October 2010 - picketlink-commits

by picketlink-commits＠lists.jboss.org

Author: mmoyses Date: 2010-10-21 10:02:52 -0400 (Thu, 21 Oct 2010) New Revision: 500 Added: trust/tags/1.0.0.CR2/ Log: releasing 1.0.0.CR2 Copied: trust/tags/1.0.0.CR2 (from rev 499, trust/trunk)

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r499 - trust/trunk.

by picketlink-commits＠lists.jboss.org

Author: mmoyses Date: 2010-10-21 09:56:08 -0400 (Thu, 21 Oct 2010) New Revision: 499 Removed: trust/trunk/jbossws-native/ Log: removing native name as it is stack agnostic now

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r498 - trust/trunk.

by picketlink-commits＠lists.jboss.org

Author: mmoyses Date: 2010-10-21 09:52:48 -0400 (Thu, 21 Oct 2010) New Revision: 498 Modified: trust/trunk/pom.xml Log: removing native name as it is stack agnostic now Modified: trust/trunk/pom.xml =================================================================== --- trust/trunk/pom.xml 2010-10-21 13:52:06 UTC (rev 497) +++ trust/trunk/pom.xml 2010-10-21 13:52:48 UTC (rev 498) @@ -15,7 +15,7 @@ <modules> <module>parent</module> - <module>jbossws-native</module> + <module>jbossws</module> </modules> <reporting>

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r497 - in trust/trunk: jbossws and 9 other directories.

by picketlink-commits＠lists.jboss.org

Author: mmoyses Date: 2010-10-21 09:52:06 -0400 (Thu, 21 Oct 2010) New Revision: 497 Added: trust/trunk/jbossws/ trust/trunk/jbossws/.classpath trust/trunk/jbossws/.project trust/trunk/jbossws/.settings/ trust/trunk/jbossws/.settings/org.eclipse.jdt.core.prefs trust/trunk/jbossws/.settings/org.maven.ide.eclipse.prefs trust/trunk/jbossws/pom.xml trust/trunk/jbossws/src/ trust/trunk/jbossws/src/main/ trust/trunk/jbossws/src/main/java/ trust/trunk/jbossws/src/main/java/org/ trust/trunk/jbossws/src/main/java/org/picketlink/ trust/trunk/jbossws/src/main/java/org/picketlink/trust/ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Constants.java trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Util.java trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java Log: removing native name as it is stack agnostic now Added: trust/trunk/jbossws/.classpath =================================================================== --- trust/trunk/jbossws/.classpath (rev 0) +++ trust/trunk/jbossws/.classpath 2010-10-21 13:52:06 UTC (rev 497) @@ -0,0 +1,7 @@ +<?xml version="1.0" encoding="UTF-8"?> +<classpath> + <classpathentry kind="src" path="src/main/java"/> + <classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/> + <classpathentry kind="con" path="org.maven.ide.eclipse.MAVEN2_CLASSPATH_CONTAINER"/> + <classpathentry kind="output" path="target/classes"/> +</classpath> Added: trust/trunk/jbossws/.project =================================================================== --- trust/trunk/jbossws/.project (rev 0) +++ trust/trunk/jbossws/.project 2010-10-21 13:52:06 UTC (rev 497) @@ -0,0 +1,23 @@ +<?xml version="1.0" encoding="UTF-8"?> +<projectDescription> + <name>jbossws</name> + <comment></comment> + <projects> + </projects> + <buildSpec> + <buildCommand> + <name>org.eclipse.jdt.core.javabuilder</name> + <arguments> + </arguments> + </buildCommand> + <buildCommand> + <name>org.maven.ide.eclipse.maven2Builder</name> + <arguments> + </arguments> + </buildCommand> + </buildSpec> + <natures> + <nature>org.maven.ide.eclipse.maven2Nature</nature> + <nature>org.eclipse.jdt.core.javanature</nature> + </natures> +</projectDescription> Added: trust/trunk/jbossws/.settings/org.eclipse.jdt.core.prefs =================================================================== --- trust/trunk/jbossws/.settings/org.eclipse.jdt.core.prefs (rev 0) +++ trust/trunk/jbossws/.settings/org.eclipse.jdt.core.prefs 2010-10-21 13:52:06 UTC (rev 497) @@ -0,0 +1,9 @@ +#Tue Oct 05 15:54:38 BRT 2010 +eclipse.preferences.version=1 +org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled +org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6 +org.eclipse.jdt.core.compiler.compliance=1.6 +org.eclipse.jdt.core.compiler.problem.assertIdentifier=error +org.eclipse.jdt.core.compiler.problem.enumIdentifier=error +org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning +org.eclipse.jdt.core.compiler.source=1.6 Added: trust/trunk/jbossws/.settings/org.maven.ide.eclipse.prefs =================================================================== --- trust/trunk/jbossws/.settings/org.maven.ide.eclipse.prefs (rev 0) +++ trust/trunk/jbossws/.settings/org.maven.ide.eclipse.prefs 2010-10-21 13:52:06 UTC (rev 497) @@ -0,0 +1,9 @@ +#Tue Oct 05 15:54:07 BRT 2010 +activeProfiles= +eclipse.preferences.version=1 +fullBuildGoals=process-test-resources +includeModules=false +resolveWorkspaceProjects=true +resourceFilterGoals=process-resources resources\:testResources +skipCompilerPlugin=true +version=1 Added: trust/trunk/jbossws/pom.xml =================================================================== --- trust/trunk/jbossws/pom.xml (rev 0) +++ trust/trunk/jbossws/pom.xml 2010-10-21 13:52:06 UTC (rev 497) @@ -0,0 +1,113 @@ +<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd"> + <parent> + <groupId>org.picketlink</groupId> + <artifactId>picketlink-trust-parent</artifactId> + <version>1.0.0.CR2</version> + <relativePath>../parent</relativePath> + </parent> + <modelVersion>4.0.0</modelVersion> + <groupId>org.picketlink</groupId> + <artifactId>picketlink-trust-jbossws</artifactId> + <packaging>jar</packaging> + <name>PicketLink Trust for JBossWS</name> + <url>http://labs.jboss.org/portal/picketlink/</url> + <description>Integration with JBossWS Native stack</description> + <licenses> + <license> + <name>lgpl</name> + <url>http://repository.jboss.com/licenses/lgpl.txt</url> + </license> + </licenses> + <organization> + <name>JBoss Inc.</name> + <url>http://www.jboss.org</url> + </organization> + <build> + <plugins> + <plugin> + <artifactId>maven-surefire-plugin</artifactId> + <version>2.4.3</version> + <configuration> + <printSummary>true</printSummary> + <disableXmlReport>false</disableXmlReport> + <testFailureIgnore>false</testFailureIgnore> + <includes> + <include>**/**TestCase.java</include> + </includes> + <forkMode>pertest</forkMode> + <argLine>-Djava.endorsed.dirs=${basedir}/src/test/resources/endorsed</argLine> + <useFile>false</useFile> + <trimStackTrace>false</trimStackTrace> + </configuration> + </plugin> + </plugins> + </build> + + <dependencies> + <dependency> + <groupId>org.jboss.ws</groupId> + <artifactId>jbossws-common</artifactId> + <version>1.4.0.CR1</version> + </dependency> + <dependency> + <groupId>org.picketlink</groupId> + <artifactId>picketlink-fed</artifactId> + <version>2.0.0-SNAPSHOT</version> + </dependency> + <dependency> + <groupId>org.picketlink</groupId> + <artifactId>picketlink-bindings-jboss</artifactId> + <version>2.0.0-SNAPSHOT</version> + <exclusions> + <exclusion> + <artifactId>jboss-security-spi</artifactId> + <groupId>org.jboss.security</groupId> + </exclusion> + <exclusion> + <artifactId>jbosssx</artifactId> + <groupId>org.jboss.security</groupId> + </exclusion> + </exclusions> + </dependency> + <dependency> + <groupId>org.picketbox</groupId> + <artifactId>jboss-security-spi</artifactId> + <version>3.0.0.CR2</version> + </dependency> + <dependency> + <groupId>org.picketbox</groupId> + <artifactId>jbosssx</artifactId> + <version>3.0.0.CR2</version> + </dependency> + </dependencies> + + <reporting> + <plugins> + <plugin> + <groupId>org.apache.maven.plugins</groupId> + <artifactId>maven-javadoc-plugin</artifactId> + <configuration> + <doclet>org.jboss.apiviz.APIviz</doclet> + <docletArtifact> + <groupId>org.jboss.apiviz</groupId> + <artifactId>apiviz</artifactId> + <version>1.2.5.GA</version> + </docletArtifact> + <additionalparam> + -charset UTF-8 + -docencoding UTF-8 + -version + -author + -breakiterator + -windowtitle "${project.name} ${project.version} API Reference" + -doctitle "${project.name} ${project.version} API Reference" + -bottom "Copyright © ${project.inceptionYear}-Present ${project.organization.name}. All Rights Reserved." + -link http://java.sun.com/javase/6/docs/api/ + -sourceclasspath ${project.build.outputDirectory} + </additionalparam> + <encoding>UTF-8</encoding> + </configuration> + </plugin> + </plugins> + </reporting> +</project> Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Constants.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Constants.java (rev 0) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Constants.java 2010-10-21 13:52:06 UTC (rev 497) @@ -0,0 +1,72 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.trust.jbossws; + +import javax.xml.namespace.QName; + +import org.apache.xml.security.utils.EncryptionConstants; + +/** + * @author Jason T. Greene + */ +public class Constants +{ + public static final String WSS_SOAP_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-secu..."; + + public static final String WSSE_PREFIX = "wsse"; + + public static final String WSSE_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext..."; + + public static final String WSU_PREFIX = "wsu"; + + public static final String WSU_NS = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utilit..."; + + public static final String XML_SIGNATURE_NS = org.apache.xml.security.utils.Constants.SignatureSpecNS; + + public static final String XML_ENCRYPTION_NS = EncryptionConstants.EncryptionSpecNS; + + public static final String XML_ENCRYPTION_PREFIX = "ds"; //xmlsec 1.4.2 requires this to be "ds" to correctly create KeyInfo elements + + public static final String ID = "Id"; + + public static final String WSU_ID = WSU_PREFIX + ":" + ID; + + public static final String BASE64_ENCODING_TYPE = WSS_SOAP_NS + "#Base64Binary"; + + public static final String PASSWORD_TEXT_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-pr..."; + + public static final String PASSWORD_DIGEST_TYPE = "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-username-token-pr..."; + + public static final String WSSE_HEADER = WSSE_PREFIX + ":Security"; + + public static final String XMLNS_NS = "http://www.w3.org/2000/xmlns/"; + + public static final String XENC_DATAREFERENCE = "DataReference"; + + public static final String XENC_REFERENCELIST = "ReferenceList"; + + public static final String XENC_ELEMENT_TYPE = EncryptionConstants.TYPE_ELEMENT; + + public static final String XENC_CONTENT_TYPE = EncryptionConstants.TYPE_CONTENT; + + public static final QName WSSE_HEADER_QNAME = new QName(WSSE_NS, "Security"); +} Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java (rev 0) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/SAML2Constants.java 2010-10-21 13:52:06 UTC (rev 497) @@ -0,0 +1,36 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.trust.jbossws; + +/** + * Constants for the SAML2 profile. + * + * @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a> + * @version $Revision: 1 $ + */ +public interface SAML2Constants +{ + + public static String SAML2_ASSERTION_PROPERTY = "org.picketlink.trust.saml.assertion"; + + public static String SAML2_ASSERTION_URI = "urn:oasis:names:tc:SAML:2.0:assertion"; +} Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Util.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Util.java (rev 0) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/Util.java 2010-10-21 13:52:06 UTC (rev 497) @@ -0,0 +1,216 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.trust.jbossws; + +import java.util.ArrayList; +import java.util.List; + +import javax.xml.namespace.QName; + +import org.w3c.dom.Element; +import org.w3c.dom.Node; + +/** + * @author Jason T. Greene + */ +public class Util +{ + public static int count = 0; + + public static String assignWsuId(Element element) + { + String id = element.getAttributeNS(Constants.WSU_NS, Constants.ID); + + if (id == null || id.length() < 1) + { + id = generateId(); + element.setAttributeNS(Constants.WSU_NS, Constants.WSU_ID, id); + addNamespace(element, Constants.WSU_PREFIX, Constants.WSU_NS); + } + + return id; + } + + public static Element getFirstChildElement(Node node) + { + Node child = node.getFirstChild(); + while (child != null && child.getNodeType() != Node.ELEMENT_NODE) + child = child.getNextSibling(); + + return (Element)child; + } + + public static Element getNextSiblingElement(Element element) + { + Node sibling = element.getNextSibling(); + while (sibling != null && sibling.getNodeType() != Node.ELEMENT_NODE) + sibling = sibling.getNextSibling(); + + return (Element)sibling; + } + + public static Element getPreviousSiblingElement(Element element) + { + Node sibling = element.getPreviousSibling(); + while (sibling != null && sibling.getNodeType() != Node.ELEMENT_NODE) + sibling = sibling.getPreviousSibling(); + + return (Element)sibling; + } + + public static Element findElement(Element root, String localName, String namespace) + { + return findElement(root, new QName(namespace, localName)); + } + + public static Element findElement(Element root, QName name) + { + // Here lies your standard recusive DFS..... + if (matchNode(root, name)) + return root; + + // Search children + for (Node child = root.getFirstChild(); child != null; child = child.getNextSibling()) + { + if (child.getNodeType() != Node.ELEMENT_NODE) + continue; + + Node possibleMatch = findElement((Element)child, name); + if (possibleMatch != null) + return (Element)possibleMatch; + } + + return null; + } + + public static List<Node> findAllElements(Element root, QName name, boolean local) + { + List<Node> list = new ArrayList<Node>(); + if (matchNode(root, name, local)) + list.add(root); + + for (Node child = root.getFirstChild(); child != null; child = child.getNextSibling()) + { + if (child.getNodeType() != Node.ELEMENT_NODE) + continue; + + list.addAll(findAllElements((Element) child, name, local)); + } + + return list; + } + + public static Element findElementByWsuId(Element root, String id) + { + // Here lies another standard recusive DFS..... + if (id.equals(getWsuId(root))) + return root; + + // Search children + for (Node child = root.getFirstChild(); child != null; child = child.getNextSibling()) + { + if (child.getNodeType() != Node.ELEMENT_NODE) + continue; + + Node possibleMatch = findElementByWsuId((Element)child, id); + if (possibleMatch != null) + return (Element)possibleMatch; + } + + return null; + } + + public static Element findOrCreateSoapHeader(Element envelope) + { + String prefix = envelope.getPrefix(); + String uri = envelope.getNamespaceURI(); + QName name = new QName(uri, "Header"); + Element header = findElement(envelope, name); + if (header == null) + { + header = envelope.getOwnerDocument().createElementNS(uri, prefix + ":Header"); + envelope.insertBefore(header, envelope.getFirstChild()); + } + + return header; + } + + public static String getWsuId(Element element) + { + if (element.hasAttributeNS(Constants.WSU_NS, Constants.ID)) + return element.getAttributeNS(Constants.WSU_NS, Constants.ID); + + if (element.hasAttribute(Constants.ID)) + { + String ns = element.getNamespaceURI(); + if (Constants.XML_SIGNATURE_NS.equals(ns) || Constants.XML_ENCRYPTION_NS.equals(ns)) + return element.getAttribute(Constants.ID); + } + + return null; + } + + public static boolean equalStrings(String string1, String string2) + { + if (string1 == null && string2 == null) + return true; + + return string1 != null && string1.equals(string2); + } + + public static boolean matchNode(Node node, QName name) + { + return matchNode(node, name, false); + } + + public static boolean matchNode(Node node, QName name, boolean local) + { + return equalStrings(node.getLocalName(), name.getLocalPart()) + && (local || equalStrings(node.getNamespaceURI(), name.getNamespaceURI())); + } + + public static String generateId() + { + return generateId("element"); + } + + public static void addNamespace(Element element, String prefix, String uri) + { + element.setAttributeNS(Constants.XMLNS_NS, "xmlns:" + prefix, uri); + } + + public static String generateId(String prefix) + { + StringBuilder id = new StringBuilder(); + long time = System.currentTimeMillis(); + + // reasonably gaurantee uniqueness + synchronized (Util.class) + { + count++; + } + + id.append(prefix).append("-").append(count).append("-").append(time).append("-").append(id.hashCode()); + + return id.toString(); + } +} Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java (rev 0) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2010-10-21 13:52:06 UTC (rev 497) @@ -0,0 +1,156 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.trust.jbossws.handler; + +import java.util.Collections; +import java.util.HashSet; +import java.util.Set; + +import javax.security.auth.Subject; +import javax.xml.namespace.QName; +import javax.xml.soap.SOAPMessage; +import javax.xml.ws.handler.MessageContext; +import javax.xml.ws.handler.soap.SOAPMessageContext; + +import org.jboss.logging.Logger; +import org.jboss.security.SecurityContext; +import org.jboss.wsf.common.handler.GenericSOAPHandler; +import org.picketlink.identity.federation.bindings.jboss.subject.PicketLinkPrincipal; +import org.picketlink.identity.federation.core.wstrust.SamlCredential; +import org.picketlink.trust.jbossws.Constants; +import org.picketlink.trust.jbossws.SAML2Constants; +import org.picketlink.trust.jbossws.Util; +import org.w3c.dom.Document; +import org.w3c.dom.Element; + +/** + * A SAMLv2 WS handler. + * + * @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a> + * @author <a href="alessio.soldano(a)jboss.com">Alessio Soldano</a> + * @version $Revision: 1 $ + */ +public class SAML2Handler extends GenericSOAPHandler +{ + + protected Logger log = Logger.getLogger(this.getClass()); + + private static Set<QName> headers; + + static + { + HashSet<QName> set = new HashSet<QName>(); + set.add(Constants.WSSE_HEADER_QNAME); + headers = Collections.unmodifiableSet(set); + } + + public Set<QName> getHeaders() + { + //return a collection with just the wsse:Security header to pass the MustUnderstand check on it + return headers; + } + + /** + * Retrieves the SAML assertion from the SOAP payload and lets invocation go to JAAS for validation. + */ + protected boolean handleInbound(MessageContext msgContext) + { + SOAPMessageContext ctx = (SOAPMessageContext) msgContext; + SOAPMessage soapMessage = ctx.getMessage(); + + // retrieve the assertion + Document document = soapMessage.getSOAPPart(); + Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement()); + Element assertion = Util.findElement(soapHeader, new QName(SAML2Constants.SAML2_ASSERTION_URI, "Assertion")); + if (assertion != null) + { + SamlCredential credential = new SamlCredential(assertion); + if (log.isTraceEnabled()) + { + log.trace("Assertion included in SOAP payload:"); + log.trace(credential.getAssertionAsString()); + } + Element subject = Util.findElement(assertion, new QName(SAML2Constants.SAML2_ASSERTION_URI, "Subject")); + Element nameID = Util.findElement(subject, new QName(SAML2Constants.SAML2_ASSERTION_URI, "NameID")); + String username = nameID.getTextContent(); + // set SecurityContext + Subject s = new Subject(); + SecurityContext sc = SecurityActions.createSecurityContext(new PicketLinkPrincipal(username), credential, s); + SecurityActions.setSecurityContext(sc); + } + + return true; + } + + /** + * It expects a {@link Element} assertion as the value of the {@link SAML2Constants#SAML2_ASSERTION_PROPERTY} property. + * This assertion is then included in the SOAP payload. + */ + protected boolean handleOutbound(MessageContext msgContext) + { + SOAPMessageContext ctx = (SOAPMessageContext) msgContext; + SOAPMessage soapMessage = ctx.getMessage(); + + // retrieve assertion + Element assertion = (Element) ctx.get(SAML2Constants.SAML2_ASSERTION_PROPERTY); + + // add wsse header + Document document = soapMessage.getSOAPPart(); + Element soapHeader = Util.findOrCreateSoapHeader(document.getDocumentElement()); + try + { + Element wsse = getSecurityHeaderElement(document); + wsse.setAttributeNS(soapHeader.getNamespaceURI(), soapHeader.getPrefix() + ":mustUnderstand", "1"); + if (assertion != null) + { + // add the assertion as a child of the wsse header + // check if the assertion element comes from the same document, otherwise import the node + if (document != assertion.getOwnerDocument()) + { + wsse.appendChild(document.importNode(assertion, true)); + } + else + { + wsse.appendChild(assertion); + } + } + soapHeader.insertBefore(wsse, soapHeader.getFirstChild()); + } + catch (Exception e) + { + log.error(e); + return false; + } + + return true; + } + + private Element getSecurityHeaderElement(Document document) + { + Element element = document.createElementNS(Constants.WSSE_NS, Constants.WSSE_HEADER); + Util.addNamespace(element, Constants.WSSE_PREFIX, Constants.WSSE_NS); + Util.addNamespace(element, Constants.WSU_PREFIX, Constants.WSU_NS); + Util.addNamespace(element, Constants.XML_ENCRYPTION_PREFIX, Constants.XML_SIGNATURE_NS); + return element; + } + +} Added: trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java =================================================================== --- trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java (rev 0) +++ trust/trunk/jbossws/src/main/java/org/picketlink/trust/jbossws/handler/SecurityActions.java 2010-10-21 13:52:06 UTC (rev 497) @@ -0,0 +1,74 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2010, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.trust.jbossws.handler; + +import java.security.AccessController; +import java.security.Principal; +import java.security.PrivilegedAction; + +import javax.security.auth.Subject; + +import org.jboss.security.SecurityContext; +import org.jboss.security.SecurityContextAssociation; +import org.jboss.security.SecurityContextFactory; + +/** + * Privileged actions. + * + * @author <a href="mmoyses(a)redhat.com">Marcus Moyses</a> + * @version $Revision: 1 $ + */ +class SecurityActions +{ + + static SecurityContext createSecurityContext(final Principal p, final Object cred, final Subject subject) + { + return (SecurityContext) AccessController.doPrivileged(new PrivilegedAction<SecurityContext>() + { + public SecurityContext run() + { + SecurityContext sc = null; + try + { + sc = SecurityContextFactory.createSecurityContext(p, cred, subject, "SAML2_HANDLER"); + } + catch (Exception e) + { + throw new RuntimeException(e); + } + return sc; + } + }); + } + + static void setSecurityContext(final SecurityContext sc) + { + AccessController.doPrivileged(new PrivilegedAction<Object>() + { + public Object run() + { + SecurityContextAssociation.setSecurityContext(sc); + return null; + } + }); + } +}

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r496 - trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler.

by picketlink-commits＠lists.jboss.org

Author: mmoyses Date: 2010-10-21 09:39:28 -0400 (Thu, 21 Oct 2010) New Revision: 496 Modified: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java Log: fixing principal name setting Modified: trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java =================================================================== --- trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2010-10-19 15:27:47 UTC (rev 495) +++ trust/trunk/jbossws-native/src/main/java/org/picketlink/trust/jbossws/handler/SAML2Handler.java 2010-10-21 13:39:28 UTC (rev 496) @@ -84,9 +84,14 @@ if (assertion != null) { SamlCredential credential = new SamlCredential(assertion); + if (log.isTraceEnabled()) + { + log.trace("Assertion included in SOAP payload:"); + log.trace(credential.getAssertionAsString()); + } Element subject = Util.findElement(assertion, new QName(SAML2Constants.SAML2_ASSERTION_URI, "Subject")); Element nameID = Util.findElement(subject, new QName(SAML2Constants.SAML2_ASSERTION_URI, "NameID")); - String username = nameID.getNodeValue(); + String username = nameID.getTextContent(); // set SecurityContext Subject s = new Subject(); SecurityContext sc = SecurityActions.createSecurityContext(new PicketLinkPrincipal(username), credential, s);

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r495 - in federation/trunk/picketlink-fed-core/src: main/java/org/picketlink/identity/federation/core/wstrust and 2 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-10-19 11:27:47 -0400 (Tue, 19 Oct 2010) New Revision: 495 Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/writers/ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/writers/WSTrustRSTWriter.java Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java Log: PLFED-109: some xml writing Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/util/StaxUtil.java 2010-10-19 15:27:47 UTC (rev 495) @@ -0,0 +1,191 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.util; + +import java.io.OutputStream; + +import javax.xml.stream.XMLEventWriter; +import javax.xml.stream.XMLOutputFactory; +import javax.xml.stream.XMLStreamException; +import javax.xml.stream.XMLStreamWriter; + +import org.picketlink.identity.federation.core.exceptions.ProcessingException; + +/** + * Utility class that deals with StAX + * @author Anil.Saldhana(a)redhat.com + * @since Oct 19, 2010 + */ +public class StaxUtil +{ + /** + * Flush the stream writer + * @param writer + * @throws ProcessingException + */ + public static void flush( XMLStreamWriter writer ) throws ProcessingException + { + try + { + writer.flush(); + } + catch (XMLStreamException e) + { + throw new ProcessingException( e ); + } + } + + /** + * Get an {@code XMLEventWriter} + * @param outStream + * @return + * @throws ProcessingException + */ + public static XMLEventWriter getXMLEventWriter( final OutputStream outStream ) throws ProcessingException + { + XMLOutputFactory xmlOutputFactory = XMLOutputFactory.newInstance(); + try + { + return xmlOutputFactory.createXMLEventWriter( outStream, "UTF-8" ); + } + catch (XMLStreamException e) + { + throw new ProcessingException( e ); + } + } + + /** + * Get an {@code XMLStreamWriter} + * @param outStream + * @return + * @throws ProcessingException + */ + public static XMLStreamWriter getXMLStreamWriter( final OutputStream outStream ) throws ProcessingException + { + XMLOutputFactory xmlOutputFactory = XMLOutputFactory.newInstance(); + try + { + return xmlOutputFactory.createXMLStreamWriter( outStream, "UTF-8" ); + } + catch (XMLStreamException e) + { + throw new ProcessingException( e ); + } + } + + /** + * Write an xml attribute + * @param writer + * @param localName localpart + * @param value value of the attribute + * @throws ProcessingException + */ + public static void writeAttribute( XMLStreamWriter writer, String localName, String value ) throws ProcessingException + { + try + { + writer.writeAttribute(localName, value); + } + catch (XMLStreamException e) + { + throw new ProcessingException( e ); + } + } + + /** + * Write a string as text node + * @param writer + * @param value + * @throws ProcessingException + */ + public static void writeCharacters( XMLStreamWriter writer, String value ) throws ProcessingException + { + try + { + writer.writeCharacters( value); + } + catch (XMLStreamException e) + { + throw new ProcessingException( e ); + } + } + + /** + * Write a namespace + * @param writer + * @param prefix prefix + * @param ns Namespace URI + * @throws ProcessingException + */ + public static void writeNameSpace( XMLStreamWriter writer, String prefix, String ns ) throws ProcessingException + { + try + { + writer.writeNamespace(prefix, ns); + } + catch (XMLStreamException e) + { + throw new ProcessingException( e ); + } + } + + /** + * Write a start element + * @param writer + * @param prefix + * @param localPart + * @param ns + * @throws ProcessingException + */ + public static void writeStartElement( XMLStreamWriter writer, String prefix, String localPart, String ns ) throws ProcessingException + { + try + { + writer.writeStartElement( prefix, localPart, ns); + } + catch (XMLStreamException e) + { + throw new ProcessingException( e ); + } + } + + /** + * <p> + * Write an end element. The stream writer keeps track of which start element + * needs to be closed with an end tag. + * </p> + * + * @param writer + * @throws ProcessingException + */ + public static void writeEndElement( XMLStreamWriter writer ) throws ProcessingException + { + try + { + writer.writeEndElement(); + } + catch (XMLStreamException e) + { + throw new ProcessingException( e ); + } + } +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java 2010-10-18 22:48:02 UTC (rev 494) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java 2010-10-19 15:27:47 UTC (rev 495) @@ -34,6 +34,7 @@ public class WSTrustConstants { public static final String BASE_NAMESPACE = "http://docs.oasis-open.org/ws-sx/ws-trust/200512"; + public static final String PREFIX = "wst"; // WS-Trust request types public static final String BATCH_ISSUE_REQUEST = BASE_NAMESPACE + "/BatchIssue"; Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/writers/WSTrustRSTWriter.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/writers/WSTrustRSTWriter.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/writers/WSTrustRSTWriter.java 2010-10-19 15:27:47 UTC (rev 495) @@ -0,0 +1,90 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.wstrust.writers; + +import static org.picketlink.identity.federation.core.wstrust.WSTrustConstants.BASE_NAMESPACE; +import static org.picketlink.identity.federation.core.wstrust.WSTrustConstants.RST_CONTEXT; +import static org.picketlink.identity.federation.core.wstrust.WSTrustConstants.PREFIX; +import static org.picketlink.identity.federation.core.wstrust.WSTrustConstants.RST; + +import java.io.OutputStream; +import java.net.URI; + +import javax.xml.stream.XMLStreamWriter; + +import org.picketlink.identity.federation.core.exceptions.ProcessingException; +import org.picketlink.identity.federation.core.util.StaxUtil; +import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; +import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; + +/** + * Given a {@code RequestSecurityToken}, write into an {@code OutputStream} + * @author Anil.Saldhana(a)redhat.com + * @since Oct 19, 2010 + */ +public class WSTrustRSTWriter +{ + /** + * Write the {@code RequestSecurityToken} into the {@code OutputStream} + * @param requestToken + * @param out + * @throws ProcessingException + */ + public void write( RequestSecurityToken requestToken, OutputStream out ) throws ProcessingException + { + //Get the XML writer + XMLStreamWriter writer = StaxUtil.getXMLStreamWriter( out ); + StaxUtil.writeStartElement( writer, PREFIX, RST, BASE_NAMESPACE); + StaxUtil.writeNameSpace( writer, PREFIX, BASE_NAMESPACE ); + String context = requestToken.getContext(); + StaxUtil.writeAttribute( writer, RST_CONTEXT, context ); + + URI requestType = requestToken.getRequestType(); + if( requestType != null ) + { + writeRequestType( writer, requestType ); + } + + URI tokenType = requestToken.getTokenType(); + if( tokenType != null ) + { + writeTokenType( writer, tokenType ); + } + + StaxUtil.writeEndElement( writer ); + StaxUtil.flush( writer ); + } + + private void writeRequestType( XMLStreamWriter writer , URI uri ) throws ProcessingException + { + StaxUtil.writeStartElement( writer, PREFIX, WSTrustConstants.REQUEST_TYPE, BASE_NAMESPACE ); + StaxUtil.writeCharacters(writer, uri.toASCIIString() ); + StaxUtil.writeEndElement(writer); + } + + private void writeTokenType( XMLStreamWriter writer , URI uri ) throws ProcessingException + { + StaxUtil.writeStartElement( writer, PREFIX, WSTrustConstants.TOKEN_TYPE, BASE_NAMESPACE ); + StaxUtil.writeCharacters(writer, uri.toASCIIString() ); + StaxUtil.writeEndElement(writer); + } +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java 2010-10-18 22:48:02 UTC (rev 494) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java 2010-10-19 15:27:47 UTC (rev 495) @@ -29,6 +29,7 @@ import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.picketlink.identity.federation.core.wstrust.writers.WSTrustRSTWriter; /** * Validate simple RST parsing @@ -49,5 +50,12 @@ assertEquals( "testcontext", requestToken.getContext() ); assertEquals( WSTrustConstants.ISSUE_REQUEST , requestToken.getRequestType().toASCIIString() ); assertEquals( WSTrustConstants.SAML2_TOKEN_TYPE, requestToken.getTokenType().toASCIIString() ); + + //Now for the writing part + WSTrustRSTWriter rstWriter = new WSTrustRSTWriter(); + rstWriter.write(requestToken, System.out ); + + //TODO: use a buffer output stream. Reparse the written xml and then match the orig object model with reparsed + //object model } -} +} \ No newline at end of file

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r494 - federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-10-18 18:48:02 -0400 (Mon, 18 Oct 2010) New Revision: 494 Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java Log: PLFED-109: validate saml test Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustValidateSamlTestCase.java 2010-10-18 22:48:02 UTC (rev 494) @@ -0,0 +1,59 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.identity.federation.core.parser.wst; + +import static org.junit.Assert.assertEquals; + +import java.io.InputStream; + +import org.junit.Test; +import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; +import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; +import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; +import org.picketlink.identity.federation.ws.trust.ValidateTargetType; + +/** + * Validate the parsing of wst-validate-saml.xml + * @author Anil.Saldhana(a)redhat.com + * @since Oct 12, 2010 + */ +public class WSTrustValidateSamlTestCase +{ + @Test + public void testWST_ValidateSaml() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream configStream = tcl.getResourceAsStream( "parser/wst/wst-validate-saml.xml" ); + + WSTrustParser parser = new WSTrustParser(); + RequestSecurityToken rst1 = (RequestSecurityToken) parser.parse( configStream ); + assertEquals( "validatecontext", rst1.getContext() ); + assertEquals( WSTrustConstants.VALIDATE_REQUEST, rst1.getRequestType().toASCIIString() ); + assertEquals( WSTrustConstants.RSTR_STATUS_TOKEN_TYPE, rst1.getTokenType().toASCIIString() ); + + ValidateTargetType validateTarget = rst1.getValidateTarget(); + AssertionType assertion = (AssertionType) validateTarget.getAny(); + assertEquals( "ID_654b6092-c725-40ea-8044-de453b59cb28", assertion.getID() ); + } + +}

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r493 - in federation/trunk/picketlink-fed-core/src: main/java/org/picketlink/identity/federation/core/parsers/wst and 2 other directories.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-10-18 18:42:05 -0400 (Mon, 18 Oct 2010) New Revision: 493 Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRenewTargetParser.java federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/ParserController.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java Log: PLFED-109: parse renew target Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/ParserController.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/ParserController.java 2010-10-18 22:30:10 UTC (rev 492) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/ParserController.java 2010-10-18 22:42:05 UTC (rev 493) @@ -31,6 +31,7 @@ import org.picketlink.identity.federation.core.parsers.wsp.WSPolicyParser; import org.picketlink.identity.federation.core.parsers.wsse.WSSecurityParser; import org.picketlink.identity.federation.core.parsers.wst.WSTCancelTargetParser; +import org.picketlink.identity.federation.core.parsers.wst.WSTRenewTargetParser; import org.picketlink.identity.federation.core.parsers.wst.WSTRequestSecurityTokenCollectionParser; import org.picketlink.identity.federation.core.parsers.wst.WSTRequestSecurityTokenParser; import org.picketlink.identity.federation.core.parsers.wst.WSTValidateTargetParser; @@ -66,6 +67,7 @@ add( new WSTrustOnBehalfOfParser() ); add( new WSTValidateTargetParser() ); + add( new WSTRenewTargetParser() ); add( new WSTCancelTargetParser() ); add( new WSTRequestSecurityTokenParser() ); add( new WSTRequestSecurityTokenCollectionParser() ); Added: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRenewTargetParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRenewTargetParser.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRenewTargetParser.java 2010-10-18 22:42:05 UTC (rev 493) @@ -0,0 +1,75 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.identity.federation.core.parsers.wst; + +import javax.xml.namespace.QName; +import javax.xml.stream.XMLEventReader; +import javax.xml.stream.events.StartElement; + +import org.picketlink.identity.federation.core.exceptions.ParsingException; +import org.picketlink.identity.federation.core.parsers.ParserNamespaceSupport; +import org.picketlink.identity.federation.core.parsers.saml.SAMLParser; +import org.picketlink.identity.federation.core.parsers.util.StaxParserUtil; +import org.picketlink.identity.federation.core.saml.v2.constants.JBossSAMLConstants; +import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; +import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; +import org.picketlink.identity.federation.ws.trust.RenewTargetType; + +/** + * Stax parser for the wst:RenewTarget element + * @author Anil.Saldhana(a)redhat.com + * @since Oct 13, 2010 + */ +public class WSTRenewTargetParser implements ParserNamespaceSupport +{ + /** + * @see {@link ParserNamespaceSupport#parse(XMLEventReader)} + */ + public Object parse(XMLEventReader xmlEventReader) throws ParsingException + { + RenewTargetType renewTargetType = new RenewTargetType(); + + StartElement startElement = StaxParserUtil.peekNextStartElement( xmlEventReader ); + String tag = StaxParserUtil.getStartElementName( startElement ); + + if( tag.equals( JBossSAMLConstants.ASSERTION.get() ) ) + { + SAMLParser assertionParser = new SAMLParser(); + AssertionType assertion = (AssertionType) assertionParser.parse( xmlEventReader ); + renewTargetType.setAny( assertion ); + } + + return renewTargetType; + } + + /** + * @see {@link ParserNamespaceSupport#supports(QName)} + */ + public boolean supports(QName qname) + { + String nsURI = qname.getNamespaceURI(); + String localPart = qname.getLocalPart(); + + return WSTrustConstants.BASE_NAMESPACE.equals( nsURI ) + && WSTrustConstants.RENEW_TARGET.equals( localPart ); + } +} \ No newline at end of file Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java 2010-10-18 22:30:10 UTC (rev 492) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/parsers/wst/WSTRequestSecurityTokenParser.java 2010-10-18 22:42:05 UTC (rev 493) @@ -47,6 +47,7 @@ import org.picketlink.identity.federation.ws.trust.CancelTargetType; import org.picketlink.identity.federation.ws.trust.EntropyType; import org.picketlink.identity.federation.ws.trust.OnBehalfOfType; +import org.picketlink.identity.federation.ws.trust.RenewTargetType; import org.picketlink.identity.federation.ws.trust.UseKeyType; import org.picketlink.identity.federation.ws.trust.ValidateTargetType; import org.w3c.dom.Element; @@ -129,7 +130,17 @@ requestToken.setValidateTarget( validateTarget ); EndElement validateTargetEndElement = StaxParserUtil.getNextEndElement(xmlEventReader); StaxParserUtil.validate( validateTargetEndElement, WSTrustConstants.VALIDATE_TARGET ) ; - } + } + else if( tag.equals( WSTrustConstants.RENEW_TARGET )) + { + subEvent = StaxParserUtil.getNextStartElement(xmlEventReader); + + WSTRenewTargetParser wstValidateTargetParser = new WSTRenewTargetParser(); + RenewTargetType validateTarget = (RenewTargetType) wstValidateTargetParser.parse( xmlEventReader ); + requestToken.setRenewTarget( validateTarget ); + EndElement validateTargetEndElement = StaxParserUtil.getNextEndElement(xmlEventReader); + StaxParserUtil.validate( validateTargetEndElement, WSTrustConstants.RENEW_TARGET ) ; + } else if( tag.equals( WSTrustConstants.On_BEHALF_OF )) { subEvent = StaxParserUtil.getNextStartElement(xmlEventReader); Modified: federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java =================================================================== --- federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java 2010-10-18 22:30:10 UTC (rev 492) +++ federation/trunk/picketlink-fed-core/src/main/java/org/picketlink/identity/federation/core/wstrust/WSTrustConstants.java 2010-10-18 22:42:05 UTC (rev 493) @@ -92,6 +92,7 @@ public static final String REQUEST_TYPE = "RequestType"; public static final String TOKEN_TYPE = "TokenType"; public static final String CANCEL_TARGET = "CancelTarget"; + public static final String RENEW_TARGET = "RenewTarget"; public static final String VALIDATE_TARGET = "ValidateTarget"; public static final String USE_KEY = "UseKey"; Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustRenewTargetParsingTestCase.java 2010-10-18 22:42:05 UTC (rev 493) @@ -0,0 +1,69 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.identity.federation.core.parser.wst; + +import static org.junit.Assert.assertEquals; + +import java.io.InputStream; + +import javax.xml.bind.JAXBElement; + +import org.junit.Test; +import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; +import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; +import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.picketlink.identity.federation.saml.v2.assertion.AssertionType; +import org.picketlink.identity.federation.saml.v2.assertion.NameIDType; +import org.picketlink.identity.federation.saml.v2.assertion.SubjectType; +import org.picketlink.identity.federation.ws.trust.RenewTargetType; + +/** + * Validate the parsing of wst-batch-validate.xml + * @author Anil.Saldhana(a)redhat.com + * @since Oct 12, 2010 + */ +public class WSTrustRenewTargetParsingTestCase +{ + @Test + public void testWST_RenewTarget() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream configStream = tcl.getResourceAsStream( "parser/wst/wst-renew-saml.xml" ); + + WSTrustParser parser = new WSTrustParser(); + RequestSecurityToken requestToken = (RequestSecurityToken) parser.parse( configStream ); + assertEquals( "renewcontext", requestToken.getContext() ); + assertEquals( WSTrustConstants.RENEW_REQUEST , requestToken.getRequestType().toASCIIString() ); + assertEquals( WSTrustConstants.SAML2_TOKEN_TYPE , requestToken.getTokenType().toASCIIString() ); + + RenewTargetType renewTarget = requestToken.getRenewTarget(); + AssertionType assertion = (AssertionType) renewTarget.getAny(); + assertEquals( "ID_654b6092-c725-40ea-8044-de453b59cb28", assertion.getID() ); + assertEquals( "Test STS", assertion.getIssuer().getValue() ); + SubjectType subject = assertion.getSubject(); + + @SuppressWarnings("unchecked") + JAXBElement<NameIDType> nameID = (JAXBElement<NameIDType>) subject.getContent().get(0); + assertEquals( "jduke", nameID.getValue().getValue()); + + } +} \ No newline at end of file

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r492 - federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-10-18 18:30:10 -0400 (Mon, 18 Oct 2010) New Revision: 492 Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java Log: PLFED-109: parse RST Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueTestCase.java 2010-10-18 22:30:10 UTC (rev 492) @@ -0,0 +1,53 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.identity.federation.core.parser.wst; + +import static org.junit.Assert.assertEquals; + +import java.io.InputStream; + +import org.junit.Test; +import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; +import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; +import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; + +/** + * Validate simple RST parsing + * @author Anil.Saldhana(a)redhat.com + * @since Oct 18, 2010 + */ +public class WSTrustIssueTestCase +{ + @Test + public void testIssue() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream configStream = tcl.getResourceAsStream( "parser/wst/wst-issue.xml" ); + + WSTrustParser parser = new WSTrustParser(); + RequestSecurityToken requestToken = ( RequestSecurityToken ) parser.parse( configStream ); + + assertEquals( "testcontext", requestToken.getContext() ); + assertEquals( WSTrustConstants.ISSUE_REQUEST , requestToken.getRequestType().toASCIIString() ); + assertEquals( WSTrustConstants.SAML2_TOKEN_TYPE, requestToken.getTokenType().toASCIIString() ); + } +}

13 years, 6 months

1
0
0 / 0

Picketlink SVN: r491 - federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst.

by picketlink-commits＠lists.jboss.org

Author: anil.saldhana(a)jboss.com Date: 2010-10-18 18:27:05 -0400 (Mon, 18 Oct 2010) New Revision: 491 Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java Log: PLFED-109: parse the symmetric key Added: federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java =================================================================== --- federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java (rev 0) +++ federation/trunk/picketlink-fed-core/src/test/java/org/picketlink/test/identity/federation/core/parser/wst/WSTrustIssueSymmetricKeyTestCase.java 2010-10-18 22:27:05 UTC (rev 491) @@ -0,0 +1,73 @@ +/* + * JBoss, Home of Professional Open Source. + * Copyright 2008, Red Hat Middleware LLC, and individual contributors + * as indicated by the @author tags. See the copyright.txt file in the + * distribution for a full listing of individual contributors. + * + * This is free software; you can redistribute it and/or modify it + * under the terms of the GNU Lesser General Public License as + * published by the Free Software Foundation; either version 2.1 of + * the License, or (at your option) any later version. + * + * This software is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * Lesser General Public License for more details. + * + * You should have received a copy of the GNU Lesser General Public + * License along with this software; if not, write to the Free + * Software Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA + * 02110-1301 USA, or see the FSF site: http://www.fsf.org. + */ +package org.picketlink.test.identity.federation.core.parser.wst; + +import static org.junit.Assert.assertEquals; + +import java.io.InputStream; + +import javax.xml.bind.JAXBElement; + +import org.junit.Test; +import org.picketlink.identity.federation.core.parsers.wst.WSTrustParser; +import org.picketlink.identity.federation.core.wstrust.WSTrustConstants; +import org.picketlink.identity.federation.core.wstrust.wrappers.RequestSecurityToken; +import org.picketlink.identity.federation.ws.addressing.EndpointReferenceType; +import org.picketlink.identity.federation.ws.policy.AppliesTo; +import org.picketlink.identity.federation.ws.trust.BinarySecretType; +import org.picketlink.identity.federation.ws.trust.EntropyType; + +/** + * Validate parsing of RST with Use Key set to Symmetric Key + * @author Anil.Saldhana(a)redhat.com + * @since Oct 18, 2010 + */ +public class WSTrustIssueSymmetricKeyTestCase +{ + @SuppressWarnings("unchecked") + @Test + public void testSymKey() throws Exception + { + ClassLoader tcl = Thread.currentThread().getContextClassLoader(); + InputStream configStream = tcl.getResourceAsStream( "parser/wst/wst-issue-symmetric-key.xml" ); + + WSTrustParser parser = new WSTrustParser(); + RequestSecurityToken requestToken = ( RequestSecurityToken ) parser.parse( configStream ); + + assertEquals( "testcontext", requestToken.getContext() ); + assertEquals( WSTrustConstants.ISSUE_REQUEST , requestToken.getRequestType().toASCIIString() ); + + AppliesTo appliesTo = requestToken.getAppliesTo(); + JAXBElement<EndpointReferenceType> jaxb = (JAXBElement<EndpointReferenceType>) appliesTo.getAny().get(0); + EndpointReferenceType endpoint = jaxb.getValue(); + assertEquals( "http://services.testcorp.org/provider2", endpoint.getAddress().getValue() ); + + + assertEquals( WSTrustConstants.BS_TYPE_SYMMETRIC, requestToken.getKeyType().toASCIIString() ); + + EntropyType entropy = requestToken.getEntropy(); + BinarySecretType binarySecret = (BinarySecretType) entropy.getAny().get(0); + + assertEquals( WSTrustConstants.BS_TYPE_NONCE, binarySecret.getType() ); + assertEquals( "M0/7qLpV49c=" , new String( binarySecret.getValue() )); + } +} \ No newline at end of file

13 years, 6 months

1
0
0 / 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

picketlink-commits October 2010