Picketlink SVN: r1048 - in federation/trunk: picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request and 5 other directories. - picketlink-commits

Friday, 1 July 2011


Author: anil.saldhana(a)jboss.com
Date: 2011-07-01 11:40:09 -0400 (Fri, 01 Jul 2011)
New Revision: 1048

Modified:
  
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
  
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java
  
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
  
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
  
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java
  
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java
  
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
Log:
PLFED-188: jaxp schema validation

Modified:
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java
===================================================================
---
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java	2011-06-30
23:50:05 UTC (rev 1047)
+++
federation/trunk/picketlink-bindings/src/main/java/org/picketlink/identity/federation/bindings/tomcat/sp/BaseFormAuthenticator.java	2011-07-01
15:40:09 UTC (rev 1048)
@@ -47,7 +47,6 @@
 import org.picketlink.identity.federation.api.saml.v2.metadata.MetaDataExtractor;
 import org.picketlink.identity.federation.core.config.SPType;
 import org.picketlink.identity.federation.core.exceptions.ConfigurationException;
-import org.picketlink.identity.federation.core.exceptions.ParsingException;
 import org.picketlink.identity.federation.core.exceptions.ProcessingException;
 import org.picketlink.identity.federation.core.handler.config.Handlers;
 import org.picketlink.identity.federation.core.parsers.saml.SAMLParser;
@@ -57,6 +56,7 @@
 import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2Handler;
 import org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChain;
 import
org.picketlink.identity.federation.core.saml.v2.interfaces.SAML2HandlerChainConfig;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
 import org.picketlink.identity.federation.core.saml.v2.util.HandlerUtil;
 import org.picketlink.identity.federation.core.util.CoreConfigUtil;
 import org.picketlink.identity.federation.core.util.StringUtil;
@@ -68,6 +68,7 @@
 import org.picketlink.identity.federation.saml.v2.metadata.KeyDescriptorType;
 import org.picketlink.identity.federation.web.constants.GeneralConstants;
 import org.picketlink.identity.federation.web.util.ConfigurationUtil;
+import org.w3c.dom.Document;
 
 /**
  * Base Class for Service Provider Form Authenticators
@@ -313,13 +314,14 @@
       if (is == null)
          return;
 
-      SAMLParser parser = new SAMLParser();
       Object metadata = null;
       try
       {
-         metadata = parser.parse(is);
+         Document samlDocument = DocumentUtil.getDocument(is);
+         SAMLParser parser = new SAMLParser();
+         metadata = parser.parse(DocumentUtil.getNodeAsStream(samlDocument));
       }
-      catch (ParsingException e)
+      catch (Exception e)
       {
          throw new RuntimeException(e);
       }

Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java	2011-06-30
23:50:05 UTC (rev 1047)
+++
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request/SAML2Request.java	2011-07-01
15:40:09 UTC (rev 1048)
@@ -44,6 +44,7 @@
 import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
 import org.picketlink.identity.federation.core.saml.v2.writers.SAMLRequestWriter;
 import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
 import org.picketlink.identity.federation.core.util.StaxUtil;
 import org.picketlink.identity.federation.saml.v2.SAML2Object;
 import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
@@ -149,6 +150,7 @@
       Document samlDocument = DocumentUtil.getDocument(is);
 
       SAMLParser samlParser = new SAMLParser();
+      JAXPValidationUtil.checkSchemaValidation(samlDocument);
       SAML2Object requestType = (SAML2Object)
samlParser.parse(DocumentUtil.getNodeAsStream(samlDocument));
 
       samlDocumentHolder = new SAMLDocumentHolder(requestType, samlDocument);
@@ -173,6 +175,7 @@
       Document samlDocument = DocumentUtil.getDocument(is);
 
       SAMLParser samlParser = new SAMLParser();
+      JAXPValidationUtil.checkSchemaValidation(samlDocument);
       RequestAbstractType requestType = (RequestAbstractType)
samlParser.parse(DocumentUtil
             .getNodeAsStream(samlDocument));
 
@@ -198,6 +201,8 @@
       Document samlDocument = DocumentUtil.getDocument(is);
 
       SAMLParser samlParser = new SAMLParser();
+      JAXPValidationUtil.checkSchemaValidation(samlDocument);
+
       AuthnRequestType requestType = (AuthnRequestType)
samlParser.parse(DocumentUtil.getNodeAsStream(samlDocument));
       samlDocumentHolder = new SAMLDocumentHolder(requestType, samlDocument);
       return requestType;

Modified:
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java
===================================================================
---
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java	2011-06-30
23:50:05 UTC (rev 1047)
+++
federation/trunk/picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/response/SAML2Response.java	2011-07-01
15:40:09 UTC (rev 1048)
@@ -54,6 +54,7 @@
 import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
 import org.picketlink.identity.federation.core.saml.v2.writers.SAMLResponseWriter;
 import org.picketlink.identity.federation.core.sts.PicketLinkCoreSTS;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
 import org.picketlink.identity.federation.core.util.StaxUtil;
 import org.picketlink.identity.federation.saml.v2.SAML2Object;
 import org.picketlink.identity.federation.saml.v2.assertion.ActionType;
@@ -276,15 +277,21 @@
     * @param is
     * @return   
     * @throws ParsingException 
+    * @throws ProcessingException 
+    * @throws ConfigurationException 
     */
-   public EncryptedAssertionType getEncryptedAssertion(InputStream is) throws
ParsingException
+   public EncryptedAssertionType getEncryptedAssertion(InputStream is) throws
ParsingException, ConfigurationException,
+         ProcessingException
    {
       if (is == null)
          throw new IllegalArgumentException("inputstream is null");
 
+      Document samlDocument = DocumentUtil.getDocument(is);
       SAMLParser samlParser = new SAMLParser();
-      return (EncryptedAssertionType) samlParser.parse(is);
+      JAXPValidationUtil.checkSchemaValidation(samlDocument);
 
+      return (EncryptedAssertionType)
samlParser.parse(DocumentUtil.getNodeAsStream(samlDocument));
+
    }
 
    /**
@@ -292,14 +299,19 @@
     * @param is
     * @return 
     * @throws ParsingException 
+    * @throws ProcessingException 
+    * @throws ConfigurationException 
     */
-   public AssertionType getAssertionType(InputStream is) throws ParsingException
+   public AssertionType getAssertionType(InputStream is) throws ParsingException,
ConfigurationException,
+         ProcessingException
    {
       if (is == null)
          throw new IllegalArgumentException("inputstream is null");
+      Document samlDocument = DocumentUtil.getDocument(is);
 
       SAMLParser samlParser = new SAMLParser();
-      return (AssertionType) samlParser.parse(is);
+      JAXPValidationUtil.checkSchemaValidation(samlDocument);
+      return (AssertionType)
samlParser.parse(DocumentUtil.getNodeAsStream(samlDocument));
    }
 
    /**
@@ -327,6 +339,8 @@
       Document samlResponseDocument = DocumentUtil.getDocument(is);
 
       SAMLParser samlParser = new SAMLParser();
+      JAXPValidationUtil.checkSchemaValidation(samlResponseDocument);
+
       ResponseType responseType = (ResponseType)
samlParser.parse(DocumentUtil.getNodeAsStream(samlResponseDocument));
 
       samlDocumentHolder = new SAMLDocumentHolder(responseType, samlResponseDocument);
@@ -353,6 +367,8 @@
          log.trace("RESPONSE=" + DocumentUtil.asString(samlResponseDocument));
 
       SAMLParser samlParser = new SAMLParser();
+      JAXPValidationUtil.checkSchemaValidation(samlResponseDocument);
+
       InputStream responseStream = DocumentUtil.getNodeAsStream(samlResponseDocument);
       SAML2Object responseType = (SAML2Object) samlParser.parse(responseStream);
 

Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java	2011-06-30
23:50:05 UTC (rev 1047)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/saml/v2/util/SOAPSAMLXACMLUtil.java	2011-07-01
15:40:09 UTC (rev 1048)
@@ -46,11 +46,12 @@
 import
org.picketlink.identity.federation.core.saml.v2.factories.JBossSAMLAuthnResponseFactory;
 import org.picketlink.identity.federation.core.saml.v2.factories.SAMLAssertionFactory;
 import org.picketlink.identity.federation.core.saml.v2.holders.IssuerInfoHolder;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
 import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
 import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
 import
org.picketlink.identity.federation.saml.v2.profiles.xacml.assertion.XACMLAuthzDecisionStatementType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType;
 import org.picketlink.identity.federation.saml.v2.protocol.XACMLAuthzDecisionQueryType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType;
 import org.w3c.dom.Node;
 
 /**
@@ -94,6 +95,9 @@
    {
       XMLEventReader xmlEventReader =
StaxParserUtil.getXMLEventReader(DocumentUtil.getNodeAsStream(samlResponse));
       SAMLParser samlParser = new SAMLParser();
+
+      JAXPValidationUtil.checkSchemaValidation(samlResponse);
+
       org.picketlink.identity.federation.saml.v2.protocol.ResponseType response =
(org.picketlink.identity.federation.saml.v2.protocol.ResponseType) samlParser
             .parse(xmlEventReader);
       List<RTChoiceType> choices = response.getAssertions();

Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java	2011-06-30
23:50:05 UTC (rev 1047)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/JAXPValidationUtil.java	2011-07-01
15:40:09 UTC (rev 1048)
@@ -34,6 +34,9 @@
 import javax.xml.validation.Validator;
 
 import org.apache.log4j.Logger;
+import org.picketlink.identity.federation.core.exceptions.ProcessingException;
+import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
+import org.w3c.dom.Node;
 import org.xml.sax.ErrorHandler;
 import org.xml.sax.SAXException;
 import org.xml.sax.SAXParseException;
@@ -63,6 +66,27 @@
       validator().validate(new StreamSource(stream));
    }
 
+   /**
+    * Based on system property "picketlink.schema.validate" set to
"true",
+    * do schema validation
+    * @param samlDocument
+    * @throws ProcessingException
+    */
+   public static void checkSchemaValidation(Node samlDocument) throws
ProcessingException
+   {
+      if (SecurityActions.getSystemProperty("picketlink.schema.validate",
"false").equalsIgnoreCase("true"))
+      {
+         try
+         {
+            JAXPValidationUtil.validate(DocumentUtil.getNodeAsStream(samlDocument));
+         }
+         catch (Exception e)
+         {
+            throw new ProcessingException(e);
+         }
+      }
+   }
+
    public static Validator validator() throws SAXException, IOException
    {
       String schemaFactoryProperty = "javax.xml.validation.SchemaFactory:" +
XMLConstants.W3C_XML_SCHEMA_NS_URI;

Modified:
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java
===================================================================
---
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java	2011-06-30
23:50:05 UTC (rev 1047)
+++
federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/plugins/saml/SAMLUtil.java	2011-07-01
15:40:09 UTC (rev 1048)
@@ -32,6 +32,7 @@
 import org.picketlink.identity.federation.core.saml.v1.writers.SAML11AssertionWriter;
 import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
 import org.picketlink.identity.federation.core.saml.v2.writers.SAMLAssertionWriter;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
 import org.picketlink.identity.federation.core.util.StaxUtil;
 import org.picketlink.identity.federation.saml.v1.assertion.SAML11AssertionType;
 import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
@@ -130,6 +131,8 @@
          ConfigurationException, ParsingException
    {
       SAMLParser samlParser = new SAMLParser();
+
+      JAXPValidationUtil.checkSchemaValidation(assertionElement);
       AssertionType assertion = (AssertionType)
samlParser.parse(DocumentUtil.getNodeAsStream(assertionElement));
       return assertion;
    }
@@ -143,6 +146,8 @@
    public static SAML11AssertionType saml11FromElement(Element assertionElement) throws
GeneralSecurityException
    {
       SAMLParser samlParser = new SAMLParser();
+
+      JAXPValidationUtil.checkSchemaValidation(assertionElement);
       return (SAML11AssertionType)
samlParser.parse(DocumentUtil.getNodeAsStream(assertionElement));
    }
 }
\ No newline at end of file

Modified:
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java
===================================================================
---
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java	2011-06-30
23:50:05 UTC (rev 1047)
+++
federation/trunk/picketlink-web/src/main/java/org/picketlink/identity/federation/web/handlers/saml2/SAML2AuthenticationHandler.java	2011-07-01
15:40:09 UTC (rev 1048)
@@ -55,22 +55,23 @@
 import org.picketlink.identity.federation.core.saml.v2.util.DocumentUtil;
 import org.picketlink.identity.federation.core.saml.v2.util.StatementUtil;
 import org.picketlink.identity.federation.core.saml.v2.util.XMLTimeUtil;
+import org.picketlink.identity.federation.core.util.JAXPValidationUtil;
 import org.picketlink.identity.federation.core.util.StringUtil;
 import org.picketlink.identity.federation.core.util.XMLEncryptionUtil;
 import org.picketlink.identity.federation.saml.v2.assertion.AssertionType;
 import org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType;
+import
org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
 import org.picketlink.identity.federation.saml.v2.assertion.AttributeType;
 import org.picketlink.identity.federation.saml.v2.assertion.AuthnStatementType;
 import org.picketlink.identity.federation.saml.v2.assertion.EncryptedAssertionType;
 import org.picketlink.identity.federation.saml.v2.assertion.NameIDType;
 import org.picketlink.identity.federation.saml.v2.assertion.StatementAbstractType;
 import org.picketlink.identity.federation.saml.v2.assertion.SubjectType;
-import
org.picketlink.identity.federation.saml.v2.assertion.AttributeStatementType.ASTChoiceType;
 import org.picketlink.identity.federation.saml.v2.assertion.SubjectType.STSubType;
 import org.picketlink.identity.federation.saml.v2.protocol.AuthnRequestType;
 import org.picketlink.identity.federation.saml.v2.protocol.ResponseType;
+import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType;
 import org.picketlink.identity.federation.saml.v2.protocol.StatusType;
-import org.picketlink.identity.federation.saml.v2.protocol.ResponseType.RTChoiceType;
 import org.picketlink.identity.federation.web.constants.GeneralConstants;
 import org.picketlink.identity.federation.web.core.HTTPContext;
 import org.picketlink.identity.federation.web.core.IdentityServer;
@@ -414,6 +415,8 @@
 
             Element decryptedDocumentElement =
XMLEncryptionUtil.decryptElementInDocument(newDoc, privateKey);
             SAMLParser parser = new SAMLParser();
+
+            JAXPValidationUtil.checkSchemaValidation(decryptedDocumentElement);
             AssertionType assertion = (AssertionType)
parser.parse(StaxParserUtil.getXMLEventReader(DocumentUtil
                   .getNodeAsStream(decryptedDocumentElement)));
 


    

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

Picketlink SVN: r1048 - in federation/trunk: picketlink-fed-api/src/main/java/org/picketlink/identity/federation/api/saml/v2/request and 5 other directories.