace( writer, "xs",
JBossSAMLURIConstants.XMLSCHEMA_NSURI.get() );
- StaxUtil.writeAttribute( writer, JBossSAMLURIConstants.XSI_NSURI.get(),
"type", "xs:string");
- StaxUtil.writeCharacters(writer, (String) attributeValue );
+ StaxUtil.writeNameSpace(writer, "xsi",
JBossSAMLURIConstants.XSI_NSURI.get());
+ StaxUtil.writeNameSpace(writer, "xs",
JBossSAMLURIConstants.XMLSCHEMA_NSURI.get());
+ StaxUtil.writeAttribute(writer, JBossSAMLURIConstants.XSI_NSURI.get(),
"type", "xs:string");
+ StaxUtil.writeCharacters(writer, (String) attributeValue);
- StaxUtil.writeEndElement( writer);
+ StaxUtil.writeEndElement(writer);
}
- else
- throw new RuntimeException( "Unsupported attribute value:" +
attributeValue.getClass().getName() );
+ else
+ throw new RuntimeException("Unsupported attribute value:" +
attributeValue.getClass().getName());
}
}
- StaxUtil.writeEndElement( writer);
- StaxUtil.flush( writer );
+ StaxUtil.writeEndElement(writer);
+ StaxUtil.flush(writer);
}
-
+
/**
* write an {@code SubjectType} to stream
+ *
* @param subject
* @param out
* @throws ProcessingException
*/
- public void write( SubjectType subject ) throws ProcessingException
+ public void write(SubjectType subject) throws ProcessingException
{
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.SUBJECT.get() , ASSERTION_NSURI.get() );
-
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.SUBJECT.get(), ASSERTION_NSURI.get());
+
STSubType subType = subject.getSubType();
- if( subType != null )
+ if (subType != null)
{
BaseIDAbstractType baseID = subType.getBaseID();
- if( baseID instanceof NameIDType )
+ if (baseID instanceof NameIDType)
{
NameIDType nameIDType = (NameIDType) baseID;
- write( nameIDType, new QName( ASSERTION_NSURI.get(),
JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX) );
+ write(nameIDType, new QName(ASSERTION_NSURI.get(),
JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX));
}
EncryptedElementType enc = subType.getEncryptedID();
- if( enc != null )
- throw new RuntimeException( "NYI" );
+ if (enc != null)
+ throw new RuntimeException("NYI");
List<SubjectConfirmationType> confirmations = subType.getConfirmation();
- if( confirmations != null )
+ if (confirmations != null)
{
- for( SubjectConfirmationType confirmation: confirmations )
+ for (SubjectConfirmationType confirmation : confirmations)
{
- write( confirmation );
+ write(confirmation);
}
}
}
List<SubjectConfirmationType> subjectConfirmations =
subject.getConfirmation();
- if( subjectConfirmations != null )
+ if (subjectConfirmations != null)
{
- for( SubjectConfirmationType subjectConfirmationType : subjectConfirmations )
+ for (SubjectConfirmationType subjectConfirmationType : subjectConfirmations)
{
- write( subjectConfirmationType );
+ write(subjectConfirmationType);
}
}
-
- StaxUtil.writeEndElement( writer);
- StaxUtil.flush( writer );
+ StaxUtil.writeEndElement(writer);
+ StaxUtil.flush(writer);
}
-
- private void write( BaseIDAbstractType baseId ) throws ProcessingException
+
+ private void write(BaseIDAbstractType baseId) throws ProcessingException
{
- throw new RuntimeException( "NYI");
+ throw new RuntimeException("NYI");
}
-
- private void write( SubjectConfirmationType subjectConfirmationType ) throws
ProcessingException
+
+ private void write(SubjectConfirmationType subjectConfirmationType) throws
ProcessingException
{
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.SUBJECT_CONFIRMATION.get(), ASSERTION_NSURI.get() );
-
- StaxUtil.writeAttribute(writer, JBossSAMLConstants.METHOD.get(),
subjectConfirmationType.getMethod() );
-
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.SUBJECT_CONFIRMATION.get(),
+ ASSERTION_NSURI.get());
+
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.METHOD.get(),
subjectConfirmationType.getMethod());
+
BaseIDAbstractType baseID = subjectConfirmationType.getBaseID();
- if( baseID != null )
+ if (baseID != null)
{
- write( baseID );
+ write(baseID);
}
NameIDType nameIDType = subjectConfirmationType.getNameID();
- if( nameIDType != null )
+ if (nameIDType != null)
{
- write( nameIDType, new QName( ASSERTION_NSURI.get(),
JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX) );
+ write(nameIDType, new QName(ASSERTION_NSURI.get(),
JBossSAMLConstants.NAMEID.get(), ASSERTION_PREFIX));
}
SubjectConfirmationDataType subjectConfirmationData =
subjectConfirmationType.getSubjectConfirmationData();
- if( subjectConfirmationData != null )
+ if (subjectConfirmationData != null)
{
- write( subjectConfirmationData );
- }
- StaxUtil.writeEndElement( writer);
+ write(subjectConfirmationData);
+ }
+ StaxUtil.writeEndElement(writer);
}
-
- private void write( SubjectConfirmationDataType subjectConfirmationData ) throws
ProcessingException
+
+ private void write(SubjectConfirmationDataType subjectConfirmationData) throws
ProcessingException
{
- StaxUtil.writeStartElement( writer, ASSERTION_PREFIX,
JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get(), ASSERTION_NSURI.get() );
-
- //Let us look at attributes
+ StaxUtil.writeStartElement(writer, ASSERTION_PREFIX,
JBossSAMLConstants.SUBJECT_CONFIRMATION_DATA.get(),
+ ASSERTION_NSURI.get());
+
+ // Let us look at attributes
String inResponseTo = subjectConfirmationData.getInResponseTo();
- if( StringUtil.isNotNull( inResponseTo ))
+ if (StringUtil.isNotNull(inResponseTo))
{
- StaxUtil.writeAttribute(writer, JBossSAMLConstants.IN_RESPONSE_TO.get(),
inResponseTo );
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.IN_RESPONSE_TO.get(),
inResponseTo);
}
-
+
XMLGregorianCalendar notBefore = subjectConfirmationData.getNotBefore();
- if( notBefore != null )
+ if (notBefore != null)
{
- StaxUtil.writeAttribute(writer,
JBossSAMLConstants.NOT_BEFORE.get(),notBefore.toString() );
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_BEFORE.get(),
notBefore.toString());
}
-
+
XMLGregorianCalendar notOnOrAfter = subjectConfirmationData.getNotOnOrAfter();
- if( notOnOrAfter != null )
+ if (notOnOrAfter != null)
{
- StaxUtil.writeAttribute(writer,
JBossSAMLConstants.NOT_ON_OR_AFTER.get(),notOnOrAfter.toString() );
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.NOT_ON_OR_AFTER.get(),
notOnOrAfter.toString());
}
-
+
String recipient = subjectConfirmationData.getRecipient();
- if( StringUtil.isNotNull( recipient ))
+ if (StringUtil.isNotNull(recipient))
{
- StaxUtil.writeAttribute(writer, JBossSAMLConstants.RECIPIENT.get(), recipient
);
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.RECIPIENT.get(), recipient);
}
-
+
String address = subjectConfirmationData.getAddress();
- if( StringUtil.isNotNull( address ))
+ if (StringUtil.isNotNull(address))
{
- StaxUtil.writeAttribute(writer, JBossSAMLConstants.ADDRESS.get(), address );
+ StaxUtil.writeAttribute(writer, JBossSAMLConstants.ADDRESS.get(), address);
}
-
- Object anyType = subjectConfirmationData.getAnyType();
- if( anyType instanceof KeyInfoConfirmationDataType )
+
+ if (subjectConfirmationData instanceof KeyInfoConfirmationDataType)
{
- KeyInfoConfirmationDataType kicd = (KeyInfoConfirmationDataType) anyType;
- Element keyInfoElement = kicd.getKeyInfo();
- StaxUtil.writeDOMNode(writer, keyInfoElement);
+ KeyInfoConfirmationDataType kicd = (KeyInfoConfirmationDataType)
subjectConfirmationData;
+ KeyInfoType keyInfo = (KeyInfoType) kicd.getAnyType();
+ if (keyInfo.getContent() == null || keyInfo.getContent().size() == 0)
+ throw new ProcessingException("Invalid KeyInfo object: content cannot be
empty");
+ StaxUtil.writeStartElement(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX,
+ WSTrustConstants.XMLDSig.KEYINFO, WSTrustConstants.XMLDSig.DSIG_NS);
+ StaxUtil.writeNameSpace(this.writer, WSTrustConstants.XMLDSig.DSIG_PREFIX,
WSTrustConstants.XMLDSig.DSIG_NS);
+ // write the keyInfo content.
+ Object content = keyInfo.getContent().get(0);
+ if (content instanceof Element)
+ {
+ Element element = (Element) keyInfo.getContent().get(0);
+ StaxUtil.writeDOMNode(this.writer, element);
+ }
+ else if (content instanceof X509DataType)
+ {
+ X509DataType type = (X509DataType) content;
+ if (type.getX509IssuerSerialOrX509SKIOrX509SubjectName().size() == 0)
+ throw new ProcessingException("X509Data cannot be empy");
+ StaxUtil.writeStartElement(this.writer,
WSTrustConstants.XMLDSig.DSIG_PREFIX,
+ WSTrustConstants.XMLDSig.X509DATA, WSTrustConstants.XMLDSig.DSIG_NS);
+ Object obj = type.getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0);
+ if (obj instanceof Element)
+ {
+ Element element = (Element) obj;
+ StaxUtil.writeDOMElement(this.writer, element);
+ }
+ else if (obj instanceof X509CertificateType)
+ {
+ X509CertificateType cert = (X509CertificateType) obj;
+ StaxUtil.writeStartElement(this.writer,
WSTrustConstants.XMLDSig.DSIG_PREFIX,
+ WSTrustConstants.XMLDSig.X509CERT,
WSTrustConstants.XMLDSig.DSIG_NS);
+ StaxUtil.writeCharacters(this.writer, new
String(cert.getEncodedCertificate()));
+ StaxUtil.writeEndElement(this.writer);
+ }
+ StaxUtil.writeEndElement(this.writer);
+ }
+ StaxUtil.writeEndElement(this.writer);
}
- else if( anyType instanceof KeyInfoType )
- {
- KeyInfoType keyInfo = (KeyInfoType) anyType;
- Element el = (Element) keyInfo.getContent().get(0);
- StaxUtil.writeDOMNode(writer, el);
- }
- else throw new RuntimeException( "Need to handle:" + anyType );
- StaxUtil.writeEndElement( writer);
- StaxUtil.flush( writer );
+ StaxUtil.writeEndElement(writer);
+ StaxUtil.flush(writer);
}
}
\ No newline at end of file
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java 2010-12-01
15:44:48 UTC (rev 584)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/StandardRequestHandler.java 2010-12-04
01:55:23 UTC (rev 585)
@@ -233,17 +233,15 @@
{
UseKeyType useKeyType = request.getUseKey();
Object value = useKeyType.getAny();
- if (value instanceof JAXBElement<?> || value instanceof Element)
+ if (value instanceof Element)
{
- String elementName = (value instanceof Element)
- ? ((Element) value).getLocalName()
- : ((JAXBElement<?>) value).getName().getLocalPart();
+ String elementName = ((Element) value).getLocalName();
// if the specified key is a X509 certificate we must insert it into a
X509Data element.
if (elementName.equals("X509Certificate"))
{
X509DataType data = new X509DataType();
data.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(value);
- value = new
org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory().createX509Data(data);
+ value = data;
}
KeyInfoType keyInfo = new KeyInfoType();
keyInfo.getContent().add(value);
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java 2010-12-01
15:44:48 UTC (rev 584)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java 2010-12-04
01:55:23 UTC (rev 585)
@@ -124,6 +124,7 @@
String MODULUS = "Modulus";
String DSIG_PREFIX = "ds";
String RSA_KEYVALUE = "RSAKeyValue";
+ String DSA_KEYVALUE = "DSAKeyValue";
String X509DATA = "X509Data";
String X509CERT = "X509Certificate";
}
Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java 2010-12-01
15:44:48 UTC (rev 584)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustUtil.java 2010-12-04
01:55:23 UTC (rev 585)
@@ -66,6 +66,7 @@
import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
import org.picketlink.identity.xmlsec.w3.xmldsig.KeyValueType;
import org.picketlink.identity.xmlsec.w3.xmldsig.RSAKeyValueType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType;
import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -445,14 +446,14 @@
byte[] encodedCert = certificate.getEncoded();
// first create a X509DataType that contains the encoded certificate.
- org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory factory = new
org.picketlink.identity.xmlsec.w3.xmldsig.ObjectFactory();
- X509DataType dataType = factory.createX509DataType();
- dataType.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(
- factory.createX509DataTypeX509Certificate(encodedCert));
-
+ X509DataType x509 = new X509DataType();
+ X509CertificateType cert = new X509CertificateType();
+ cert.setEncodedCertificate(Base64.encodeBytes(encodedCert).getBytes());
+ x509.getX509IssuerSerialOrX509SKIOrX509SubjectName().add(cert);
+
// set the X509DataType in the KeyInfoType.
keyInfo = new KeyInfoType();
- keyInfo.getContent().add(factory.createX509Data(dataType));
+ keyInfo.getContent().add(x509);
}
catch (Exception e)
{
Modified:
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2010-12-01
15:44:48 UTC (rev 584)
+++
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/PicketLinkSTSUnitTestCase.java 2010-12-04
01:55:23 UTC (rev 585)
@@ -94,6 +94,7 @@
import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
import org.picketlink.identity.xmlsec.w3.xmldsig.KeyValueType;
import org.picketlink.identity.xmlsec.w3.xmldsig.RSAKeyValueType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType;
import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
import org.picketlink.identity.xmlsec.w3.xmlenc.EncryptedKeyType;
import org.w3c.dom.Document;
@@ -305,9 +306,8 @@
// invoke the token service.
Source responseMessage = this.tokenService.invoke(requestMessage);
- InputStream is = DocumentUtil.getSourceAsStream(responseMessage);
- BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse)
new WSTrustParser()
- .parse( is );
+ InputStream is = DocumentUtil.getSourceAsStream(responseMessage);
+ BaseRequestSecurityTokenResponse baseResponse = (BaseRequestSecurityTokenResponse)
new WSTrustParser().parse(is);
// validate the security token response.
this.validateSAMLAssertionResponse(baseResponse, "testcontext",
"jduke", SAMLUtil.SAML2_BEARER_URI);
}
@@ -412,7 +412,7 @@
*
* @throws Exception
* if an error occurs while running the test.
- */
+ */
public void testInvokeSAML20WithSTSGeneratedSymmetricKey() throws Exception
{
// create a simple token request, asking for a SAMLv2.0 token.
@@ -432,7 +432,8 @@
AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse,
"testcontext", "jduke",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
// validate the holder of key contents.
- SubjectConfirmationType subjConfirmation = (SubjectConfirmationType)
assertion.getSubject().getConfirmation().get(0);
+ SubjectConfirmationType subjConfirmation = (SubjectConfirmationType)
assertion.getSubject().getConfirmation()
+ .get(0);
this.validateHolderOfKeyContents(subjConfirmation,
WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false);
// check if the response contains the STS-generated key.
@@ -458,7 +459,7 @@
*
* @throws Exception
* if an error occurs while running the test.
- */
+ */
public void testInvokeSAML20WithCombinedSymmetricKey() throws Exception
{
// create a 64-bit random client secret.
@@ -488,7 +489,8 @@
AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse,
"testcontext", "jduke",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
// validate the holder of key contents.
- SubjectConfirmationType subjConfirmation = (SubjectConfirmationType)
assertion.getSubject().getConfirmation().get(1) ;
+ SubjectConfirmationType subjConfirmation = (SubjectConfirmationType)
assertion.getSubject().getConfirmation()
+ .get(0);
this.validateHolderOfKeyContents(subjConfirmation,
WSTrustConstants.KEY_TYPE_SYMMETRIC, null, false);
RequestSecurityTokenResponseCollection collection =
(RequestSecurityTokenResponseCollection) baseResponse;
@@ -542,7 +544,8 @@
AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse,
"testcontext", "jduke",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
// validate the holder of key contents.
- SubjectConfirmationType subjConfirmation = (SubjectConfirmationType)
assertion.getSubject().getConfirmation().get(0);
+ SubjectConfirmationType subjConfirmation = (SubjectConfirmationType)
assertion.getSubject().getConfirmation()
+ .get(0);
this.validateHolderOfKeyContents(subjConfirmation,
WSTrustConstants.KEY_TYPE_PUBLIC, certificate, false);
}
@@ -579,7 +582,8 @@
AssertionType assertion = this.validateSAMLAssertionResponse(baseResponse,
"testcontext", "jduke",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI);
// validate the holder of key contents.
- SubjectConfirmationType subjConfirmation = (SubjectConfirmationType)
assertion.getSubject().getConfirmation().get(0) ;
+ SubjectConfirmationType subjConfirmation = (SubjectConfirmationType)
assertion.getSubject().getConfirmation()
+ .get(0);
this.validateHolderOfKeyContents(subjConfirmation,
WSTrustConstants.KEY_TYPE_PUBLIC, certificate, true);
}
@@ -1093,7 +1097,8 @@
Element element = (Element) requestedToken.getAny();
assertEquals("Unexpected root element name", "SpecialToken",
element.getLocalName());
assertEquals("Unexpected namespace value",
"http://www.tokens.org", element.getNamespaceURI());
- assertEquals("Unexpected attribute value",
"http://www.tokens.org/SpecialToken",
element.getAttribute("TokenType"));
+ assertEquals("Unexpected attribute value",
"http://www.tokens.org/SpecialToken", element
+ .getAttribute("TokenType"));
element = (Element) element.getFirstChild();
assertEquals("Unexpected child element name",
"SpecialTokenValue", element.getLocalName());
assertEquals("Unexpected token value", "Principal:jduke",
element.getFirstChild().getNodeValue());
@@ -1153,7 +1158,7 @@
// unmarshall the SAMLV2.0 assertion.
Element assertionElement = (Element) requestedToken.getAny();
- System.out.println( DocumentUtil.getNodeAsString(assertionElement));
+ System.out.println(DocumentUtil.getNodeAsString(assertionElement));
AssertionType assertion = SAMLUtil.fromElement(assertionElement);
// verify the contents of the unmarshalled assertion.
@@ -1168,11 +1173,11 @@
// validate the assertion subject.
assertNotNull("Unexpected null subject", assertion.getSubject());
SubjectType subject = assertion.getSubject();
-
+
NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
assertEquals("Unexpected name id qualifier",
"urn:picketlink:identity-federation", nameID.getNameQualifier());
assertEquals("Unexpected name id value", principal, nameID.getValue());
-
+
SubjectConfirmationType subjType = (SubjectConfirmationType)
subject.getConfirmation().get(0);
assertEquals("Unexpected confirmation method", confirmationMethod,
subjType.getMethod());
@@ -1209,14 +1214,15 @@
{
SubjectConfirmationDataType subjConfirmationDataType =
subjectConfirmation.getSubjectConfirmationData();
assertNotNull("Unexpected null subject confirmation data",
subjConfirmationDataType);
- KeyInfoType keyInfo = (KeyInfoType)subjConfirmationDataType.getAnyType();
+ KeyInfoType keyInfo = (KeyInfoType) subjConfirmationDataType.getAnyType();
assertEquals("Unexpected key info content size", 1,
keyInfo.getContent().size());
// if the key is a symmetric key, the KeyInfo should contain an encrypted element.
if (WSTrustConstants.KEY_TYPE_SYMMETRIC.equals(keyType))
{
- JAXBElement<?> encKeyElement = (JAXBElement<?>)
keyInfo.getContent().get(0);
- assertEquals("Unexpected key info content type",
EncryptedKeyType.class, encKeyElement.getDeclaredType());
+ Element encKeyElement = (Element) keyInfo.getContent().get(0);
+ assertEquals("Unexpected key info content type",
WSTrustConstants.XMLEnc.ENCRYPTED_KEY, encKeyElement
+ .getLocalName());
}
// if the key is public, KeyInfo should either contain an encoded certificate or an
encoded public key.
else if (WSTrustConstants.KEY_TYPE_PUBLIC.equals(keyType))
@@ -1224,19 +1230,15 @@
// if the public key has been used as proof, we should be able to retrieve it
from KeyValueType.
if (usePublicKey == true)
{
- JAXBElement<?> keyValueElement = (JAXBElement<?>)
keyInfo.getContent().get(0);
- assertEquals("Unexpected key info content type",
KeyValueType.class, keyValueElement.getDeclaredType());
- KeyValueType keyValue = (KeyValueType) keyValueElement.getValue();
+ KeyValueType keyValue = (KeyValueType) keyInfo.getContent().get(0);
List<Object> keyValueContent = keyValue.getContent();
assertEquals("Unexpected key value content size", 1,
keyValueContent.size());
- JAXBElement<?> rsaKeyValueElement = (JAXBElement<?>)
keyValue.getContent().get(0);
- assertEquals("Unexpected key value content type",
RSAKeyValueType.class, rsaKeyValueElement
- .getDeclaredType());
- RSAKeyValueType rsaKeyValue = (RSAKeyValueType)
rsaKeyValueElement.getValue();
+ assertEquals("Unexpected key value content type",
RSAKeyValueType.class, keyValueContent.get(0).getClass());
+ RSAKeyValueType rsaKeyValue = (RSAKeyValueType) keyValueContent.get(0);
// reconstruct the public key and check if it matches the public key of the
provided certificate.
- BigInteger modulus = new BigInteger(1, rsaKeyValue.getModulus());
- BigInteger exponent = new BigInteger(1, rsaKeyValue.getExponent());
+ BigInteger modulus = new BigInteger(1, Base64.decode(new
String(rsaKeyValue.getModulus())));
+ BigInteger exponent = new BigInteger(1, Base64.decode(new
String(rsaKeyValue.getExponent())));
KeyFactory factory = KeyFactory.getInstance("RSA");
RSAPublicKeySpec spec = new RSAPublicKeySpec(modulus, exponent);
RSAPublicKey genKey = (RSAPublicKey) factory.generatePublic(spec);
@@ -1245,18 +1247,16 @@
// if the whole certificate was used as proof, we should be able to retrieve it
from X509DataType.
else
{
- JAXBElement<?> x509DataElement = (JAXBElement<?>)
keyInfo.getContent().get(0);
- assertEquals("Unexpected key info content type",
X509DataType.class, x509DataElement.getDeclaredType());
- X509DataType x509Data = (X509DataType) x509DataElement.getValue();
+ X509DataType x509Data = (X509DataType) keyInfo.getContent().get(0);
assertEquals("Unexpected X509 data content size", 1, x509Data
.getX509IssuerSerialOrX509SKIOrX509SubjectName().size());
- JAXBElement<?> x509CertElement = (JAXBElement<?>)
x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName()
- .get(0);
- assertEquals("Unexpected X509 data content type", byte[].class,
x509CertElement.getDeclaredType());
- byte[] encodedCertificate = (byte[]) x509CertElement.getValue();
+ Object content =
x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0);
+ assertTrue("Unexpected X509 data content type", content instanceof
X509CertificateType);
+ byte[] encodedCertificate = ((X509CertificateType)
content).getEncodedCertificate();
// reconstruct the certificate and check if it matches the provided
certificate.
- ByteArrayInputStream byteInputStream = new
ByteArrayInputStream(encodedCertificate);
+ ByteArrayInputStream byteInputStream = new
ByteArrayInputStream(Base64.decode(encodedCertificate, 0,
+ encodedCertificate.length));
assertEquals("Invalid certificate in key info", certificate,
CertificateFactory.getInstance("X.509")
.generateCertificate(byteInputStream));
}
Modified:
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java 2010-12-01
15:44:48 UTC (rev 584)
+++
federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/wstrust/SAML20TokenProviderUnitTestCase.java 2010-12-04
01:55:23 UTC (rev 585)
@@ -1,23 +1,19 @@
/*
- * JBoss, Home of Professional Open Source.
- * Copyright 2009, Red Hat Middleware LLC, and individual contributors
- * as indicated by the @author tags. See the copyright.txt file in the
- * distribution for a full listing of individual contributors.
- *
- * This is free software; you can redistribute it and/or modify it
- * under the terms of the GNU Lesser General Public License as
- * published by the Free Software Foundation; either version 2.1 of
- * the License, or (at your option) any later version.
- *
- * This software is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- * Lesser General Public License for more details.
- *
- * You should have received a copy of the GNU Lesser General Public
- * License along with this software; if not, write to the Free
- * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA
- * 02110-1301 USA, or see the FSF site: http://www.fsf.org.
+ * JBoss, Home of Professional Open Source. Copyright 2009, Red Hat Middleware LLC, and
individual contributors as
+ * indicated by the @author tags. See the copyright.txt file in the distribution for a
full listing of individual
+ * contributors.
+ *
+ * This is free software; you can redistribute it and/or modify it under the terms of the
GNU Lesser General Public
+ * License as published by the Free Software Foundation; either version 2.1 of the
License, or (at your option) any
+ * later version.
+ *
+ * This software is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied
+ * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser
General Public License for more
+ * details.
+ *
+ * You should have received a copy of the GNU Lesser General Public License along with
this software; if not, write to
+ * the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301
USA, or see the FSF site:
+ * http://www.fsf.org.
*/
package org.picketlink.test.identity.federation.core.wstrust;
@@ -34,7 +30,6 @@
import java.util.GregorianCalendar;
import java.util.HashMap;
-import javax.xml.bind.JAXBElement;
import javax.xml.namespace.QName;
import javax.xml.transform.Source;
import javax.xml.transform.dom.DOMResult;
@@ -43,6 +38,7 @@
import org.junit.Test;
import org.picketlink.identity.federation.core.parsers.saml.SAMLAssertionParser;
import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.picketlink.identity.federation.core.util.Base64;
import org.picketlink.identity.federation.core.wstrust.SecurityToken;
import org.picketlink.identity.federation.core.wstrust.WSTrustConstants;
import org.picketlink.identity.federation.core.wstrust.WSTrustRequestContext;
@@ -65,6 +61,7 @@
import org.picketlink.identity.federation.ws.wss.secext.KeyIdentifierType;
import org.picketlink.identity.federation.ws.wss.secext.SecurityTokenReferenceType;
import org.picketlink.identity.xmlsec.w3.xmldsig.KeyInfoType;
+import org.picketlink.identity.xmlsec.w3.xmldsig.X509CertificateType;
import org.picketlink.identity.xmlsec.w3.xmldsig.X509DataType;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
@@ -80,22 +77,23 @@
{
private SAML20TokenProvider provider;
-
+
/**
* <p>
* Tests the issuance of a SAMLV2.0 Assertion.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
@Test
public void testIssueSAMLV20Token() throws Exception
- {
+ {
this.provider = new SAML20TokenProvider();
provider.initialize(new HashMap<String, String>());
-
+
SAMLAssertionParser assertionParser = new SAMLAssertionParser();
-
+
// create a WSTrustRequestContext with a simple WS-Trust request.
RequestSecurityToken request = new RequestSecurityToken();
request.setLifetime(WSTrustUtil.createDefaultLifetime(3600000));
@@ -110,17 +108,18 @@
assertNotNull("Unexpected null security token",
context.getSecurityToken());
SecurityToken securityToken = context.getSecurityToken();
-
- AssertionType assertion = assertionParser.fromElement( (Element)
securityToken.getTokenValue() );
- /*JAXBContext jaxbContext =
JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.assertion");
- Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
- JAXBElement<?> parsedElement = (JAXBElement<?>)
unmarshaller.unmarshal((Element) context.getSecurityToken()
- .getTokenValue());
- assertNotNull("Unexpected null element", parsedElement);
- assertEquals("Unexpected element type", AssertionType.class,
parsedElement.getDeclaredType());
- AssertionType assertion = (AssertionType) parsedElement.getValue();
- StandardSecurityToken securityToken = (StandardSecurityToken)
context.getSecurityToken();*/
+ AssertionType assertion = assertionParser.fromElement((Element)
securityToken.getTokenValue());
+ /*
+ * JAXBContext jaxbContext =
JAXBContext.newInstance("org.picketlink.identity.federation.saml.v2.assertion");
+ * Unmarshaller unmarshaller = jaxbContext.createUnmarshaller();
JAXBElement<?> parsedElement = (JAXBElement<?>)
+ * unmarshaller.unmarshal((Element) context.getSecurityToken() .getTokenValue());
+ * assertNotNull("Unexpected null element", parsedElement);
assertEquals("Unexpected element type",
+ * AssertionType.class, parsedElement.getDeclaredType());
+ *
+ * AssertionType assertion = (AssertionType) parsedElement.getValue();
StandardSecurityToken securityToken =
+ * (StandardSecurityToken) context.getSecurityToken();
+ */
assertEquals("Unexpected token id", securityToken.getTokenID(),
assertion.getID());
assertEquals("Unexpected token issuer", "PicketLinkSTS",
assertion.getIssuer().getValue());
@@ -130,7 +129,7 @@
assertNotNull("Unexpected null value for NotBefore attribute",
conditions.getNotBefore());
assertNotNull("Unexpected null value for NotOnOrAfter attribute",
conditions.getNotOnOrAfter());
assertEquals("Unexpected number of conditions", 1,
conditions.getConditions().size());
-
+
AudienceRestrictionType restrictionType = (AudienceRestrictionType)
conditions.getConditions().get(0);
assertNotNull("Unexpected null audience list",
restrictionType.getAudience());
assertEquals("Unexpected number of audience elements", 1,
restrictionType.getAudience().size());
@@ -139,12 +138,12 @@
// check the contents of the assertion subject.
SubjectType subject = assertion.getSubject();
- assertNotNull("Unexpected null subject", subject);
-
+ assertNotNull("Unexpected null subject", subject);
+
NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
assertEquals("Unexpected name id qualifier",
"urn:picketlink:identity-federation", nameID.getNameQualifier());
assertEquals("Unexpected name id", "sguilhen",
nameID.getValue());
-
+
SubjectConfirmationType confirmation = (SubjectConfirmationType)
subject.getConfirmation().get(0);
assertEquals("Unexpected confirmation method", SAMLUtil.SAML2_BEARER_URI,
confirmation.getMethod());
@@ -164,11 +163,12 @@
/**
* <p>
- * This method tests the creation of SAMLV.20 assertions that contain a
proof-of-possession token - that is,
+ * This method tests the creation of SAMLV.20 assertions that contain a
proof-of-possession token - that is,
* assertions that use the Holder Of Key confirmation method.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
@Test
public void testIssueSAMLV20HolderOfKeyToken() throws Exception
@@ -198,31 +198,20 @@
AssertionType assertion = SAMLUtil.fromElement((Element)
context.getSecurityToken().getTokenValue());
SubjectType subject = assertion.getSubject();
assertNotNull("Unexpected null subject", subject);
-
- /*assertEquals("Unexpected subject content size", 2,
subject.getContent().size());
- JAXBElement<?> content = subject.getContent().get(0);
- assertEquals("Unexpected content type", NameIDType.class,
content.getDeclaredType());
- */
-
+
NameIDType nameID = (NameIDType) subject.getSubType().getBaseID();
assertEquals("Unexpected name id qualifier",
"urn:picketlink:identity-federation", nameID.getNameQualifier());
assertEquals("Unexpected name id", "sguilhen",
nameID.getValue());
-
+
SubjectConfirmationType confirmation = (SubjectConfirmationType)
subject.getConfirmation().get(0);
assertEquals("Unexpected confirmation method",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI, confirmation.getMethod());
-
- /*List<Object> confirmationContent =
confirmation.getSubjectConfirmationData().getContent();
- assertEquals("Unexpected subject confirmation content size", 1,
confirmationContent.size());
- JAXBElement<?> keyInfoElement = (JAXBElement<?>)
confirmationContent.get(0);
- assertEquals("Unexpected subject confirmation context type",
KeyInfoType.class, keyInfoElement.getDeclaredType());
- KeyInfoType keyInfo = (KeyInfoType) keyInfoElement.getValue();
- assertEquals("Unexpected key info content size", 1,
keyInfo.getContent().size());
- JAXBElement<?> encKeyElement = (JAXBElement<?>)
keyInfo.getContent().get(0);
- assertEquals("Unexpected key info content type", EncryptedKeyType.class,
encKeyElement.getDeclaredType());*/
-
+
SubjectConfirmationDataType confirmData =
confirmation.getSubjectConfirmationData();
-
KeyInfoType keyInfo = (KeyInfoType) confirmData.getAnyType();
+ assertEquals("Unexpected key info content size", 1,
keyInfo.getContent().size());
+ Element encKeyElement = (Element) keyInfo.getContent().get(0);
+ assertEquals("Unexpected key info content type",
WSTrustConstants.XMLEnc.ENCRYPTED_KEY, encKeyElement
+ .getLocalName());
// Now let's set an asymmetric proof of possession token in the context.
Certificate certificate =
this.getCertificate("keystore/sts_keystore.jks", "testpass",
"service1");
@@ -234,31 +223,30 @@
// check if the assertion has a subject confirmation that contains the encoded
certificate.
assertion = SAMLUtil.fromElement((Element)
context.getSecurityToken().getTokenValue());
- subject = assertion.getSubject();
+ subject = assertion.getSubject();
nameID = (NameIDType) subject.getSubType().getBaseID();
assertEquals("Unexpected name id qualifier",
"urn:picketlink:identity-federation", nameID.getNameQualifier());
- assertEquals("Unexpected name id", "sguilhen",
nameID.getValue());
+ assertEquals("Unexpected name id", "sguilhen",
nameID.getValue());
confirmation = (SubjectConfirmationType) subject.getConfirmation().get(0);
assertEquals("Unexpected confirmation method",
SAMLUtil.SAML2_HOLDER_OF_KEY_URI, confirmation.getMethod());
-
-
- /*confirmationContent = confirmation.getSubjectConfirmationData().getContent();
- assertEquals("Unexpected subject confirmation content size", 1,
confirmationContent.size());
- keyInfoElement = (JAXBElement<?>) confirmationContent.get(0);
- assertEquals("Unexpected subject confirmation context type",
KeyInfoType.class, keyInfoElement.getDeclaredType());*/
- keyInfo = (KeyInfoType)confirmation.getSubjectConfirmationData().getAnyType();
+
+ /*
+ * confirmationContent = confirmation.getSubjectConfirmationData().getContent();
+ * assertEquals("Unexpected subject confirmation content size", 1,
confirmationContent.size()); keyInfoElement =
+ * (JAXBElement<?>) confirmationContent.get(0); assertEquals("Unexpected
subject confirmation context type",
+ * KeyInfoType.class, keyInfoElement.getDeclaredType());
+ */
+ keyInfo = (KeyInfoType) confirmation.getSubjectConfirmationData().getAnyType();
assertEquals("Unexpected key info content size", 1,
keyInfo.getContent().size());
// key info should contain a X509Data section with the encoded certificate.
- JAXBElement<?> x509DataElement = (JAXBElement<?>)
keyInfo.getContent().get(0);
- assertEquals("Unexpected key info content type", X509DataType.class,
x509DataElement.getDeclaredType());
- X509DataType x509Data = (X509DataType) x509DataElement.getValue();
+ X509DataType x509Data = (X509DataType) keyInfo.getContent().get(0);
assertEquals("Unexpected X509 data content size", 1,
x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName()
.size());
- JAXBElement<?> x509CertElement = (JAXBElement<?>)
x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0);
- assertEquals("Unexpected X509 data content type", byte[].class,
x509CertElement.getDeclaredType());
+ X509CertificateType cert = (X509CertificateType)
x509Data.getX509IssuerSerialOrX509SKIOrX509SubjectName().get(0);
+
// certificate should have been encoded to Base64, so we need to decode it first.
- byte[] encodedCert = (byte[]) x509CertElement.getValue();
+ byte[] encodedCert = Base64.decode(new String(cert.getEncodedCertificate()));
assertTrue("Invalid encoded certificate found",
Arrays.equals(certificate.getEncoded(), encodedCert));
}
@@ -267,14 +255,15 @@
* Tests the validation of a SAMLV2.0 Assertion.
* </p>
*
- * @throws Exception if an error occurs while running the test.
+ * @throws Exception
+ * if an error occurs while running the test.
*/
@Test
public void testValidateSAMLV20Token() throws Exception
{
this.provider = new SAML20TokenProvider();
provider.initialize(new HashMap<String, String>());
-
+
// issue a SAMLV2.0 assertion.
WSTrustRequestContext context =
this.createIssuingContext(WSTrustUtil.createDefaultLifetime(3600000));
this.provider.issueToken(context);
@@ -319,9 +308,11 @@
* test scenarios.
* </p>
*
- * @param lifetime the {@code Lifetime} of the assertion to be issued.
+ * @param lifetime
+ * the {@code Lifetime} of the assertion to be issued.
* @return the constructed {@code WSTrustRequestHandler} instance.
- * @throws Exception if an error occurs while creating the context.
+ * @throws Exception
+ * if an error occurs while creating the context.
*/
private WSTrustRequestContext createIssuingContext(Lifetime lifetime) throws
Exception
{
@@ -343,9 +334,11 @@
* Creates a {@code WSTrustRequestContext} for validating the specified assertion.
* </p>
*
- * @param assertion an {@code Element} representing the SAMLV2.0 assertion to be
validated.
+ * @param assertion
+ * an {@code Element} representing the SAMLV2.0 assertion to be validated.
* @return the constructed {@code WSTrustRequestContext} instance.
- * @throws Exception if an error occurs while creating the validating context.
+ * @throws Exception
+ * if an error occurs while creating the validating context.
*/
private WSTrustRequestContext createValidatingContext(Element assertion) throws
Exception
{
@@ -368,11 +361,15 @@
* Obtains the {@code Certificate} stored under the specified alias in the specified
keystore.
* </p>
*
- * @param keyStoreFile the name of the file that contains a JKS keystore.
- * @param passwd the keystore password.
- * @param certificateAlias the alias of a certificate in the keystore.
+ * @param keyStoreFile
+ * the name of the file that contains a JKS keystore.
+ * @param passwd
+ * the keystore password.
+ * @param certificateAlias
+ * the alias of a certificate in the keystore.
* @return a reference to the {@code Certificate} stored under the given alias.
- * @throws Exception if an error occurs while handling the keystore.
+ * @throws Exception
+ * if an error occurs while handling the keystore.
*/
private Certificate getCertificate(String keyStoreFile, String passwd, String
certificateAlias) throws Exception
{
@@ -383,7 +380,7 @@
Certificate certificate = keyStore.getCertificate(certificateAlias);
return certificate;
}
-
+
private Source createSourceFromRequest(RequestSecurityToken request) throws Exception
{
DOMResult result = new DOMResult(DocumentUtil.createDocument());
Added:
federation/trunk/picketlink-xmlsec-model/src/main/java/org/picketlink/identity/xmlsec/w3/xmldsig/X509CertificateType.java
===================================================================
---
federation/trunk/picketlink-xmlsec-model/src/main/java/org/picketlink/identity/xmlsec/w3/xmldsig/X509CertificateType.java
(rev 0)
+++
federation/trunk/picketlink-xmlsec-model/src/main/java/org/picketlink/identity/xmlsec/w3/xmldsig/X509CertificateType.java 2010-12-04
01:55:23 UTC (rev 585)
@@ -0,0 +1,17 @@
+package org.picketlink.identity.xmlsec.w3.xmldsig;
+
+public class X509CertificateType
+{
+
+ private byte[] encodedCertificate;
+
+ public byte[] getEncodedCertificate()
+ {
+ return this.encodedCertificate;
+ }
+
+ public void setEncodedCertificate(byte[] encodedCertificate)
+ {
+ this.encodedCertificate = encodedCertificate;
+ }
+}
5138
days inactive
5138
days old
picketlink-commits@lists.jboss.org
0 comments
1 participants
participants (1)
-
picketlink-commits@lists.jboss.org